13个,杀不掉的已上报卡巴,md5内见

显示全部楼层 · 发表于 2007-8-7 13:24:42

文件: E:\Downloads\MSOSV.EXE
大小: 26120 字节
MD5: 2A44374CD5BFEB26CDB5EC3E93E6DAA7
文件: E:\Downloads\mssock.sys
大小: 7424 字节
MD5: 3C2F0106CD75E851410068D3FE851FD1
文件: E:\Downloads\mssql.dll
大小: 20624 字节
MD5: 5D9B1019E8FE52B2A1ECF2B761A8109B
文件: E:\Downloads\NVDispDrv.dll
大小: 15872 字节
MD5: 2661A372508E455D2E73F7E405211C4B
文件: E:\Downloads\services.exe
大小: 75032 字节
MD5: DE76BFD8E1DD8A7F711D44ABD661DAA6
文件: E:\Downloads\TempC.exe
大小: 27288 字节
MD5: 893058FD25C979FB10D437BA9197835D
文件: E:\Downloads\TempD.exe
大小: 10020 字节
MD5: 47E6717B11275E36F2DF8B568E17C3FA
文件: E:\Downloads\TempF.exe
大小: 8312 字节
MD5: B06227D6F9489638382E30D5B76FC9FB
文件: E:\Downloads\TempG.exe
大小: 23600 字节
MD5: FB8AAA84F5636EF61A8E57D555E19EEE
文件: E:\Downloads\TempH.exe
大小: 23320 字节
MD5: A0C66373DCA69316723C72398221A66C
文件: E:\Downloads\TempI.exe
大小: 10236 字节
MD5: 4F034971EDC305F8E6AF9BA57580E4D8
文件: E:\Downloads\TempJ.exe
大小: 23372 字节
MD5: B2E9A3E5C8F62A7C6463190FFAE60D8E
文件: E:\Downloads\vip[1].exe
大小: 26120 字节
MD5: 2A44374CD5BFEB26CDB5EC3E93E6DAA7

显示全部楼层 · 发表于 2007-8-7 13:28:29

C:\ABC\Downloads\MSOSV.EXE - 特征码 'Trojan-Dropper.Win32.Agent.bnv' 被发现
C:\ABC\Downloads\mssock.sys - 特征码 'Trojan.Win32.Agent.anj' 被发现
C:\ABC\Downloads\mssql.dll - 特征码 'Trojan-PWS.Win32.Agent.mn' 被发现
C:\ABC\Downloads\NVDispDrv.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\Downloads\services.exe - 特征码 'Trojan-Dropper.Win32.Agent.bnv' 被发现
C:\ABC\Downloads\TempC.exe - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\Downloads\TempD.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\TempF.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\TempG.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\TempH.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\TempI.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\TempJ.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\Downloads\vip[1].exe - 特征码 'Trojan-Dropper.Win32.Agent.bnv' 被发现

16 文件被扫描
(1 压缩档 1 文件)
13 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.140

显示全部楼层 · 发表于 2007-8-7 13:30:16

Malicious code found in file C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\mssock.sys.
Infection: Trojan-PSW.Win32.Agent.mn
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\mssql.dll.
Infection: Trojan-PSW.Win32.Agent.mn
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\NVDispDrv.dll.
Infection: Trojan-PSW.Win32.OnLineGames.afb
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\MSOSV.EXE.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\TempC.exe.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\TempG.exe.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\TempH.exe.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\TempI.exe.
Infection: Trojan-PSW.Win32.OnLineGames.afb
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\TempJ.exe.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.
Malicious code found in file \Device\HarddiskVolume1\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\NUSBFDOP\Downloads[1].rar\vip[1].exe.
Infection: Trojan-Dropper.Win32.Agent.bnv
Action: none.

显示全部楼层 · 发表于 2007-8-7 14:03:58

Scan performed at: 2007-8-7 14:03:32
Scanning Log
NOD32 version 2440 (20070806) NT
Command line: C:\Documents and Settings\EQ2\桌面\Downloads.rar
Operating memory - is OK

Date: 7.8.2007 Time: 14:03:38
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\Downloads.rar
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?services.exe - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?MSOSV.EXE - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempC.exe - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempD.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempF.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempG.exe - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempH.exe - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempI.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?TempJ.exe - probably a variant of Win32/Butileg virus
C:\Documents and Settings\EQ2\桌面\Downloads.rar ?RAR ?vip[1].exe - probably a variant of Win32/Butileg virus
Number of scanned files: 14
Number of threats found: 10
Number of files cleaned: 1
Time of completion: 14:03:39 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-8-7 14:05:37

