20个，md5内详

显示全部楼层 · 发表于 2007-7-25 08:02:46

有些不是毒把
可以算广告
Trojan.RAR.KillFiles.a.exe这个有什么问题？
自解压释放一个.txt文件
;下面的注释包含自解压脚本命令

Path=C:\Program Files\
SavePath
Silent=1
Overwrite=1
Delete=\装机人员工具

显示全部楼层 · 发表于 2007-7-25 09:02:50

金山报9个病毒,4个风险程序

微点:
木马名称:Backdoor.Win32.VB.ai

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\BACKDOOR.WIN32.VB.GEN.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Delf.tf

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NOT-A-VIRUS ADWARE.WIN32.DM.R.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.DNSChanger.qu

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\TROJAN.WIN32.DNSCHANGER.EN.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Keenval.c

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\TROJAN-DOWNLOADER.WIN32.KEENVAL.KEENVAL
是木马程序!
已成功阻止其运行,是否要删除此文件?
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NOT-A-VIRUS PORN-DIALER.WIN32.ADULTBROWSER.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2116
远端地址:195.13.105.133(英国)
远端端口:80

木马名称:Trojan.Win32.DNSChanger.iy

程序:
C:\PROGRAM FILES\HQVIDEO\REGISTER.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\TROJAN-DOWNLOADER.WIN32.BOMKA.R.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\ADROTATE.DLL
是否删除木马程序及其衍生物?

其中有几个微点挂了,上报
2个广告微点还是挂了

显示全部楼层 · 发表于 2007-7-25 09:06:25

AntiVir PersonalEdition Classic
Report file date: 2007年7月25日  09:05

Scanning for 976723 virus strains and unwanted programs.

Licensed to:    Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform:       Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:       Administrator
Computer name: 73CA97B124D04CD

Version information:
BUILD.DAT : 247          14437 Bytes 2007-5-10 11:55:00
AVSCAN.EXE : 7.0.4.15    282664 Bytes 2007-7-2 17:44:58
AVSCAN.DLL : 7.0.4.4    33832 Bytes 2007-7-2 17:44:58
LUKE.DLL    : 7.0.4.11    143400 Bytes 2007-7-2 17:44:58
LUKERES.DLL  : 7.0.4.0    10280 Bytes 2007-7-2 17:44:58
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-5-31 06:14:26
ANTIVIR1.VDF : 6.39.0.129  7251968 Bytes 2007-7-10 10:37:10
ANTIVIR2.VDF : 6.39.0.177 762368 Bytes 2007-7-23 10:37:10
ANTIVIR3.VDF : 6.39.0.180 25600 Bytes 2007-7-23 10:37:12
AVEWIN32.DLL : 7.4.0.44 2499072 Bytes 2007-7-18 08:05:42
AVWINLL.DLL  : 1.0.0.7    14376 Bytes 2007-7-2 17:44:58
AVPREF.DLL : 7.0.2.1    24616 Bytes 2007-7-2 17:44:58
AVREP.DLL : 7.0.0.1    155688 Bytes 2007-7-23 10:36:04
AVPACK32.DLL : 7.3.0.13    360488 Bytes 2007-6-27 06:29:10
AVREG.DLL : 7.0.1.2    31784 Bytes 2007-7-2 17:44:58
AVEVTLOG.DLL : 7.0.0.18    86056 Bytes 2007-7-2 17:44:56
AVARKT.DLL : 1.0.0.17    278568 Bytes 2007-7-2 17:44:56
NETNT.DLL : 7.0.0.0       7720 Bytes 2007-7-2 17:44:58
RCIMAGE.DLL  : 7.0.1.15 2228264 Bytes 2007-7-2 17:44:58
RCTEXT.DLL : 7.0.45.0    86056 Bytes 2007-7-2 17:45:00

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\923bbb2a.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

显示全部楼层 · 发表于 2007-7-25 09:46:37

正解。里面好像是正常的。

[ 本帖最后由曲中求于 2007-7-25 09:50 编辑 ]

