毒网一个，爆多病毒...(更新，已把毒活捉)

显示全部楼层 · 发表于 2007-7-26 10:37:31

我终于知道了...不打补丁上网抓毒的话就可以成为毒王了

显示全部楼层 · 发表于 2007-7-26 10:41:46

C:\ABC\virus\新建文件夹\1.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\11Sy.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\12Sy.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\13.exe - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\virus\新建文件夹\13Sy.exe - 特征码 'Trojan.Win32.Agent.atj' 被发现
C:\ABC\virus\新建文件夹\14.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\19.exe - 特征码 'Backdoor.Win32.Agent.ahj' 被发现
C:\ABC\virus\新建文件夹\2.exe
C:\ABC\virus\新建文件夹\AlxRes070725.exe - 特征码 'Trojan-Spy.Win32.Agent.pn' 被发现
C:\ABC\virus\新建文件夹\autorun.inf
C:\ABC\virus\新建文件夹\CSRSS.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.acx' 被发现
C:\ABC\virus\新建文件夹\DataStore.edb
C:\ABC\virus\新建文件夹\Desktop.htt
C:\ABC\virus\新建文件夹\dhbini.dll
C:\ABC\virus\新建文件夹\edb.chk
C:\ABC\virus\新建文件夹\gfdwq.bbr - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\go.exe - 特征码 'BehavesLikeWin32.ExplorerHijack' 被发现
C:\ABC\virus\新建文件夹\go.vbs
C:\ABC\virus\新建文件夹\i.vbs
C:\ABC\virus\新建文件夹\INDEX.BTR
C:\ABC\virus\新建文件夹\INDEX.MAP
C:\ABC\virus\新建文件夹\ipp_0001.asp
C:\ABC\virus\新建文件夹\ipp_0002.asp
C:\ABC\virus\新建文件夹\ipp_0003.asp
C:\ABC\virus\新建文件夹\ipp_0004.asp
C:\ABC\virus\新建文件夹\ipp_0005.asp
C:\ABC\virus\新建文件夹\ipp_0006.asp
C:\ABC\virus\新建文件夹\ipp_0007.asp
C:\ABC\virus\新建文件夹\ipp_0010.asp
C:\ABC\virus\新建文件夹\ipp_0013.asp
C:\ABC\virus\新建文件夹\ipp_0014.asp
C:\ABC\virus\新建文件夹\ipp_0015.asp
C:\ABC\virus\新建文件夹\jzeini.dll
C:\ABC\virus\新建文件夹\LSASS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\LYLOADER.EXE - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\virus\新建文件夹\LYMANGR.DLL - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\virus\新建文件夹\madanlod.bat
C:\ABC\virus\新建文件夹\MAPPING.VER
C:\ABC\virus\新建文件夹\MAPPING1.MAP
C:\ABC\virus\新建文件夹\MAPPING2.MAP
C:\ABC\virus\新建文件夹\mppds.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\virus\新建文件夹\mppds.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.abx' 被发现
C:\ABC\virus\新建文件夹\MSDEG32.DLL - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\virus\新建文件夹\MSIMGSIZ.DAT
C:\ABC\virus\新建文件夹\msipfilter.dll - 特征码 'Trojan-Spy.Win32.Agent.sd' 被发现
C:\ABC\virus\新建文件夹\mywinsys.ini
C:\ABC\virus\新建文件夹\NewTemp.bak - 特征码 'BehavesLikeWin32.ExplorerHijack' 被发现
C:\ABC\virus\新建文件夹\NewTemp.bkk - 可疑代码段被发现 (Level: 90)
C:\ABC\virus\新建文件夹\NewTemp.dll - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\virus\新建文件夹\npf.sys
C:\ABC\virus\新建文件夹\nslkupi.exe - 特征码 'Trojan-PWS.Win32.Agent.jp' 被发现
C:\ABC\virus\新建文件夹\ntsokele.exe - 特征码 'Trojan-Spy.Win32.Goldun.pq' 被发现
C:\ABC\virus\新建文件夹\nwizhx2.exe - 特征码 'Trojan-PWS.Win32.Nilage.bjp' 被发现
C:\ABC\virus\新建文件夹\OBJECTS.DATA
C:\ABC\virus\新建文件夹\OBJECTS.MAP
C:\ABC\virus\新建文件夹\Packet.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\virus\新建文件夹\page1.asp
C:\ABC\virus\新建文件夹\PegeFile.pif - 特征码 'BehavesLikeWin32.ExplorerHijack' 被发现
C:\ABC\virus\新建文件夹\qjso.exe - 特征码 'Trojan-PWS.Win32.Nilage.bbr' 被发现
C:\ABC\virus\新建文件夹\qjso0.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.qo' 被发现
C:\ABC\virus\新建文件夹\RichDll.dll - 特征码 'Trojan-Downloader.Win32.Small.cwq' 被发现
C:\ABC\virus\新建文件夹\rising673.exe - 特征码 'Trojan-PWS.Win32.Delf.mc' 被发现
C:\ABC\virus\新建文件夹\rundl132.exe - 特征码 'Worm.Win32.Viking.lj' 被发现
C:\ABC\virus\新建文件夹\rxso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\rxso0.dll - 特征码 'Generic.PWS.Games' 被发现
C:\ABC\virus\新建文件夹\scrsys070725.scr - 特征码 'Trojan-Spy.Win32.Agent.pn' 被发现
C:\ABC\virus\新建文件夹\scrsys16_070725.dll - 特征码 'Trojan.Delf.NEB' 被发现
C:\ABC\virus\新建文件夹\scvhost.exe - 特征码 'Backdoor.Win32.Delf.awy' 被发现
C:\ABC\virus\新建文件夹\svchost.exe - 特征码 'Backdoor.Win32.Agent.ahj' 被发现
C:\ABC\virus\新建文件夹\sys332.exe - 特征码 'Worm.Win32.Viking.lj' 被发现
C:\ABC\virus\新建文件夹\SysWin64.Jmp - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\virus\新建文件夹\SysWin64.Sys - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\virus\新建文件夹\SysWin64.Tao - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\virus\新建文件夹\TIMHost.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.yn' 被发现
C:\ABC\virus\新建文件夹\TIMHost.exe - 特征码 'Trojan-PWS.WSGame.AV' 被发现
C:\ABC\virus\新建文件夹\tlso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\tlso0.dll - 特征码 'Generic.Onlinegames.3' 被发现
C:\ABC\virus\新建文件夹\upxdnd.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\virus\新建文件夹\upxdnd.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.zb' 被发现
C:\ABC\virus\新建文件夹\usbinte.sys - 特征码 'Trojan.Rootkit.Agent.NAW' 被发现
C:\ABC\virus\新建文件夹\WanPacket.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\virus\新建文件夹\wdbini.dll
C:\ABC\virus\新建文件夹\wdso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\wdso0.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.bs' 被发现
C:\ABC\virus\新建文件夹\wgso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\wgso0.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.abh' 被发现
C:\ABC\virus\新建文件夹\windhcp.ocx - 特征码 'Trojan.Win32.Agent.abf' 被发现
C:\ABC\virus\新建文件夹\WINLOGON.EXE - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\virus\新建文件夹\winsys16_070725.dll - 特征码 'Trojan.Delf.NEB' 被发现
C:\ABC\virus\新建文件夹\winsys32_070725.dll - 特征码 'Trojan-Spy.Win32.Agent.pn' 被发现
C:\ABC\virus\新建文件夹\wlso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\wlso0.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.qo' 被发现
C:\ABC\virus\新建文件夹\WMSDKNS.XML
C:\ABC\virus\新建文件夹\WMSDKNSD.XML
C:\ABC\virus\新建文件夹\wpcap.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\virus\新建文件夹\xyfini.dll
C:\ABC\virus\新建文件夹\ztso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\ztso0.dll - 特征码 'Trojan-PWS.Win32.Nilage.bjp' 被发现
C:\ABC\virus\新建文件夹\zxeini.dll
C:\ABC\virus\新建文件夹\zxso.exe - 特征码 'Backdoor.Win32.Rizo.a' 被发现
C:\ABC\virus\新建文件夹\zxso0.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.qo' 被发现
C:\ABC\virus\新建文件夹\_desktop.ini