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 8/6/2007
开始时间: 8/7/2007 14:03
引擎: KAV 引擎 (AVK 17.6669), AVST 引擎 (AVKB 17.327)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: MSOSV.EXE
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: mssock.sys
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Agent.mn (KAV 引擎)
对象: mssql.dll
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Agent.mn (KAV 引擎), Win32:Agent-IYU [Trj] (AVST 引擎)
对象: NVDispDrv.dll
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Win32:Onlinegames-ASX [Trj] (AVST 引擎)
对象: services.exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: TempC.exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: TempG.exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: TempH.exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: TempJ.exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
对象: vip[1].exe
路径: D:\病毒库\Downloads
狀態: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.bnv (KAV 引擎)
扫描完成: 8/7/2007 14:03
已检查 13 个文件
已发现 10 个染毒文件

显示全部楼层 · 发表于 2007-8-7 14:18:15

微点：
木马名称:Trojan-PSW.Win32.Agent.ekc
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADS\MSSOCK.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Agent.mmm
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADS\MSSQL.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADS\TEMPD.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RAVMSMON.EXE
2) C:\WINDOWS.0\SYSTEM32\RAVMSMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADS\TEMPF.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RAVQJMON.EXE
2) C:\WINDOWS.0\SYSTEM32\RAVQJMON.DAT
是否删除木马程序及其衍生物?木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADS\TEMPI.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RAVZTMON.EXE
2) C:\WINDOWS.0\SYSTEM32\RAVZTMON.DAT
是否删除木马程序及其衍生物?
木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Small.kle
程序:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSOSVERT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-8-7 15:48:24

--> services.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> mssock.sys
      [DETECTION] Is the Trojan horse TR/PSW.Agent.MN.3
      [WARNING] Infected files in archives cannot be repaired!
--> mssql.dll
      [DETECTION] Is the Trojan horse TR/PSW.Agent.MN.1
      [WARNING] Infected files in archives cannot be repaired!
--> NVDispDrv.dll
      [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
      [WARNING] Infected files in archives cannot be repaired!
--> MSOSV.EXE
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> TempC.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> TempD.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
      [WARNING] Infected files in archives cannot be repaired!
--> TempF.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> TempG.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> TempH.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> TempI.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
      [WARNING] Infected files in archives cannot be repaired!
--> TempJ.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
--> vip[1].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    A backup was created as '472f2409.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!
红伞继续全杀

显示全部楼层 · 发表于 2007-8-7 16:37:50

C:\Documents and Settings\huaxun\桌面\Downloads.rar
  [0] Archive type: RAR
  --> services.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> mssock.sys
   [DETECTION] Is the Trojan horse TR/PSW.Agent.MN.3
  --> mssql.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.MN.1
  --> NVDispDrv.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> MSOSV.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> TempC.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> TempD.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
  --> TempF.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> TempG.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> TempH.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> TempI.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
  --> TempJ.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
  --> vip[1].exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dle.6
   [INFO]    The file was moved to '472f2f94.qua'!

显示全部楼层 · 发表于 2007-8-7 16:39:20

Scan performed at: 2007/8/7 16:38:41
Scanning Log
NOD32 version 2440 (20070806) NT
Command line: G:\v\Downloads.rar

Date: 7.8.2007 Time: 16:38:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: G:\v\Downloads.rar
G:\v\Downloads.rar ?RAR ?services.exe - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?MSOSV.EXE - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?TempC.exe - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?TempD.exe - probably a variant of Win32/Genetik trojan
G:\v\Downloads.rar ?RAR ?TempF.exe - probably a variant of Win32/Genetik trojan
G:\v\Downloads.rar ?RAR ?TempG.exe - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?TempH.exe - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?TempI.exe - probably a variant of Win32/Genetik trojan
G:\v\Downloads.rar ?RAR ?TempJ.exe - probably a variant of Win32/Butileg virus
G:\v\Downloads.rar ?RAR ?vip[1].exe - probably a variant of Win32/Butileg virus
Number of scanned files: 14
Number of threats found: 10
Number of files cleaned: 1
Time of completion: 16:38:44 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-8-7 16:42:39

最满意的就是卡吧对病毒反映速度 13：36：11的病毒库
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/services.exe
已删除: 木马程序 Trojan-PSW.Win32.Agent.mn 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/mssock.sys
已删除: 木马程序 Trojan-PSW.Win32.Agent.mn 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/mssql.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.afb 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/NVDispDrv.dll
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/MSOSV.EXE
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempC.exe
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempD.exe//PE_Patch//UPack
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempF.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempG.exe
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempH.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.afb 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempI.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/TempJ.exe
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bnv 文件: C:\Documents and Settings\sharkkong\桌面\Downloads.rar/vip[1].exe

[病毒样本] 13个,杀不掉的已上报卡巴,md5内见

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块