10

qianwenxiang

[MD5: C8D3FD 19F949 B73D5A AF55E6 1F9ED7 E6FD47 F1C9CB 2C4498 24785A 8469FF]

有几个老的病毒 又是一个下载者所为

tracydk

8ge

wangjay1980

deleted: Trojan program Backdoor.Win32.Delf.auu        File: E:\Ñù±¾\bingdu\SACH0ST.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-PSW.Win32.Lmir.azo        File: E:\Ñù±¾\bingdu\8-1a.exe//UPack
deleted: virus Packed.Win32.NSAnti.b        File: E:\Ñù±¾\bingdu\12.exe
deleted: Trojan program Trojan-PSW.Win32.QQPass.xc        File: E:\Ñù±¾\bingdu\wmgj.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nn        File: E:\Ñù±¾\bingdu\wl.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.ewm        File: E:\Ñù±¾\bingdu\1.exe
deleted: virus Worm.Win32.Viking.ls        File: E:\Ñù±¾\bingdu\4.exe//PE_Patch
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es        File: E:\Ñù±¾\bingdu\cmi.exe//MPPDS.DLL//PE_Patch.MaskPE
detected: virus Trojan.Generic (modification)        File: E:\Ñù±¾\bingdu\mh.exe

FBAV

恩风暴胜者V2 贺岁精简网络版本
_________您的安全是我们的责任_______________
作者：Sanhuan222@163.com   TM:469428271
个人Blog：http://hi.baidu.com/迅者/



===============================================
   ___________病毒查杀结果__________________


===============================================

2007年5月16日12时32分56秒 开始查杀C:\Documents and Settings\Administrator\桌面\No\SACH0ST
威胁性文件：C:\Documents and Settings\Administrator\桌面\No\SACH0ST\8-1a.exe
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\12.exe 发现未知可疑文件:Win32.Nop >4) 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\mh.exe 发现未知可疑文件:Win32.Nop B7? 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\fy.exe 发现未知可疑文件:Win32.NkHack.Upack.A 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\1.exe 为可疑文件
威胁性文件：C:\Documents and Settings\Administrator\桌面\No\SACH0ST\4.exe
****************************
您应该引起注意的文件:
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\4.exe

-----------------------------------------


=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。


C:\Documents and Settings\Administrator\桌面\No\SACH0ST\SACH0ST.exe 带壳文件:UPX加壳
C:\Documents and Settings\Administrator\桌面\No\SACH0ST\wmgj.exe 带壳文件:UPX加壳
-----------------------------------------

2007年5月16日12时32分57秒收起线程…100% 查杀完毕！
扫描文件：10查杀病毒：6

[ 本帖最后由 FBAV 于 2007-7-16 12:33 编辑 ]

xxwpk007

扫描进行于：2007-7-16 12:43:43
扫描日志
NOD32版本 2399 (20070714) NT
命令行： C:\Documents and Settings\Administrator\桌面\SACH0ST[1]

日期： 16.7.2007  时间：12:43:46
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\
C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\SACH0ST.exe - 可能是 Win32/Delf.AUU 木马 的一个变种
C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\cmi.exe - 可能是 Win32/Genetik 木马 的一个变种
C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\mh.exe - 可能是 Win32/TrojanDownloader.Delf.NSA 木马 的一个变种
C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\wl.exe - Win32/PSW.Agent.NEC 木马的变种
C:\Documents and Settings\Administrator\桌面\SACH0ST[1]\1.exe - Win32/PSW.OnLineGames.NCZ 木马
已扫描的文件数目：7
已发现的病毒数目：5
完成时间： 12:44:01 总扫描时间：15 秒 (00:00:15)

