20个 md5 内详 部分转载绅博

红心王子

[MD5: D37C44  88D546  840AEA  82671C  54293C   269C54   61665C

2B409F   90407E   8DDD40  DDBF60  80C456  FA5E93  A106AC   D478EC  BB6E4B

8D10B4    82AFA0   133435   3A8425]

这就是你们所设定的版规，看看查md5麻不麻烦，

本来想多发点，还要测md5，先发这么多

[ 本帖最后由 红心王子 于 2007-8-12 17:51 编辑 ]

zzh161

好像只有两种病毒

PS：定制这个版规是为了方便大家，虽然发的时候是麻烦点，但是好像番茄传了个软件上来的啊，用那个不是满方便

siman.yu

NOD32只扫到19个文件

woai_jolin

Started scanning at 2007-8-12 13:28:42. Engine Ver: 31.1.0. Sig Ver:5050. Sig Date: 2007-8-11. ArcLib Ver: 7.3.0.9.
F:\v\fresh.rar <fresh\more\11.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\12.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\14.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\2.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\4.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\5.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\7.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\fresh.rar <fresh\more\17.exe> - Win32/Rodvir!generic worm. Quarantined.
F:\v\fresh.rar - Could not open the file.

Files Scanned: 21
Files Infected: 8
Files Cleaned \ Deleted: 0
Files Quarantined: 1
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
        Win32/Frethog!generic
        Win32/Rodvir!generic

Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Finished scanning at 2007-8-12 13:28:45.

东京时空

小可新人，专为试毒而来，请各位英雄能多多鼓励。

自由

转自绅博，闪。。。

微点卫士

微点：
木马名称:Backdoor.Win32.Agent.dxg

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\A.PIF
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\1.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MHDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\2.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\WODOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\3.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\ZTDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\4.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\JTDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\5.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\WLDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\6.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\WGDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\7.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\WMDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\8.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\FYDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\9.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\QJDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\10.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RXDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\11.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\WDDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\12.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\TLDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\13.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\DADOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\14.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\ZXDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\15.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MYDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\16.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\QHDOOR0.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FRESH\MORE\17.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\RKSLDK.BAK
2) C:\PROGRAM FILES\INTERNET EXPLORER\RKSLDK.DLL
3) C:\PROGRAM FILES\COMMON FILES\GOSKDL.DLL
是否删除木马程序及其衍生物?


0.EXE生成了4个文件，微点居然挂掉，上报

mingwang69

原帖由 siman.yu 于 2007-8-12 13:26 发表
NOD32只扫到19个文件

112507

……我的扫了20个
扫描开始时间: 2007-8-12 13:41:33
扫描日志
NOD32 版本 2452 (20070812) NT
命令行: C:\Documents and Settings\Admin\桌面\fresh.rar
日期: 2007年8月12日  时间: 13:41:35
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Admin\桌面\fresh.rar
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\1.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\10.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\11.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\12.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\13.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\14.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NDV 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\15.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\16.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\2.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\3.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\4.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\5.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NDV 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\6.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NDV 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\7.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NDV 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\8.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\9.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Admin\桌面\fresh.rar ?RAR ?fresh\more\17.exe<病毒 - Win32/PSW.OnLineGames.NBR 木马 变种>
已扫描文件数量: 20
已发现病毒数量: 17
完成时间: 13:41:42 总共扫描时间: 7 秒 (00:00:07)
注意:
[7] 文件可能感染了未知病毒。

残缺的唯美

--> fresh\more\1.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\10.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\11.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\12.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\13.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\14.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\15.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\16.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\2.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\3.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\4.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\5.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\6.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\7.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\8.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\9.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\17.exe
        [DETECTION] Is the Trojan horse TR/Autorun.BK
        [WARNING]   Infected files in archives cannot be repaired!
    --> fresh\more\a.pif
    --> fresh\more\0.exe
    --> fresh\more\web[1].htm
        [INFO]      A backup was created as '47239e3b.qua'  ( QUARANTINE )
        [INFO]      The file was deleted!

eubyo

20个 md5 放在标题是不太好，楼主可以分在多个贴子
按照规定，一贴发不超过10个文件样本，MD5值要在标题中列出。