再来一堆广告，红伞不报

zane_xzz

再来一堆广告，红伞不报

promised

就那个SETUP.EXE里面有一堆
我把TOM和CNNIC删掉了

[ 本帖最后由 promised 于 2007-7-9 11:04 编辑 ]

风雪

费尔无反应。

wangjay1980

deleted: adware not-a-virus:AdWare.Win32.Agent.ck        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/A/staA.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bz        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/A/winA.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.NewWeb.w        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/B/b.sys
deleted: adware not-a-virus:AdWare.Win32.Agent.ck        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/B/staB.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bz        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/B/winB.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.NewWeb.m        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/C/autolive.sys
deleted: adware not-a-virus:AdWare.Win32.NewWeb.y        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/20602/$_OUTDIR/Setup.exe
deleted: adware not-a-virus:AdWare.Win32.Boran.ah        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/ad_2121/$TEMP/insshell.exe
deleted: Trojan program Trojan.Win32.VB.axk        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/sou/2001.exe//PE_Patch//UPack
deleted: adware not-a-virus:AdWare.Win32.IEHlpr.e        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/sou/3027.exe
deleted: adware not-a-virus:AdWare.Win32.Cinmus.j        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/sou/dodolook043.exe//data0003//data0004
deleted: Trojan program Trojan.Win32.Agent.akv        File: C:\Documents and Settings\Owner\×ÀÃæ\plugins.zip/plugins/sou/Setup(4).exe

The EQs

Scan performed at: 2007-7-9 11:22:36
Scanning Log
NOD32 version 2384 (20070708) NT
Command line: C:\Documents and Settings\EQ2\桌面\plugins.zip
Operating memory - is OK

Date: 9.7.2007  Time: 11:22:45
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\plugins.zip
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/A/staA.dll - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/A/winA.dll - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/B/b.sys - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/B/staB.dll - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/B/winB.dll - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/C/Autolive.dll - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/C/autolive.sys - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/20602/$_OUTDIR/Setup.exe - Win32/Adware.NewWeb application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/ad_2121/$TEMP/insshell.exe - Win32/Adware.Boran application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/bind_50006.exe - a variant of Win32/TrojanDownloader.QQHelper.NCO trojan
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/sou/2001.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/sou/dodolook043.exe ?NSIS ?79.exe ?NSIS ?acpidisk.sys - a variant of Win32/Adware.Cinmus application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\plugins.zip ?ZIP ?plugins/sou/my_70057.exe - a variant of Win32/TrojanDownloader.QQHelper trojan
Number of scanned files: 21
Number of threats found: 13
Number of files cleaned: 1
Time of completion: 11:22:47 Total scanning time: 2 sec (00:00:02)

蓝色牛仔裤

rasis

Begin scan in 'CTUHT.cnt'
Begin scan in 'CTUHT.HLP'
Begin scan in 'HTConfTest.dll'
Begin scan in 'Setup.exe'
Begin scan in '20602'
20602\$_OUTDIR\Setup.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/NewWeb.Z.2
      [WARNING]   The file was ignored!
20602\$_OUTDIR\A\staA.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Agent.CK.25
      [WARNING]   The file was ignored!
20602\$_OUTDIR\A\winA.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Agent.BZ.20
      [WARNING]   The file was ignored!
20602\$_OUTDIR\B\b.sys
      [DETECTION] Is the Trojan horse TR/Drop.Xtra.3
      [WARNING]   The file was ignored!
20602\$_OUTDIR\B\winB.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/SoduiSearch
      [WARNING]   The file was ignored!
20602\$_OUTDIR\C\Autolive.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/CnsMin.C
      [WARNING]   The file was ignored!
20602\$_OUTDIR\C\autolive.sys
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/NewWeb.M.19
      [WARNING]   The file was ignored!
Begin scan in 'ad_2121'
ad_2121\$TEMP\insshell.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Boran.AH.1
      [WARNING]   The file was ignored!
Begin scan in 'sou'
sou\2001.exe
      [DETECTION] Is the Trojan horse TR/VB.SJ.721
      [WARNING]   The file was ignored!
sou\3027.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/IEHlpr.E.27
      [WARNING]   The file was ignored!
sou\dodolook043.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Drop.Cinmus.P
      [WARNING]   The file was ignored!
sou\my_70057.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
sou\Setup(4).exe
      [DETECTION] Is the Trojan horse TR/Agent.akv.14
      [WARNING]   The file was ignored!
Begin scan in 'UUSEE_digital_Setup_6'
UUSEE_digital_Setup_6\$TEMP\UUSEE_digital_Setup_6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.MTW
      [WARNING]   The file was ignored!
Begin scan in 'bind_50006.exe'


End of the scan: 2007年7月9日  12:13
Used time: 00:10 min

The scan has been done completely.

     10 Scanning directories
     21 Files were scanned
     14 viruses and/or unwanted programs were found
      1 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      0 Archives were scanned
     14 Warnings
      0 Notes
      0 Hidden objects were found

scottxzt

LZ用的C版吧

wangjay1980

Hello,

bind_50006.exe - Trojan-Downloader.Win32.QQHelper.wy,
my_70057.exe - Trojan-Downloader.Win32.QQHelper.nw

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Autolive.dll - not-a-virus:AdWare.Win32.NewWeb.r

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

autolive.ini, UUSEE_digital_Setup_6.exe

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Yaroslav Kirillov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: plugins.zip

1688388728

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 7/8/2007
开始时间: 7/9/2007 14:41
引擎: KAV 引擎 (AVK 17.5959), AVST 引擎 (AVKB 17.291)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: stream/data0005/data.rar 2001.exe
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: Trojan.Win32.VB.axk (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0002
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.NewWeb.w (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0003
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Agent.ck (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0004
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Agent.bz (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0005
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Agent.ck (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0006
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Agent.bz (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0009
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.NewWeb.m (KAV 引擎)
对象: stream/data0005/data.rar/20602.exe data0010
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.NewWeb.y (KAV 引擎)
对象: stream/data0005/data.rar/ad_2121.exe/stream data0001
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Boran.ah (KAV 引擎)
对象: stream/data0005/data.rar/dodolook043.exe/data0003 data0004
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.Cinmus.j (KAV 引擎)
对象: stream/data0005/data.rar Setup(4).exe
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: Trojan.Win32.Agent.akv (KAV 引擎)
对象: stream/data0005/data.rar 3027.exe
        在压缩档案里: E:\病毒库\cq20061215\cq20061215\Setup.exe
狀態: 已发现病毒
        病毒: not-a-virus:AdWare.Win32.IEHlpr.e (KAV 引擎)
对象: Setup.exe
        路径: E:\病毒库\cq20061215\cq20061215
狀態: 已发现病毒
        病毒: Trojan.Win32.VB.axk, not-a-virus:AdWare.Win32.NewWeb.w, not-a-virus:AdWare.Win32.Agent.ck (2x), not-a-virus:AdWare.Win32.Agent.bz (2x), not-a-virus:AdWare.Win32.NewWeb.m, not-a-virus:AdWare.Win32.NewWeb.y, not-a-virus:AdWare.Win32.Boran.ah, not-a-virus:AdWare.Win32.Cinmus.j, Trojan.Win32.Agent.akv, not-a-virus:AdWare.Win32.IEHlpr.e (KAV 引擎)
扫描完成: 7/9/2007 14:42
    已检查 4 个文件
    已发现 1 个染毒文件
    发现 0 个可疑文件