在同事的电脑上抓的一包15个

一派胡言

[MD5: 1BF9D8 1040D9 208C04 2BE364 857EF9 95CF5C 286528 D3FB61 81F32D A7A553 F69F9C 664D35 C292E7 AE8370 6847DF]








北京江民新科技术有限公司
扫描引擎 10.00.600
病毒库日期 2007-07-09
更新日期 2007-07-09
扫描目标 C:\Documents and Settings\Administrator\桌面\复件 新建文件夹\
开始时间 2007-07-09 17:09:39
在 C:\Documents and Settings\Administrator\桌面\复件 新建文件夹\1.exe 中发现 Trojan/PSW.GamePass.rhp 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\复件 新建文件夹\14.exe 中发现 Trojan/PSW.GamePass.rhr 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\复件 新建文件夹\MsIMMs32.exe 中发现 Trojan/PSW.OnLineGames.dcf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\复件 新建文件夹\hsomklg.exe 中发现 Virus.Autorun.t 病毒, 已删除
正常结束。
扫描结果:
                 文件数 :638                                 病毒体 :4         
                   删除 :4                                     解毒 :0         
    扫描速度(千字节/秒) :925                               扫描时间 :00:03:07
    扫描文件速度(个/秒) :3
   == == ==        == == == == == ==   == == == == == ==    == == == == == ==    == == == == ==     == == == == == ==

[ 本帖最后由 一派胡言 于 2007-7-9 20:27 编辑 ]

wangjay1980

deleted: Trojan program Trojan-PSW.Win32.Delf.wo        File: E:\Ñù±¾\bingdu\12.exe//UPX
deleted: Trojan program Backdoor.Win32.Delf.awy        File: E:\Ñù±¾\bingdu\14.exe//NSPack
deleted: Trojan program Trojan-Downloader.Win32.Agent.bpp        File: E:\Ñù±¾\bingdu\hsomklg.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.aaw        File: E:\Ñù±¾\bingdu\MsIMMs32.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.yn        File: E:\Ñù±¾\bingdu\TIMHost.exe
detected: virus Invader (modification)        File: E:\Ñù±¾\bingdu\Kvsc3.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.wz        File: E:\Ñù±¾\bingdu\upxdnd.exe//UPXDND.DLL
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\15.exe

[ 本帖最后由 wangjay1980 于 2007-7-9 20:33 编辑 ]

The EQs

Scan performed at: 2007-7-9 20:29:19
Scanning Log
NOD32 version 2385 (20070709) NT
Command line: C:\Documents and Settings\EQ2\桌面\样本
Operating memory - is OK

Date: 9.7.2007  Time: 20:29:25
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\样本\
C:\Documents and Settings\EQ2\桌面\样本\14.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\样本\15.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\EQ2\桌面\样本\hsomklg.exe - a variant of Win32/Delf.NDF worm
C:\Documents and Settings\EQ2\桌面\样本\Kvsc3.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本\MsIMMs32.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本\TIMHost.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本\upxdnd.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本\WinRAR.exe - probably a variant of Win32/Pacex.Gen virus
Number of scanned files: 15
Number of threats found: 8
Number of files cleaned: 8
Time of completion: 20:29:28 Total scanning time: 3 sec (00:00:03)

Notes:
[7] File is probably infected with an unknown virus.

风野胤

Scanning Log
NOD32 version 2385 (20070709) NT
Command line: C:\Documents and Settings\Administrator\ ?
?桌面\AutoRun.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 9.7.2007  Time: 18:37:40
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\Administrator\桌面\AutoRun.rar
Number of scanned files: 4
Number of threats found: 0
Time of completion: 18:37:41 Total scanning time: 1 sec  ?
?(00:00:01)

The EQs

那个autorun.inf不能算一个病毒

风野胤

原帖由 EQ2 于 2007-7-9 20:31 发表
那个autorun.inf不能算一个病毒

最近nod也加了这个的特征码
不过大部分还是不杀的

Giggs

红伞9个

The EQs

eset加入这个是在运行Autorun病毒的时候报。。并非单独报

hj5abc

cid_store我系统里一直有..好像不是病毒.排除其他xxx,nod32漏了4个exe.上报

1.exe会改时间.卡巴的注意了.

[ 本帖最后由 hj5abc 于 2007-7-9 20:47 编辑 ]

hj5abc

有一次比较讽刺,运行了个病毒报了INF/Autorun..病毒体到过了.
不过日至显示这个INF不是在创建时报的.而是在被修改时报的,比较奇怪.