【md5内详】25

jimmyleo

D:\download\t3\25\WinSys64.Sys - Signature 'Trojan-Proxy.Win32.Delf.AN' found
D:\download\t3\25\yy.exe - Suspect code-parts found (Level: 50)
D:\download\t3\25\SysWin64.Jmp - Signature 'Trojan.Delf.NEB' found
D:\download\t3\25\jopen13.exe - Signature 'Trojan.Delf.NEB' found
D:\download\t3\25\630.exe - Signature 'Virus.Win32.AutoRun.f' found
D:\download\t3\25\mydpri.dll - Signature 'Trojan-Downloader.Agent.YJA' found
D:\download\t3\25\wddpri.dll - Signature 'Trojan-Spy.Win32.Delf.uv' found
D:\download\t3\25\dhdpri.dll - Signature 'Trojan-Downloader.Agent.YJA' found
D:\download\t3\25\qq.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
D:\download\t3\25\jopen10.exe - Signature 'Generic.PWS.Games.2' found
D:\download\t3\25\1.exe - Signature 'Trojan-PWS.Win32.Small.br' found
D:\download\t3\25\jopen6.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen1.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\t3\25\jopen8.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen9.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen3.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\t3\25\jopen12.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\t3\25\jopen11.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen2.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen4.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\t3\25\jopen.vbs
D:\download\t3\25\1.bat
D:\download\t3\25\run.bat
D:\download\t3\25\jopen15.exe:\qq.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
D:\download\t3\25\jopen15.exe:\run.bat
D:\download\t3\25\jopen15.exe:\WanPacket.dll
D:\download\t3\25\jopen15.exe:\wpcap.dll
D:\download\t3\25\jopen15.exe:\jopen.vbs
D:\download\t3\25\jopen15.exe:\npf.sys
D:\download\t3\25\jopen15.exe:\Packet.dll
D:\download\t3\25\jopen15.exe
D:\download\t3\25\www.exe - Signature 'Worm.Win32.Viking.lj' found

        32 Files scanned
          (0 Archives with 7 files)
        21 Signatures found
        1 Suspect code-part found
        Used time: 0:00.631

promised

[ Tue Aug 14 14:41:36 2007 ] Suspicious file        c:\ABC\25\1.exe
[ Tue Aug 14 14:41:36 2007 ] Suspicious file        c:\ABC\25\630.exe
[ Tue Aug 14 14:41:36 2007 ] Suspicious file        c:\ABC\25\jopen1.exe
[ Tue Aug 14 14:41:37 2007 ] Suspicious file        c:\ABC\25\jopen12.exe
[ Tue Aug 14 14:41:37 2007 ] Suspicious file        c:\ABC\25\jopen13.exe
[ Tue Aug 14 14:41:37 2007 ] Suspicious file        c:\ABC\25\jopen15.exe
[ Tue Aug 14 14:41:37 2007 ] Suspicious file        c:\ABC\25\jopen15.exe[qq.exe]
[ Tue Aug 14 14:41:38 2007 ] Suspicious file        c:\ABC\25\jopen3.exe
[ Tue Aug 14 14:41:39 2007 ] Suspicious file        c:\ABC\25\qq.exe
[ Tue Aug 14 14:41:39 2007 ] Suspicious file        c:\ABC\25\SysWin64.Jmp
[ Tue Aug 14 14:41:39 2007 ] Suspicious file        c:\ABC\25\wddpri.dll
[ Tue Aug 14 14:41:39 2007 ] Suspicious file        c:\ABC\25\WinSys64.Sys
[ Tue Aug 14 14:41:39 2007 ] W32/Viking.VH          in c:\ABC\25\www.exe

The EQs

无敌的PANDA

uhthn2002

C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\WinSys64.Sys : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\SysWin64.Jmp : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\jopen13.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\630.exe : infected Trojan-Downloader.Win32.Agent.bpp
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\qq.exe : infected Trojan.Sniff
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\jopen10.exe : infected MalwareScope.Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\1.exe : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\jopen15.exe:<RAR>\qq.exe : infected Trojan.Sniff
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\jopen15.exe:<RAR>\WanPacket.dll : is suspected of Trojan-PSW.Game.30 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\25.rar:<RAR>\www.exe : infected MalwareScope.Worm.Viking.5


