6+3[MD5: 978374 6BD815 DE9CEC 6AB7DA 7BA4D1 43EEBA 43090F 7FF4A7 19FFF6]

qianwenxiang

[MD5: 978374 6BD815 DE9CEC 6AB7DA 7BA4D1 43EEBA 43090F 7FF4A7 19FFF6]

有三个不确定  但是也有杀软报了

FBAV

===============================================
   ___________病毒查杀结果__________________


===============================================

2007年5月23日18时0分59秒 开始查杀C:\Documents and Settings\Administrator\桌面\virus\malware
C:\Documents and Settings\Administrator\桌面\virus\malware\j.exe 发现未知可疑文件:Win32.NkHack.Upack.A 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\virus\malware\2009.exe 发现未知可疑文件:Win32.Unknow 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\virus\malware\xxx.exe 发现未知可疑文件:Win32.NkHack.Upack.A 操作:阻止运行
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\malware\VServer.exe
****************************
您应该引起注意的文件:

-----------------------------------------


=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。


C:\Documents and Settings\Administrator\桌面\virus\malware\theopen.exe 带壳文件:UPX加壳
-----------------------------------------

2007年5月23日18时0分59秒收起线程…100% 查杀完毕！
扫描文件：9查杀病毒：4

promised

C:\ABC\ABC\2009.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\ABC\diybar2.dll - 特征码 'not-a-virus:AdWare.Win32.Diybar.b' 被发现
C:\ABC\ABC\j.exe - 特征码 'Trojan-PWS.Win32.Agent.jp' 被发现
C:\ABC\ABC\main.exe - 特征码 'Trojan-PWS.Win32.Nilage.bbr' 被发现
C:\ABC\ABC\NetInstaller.exe - 特征码 'not-a-virus:Downloader.Win32.WinFixer.o' 被发现
C:\ABC\ABC\theopen.exe - 特征码 'Trojan.Win32.Qhost.ip' 被发现
C:\ABC\ABC\VServer.exe - 可疑代码段 被发现 (Level: 75)
C:\ABC\ABC\xxx.exe - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\ABC\10004\[NSIS].nsi
C:\ABC\ABC\10004\$TEMP\HelpIE.dll - 特征码 'not-a-virus:AdWare.Win32.BHO.cf' 被发现
C:\ABC\ABC\10004\$TEMP\mshtmlsed.exe - 特征码 'not-a-virus:AdWare.Win32.BHO.cf' 被发现
C:\ABC\ABC\10004\$TEMP\player.dll - 特征码 'not-a-virus:AdWare.Win32.Agent.bx' 被发现
C:\ABC\ABC\10004\$TEMP\RGInstall.dll
C:\ABC\ABC\10004\$TEMP\usb8028.sys - 特征码 'not-a-virus:AdWare.Win32.WSearch.l' 被发现
C:\ABC\ABC\10004\$TEMP\usb8028x.sys
C:\ABC\ABC\10004\$TEMP\$PLUGINSDIR\System.dll

        16 个文件被扫描
          (0 个压缩档 0 个文件)
        11 个特征码被侦测
        1 个可疑代码段被发现
        耗时: 0:03.235

promised

除了VServer.exe其他都有问题

风雪

1185185054,2007-7-23 18:04:14,TrojanDropper.Agent.bbi.fxot,木马,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\2009.exe,Manual scan
1185185054,2007-7-23 18:04:14,Adware.Diybar.b.aly.dll,广告程序,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\diybar2.dll,Manual scan
1185185054,2007-7-23 18:04:14,TrojanDownloader.Agent.bly.dmbv,木马,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\j.exe,Manual scan
1185185054,2007-7-23 18:04:14,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\main.exe,Manual scan
1185185054,2007-7-23 18:04:14,Downloader.WinFixer.o.rze,黑客工具,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\NetInstaller.exe,Manual scan
1185185054,2007-7-23 18:04:14,Adware.Clicker.to.fpso,广告程序,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\theopen.exe,Manual scan
1185185054,2007-7-23 18:04:14,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\新建文件夹\xxx.exe,Manual scan
费尔

rasis

malware\10004.exe
      [DETECTION] Contains signature of the dropper DR/BHO.CF
      [WARNING]   The file was ignored!
malware\2009.exe
      [DETECTION] Is the Trojan horse TR/Drop.Multi.P.1
      [WARNING]   The file was ignored!
malware\diybar2.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Diybar.B
      [WARNING]   The file was ignored!
malware\j.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.NSE
      [WARNING]   The file was ignored!
malware\main.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING]   The file was ignored!
malware\theopen.exe
      [DETECTION] Is the Trojan horse TR/Qhost.IS
      [WARNING]   The file was ignored!
Begin scan in '不确定'
不确定\NetInstaller.exe
      [DETECTION] Contains signature of the SPR/Dldr.WinFixer.O.107 program
      [WARNING]   The file was ignored!
不确定\VServer.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING]   The file was ignored!

