19 个

显示全部楼层 · 发表于 2007-7-22 15:21:12

[MD5: C626FA B86944 0BB6FE 0AC724 FEDAFF D979D4 349BAE C9DB55 DDD1E5 CD1E84 1A6C6D A1F589 97F430 1723C1 2FEECC AE9424 62D78B 7F1F61 D635C1]

显示全部楼层 · 发表于 2007-7-22 15:25:51

已删除: 木马程序 Backdoor.Win32.Agent.ahj 文件: G:\样本\样本\a (19)[1]\a (2).exe
已删除: 木马程序 Trojan-PSW.Win32.Delf.wg 文件: G:\样本\样本\a (19)[1]\a (3).exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.vm 文件: G:\样本\样本\a (19)[1]\a (15).exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.abt 文件: G:\样本\样本\a (19)[1]\a (16).exe//PE_Patch//UPack
已删除: 病毒 Virus.Win32.AutoRun.en 文件: G:\样本\样本\a (19)[1]\a (18).exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.Delf.qc 文件: G:\样本\样本\a (19)[1]\a (4).exe//UPX
已删除: 病毒 Trojan.Generic (变种) 文件: G:\样本\样本\a (19)[1]\a (5).exe//PE_Patch.PECompact//PecBundle//PECompact
已删除: 木马程序 Trojan-Downloader.Win32.Banload.bpo 文件: G:\样本\样本\a (19)[1]\a (6).exe//PE_Patch.PECompact//PecBundle//PECompact
已删除: 病毒 Downloader (变种) 文件: G:\样本\样本\a (19)[1]\a (7).exe//PE_Patch.PECompact//PecBundle//PECompact
已删除: 病毒 Trojan.Generic (变种) 文件: G:\样本\样本\a (19)[1]\a (9).exe
已删除: 病毒 Trojan.Generic (变种) 文件: G:\样本\样本\a (19)[1]\a (10).exe
已删除: 木马程序 Trojan-Downloader.Win32.Tiny.gn 文件: G:\样本\样本\a (19)[1]\a (11).exe
已删除: 病毒 Trojan.Generic (变种) 文件: G:\样本\样本\a (19)[1]\a (12).exe
已删除: 木马程序 Backdoor.Win32.Agent.ahj 文件: G:\样本\样本\a (19)[1]\a (13).exe
已删除: 木马程序 Trojan-Downloader.Win32.Cryptic.gen 文件: G:\样本\样本\a (19)[1]\a (14).exe
已删除: 广告软件 not-a-virus:AdWare.Win32.Cinmus.j 文件: G:\样本\样本\a (19)[1]\a.exe//data0003//data0003
已删除: 广告软件 not-a-virus:AdWare.Win32.Cinmus.j 文件: G:\样本\样本\a (19)[1]\a.exe//data0003//data0004
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bto 文件: G:\样本\样本\a (19)[1]\a (1).exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-7-22 15:25:57

a (1).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Resun;;
a (10).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Popwin;;
a (11).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.DownLoader.26574;;
a (12).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);BackDoor.QQChin;;
a (13).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Popwin;;
a (14).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.DownLoader.14143;;
a (15).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.PWS.Wsgame;;
a (16).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.PWS.Wsgame;;
a (18).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.PWS.Qqpass.origin;;
a (2).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Popwin;;
a (3).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.MulDrop.6877;;
a (4).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.PWS.Gamania;;
a (5).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Probably DLOADER.Trojan;;
a (6).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.DownLoader.27530;;
a (7).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.DownLoader.origin;;
a (8).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Popwin;;
a (9).exe;D:\Documents and Settings\dell\桌面\新建文件夹 (2);Trojan.Popwin;;

[ 本帖最后由 scottxzt 于 2007-7-22 15:32 编辑 ]

显示全部楼层 · 发表于 2007-7-22 15:26:08

显示全部楼层 · 发表于 2007-7-22 15:26:50

卡6 奇怪我怎么才13个

[ 本帖最后由自由于 2007-7-22 16:20 编辑 ]

显示全部楼层 · 发表于 2007-7-22 15:28:42

Begin scan in 'D:\My Download\a (19)'
a (1).exe
   [DETECTION] Is the Trojan horse TR/Dldr.Onlineg.A.1
   [WARNING] The file was ignored!
a (10).exe
   [DETECTION] Is the Trojan horse TR/Popwin.X
   [WARNING] The file was ignored!
a (11).exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.AF.12
   [WARNING] The file was ignored!
a (12).exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YTS Backdoor server programs
   [WARNING] The file was ignored!
a (13).exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.752 Backdoor server programs
   [WARNING] The file was ignored!
a (14).exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [WARNING] The file was ignored!
a (15).exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.VM.8
   [WARNING] The file was ignored!
a (16).exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [WARNING] The file was ignored!
a (18).exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
a (2).exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.752 Backdoor server programs
   [WARNING] The file was ignored!
a (3).exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.WG
   [WARNING] The file was ignored!
a (4).exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.QC.40
   [WARNING] The file was ignored!
a (5).exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
a (6).exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
a (7).exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
a (8).exe
   [DETECTION] Is the Trojan horse TR/Popwin.DC
   [WARNING] The file was ignored!
a (9).exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
a.exe
   [DETECTION] Contains signature of the dropper DR/Cinmus.J.187
   [WARNING] The file was ignored!

End of the scan: 2007年7月22日  15:27
Used time: 00:11 min

The scan has been done completely.

