down[MD5: D8E1A2]

xxwpk007

RT

yurius

C:\virus\down.rar »RAR »down.exe - a variant of Win32/Delf.CC worm

pine

Begin scan in 'F:\down.rar'
F:\down.rar
  [0] Archive type: RAR
  --> down.exe
      [DETECTION] Contains signature of the worm WORM/Delf.CC.9
      [INFO]      The file was deleted!

flowerpig

a-squared	3.0.0.123	2007.08.07	2007-08-07	没有检测到病毒	3.518
Arcavir	1.0.4	200708071754	2007-08-07	没有检测到病毒	1.186
AVAST	1.0.8	000764-1	2007-08-07	Win32:Lineage-590 [Trj]	3.042
AVG	7.5.48.442	269.11.8/941	2007-08-07	没有检测到病毒	1.412
BitDefender	7.60825.754027	7.14246	2007-08-08	Trojan.PWS.OnlineGames.ATU	2.730
CA (VET)	8.4.0.24	31.1.5042	2007-08-08	没有检测到病毒	0.798
ClamAV	0.91.1	3891	2007-08-08	没有检测到病毒	0.024
ewido	4.0.0.2	2007.08.07	2007-08-07	Worm.Delf.cc	2.246
F-SECURE	5.51.6100	2007.08.07.03	2007-08-07	没有检测到病毒	2.485
IKARUS	T3.1.1.12	2007.08.07.69318	2007-08-07	Trojan.Win32.Small.mj	3.991
MKS_VIR	2.01	2007.08.06	2007-08-06	没有检测到病毒	2.161
NOD32	2.70.7	2442	2007-08-07	a variant of Win32/Delf.CC worm	1.922
SOPHOS	2.47.0	4.19	2007-08-08	Troj/Hook-Gen	2.848
VBA32	3.12.2.2	20070807.0427	2007-08-07	Worm.Win32.Delf.cc	1.118
VirusBuster	4.3.19:9	9.095.2/11.0	2007-08-07	Packed/NSPack	1.160
冰岛杀毒	3.16.16	2007.08.03	2007-08-03	W32/Threat-IKNP-based!Maximus	2.273
卡巴斯基	5.5.10	2007.08.08	2007-08-08	没有检测到病毒	0.056
大蜘蛛	4.33	2007.08.08	2007-08-08	Win32.HLLW.Autoruner	5.591
小红伞	7.4.0.57	6.39.0.219	2007-08-07	WORM/Delf.CC.9	2.292
熊猫卫士	9.00.00	2007.08.07	2007-08-07	Suspicious file	3.938
瑞星	19.0	19.35.20.00	2007-08-07	Trojan.PSW.Delf.eze	1.909
诺曼	5.90.37	5.90	2007-08-07	没有检测到病毒	5.360
赛门铁克	1.3.0.24	20070807.018	2007-08-07	Infostealer.Gampass	0.441
趋势	8.500-1001	4.637.00	2007-08-06	没有检测到病毒	0.040
迈克菲	5.1.00	5092	2007-08-07	New Malware.aq	0.706
金山毒霸	2007.6.20.249	2007.8.8	2007-08-08	Worm.Delf.cc.127044	0.84

woai_jolin

//-----------------------------------------------------------------
//
//        Product: BitDefender 8 Standard
//        Version: 8.0
//
//        Created on:        08/08/2007        12:53:40
//
//-----------------------------------------------------------------


Statistics

Scan path        : F:\v\down.rar
Folders        : 0
Files        :  10
Archives        : 1
Packed files        : 1
Identified viruses        : 1
Infected files        : 1
Warnings        : 0
Suspect files        : 0
Disinfected files        : 0
Deleted files        : 0
Copied files        : 0
Moved files        : 0
Renamed files        : 0
I/O errors        : 0
Scan time        : 00:00:01
Scan speed (files/sec)        : 10

Virus definitions        : 690131
Scan plugins        : 14
Archive plugins        : 38
Unpack plugins        : 6
Mail plugins        : 6
System plugins        : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[X] Prompt user

Second action
[X] Ignore
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

F:\v\down.rar=>down.exe        Infected Trojan.PWS.OnlineGames.ATU

Scanned files

C:\=>Master Boot Record        OK
C:\=>Primary partition 1 (Active)        OK
C:\=>Logical partition 1        OK
C:\=>Logical partition 2        OK
C:\=>Logical partition 3        OK
C:\=>Logical partition 4        OK
C:\=>Logical partition 5        OK
F:\v\down.rar        OK
F:\v\down.rar=>down.exe        Infected Trojan.PWS.OnlineGames.ATU
F:\v\down.rar=>:Zone.Identifier        OK

king6808

卡巴不报我去上报
19/32 (59.38%)
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2007.8.3.0 2007.08.08 -
AntiVir 7.4.0.57 2007.08.07 Worm/Delf.CC.9
Authentium 4.93.8 2007.08.07 Possibly a new variant of W32/Threat-IKNP-based!Maximus
Avast 4.7.1029.0 2007.08.07 Win32:Lineage-590
AVG 7.5.0.476 2007.08.07 -
BitDefender 7.2 2007.08.08 Trojan.PWS.OnlineGames.ATU
CAT-QuickHeal 9.00 2007.08.07 (Suspicious) - DNAScan
ClamAV 0.91 2007.08.08 -
DrWeb 4.33 2007.08.08 Win32.HLLW.Autoruner
eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm
eTrust-Vet 31.1.5042 2007.08.08 -
Ewido 4.0 2007.08.07 Worm.Delf.cc
FileAdvisor 1 2007.08.08 -
Fortinet 2.91.0.0 2007.08.08 -
F-Prot 4.3.2.48 2007.08.07 W32/Threat-IKNP-based!Maximus
F-Secure 6.70.13030.0 2007.08.08 -
Ikarus T3.1.1.12 2007.08.08 Trojan.Win32.Small.mj
Kaspersky 4.0.2.24 2007.08.08 -
McAfee 5092 2007.08.07 New Malware.aq
Microsoft 1.2704 2007.08.08 -
NOD32v2 2442 2007.08.07 a variant of Win32/Delf.CC
Norman 5.80.02 2007.08.07 -
Panda 9.0.0.4 2007.08.07 Suspicious file
Prevx1 V2 2007.08.08 -
Rising 19.35.20.00 2007.08.08 Trojan.PSW.Delf.eze
Sophos 4.19.0 2007.08.01 Troj/Hook-Gen
Sunbelt 2.2.907.0 2007.08.07 VIPRE.Suspicious
Symantec 10 2007.08.08 Infostealer.Gampass
TheHacker 6.1.7.163 2007.08.07 -
VBA32 3.12.2.2 2007.08.07 Worm.Win32.Delf.cc
VirusBuster 4.3.26:9 2007.08.07 -
Webwasher-Gateway 6.0.1 2007.08.08 Worm.Delf.CC.9

微点卫士

微点：
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWN.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\46A7B4C1.DLL
2) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\46A7B4C1.DAT
3) C:\WINDOWS.0\HELP\46A7B4C1.CHM
是否删除木马程序及其衍生物?

woai_jolin

1688388728

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

sharkkong

已检测到: 病毒 Worm.Win32.Delf.cc        URL: http://bbs.kafan.cn/attachment.p ... down.exe//NSPack//#
KIS阉割版