[MD5: DDD1E5 FEDAFF FD555A 0AC724 349BAE D979D4]

tonger2003

pine

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.zip'
C:\Documents and Settings\Administrator\桌面\样本.zip
  [0] Archive type: ZIP
  --> 62205.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YTS Backdoor server programs
  --> cc_231.exe
      [DETECTION] Is the Trojan horse TR/Popwin.DC
  --> pv0009.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> 1093.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 1012.exe
      [DETECTION] Is the Trojan horse TR/Popwin.X
  --> 2209.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was deleted!


End of the scan: 2007年7月22日  16:06
Used time: 00:03 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      6 viruses and/or unwanted programs were found
      1 classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found

红心王子

C:\Documents and Settings\Administrator\桌面\样本
.zip>>cc_231.exe          Trojan.IMMSG.Win32.TBMSG.ir
漏杀了5个 上报

scottxzt

1012.exe;D:\Documents and Settings\dell\桌面\新建文件夹;Trojan.Popwin;Deleted.;
1093.exe;D:\Documents and Settings\dell\桌面\新建文件夹;Trojan.DownLoader.origin;Deleted.;
2209.exe;D:\Documents and Settings\dell\桌面\新建文件夹;Trojan.Popwin;Deleted.;
62205.exe;D:\Documents and Settings\dell\桌面\新建文件夹;BackDoor.QQChin;Deleted.;
cc_231.exe;D:\Documents and Settings\dell\桌面\新建文件夹;Trojan.Popwin;Deleted.;
pv0009.exe\data001;D:\Documents and Settings\dell\桌面\新建文件夹\pv0009.exe;Trojan.Resun.origin;;
pv0009.exe\data002;D:\Documents and Settings\dell\桌面\新建文件夹\pv0009.exe;Adware.Mokead.origin;;
pv0009.exe;D:\Documents and Settings\dell\桌面\新建文件夹;Archive contains infected objects;Deleted.;

xiaopangmd

扫描开始时间: 2007-7-22 16:11:05
扫描日志
NOD32 版本 2411 (20070721) NT
命令行: C:\Documents and Settings\Martin\桌面\样本.zip
系统内存<病毒 - >

日期: 2007年7月22日  时间: 16:11:22
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Martin\桌面\样本.zip
C:\Documents and Settings\Martin\桌面\样本.zip ?ZIP ?62205.exe<病毒 - 可能是 Win32/Agent.NEO 木马 变种>
C:\Documents and Settings\Martin\桌面\样本.zip ?ZIP ?cc_231.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Martin\桌面\样本.zip ?ZIP ?1093.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Martin\桌面\样本.zip ?ZIP ?1012.exe<病毒 - 可能是 Win32/Agent.NEO 木马 变种>
C:\Documents and Settings\Martin\桌面\样本.zip ?ZIP ?2209.exe<病毒 - 可能是 Win32/Agent.NEO 木马 变种>
已扫描文件数量: 7
已发现病毒数量: 5
已清除病毒的文件数量: 1
完成时间: 16:11:30 总共扫描时间: 8 秒 (00:00:08)

注意:
[7] 文件可能感染了未知病毒。

wangjay1980

detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.zip/62205.exe
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.zip/cc_231.exe
detected: virus Heur.Downloader (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.zip/1093.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.zip/1012.exe
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.zip/2209.exe

woai_jolin

2007/7/22 16:23:22        Scanning Log
2007/7/22 16:23:22        Version of virus signature database: 2411 (20070721)
2007/7/22 16:23:22        Date: 22.7.2007  Time: 16:23:22
2007/7/22 16:23:22        Scanned disks, folders and files: F:\v\
2007/7/22 16:23:27        F:\v\样本.zip - multiple threats - deleted - quarantined
2007/7/22 16:23:27        F:\v\样本.zip &raquo; ZIP &raquo; 62205.exe - probably a variant of Win32/Agent.NEO trojan
2007/7/22 16:23:27        F:\v\样本.zip &raquo; ZIP &raquo; cc_231.exe - probably a variant of Win32/Genetik trojan
2007/7/22 16:23:27        F:\v\样本.zip &raquo; ZIP &raquo; 1093.exe - probably unknown NewHeur_PE virus [7]
2007/7/22 16:23:27        F:\v\样本.zip &raquo; ZIP &raquo; 1012.exe - probably a variant of Win32/Agent.NEO trojan
2007/7/22 16:23:27        F:\v\样本.zip &raquo; ZIP &raquo; 2209.exe - probably a variant of Win32/Agent.NEO trojan
2007/7/22 16:23:27        Number of scanned files: 7
2007/7/22 16:23:27        Number of threats found: 5
2007/7/22 16:23:27        Time of completion: 16:23:27  Total scanning time: 5 sec (00:00:05)
2007/7/22 16:23:27        Notes:
2007/7/22 16:23:27        [7] File is probably infected with an unknown virus.

微点卫士

金山报2个！

微点：
蠕虫名称:Worm.Win32.Agent.dch

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.219\62205.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.apa

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.219\CC_231.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Agent.dch

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX01.391\62205.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.219\1012.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\7EA6B01E.EXE
是否删除木马程序及其衍生物?
木马名称:Trojan.Win32.Genetik.apa

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX01.391\CC_231.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.219\1012.EXE
木马程序生成以下文件:
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX01.391\1012.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

taitan001

F:\样本.zip:<ZIP>\62205.exe : infected BackDoor.QQChin
F:\样本.zip:<ZIP>\1012.exe : is suspected of Trojan-PSW.Game.63 (paranoid heuristics)
F:\样本.zip:<ZIP>\2209.exe : infected Backdoor.Win32.Agent.ahj

wangjay1980

Hello,

1012.exek - Trojan-Downloader.Win32.Small.ejw,
1093.exek - Trojan-Downloader.Win32.Delf.boz,
2209.exek, 62205.exek, cc_231.exek - Backdoor.Win32.Agent.ahj,

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

pv0009.exek - not-a-virus:AdWare.Win32.AdMoke.ba

This file is an Advertizing Tool, It's detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.