六个 Trojan&Adware【c812c4 bc0ad7 852f01 1be402 aa8691 a81d0c】

显示全部楼层 · 发表于 2007-7-20 15:47:57

微点:
木马名称:Trojan-PSW.Win32.Delf.ehd

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0[1].EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-7-20 18:37:21

----------
[凝逸反毒] (http://hi.baidu.com/503165656)

[凝逸.扫描病毒引擎-日志] 2007.7.20 18:37:13

文件:F:\070720\新建文件夹\bg_sc.exe | 感染:Trojan.PWS.Wsgame [5150>20070613_a84cd4.axx]3(1.1)
操作:删除文件
文件:F:\070720\新建文件夹\0[1].exe | 感染:木马 [1684>20070707_605975.axx]3(1.4)
操作:删除文件
文件:F:\070720\新建文件夹\3.dll | 感染:Adware.Borlander [126>20070613_a84cd4.axx]3(1.1)
操作:删除文件
文件:F:\070720\新建文件夹\6.dll | 感染:Adware.Borlander [124>20070613_a84cd4.axx]3(1.1)
操作:删除文件
文件:F:\070720\新建文件夹\bar.exe | 感染:Trojan.PWS.Wsgame [5821>20070613_a84cd4.axx]3(1.3)
操作:删除文件

扫描完成|病毒:5 文件:6|耗时:1702
----------

显示全部楼层 · 发表于 2007-7-20 18:39:16

2007/7/20 18:33:52 Scanning Log
2007/7/20 18:33:52 Version of virus signature database: 2409 (20070720)
2007/7/20 18:33:52 Date: 20.7.2007 Time: 18:33:52
2007/7/20 18:33:52 Scanned disks, folders and files: F:\v\v\
2007/7/20 18:33:54 F:\v\v\0[1].exe - Win32/PSW.Delf.NHI trojan - cleaned by deleting - quarantined [1]
2007/7/20 18:34:00 F:\v\v\6.dll - Win32/Adware.Boran application - cleaned by deleting - quarantined [1]
2007/7/20 18:34:02 F:\v\v\bar.exe - Win32/Adware.Toolbar.Baidu application - cleaned by deleting - quarantined [1]
2007/7/20 18:34:04 Number of scanned files: 36
2007/7/20 18:34:04 Number of threats found: 15
2007/7/20 18:34:04 Time of completion: 18:34:04 Total scanning time: 12 sec (00:00:12)

显示全部楼层 · 发表于 2007-7-20 19:36:28

7.exe..不是有效的win32程序..
3.dll.

Scanning Log
NOD32 version 2409 (20070720) NT
Command line: F:\6vir[1]
Operating memory - is OK
Date: 20.7.2007 Time: 19:32:56
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\6vir[1]\
F:\6vir[1]\0[1].exe - Win32/PSW.Delf.NHI trojan - quarantined - unable to clean - deleted
F:\6vir[1]\6.dll - Win32/Adware.Boran application - quarantined - unable to clean - deleted
F:\6vir[1]\bar.exe - Win32/Adware.Toolbar.Baidu application - quarantined - unable to clean - deleted
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
F:\6vir[1]\bg_sc.exe ?NSIS ?aaa - Win32/Adware.Toolbar.Baigoo application - was a part of the deleted object
Number of scanned files: 21
Number of threats found: 9
Number of files cleaned: 4

显示全部楼层 · 发表于 2007-7-20 20:56:18

Hello,

bg_sc.exe_,

No malicious code were found in these files.

Please quote all when answering.

这个广告卡巴果然不杀

显示全部楼层 · 发表于 2007-7-21 16:55:04

McAfee VirusScan for Win32 v5.20.0
Copyright (c) 1992-2005 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832  LICENSED COPY - Jun  5 2007
Scan engine v5.2.00 for Win32.
Virus data file v5079 created Jul 20 2007
Scanning for 289650 viruses, trojans and variants.
Using C:\Documents and Settings\小飞侠.net\桌面\桌面\McAfee VirusScan\EXTRA.DAT to scan for 0 additional virus(es).

07/21/2007  16:53:56

Options:
"V:\VIRUSDOC20070721\VM20070721AAA\083" /MIME /SUB /UNZIP /ALL /RPTALL /STREAMS /REPORT C:\DOCUME~1\小飞侠.NET\LOCALS~1\TEMP\SCAN.TXT /PROGRAM /ANALYZE /MAILBOX
Scanning V: [V盘]
Scanning V:\VIRUSDOC20070721\VM20070721AAA\083\*.*
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar ... is OK.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\0[1].EXE ... is OK.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\0[1].EXE\0[1].EXE ... is OK.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\0[1].EXE\0[1].EXE\000090f0.EXE ... is OK.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\0[1].EXE\0[1].EXE\000090f0.EXE\000090f0.EXE ... Found the PWS-QQGame trojan !!!
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\7.EXE ... is OK.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\BAR.EXE ... Found potentially unwanted program Adware-Baidu.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\BG_SC.EXE ... Found potentially unwanted program Generic PUP.g.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\3.DLL ... Found potentially unwanted program Adware-Boran.gen.
V:\VIRUSDOC20070721\VM20070721AAA\083\6vir[1].rar\6.DLL ... Found potentially unwanted program Adware-Boran.gen.
Summary report on V:\VIRUSDOC20070721\VM20070721AAA\083\*.*
File(s)
      Total files: ...........    10
      Clean: .................    9
      Possibly Infected: .....    1

Time: 00:00.00

显示全部楼层 · 发表于 2007-7-22 07:24:04

扫描报告
2007年7月22日 7:20:42 - 7:20:43
计算机名称: 2FEA146376E2420
扫描类型: 扫描目标
目标: F:\v\新建文件夹

--------------------------------------------------------------------------------

结果: 找到 4 恶意软件
AdWare.Win32.Boran.w (adware)
F:\v\新建文件夹\3.dll
F:\v\新建文件夹\6.dll
Trojan-PSW.Win32.Delf.wh (病毒)
F:\v\新建文件夹\0[1].exe 操作: 已重命名
Trojan-Clicker.Win32.Agent.io (病毒)
F:\v\新建文件夹\bar.exe 操作: 已重命名
AdWare.Win32.Boran (adware)
F:\v\新建文件夹\3N 操作: 已隔离
F:\v\新建文件夹\6N 操作: 已隔离

--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 6
未扫描: 0
结果:
病毒: 2
间谍软件: 2
可疑项目: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 2
删除: 0
已隔离: 2
失败: 0
启动扇区:
已扫描: 0
受感染: 0
可疑项目: 0
已杀毒: 0

--------------------------------------------------------------------------------

选项
定义版本:
病毒: 2007-07-21_01
间谍软件: 2007-07-21_01
扫描引擎:
F-Secure AVP: 7.00.171, 2007-07-21
F-Secure Libra: 2.04.01, 2007-07-20
F-Secure Orion: 1.02.37, 2007-07-20
F-Secure Draco: 1.00.35, 2007-07-09
扫描选项:
扫描所有文件
扫描内部存档
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

[病毒样本] 六个 Trojan&Adware【c812c4 bc0ad7 852f01 1be402 aa8691 a81d0c】

咖啡+费尔～爆

本帖子中包含更多资源