显示全部楼层 · 发表于 2007-7-25 11:04:38

sav17个～熊猫不错啊……

显示全部楼层 · 发表于 2007-7-25 16:29:15

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.02
nvcbin.def revision 5.90.00 of 2007/07/24 08:21:08 (815016 variants)
nvcmacro.def revision 5.90.00 of 2007/06/29 06:32:19 (20341 variants)
Total number of variants: 835357
Command line: "@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~OD1C.tmp"
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: F:\vv\新建文件夹\
      0 ms F:\vv\新建文件夹\Backdoor.Win32.Agobot.oz.oz
      0 ms F:\vv\新建文件夹\Backdoor.Win32.Agobot.rd
   16 ms F:\vv\新建文件夹\Backdoor.Win32.VB.gen.exe                Backdoor W32/VBDoor.AVH ()
   16 ms F:\vv\新建文件夹\not-a-virus AdWare.Win32.AdHelper.gen.dll Aggressive commersial W32/Adhelper.HM ()
   16 ms F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.n.exe          Aggressive commersial W32/DesktopMedia.AR ()
      0 ms F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.r.dll          Aggressive commersial W32/DesktopMedia.BT ()
      0 ms F:\vv\新建文件夹\not-a-virus AdWare.Win32.SurfSide.ay.exe Aggressive commersial W32/SurfSide.EN ()
   16 ms F:\vv\新建文件夹\not-a-virus AdWare.Win32.WSearch.j.dll    Aggressive commersial W32/WSearch.CN ()
      0 ms F:\vv\新建文件夹\not-a-virus Porn-Dialer.Win32.AdultBrowser.exe Trojan W32/Dialer.OYM ()
   16 ms F:\vv\新建文件夹\Trojan-AOL.Win16.Bill                      Trojan Win/AOLPass.PV ()
   31 ms F:\vv\新建文件夹\Trojan-Downloader.JS.Psyme.exe             Trojan DLoader.CYJG ()
      0 ms F:\vv\新建文件夹\Trojan-Downloader.Win32.Bomka.r.exe       Trojan W32/Smalltroj.AYA ()
   16 ms F:\vv\新建文件夹\Trojan-Downloader.Win32.Keenval.Keenval    Trojan Keenval.F ()
   1047 ms F:\vv\新建文件夹\Trojan.BAT.Agent.x.exe
   859 ms F:\vv\新建文件夹\Trojan.BAT.KillAV.eb.exe
   969 ms F:\vv\新建文件夹\Trojan.RAR.KillFiles.a.exe
   31 ms F:\vv\新建文件夹\Trojan.Win32.DNSChanger.en.exe             Trojan Zlob.PJU ()
   16 ms F:\vv\新建文件夹\Trojan.Win32.DNSChanger.es.exe             Trojan Zlob.BBX ()
      0 ms F:\vv\新建文件夹\Trojan.Win32.Qhost.kz.exe                Trojan Qhost.AEF ()
   15 ms F:\vv\新建文件夹\Type_Win32.dll
- File F:\vv\新建文件夹\Backdoor.Win32.VB.gen.exe quarantined.
- File F:\vv\新建文件夹\Backdoor.Win32.VB.gen.exe deleted.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.AdHelper.gen.dll quarantined.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.AdHelper.gen.dll deleted.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.n.exe quarantined.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.n.exe deleted.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.r.dll quarantined.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.Dm.r.dll deleted.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.SurfSide.ay.exe quarantined.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.SurfSide.ay.exe deleted.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.WSearch.j.dll quarantined.
- File F:\vv\新建文件夹\not-a-virus AdWare.Win32.WSearch.j.dll deleted.
- File F:\vv\新建文件夹\not-a-virus Porn-Dialer.Win32.AdultBrowser.exe quarantined.
- File F:\vv\新建文件夹\not-a-virus Porn-Dialer.Win32.AdultBrowser.exe deleted.
- File F:\vv\新建文件夹\Trojan-AOL.Win16.Bill quarantined.
- File F:\vv\新建文件夹\Trojan-AOL.Win16.Bill deleted.
- File F:\vv\新建文件夹\Trojan-Downloader.JS.Psyme.exe quarantined.
- File F:\vv\新建文件夹\Trojan-Downloader.JS.Psyme.exe deleted.
- File F:\vv\新建文件夹\Trojan-Downloader.Win32.Bomka.r.exe quarantined.
- File F:\vv\新建文件夹\Trojan-Downloader.Win32.Bomka.r.exe deleted.
- File F:\vv\新建文件夹\Trojan-Downloader.Win32.Keenval.Keenval quarantined.
- File F:\vv\新建文件夹\Trojan-Downloader.Win32.Keenval.Keenval deleted.
- File F:\vv\新建文件夹\Trojan.Win32.DNSChanger.en.exe quarantined.
- File F:\vv\新建文件夹\Trojan.Win32.DNSChanger.en.exe deleted.
- File F:\vv\新建文件夹\Trojan.Win32.DNSChanger.es.exe quarantined.
- File F:\vv\新建文件夹\Trojan.Win32.DNSChanger.es.exe deleted.
- File F:\vv\新建文件夹\Trojan.Win32.Qhost.kz.exe quarantined.
- File F:\vv\新建文件夹\Trojan.Win32.Qhost.kz.exe deleted.

===================================================================================================

The scanning started: 2007/07/25 16:29:10
            ended: 2007/07/25 16:29:13
Logged on as       : Administrator
on hostname       : 2FEA146376E2420

Scanning results:
Total number of files found..............................:    20
Number of files scanned..................................:    20
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    14

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-7-25 17:35:34

drweb没下载就杀了

显示全部楼层 · 发表于 2007-7-25 17:39:10

D:\download\t3\样本.rar:\Backdoor.Win32.Agobot.oz.oz - Signature 'Backdoor.Win32.Agobot.OZ' found
D:\download\t3\样本.rar

2 Files scanned
(1 Archive with 1 file)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.090

ik的解饱……

显示全部楼层 · 发表于 2007-7-26 09:48:13

19个

显示全部楼层 · 发表于 2007-7-26 10:08:12

McAfee13个.

[病毒样本] 20个，md5内详

回复 #21 lsyer 的帖子

drweb

本帖子中包含更多资源

本帖子中包含更多资源