xxwpk007

已删除: 广告软件 not-a-virus:AdWare.Win32.Diybar.b        文件: G:\样本\样本\malware[1]\diybar2.dll
已删除: 病毒 Packed.Win32.NSAnti.r        文件: G:\样本\样本\malware[1]\main.exe
已删除: 广告软件 not-a-virus:AdWare.Win32.Agent.bx        文件: G:\样本\样本\malware[1]\10004.exe//stream//data0001
已删除: 广告软件 not-a-virus:AdWare.Win32.BHO.cf        文件: G:\样本\样本\malware[1]\10004.exe//stream//data0002
已删除: 广告软件 not-a-virus:AdWare.Win32.WSearch.n        文件: G:\样本\样本\malware[1]\10004.exe//stream//data0003
已删除: 广告软件 not-a-virus:AdWare.Win32.BHO.cf        文件: G:\样本\样本\malware[1]\10004.exe//stream//data0005
已删除: 广告软件 not-a-virus:AdWare.Win32.BHO.cf        文件: G:\样本\样本\malware[1]\10004.exe//stream//data0006
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bly        文件: G:\样本\样本\malware[1]\j.exe//UPack
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bbi        文件: G:\样本\样本\malware[1]\2009.exe//PE_Patch//UPack
已删除: 木马程序 Trojan.Win32.Qhost.ke        文件: G:\样本\样本\malware[1]\theopen.exe//PE_Patch.UPX//UPX

已删除: 风险软件 not-a-virus:Downloader.Win32.WinFixer.o        文件: G:\样本\样本\不确定[1]\NetInstaller.exe
已删除: 病毒 Packed.Win32.CryptExe (变种)        文件: G:\样本\样本\不确定[1]\VServer.exe

欠妳緈諨

6

hj5abc

diybar.dll...pass
xxx.exe.. pass

Scanning Log
NOD32 version 2412 (20070723) NT
Command line: F:\malware[1] F:\不确定[1]
Operating memory - is OK

Date: 23.7.2007  Time: 18:28:03
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\malware[1]\; F:\不确定[1]\
F:\malware[1]\10004.exe ?NSIS ?player.dll - probably a variant of Win32/Adware.Agent application
F:\malware[1]\10004.exe ?NSIS ?RGInstall.dll - probably a variant of Win32/Adware.BHO application
F:\malware[1]\10004.exe ?NSIS ?usb8028x.sys - Win32/Adware.BHO.CF application
F:\malware[1]\10004.exe ?NSIS ?HelpIE.dll - probably a variant of Win32/Adware.BHO application
F:\malware[1]\10004.exe ?NSIS ?mshtmlsed.exe - probably a variant of Win32/Adware.BHO application
F:\malware[1]\2009.exe - a variant of Win32/Agent.NEO trojan
F:\malware[1]\j.exe - Win32/TrojanDownloader.Delf.NSE trojan
F:\malware[1]\main.exe - Win32/Pacex.Gen virus
F:\malware[1]\theopen.exe - a variant of Win32/Qhost.IP trojan
F:\不确定[1]\NetInstaller.exe - probably a variant of Win32/Adware.WinFixer application
Number of scanned files: 16
Number of threats found: 10
Number of files cleaned: 6
Time of completion: 18:28:10 Total scanning time: 7 sec (00:00:07)

wangjay1980

detected: adware not-a-virus:AdWare.Win32.Diybar.b        File: E:\Ñù±¾\bingdu\diybar2.dll
detected: virus Packed.Win32.NSAnti.r        File: E:\Ñù±¾\bingdu\main.exe
detected: adware not-a-virus:AdWare.Win32.Agent.bx        File: E:\Ñù±¾\bingdu\10004.exe//stream//data0001
detected: adware not-a-virus:AdWare.Win32.BHO.cf        File: E:\Ñù±¾\bingdu\10004.exe//stream//data0002
detected: adware not-a-virus:AdWare.Win32.WSearch.n        File: E:\Ñù±¾\bingdu\10004.exe//stream//data0003
detected: adware not-a-virus:AdWare.Win32.BHO.cf        File: E:\Ñù±¾\bingdu\10004.exe//stream//data0005
detected: adware not-a-virus:AdWare.Win32.BHO.cf        File: E:\Ñù±¾\bingdu\10004.exe//stream//data0006
detected: Trojan program Trojan-Downloader.Win32.Agent.bly        File: E:\Ñù±¾\bingdu\j.exe//UPack
detected: Trojan program Trojan-Dropper.Win32.Agent.bbi        File: E:\Ñù±¾\bingdu\2009.exe//PE_Patch//UPack
detected: Trojan program Trojan.Win32.Qhost.ke        File: E:\Ñù±¾\bingdu\theopen.exe//PE_Patch.UPX//UPX
detected: riskware not-a-virus:Downloader.Win32.WinFixer.o        File: E:\Ñù±¾\bingdu\NetInstaller.exe
detected: virus Packed.Win32.CryptExe (modification)        File: E:\Ñù±¾\bingdu\VServer.exe