104 个文件被扫描
(0 个压缩档 0 个文件)
63 个特征码被侦测
1 个可疑代码段被发现
耗时: 0:02.125
剩下的一些DLL，EXE有些死了，还有一点砸碎

显示全部楼层 · 发表于 2007-7-26 10:41:58

原帖由 tracydk 于 2007-7-26 10:37 发表
我终于知道了...不打补丁上网抓毒的话就可以成为毒王了

也不是这样说，我昨天捉了整个上午，也没捉到一个，如果不是在群接到这些流氓信息，我看我还是着不到哦，晕~~~~

显示全部楼层 · 发表于 2007-7-26 10:45:00

原帖由 Cloud018 于 2007-7-26 10:41 发表

也不是这样说，我昨天捉了整个上午，也没捉到一个，如果不是在群接到这些流氓信息，我看我还是着不到哦，晕~~~~

想中毒太简单...有指定的病毒网站,你可以在卡饭里找下,固定的..N多毒的..
而且还定期更新

显示全部楼层 · 发表于 2007-7-26 11:05:42

哦，原来是这样！

刚刚更新病毒库，卡巴还是有很多杀不到。
下面是卡巴现在还未报的，有谁有空上报？！

显示全部楼层 · 发表于 2007-7-26 11:40:17

微点:
木马名称:Trojan-PSW.Win32.OnLineGames.gtb

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\11SY.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.gpl

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\12SY.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Agent.gpm

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\13SY.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Delf.bkj

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\19.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.gtc

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\CSRSS.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.gme

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MPPDS.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Spy.Win32.Agent.bmn

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MSIPFILTER.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.ftb

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\NWIZHX2.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Agent.dem

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\QJSO.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Vikings.fqv

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RICHDLL.DLL
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Vikings.fqf

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RUNDL132.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Delf.bgs

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\SCVHOST.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Delf.bkj

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\SVCHOST.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Vikings.fqf

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\SYS332.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.gbi

