[f05ae1 55850d 10b97b ec37fc 41e7b2 98156f 50e50b]早餐

显示全部楼层 · 发表于 2007-8-4 09:19:49

去吃早饭去了

显示全部楼层 · 发表于 2007-8-4 09:21:40

Scanning Log
NOD32 version 2436 (20070803) NT
Command line: R:\Ignore.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 4.8.2007  Time: 09:21:08
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\Ignore.rar
R:\Ignore.rar ?RAR ?install.exe - a variant of  ?
?Win32/TrojanDownloader.Small.EQN trojan
R:\Ignore.rar ?RAR ?crack.exe - a variant of  ?
?Win32/TrojanDownloader.Small.NUS trojan
R:\Ignore.rar ?RAR ?keygen.exe - probably a variant of  ?
?Win32/TrojanDownloader.ConHook trojan
R:\Ignore.rar ?RAR ?keygen2.exe ?FSG v1.33 - unpack error
Number of scanned files: 7
Number of threats found: 3
Time of completion: 09:21:09 Total scanning time: 1 sec  ?
?(00:00:01)

解压失败？？
郁闷了

吃饭去

显示全部楼层 · 发表于 2007-8-4 09:27:57

雨伞报了一堆壳

显示全部楼层 · 发表于 2007-8-4 09:29:16

原帖由 lsyer 于 2007-8-4 09:27 发表
雨伞报了一堆壳

其中Xpack是不常用的可以理解

[ 本帖最后由 jimmyleo 于 2007-8-4 09:30 编辑 ]

显示全部楼层 · 发表于 2007-8-4 09:34:10

saber特萌版

显示全部楼层 · 发表于 2007-8-4 09:35:46

小狮子

显示全部楼层 · 发表于 2007-8-4 09:36:00

D:\download\t3\ignore\35.exe - Signature 'Trojan.Win32.Agent.qt' found
D:\download\t3\ignore\install.exe - Signature 'Trojan-Downloader.Win32.Small.eqn' found
D:\download\t3\ignore\crack.exe - Signature 'Trojan-Downloader.Win32.LoadAdv' found
D:\download\t3\ignore\RUNME.bat - Signature 'Trojan.Conhook.X' found
D:\download\t3\ignore\keygen.exe - Signature 'Win32.Rigel.6468' found
D:\download\t3\ignore\patch.exe - Signature 'Trojan.Win32.Agent.qt' found
D:\download\t3\ignore\keygen2.exe - Suspect code-parts found (Level: 190)

7 Files scanned
(0 Archives with 0 files)
6 Signatures found
1 Suspect code-part found
Used time: 0:00.511

显示全部楼层 · 发表于 2007-8-4 10:44:24

+ -- ArcaVir 2007 -- + version: 1.0.5
+ Bases date:  17:40  03-08-2007

OK c:\malware\Ignore.rar
OK c:\malware\Ignore.rar<RAR>:35.exe
VIR: Downloader.Small.Eqn c:\malware\Ignore.rar<RAR>:install.exe
ACTION OK LEAVE
OK c:\malware\Ignore.rar<RAR>:crack.exe
VIR: Downloader.Loadadv.Gen c:\malware\Ignore.rar<RAR>:crack.exe<UPX>:crack.exe
ACTION OK LEAVE
OK c:\malware\Ignore.rar<RAR>:RUNME.bat
VIR: Trojan.Pakes c:\malware\Ignore.rar<RAR>:keygen.exe
ACTION OK LEAVE
OK c:\malware\Ignore.rar<RAR>:patch.exe
OK c:\malware\Ignore.rar<RAR>:keygen2.exe
OK c:\malware\Ignore.rar<RAR>:keygen2.exe<FSG>:keygen2.exe

Scan summary:

------------------------

Scanned:

Files          :  7
Directories    :  1
Archives       :  1
Files in archives :  9
Embedded files :  2
Embedded objects  :  0
Excluded files :  0
All             :  10

Found:

Infected       :  3
Cured          :  0
Deleted          :  0
Renamed          :  0

显示全部楼层 · 发表于 2007-8-4 10:45:29

已删除: 木马程序 Trojan.Win32.Dialer.qn 文件: C:\Documents and Settings\wangcheng\桌面\Ignore.rar/35.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.eqn 文件: C:\Documents and Settings\wangcheng\桌面\Ignore.rar/install.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Downloader.Win32.LoadAdv.gen 文件: C:\Documents and Settings\wangcheng\桌面\Ignore.rar/crack.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan.Win32.Pakes 文件: C:\Documents and Settings\wangcheng\桌面\Ignore.rar/keygen.exe
已删除: 木马程序 Trojan.Win32.Dialer.qn 文件: C:\Documents and Settings\wangcheng\桌面\Ignore.rar/patch.exe

卡巴还有２个．．．

显示全部楼层 · 发表于 2007-8-4 10:47:31

卡巴 bat不常报……

[病毒样本] [f05ae1 55850d 10b97b ec37fc 41e7b2 98156f 50e50b]早餐

本帖子中包含更多资源

回复 #2 风野胤的帖子

回复 #5 jimmyleo 的帖子

回复 #9 电影结束了的帖子

浏览过的版块