Directories       : 0       Files in archives:      Files on disks:
Archives:                   - total       : 32      - total       : 1     
- scanned         : 2       -  scanned    : 32      - scanned     : 1     
- contain viruses : 2       -  infected   : 9       - infected    : 1     
- deleted         : 0       -  suspicious : 2       - suspicious  : 0

wangjay1980

detected: Trojan program Trojan-PSW.Win32.Agent.mi        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/WinSys64.Sys
detected: Trojan program Trojan-PSW.Win32.Agent.mi        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/SysWin64.Jmp//FSG
detected: Trojan program Trojan-PSW.Win32.Agent.mi        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen13.exe//FSG
detected: Trojan program Trojan-Downloader.Win32.Agent.bpp        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/630.exe
detected: Trojan program Trojan-Spy.Win32.Delf.uv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/mydpri.dll
detected: Trojan program Trojan-Spy.Win32.Delf.uv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/dhdpri.dll
detected: virus Heur.Invader (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen10.exe
detected: virus Virus.Win32.Drowor.d        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/1.exe//UPack
detected: virus Heur.Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen6.exe//PE_Patch//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.uv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen1.exe//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.uv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen3.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aci        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/jopen11.exe//PE_Patch
detected: virus Worm.Win32.Viking.lu        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\25.rar/www.exe

taihuxian

http://bbs.kafan.cn/attachment.php?aid=113501\SysWin64.Jmp [L] Win32:Small-DJC [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\SysWin64.Jmp [L] Win32:Small-DJC [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\jopen13.exe [L] Win32:Small-DJC [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\630.exe [L] Win32:Agent-ITS [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\wddpri.dll [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\dhdpri.dll [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\qq.exe\[NsPack] [L] Win32:Delf-DQP [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\1.exe\[Upack] [L] Win32:Agent-ISZ [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\jopen3.exe\[Upack]\[Embedded#MAIN] [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\jopen12.exe\[Upack]\[Embedded#MAIN] [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IX55K83W\25[1].rar\jopen15.exe\qq.exe\[NsPack] [L] Win32:Delf-DQP [Trj] (0)
During the file repair, error occurred: The file was not repaired.
While moving file to chest, error occurred: The operation is not supported for this type of archive.

bridgewr

原帖由 微点卫士 于 2007-8-14 14:37 发表
微点：
木马名称:Trojan.Win32.Delf.bgk

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\630.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Agent.emt

程序 ...

没有过微点呀!!第5图是运行qq.exe,第6图是运行run.bat

[ 本帖最后由 bridgewr 于 2007-8-14 16:35 编辑 ]

东京时空

tracydk

12个

xxwpk007

蜘蛛14个
[Scan path] G:\样本\25
G:\样本\25\WinSys64.Sys - Ok
>G:\样本\25\yy.exe infected with modification of BackDoor.Generic.1024
>>G:\样本\25\SysWin64.Jmp - Ok
>>G:\样本\25\jopen13.exe - Ok
G:\样本\25\630.exe infected with Trojan.PWS.Maran
G:\样本\25\mydpri.dll - Ok
G:\样本\25\wddpri.dll - Ok
G:\样本\25\dhdpri.dll - Ok
G:\样本\25\qq.exe infected with Trojan.Sniff
>G:\样本\25\jopen10.exe infected with Trojan.PWS.Wsgame
>G:\样本\25\1.exe infected with Win32.HLLW.Wace.8
>G:\样本\25\jopen6.exe probably infected with BACKDOOR.Trojan
>>G:\样本\25\jopen1.exe - Ok
>G:\样本\25\jopen8.exe probably infected with BACKDOOR.Trojan
>G:\样本\25\jopen9.exe probably infected with BACKDOOR.Trojan
>>G:\样本\25\jopen3.exe - Ok
>>G:\样本\25\jopen12.exe - Ok
>G:\样本\25\jopen11.exe infected with Trojan.PWS.Gamania.3298
>G:\样本\25\jopen2.exe probably infected with BACKDOOR.Trojan
>G:\样本\25\jopen4.exe infected with Trojan.MulDrop.8306
G:\样本\25\jopen.vbs infected with Trojan.AVKill.302
G:\样本\25\1.bat - Ok
G:\样本\25\run.bat infected with Trojan.Starter.239
>G:\样本\25\jopen15.exe - Ok
G:\样本\25\www.exe infected with Win32.HLLW.Gavir.72