收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 一个DOWNLOADER干的好事 25 个 MD5内详
12
返回列表 发新帖
楼主: qianwenxiang
 收起左侧

[病毒样本] 一个DOWNLOADER干的好事 25 个 MD5内详

[复制链接]
yinxuchina
发表于 2007-8-10 18:08:22 | 显示全部楼层
北京江民新科技术有限公司

        扫描引擎 11.00.700
        病毒库日期 2007-08-10
        更新日期 2007-08-10

扫描目标 C:\Documents and Settings\yin\桌面\svchost\

开始时间 2007-08-10 18:06:51

在 C:\Documents and Settings\yin\桌面\svchost\UnInstall.exe 中发现 Trojan/Small.cog 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\winpop.exe 中发现 Trojan/StartPage.adb 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\777.exe 中发现 Trojan/PSW.GamePass.vmx 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\b122.exe 中发现 Trojan/Winpop.h 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\b122.exe.bin->b122.exe 中发现 Trojan/Winpop.h 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\haohao.exe 中发现 TrojanDownloader.Delf.clf 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\my_70136.exe 中发现 TrojanDownloader.VB.euc 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\qqqyyy.exe 中发现 Trojan/PSW.GamePass.vmx 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\retadpu565.exe 中发现 TrojanDownloader.Agent.mix 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\Rpcs.dll 中发现 TrojanDownloader.Agent.lkd 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\Rpcs.exe 中发现 TrojanDownloader.Delf.clf 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\sb.exe 中发现 Adware/Clicker.cym 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\sh.exe 中发现 Adware/Downloader.QQHelper.gg 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\svchost\888.exe 中发现 Trojan/PSW.GamePass.vua 病毒, 已删除
正常结束。
回复

举报

小飞侠.net
发表于 2007-8-11 17:17:49 | 显示全部楼层
McAfee VirusScan for Win32 v5.20.0
Copyright (c) 1992-2005 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832  LICENSED COPY - Jun  5 2007
Scan engine v5.2.00 for Win32.
Virus data file v5095 created Aug 10 2007
Scanning for 311092 viruses, trojans and variants.
Using C:\Documents and Settings\小飞侠.net\桌面\桌面\McAfee VirusScan\EXTRA.DAT to scan for 109 additional virus(es).

08/11/2007  17:16:02

Options:
"V:\VIRUSDOC20070811\VIRUS1441DOC\031" /MIME /SUB /UNZIP /ALL /RPTALL /RPTCOR /RPTERR /STREAMS /REPORT C:\DOCUME~1\小飞侠.NET\LOCALS~1\TEMP\SCAN.TXT /PROGRAM /ANALYZE /MAILBOX
Scanning V: [V盘]
Scanning V:\VIRUSDOC20070811\VIRUS1441DOC\031\*.*
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\103.EXE ... Found trojan or variant New Malware.bc !!!
        Please send a copy of the file to McAfee
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\188.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\188.EXE\188.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\6009.EXE ... Found trojan or variant New Malware.bc !!!
        Please send a copy of the file to McAfee
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\777.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\777.EXE\777.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\777.EXE\777.EXE\00003200.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\777.EXE\777.EXE\00003200.EXE\00003200.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\888.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\888.EXE\888.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\B122.EXE ... Found the Generic Downloader.h trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\HAOHAO.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\HAOHAO.EXE\00017194.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\MY_70136.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\QQQYYY.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\QQQYYY.EXE\QQQYYY.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\QQQYYY.EXE\QQQYYY.EXE\00003200.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\QQQYYY.EXE\QQQYYY.EXE\00003200.EXE\00003200.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RETADPU565.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RETADPU565.EXE\RETADPU565.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RETADPU565.EXE\RETADPU565.EXE\RETADPU565.EXE ... Found the Downloader-BCF trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RPCS.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RPCS.EXE\00017194.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\SB.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\SD.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\SH.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\SH.EXE\SH.EXE ... Found potentially unwanted program Adware-MokeAd.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\SVCHOST.EXE ... Found trojan or variant New Malware.bc !!!
        Please send a copy of the file to McAfee
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\TP.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\TP.EXE\TP.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\UNINSTALL.EXE ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\WINPOP.EXE ... Found the Matcash trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\IIGQ0V7K9.DLL ... Found the Downloader-BDX trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\RPCS.DLL ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\ANA4KO1.SYS ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\EJCNN0QKXK.SYS ... Found the BackDoor-CVM!sys trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\B122.EXE.BIN ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\B122.EXE.BIN\B122.EXE ... Found the Generic Downloader.h trojan !!!
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\UNINSTALL.EXE.LZMA ... is OK.
V:\VIRUSDOC20070811\VIRUS1441DOC\031\svchost[1].rar\WINPOP.EXE.LZMA ... is OK.
Summary report on V:\VIRUSDOC20070811\VIRUS1441DOC\031\*.*
File(s)
        Total files: ...........      41
        Clean: .................      32
        Possibly Infected: .....       9

Time: 00:00.03

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

清蒸波波面
发表于 2007-8-11 17:22:14 | 显示全部楼层
NOD32  查出10个 提交8个..
回复

举报

donno
发表于 2007-8-11 17:26:58 | 显示全部楼层
Start of the scan: 2007年8月11日  17:21

Starting the file scan:

Begin scan in 'L:\downloaded\svchost[1].part1.rar'
L:\downloaded\svchost[1].part1.rar
  [0] Archive type: RAR
  --> svchost.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> tp.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> UnInstall.exe
      [DETECTION] Is the Trojan horse TR/Small.OA
  --> winpop.exe
      [DETECTION] Is the Trojan horse TR/Popwin.DE
  --> 103.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> 188.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 6009.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> 777.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 888.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.arj Backdoor server programs
  --> ana4ko1.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> b122.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.56320
    --> b122.exe.bin
      [1] Archive type: ZIP
      --> b122.exe
          [DETECTION] Is the Trojan horse TR/Drop.Agent.56320
  --> ejcnn0qkxk.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> haohao.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> iigq0v7k9.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> my_70136.exe
      [DETECTION] Is the Trojan horse TR/Dldr.VB.atk.58
  --> qqqyyy.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> retadpu565.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> Rpcs.dll
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!
Begin scan in 'L:\downloaded\svchost[1].part2.rar'
L:\downloaded\svchost[1].part2.rar
  [0] Archive type: RAR
  --> sb.exe
      [DETECTION] Is the Trojan horse TR/Dldr.QQHelper.WD.6
  --> sh.exe
      [DETECTION] Is the Trojan horse TR/Adload.L.11
      [WARNING]   The file was ignored!


End of the scan: 2007年8月11日  17:21
Used time: 00:31 min

The scan has been done completely.

      0 Scanning directories
     27 Files were scanned
     21 viruses and/or unwanted programs were found
      3 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      3 Archives were scanned
      2 Warnings
      0 Notes
      0 Hidden objects were found

红伞c版
21个
回复

举报

liaoying112
发表于 2007-8-11 18:50:00 | 显示全部楼层

瑞星杀毒软件2007

查杀16个,漏9个,哭死

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-1 06:14 , Processed in 0.109863 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表