风雪

1184560956,2007-7-16 12:42:36,TrojanPSW.QQPass.xc.mbuf,木马,mygood,D:\3\新建文件夹\新建文件夹\wmgj.exe,Manual scan
1184560956,2007-7-16 12:42:36,TrojanPSW.Agent.dln.khve,木马,mygood,D:\3\新建文件夹\新建文件夹\1.exe,Manual scan
1184560956,2007-7-16 12:42:36,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\12.exe,Manual scan
1184560956,2007-7-16 12:42:36,Worm.Viking.ls.juef,病毒,mygood,D:\3\新建文件夹\新建文件夹\4.exe,Manual scan
1184560956,2007-7-16 12:42:36,PWSteal.Lemir.azo.cik,木马,mygood,D:\3\新建文件夹\新建文件夹\8-1a.exe,Manual scan
1184560956,2007-7-16 12:42:36,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\cmi.exe,Manual scan
1184560956,2007-7-16 12:42:36,TrojanPSW.GamePass.rft.ukcs,木马,mygood,D:\3\新建文件夹\新建文件夹\fy.exe,Manual scan
1184560956,2007-7-16 12:42:36,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\mh.exe,Manual scan
1184560956,2007-7-16 12:42:36,Trojan.Gampass.tvwb,木马,mygood,D:\3\新建文件夹\新建文件夹\wl.exe,Manual scan
费尔。

风野胤

原帖由 xxwpk007 于 2007-7-16 12:44 发表
扫描进行于：2007-7-16 12:43:43
扫描日志
NOD32版本 2399 (20070714) NT
命令行： C:\Documents and Settings\Administrator\桌面\SACH0ST[1]

日期： 16.7.2007  时间：12:43:46
已开启反隐藏功能.
已 ...

不要扫分卷压缩包Scanning Log

NOD32 version 2399 (20070714) NT
Command line: C:\Documents and Settings\Administrator\ ?
?桌面\新建文件夹
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 16.7.2007  Time: 12:42:23
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\Administrator\桌面\新建文件夹\
C:\Documents and Settings\Administrator\桌面\新建文件夹\1. ?
?exe - Win32/PSW.OnLineGames.NCZ trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\4. ?
?exe - probably a variant of Win32/Viking virus
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?8-1a.exe - Win32/PSW.Legendmir.AZO trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?cmi.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?mh.exe - probably a variant of Win32/TrojanDownloader. ?
?Delf.NSA trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?SACH0ST.exe - probably a variant of Win32/Delf.AUU trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?wl.exe - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\Administrator\桌面\新建文件夹\ ?
?wmgj.exe - probably a variant of Win32/PSW.QQPass.VD  ?
?trojan
Number of scanned files: 10
Number of threats found: 8
Time of completion: 12:42:34 Total scanning time: 11 sec  ?
?(00:00:11)

1688388728

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9ZJO5KCR\SACH0ST[1].part3.rar\wl.exe - infected with UPACK
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9ZJO5KCR\SACH0ST[1].part3.rar\1.exe - infected with Trojan.MulDrop.6156
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9ZJO5KCR\SACH0ST[1].part3.rar\4.exe - infected with Win32.HLLW.Gavir.72

Archive contains 3 infected items

zane_xzz

Begin scan in 'C:\Documents and Settings\Administrator\桌面\SACH0ST.rar'
C:\Documents and Settings\Administrator\桌面\SACH0ST.rar
  [0] Archive type: RAR
  --> SACH0ST\1.exe
      [DETECTION] Is the Trojan horse TR/PSW.LdPinch.jm1
  --> SACH0ST\12.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
  --> SACH0ST\4.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
  --> SACH0ST\8-1a.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.ava.1
  --> SACH0ST\cmi.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> SACH0ST\fy.exe
      [DETECTION] Is the Trojan horse TR/Spy.SPfile
  --> SACH0ST\mh.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.bfs
  --> SACH0ST\SACH0ST.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> SACH0ST\wl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.NN.379
  --> SACH0ST\wmgj.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.31849
      [WARNING]   The file was ignored!

欠妳緈諨

9只