跟新[08a9b1][f9b338][4dab17]

显示全部楼层 · 发表于 2007-7-22 17:06:35

更新了

显示全部楼层 · 发表于 2007-7-22 17:11:18

C:\Documents and Settings\Administrator\桌面\3.zi
p>>123.exe>>avp.exe Trojan.Win32.Agent.iok
只杀了一个剩下的上报

显示全部楼层 · 发表于 2007-7-22 17:12:00

avast拦截了,报Win32:Delf-ECV [Trj]

显示全部楼层 · 发表于 2007-7-22 17:14:05

已检测到: 病毒 Trojan.Generic (变种) URL: http://bbs.kafan.cn/attachment.p ... ck//PE_Patch.MaskPE

显示全部楼层 · 发表于 2007-7-22 17:14:46

Scan performed at: 2007-7-22 17:12:07
Scanning Log
NOD32 version 2411 (20070721) NT
Command line: C:\Documents and Settings\EQ2\桌面\3\123 C:\Documents and Settings\EQ2\桌面\3\mminstall.exe C:\Documents and Settings\EQ2\桌面\3\myself.exe
Operating memory - is OK

Date: 22.7.2007 Time: 17:12:12
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\3\123\; C:\Documents and Settings\EQ2\桌面\3\mminstall.exe; C:\Documents and Settings\EQ2\桌面\3\myself.exe
C:\Documents and Settings\EQ2\桌面\3\123\b-mke.exe - a variant of Win32/TrojanDownloader.Delf.AXB trojan
C:\Documents and Settings\EQ2\桌面\3\mminstall.exe - probably a variant of Win32/TrojanDownloader.QQHelper.NDF trojan
C:\Documents and Settings\EQ2\桌面\3\myself.exe - probably a variant of Win32/Genetik trojan
Number of scanned files: 4
Number of threats found: 3
Number of files cleaned: 3
Time of completion: 17:12:15 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-7-22 17:14:57

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\3.zip'
C:\Documents and Settings\Administrator\桌面\
  3.zip
[0] Archive type: ZIP
--> mminstall.exe
--> myself.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 123.exe
      [INFO]    A backup was created as '471d1fcb.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!
一个，不杀的上报。

显示全部楼层 · 发表于 2007-7-22 17:15:13

微点：
木马名称:Trojan.BAT.KillAV.o

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\IXP000.TMP\AVP.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX02.688\MMINSTALL.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2979
远端地址:58.211.7.35(江苏·苏州)
远端端口:80

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX04.610\MYSELF.EXE
木马程序生成以下文件:
1) D:\MYPLAYER.COM
2) C:\WINDOWS.0\SYSTEM32\ALXRES070721.EXE
3) C:\WINDOWS.0\SYSTEM32\INF\SCRSYS070721.SCR
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX06.125\MYSELF.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
mminstall是病毒么？

显示全部楼层 · 发表于 2007-7-22 17:26:25

晕今天咖啡继续不报

显示全部楼层 · 发表于 2007-7-22 17:55:50

2个

显示全部楼层 · 发表于 2007-7-22 20:17:46

avp.exe直接ws..

Scanned disks, folders and files: F:\3\
F:\3\b-mke.exe - a variant of Win32/TrojanDownloader.Delf.AXB trojan
F:\3\mminstall.exe - probably a variant of Win32/TrojanDownloader.QQHelper.NDF trojan
F:\3\myself.exe - probably a variant of Win32/Genetik trojan

[病毒样本] 跟新[08a9b1][f9b338][4dab17]

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块