   1 Scanning directories
   19 Files were scanned
   18 viruses and/or unwanted programs were found
   1 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   18 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-22 15:28:43

全灭
C:\ABC\a_(19)\a (1).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\a_(19)\a (10).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a (11).exe - 特征码 'Trojan-Downloader.26574' 被发现
C:\ABC\a_(19)\a (12).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a (13).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a (14).exe - 特征码 'Trojan-Downloader.Win32.Cryptic.c' 被发现
C:\ABC\a_(19)\a (15).exe - 特征码 'Trojan-PWS.Win32.OnLineGames.vm' 被发现
C:\ABC\a_(19)\a (16).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\a_(19)\a (17).exe - 特征码 'Trojan.Delf.NEB' 被发现
C:\ABC\a_(19)\a (18).exe - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\a_(19)\a (2).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a (3).exe - 特征码 'Trojan-PWS.Win32.Delf.wg' 被发现
C:\ABC\a_(19)\a (4).exe - 特征码 'Trojan-Spy.Win32.Delf.PG' 被发现
C:\ABC\a_(19)\a (5).exe - 特征码 'Worm.Win32.Agent.t' 被发现
C:\ABC\a_(19)\a (6).exe - 可疑代码段被发现 (Level: 150)
C:\ABC\a_(19)\a (7).exe - 特征码 'BehavesLikeTrojan.Downloader' 被发现
C:\ABC\a_(19)\a (8).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a (9).exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\a_(19)\a.exe - 特征码 'not-a-virus:AdWare.Win32.Cinmus.f' 被发现

      19 个文件被扫描
      (0 个压缩档 0 个文件)
      18 个特征码被侦测
      1 个可疑代码段被发现
      耗时: 0:00.453

显示全部楼层 · 发表于 2007-7-22 15:30:28

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.DL.Win32.Agent.wlr
病毒： Trojan.DL.Win32.Agent.wsg
病毒： Trojan.IMMSG.Win32.TBMSG.hx
病毒： Trojan.DL.Small.sdd
病毒： Trojan.PSW.OnlineGames.cad
病毒： Trojan.PSW.Win32.OnlineGames.dlr
病毒： Trojan.DL.Win32.Agent.wyy
病毒： Trojan.DL.Mnless.ans
病毒： Trojan.PSW.Agent.kat
病毒： Worm.Win32.Cnt.b
病毒： Trojan.IMMSG.Win32.TBMSG.ir

用户来源：互联网

软件版本：19.32.61

14个

显示全部楼层 · 发表于 2007-7-22 15:31:44

金山全挂！！！
微点：
木马名称:Trojan-PSW.Win32.Delf.dvh

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (4).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Banload.cwg

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (6).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Tiny.tm

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (11).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.dch

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (12).EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.ctr

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (13).EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.VB.dgc

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (14).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.imr

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.cvq

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (2).EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Delf.efy

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (3).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.Delf.efy

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (3).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.ekk

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (15).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.apa

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (8).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.apa

程序:
C:\WINDOWS.0\SYSTEM32\KUSN33SD.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (8).EXE
1) C:\WINDOWS.0\SYSTEM32\KILLME.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (8).EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (10).EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\7EA6B01E.EXE
2) C:\WINDOWS.0\SYSTEM32\744DFECF.DLL
3) C:\WINDOWS.0\SYSTEM32\DELME.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (10).EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\7EA6B01E.EXE
2) C:\WINDOWS.0\SYSTEM32\744DFECF.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (10).EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DELME.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (18).EXE
由
E:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) E:\AUTORUN.EXE
2) E:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
E:\AUTORUN.EXE

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\1246.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (5).EXE
由
D:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) D:\NIQAV.EXE
2) D:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
D:\NIQAV.EXE

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\A (19)[1]\A (7).EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1420
远端地址:202.102.201.91(安徽·阜阳)
远端端口:80

a(17).exe微点不报，没有衍生物，没有修改注册表
好厉害的毒啊

显示全部楼层 · 发表于 2007-7-22 15:43:08

19个
detected: virus Heur.Downloader (modification) File: E:\Ñù±¾\bingdu\a (18).exe
detected: Trojan program Trojan-PSW.Win32.Delf.qc File: E:\Ñù±¾\bingdu\a (4).exe//UPX
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\a (5).exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-Downloader.Win32.Banload.bpo File: E:\Ñù±¾\bingdu\a (6).exe//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Heur.Downloader (modification) File: E:\Ñù±¾\bingdu\a (7).exe//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\a (8).exe
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\a (9).exe
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\a (10).exe
detected: Trojan program Trojan-Downloader.Win32.Tiny.gn File: E:\Ñù±¾\bingdu\a (11).exe
detected: virus Heur.Trojan.Generic (modification) File: E:\Ñù±¾\bingdu\a (12).exe
detected: Trojan program Backdoor.Win32.Agent.ahj File: E:\Ñù±¾\bingdu\a (13).exe
detected: Trojan program Trojan-Downloader.Win32.Cryptic.gen File: E:\Ñù±¾\bingdu\a (14).exe
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: E:\Ñù±¾\bingdu\a.exe//data0003//data0003
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: E:\Ñù±¾\bingdu\a.exe//data0003//data0004
detected: Trojan program Trojan-Downloader.Win32.Agent.bto File: E:\Ñù±¾\bingdu\a (1).exe//PE_Patch//UPack
detected: Trojan program Backdoor.Win32.Agent.ahj File: E:\Ñù±¾\bingdu\a (2).exe
detected: Trojan program Trojan-PSW.Win32.Delf.wg File: E:\Ñù±¾\bingdu\a (3).exe//FSG
detected: Trojan program Trojan-PSW.Win32.OnLineGames.vm File: E:\Ñù±¾\bingdu\a (15).exe//FSG
detected: Trojan program Trojan-PSW.Win32.OnLineGames.abt File: E:\Ñù±¾\bingdu\a (16).exe//PE_Patch//UPack

[病毒样本] 19 个

本帖子中包含更多资源

少二个广告

本帖子中包含更多资源

本帖子中包含更多资源