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\TIMHOST.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.fzo

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\TIMHOST.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.gfd

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\UPXDND.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\13.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.SYS
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\14.EXE
1) C:\DELETEFILEDOS.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\14.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DHBPRI.DLL
2) C:\DELETEFILEDOS.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\GO.EXE
由
C:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NEWTEMP.BAK
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NEWTEMP.DLL
3) C:\PEGEFILE.PIF
4) D:\PEGEFILE.PIF
5) C:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
C:\PEGEFILE.PIF

是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\LSASS.EXE
1) C:\DELETEFILEDOS.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\LSASS.EXE
1) C:\DELETEFILEDOS.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\LYLOADER.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\LYLOADER.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\LYMANGR.DLL
3) C:\WINDOWS.0\SYSTEM32\LYMANGR.DLL
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MSDEG32.DLL
5) C:\WINDOWS.0\SYSTEM32\MSDEG32.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\NTSOKELE.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\NTSOKELE.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RISING673.EXE
由
C:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NEWTEMP.BAK
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NEWTEMP.DLL
3) C:\PEGEFILE.PIF
4) C:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
C:\PEGEFILE.PIF

是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RXSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RXSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RXSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\TLSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TLSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TLSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\WDSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WDSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WDSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\WGSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WGSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WGSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\WINLOGON.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.SYS
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\WLSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WLSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WLSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\ZTSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZTSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZTSO0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\ZXSO.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZXSO.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZXSO0.DLL
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\LYMANGR.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

1.EXE 2.EXE madanlod微点挂了,我上报

显示全部楼层 · 发表于 2007-7-26 11:45:29

江民没有反应，补丁都打了的，还在虚拟影子系统下

显示全部楼层 · 发表于 2007-7-26 12:24:05

11Sy.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.185
   [WARNING] The file was ignored!
12Sy.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.183
   [WARNING] The file was ignored!
13.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
13Sy.exe
   [DETECTION] Is the Trojan horse TR/Agent.atj.14
   [WARNING] The file was ignored!
14.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.206
   [WARNING] The file was ignored!
19.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YPT.1 Backdoor server programs
   [WARNING] The file was ignored!
AlxRes070725.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
CSRSS.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
   [WARNING] The file was ignored!
gfdwq.bbr
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
go.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
ipp_0001.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0002.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0003.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0004.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0005.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0006.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0007.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0010.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0013.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0014.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
ipp_0015.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
LSASS.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.Small.ewc.34
   [WARNING] The file was ignored!
LYLOADER.EXE
   [DETECTION] Contains signature of the dropper DR/PSW.Onlinegames.AVH.94
   [WARNING] The file was ignored!
LYMANGR.DLL
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
mppds.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
   [WARNING] The file was ignored!
mppds.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
   [WARNING] The file was ignored!
MSDEG32.DLL
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
   [WARNING] The file was ignored!
msipfilter.dll
   [DETECTION] Is the Trojan horse TR/Spy.Agent.SD.1
   [WARNING] The file was ignored!
NewTemp.bak
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
NewTemp.bkk
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
NewTemp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
nslkupi.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
   [WARNING] The file was ignored!
nwizhx2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
   [WARNING] The file was ignored!
page1.asp
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
   [WARNING] The file was ignored!
PegeFile.pif
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
qjso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
qjso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
RichDll.dll
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
rising673.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
   [WARNING] The file was ignored!
rundl132.exe
   [DETECTION] Is the Trojan horse TR/Spy.Viking.Gen
   [WARNING] The file was ignored!
rxso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
scrsys070725.scr
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
scvhost.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
   [WARNING] The file was ignored!
svchost.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YPT.1 Backdoor server programs
   [WARNING] The file was ignored!
sys332.exe
   [DETECTION] Is the Trojan horse TR/Spy.Viking.Gen
   [WARNING] The file was ignored!
SysWin64.Jmp
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
SysWin64.Sys
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
SysWin64.Tao
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
TIMHost.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.YN.136
   [WARNING] The file was ignored!
TIMHost.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
   [WARNING] The file was ignored!
tlso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
upxdnd.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
   [WARNING] The file was ignored!
upxdnd.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
   [WARNING] The file was ignored!
usbinte.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!
wdso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
wgso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
windhcp.ocx
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
   [WARNING] The file was ignored!
WINLOGON.EXE
   [DETECTION] Is the Trojan horse TR/Drop.Age.32873.C
   [WARNING] The file was ignored!
winsys32_070725.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
wlso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
ztso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
zxso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!

End of the scan: 2007年7月26日  12:23
Used time: 00:20 min

The scan has been done completely.

   1 Scanning directories
102 Files were scanned
   62 viruses and/or unwanted programs were found
   20 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   20 Files not concerned
   0 Archives were scanned
   62 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-26 16:32:01

原帖由 tracydk 于 2007-7-26 09:47 发表
费尔误报1流

没用过就不要乱说！

显示全部楼层 · 发表于 2007-7-27 21:56:35

很好笑,我想知道里面那一个是JS?

[病毒样本] 毒网一个，爆多病毒...(更新，已把毒活捉)

本帖子中包含更多资源