一堆 md5内

显示全部楼层 · 发表于 2007-8-14 20:43:09

[MD5: 3CCD0E 24C5E8 55D273 F13CD0 C74C3D ECF60E A55502 F7F298 DF3C30 838525 D0BB02 546CA2 E20530]

显示全部楼层 · 发表于 2007-8-14 20:45:36

13
detected: Trojan program Trojan.VBS.Runner.w File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\Cuteqq_CN.vbs
detected: Trojan program Backdoor.Win32.Hupigon.ene File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\gz.exe//#
detected: Trojan program Backdoor.Win32.Hupigon.ene File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\gz[1].exe//#
detected: Trojan program Trojan-PSW.Win32.Gamec.cg File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\InfoMs.sys//#//UPX
detected: Trojan program Trojan-PSW.Win32.Gamec.cg File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\InfoMs.tdm//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aci File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\ms.exe//PE_Patch
detected: Trojan program Trojan.VBS.Runner.w File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\NTDETECT.EXE
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aci File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\RAV00A0.exe//PE_Patch
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\RAV00AE.exe//PE_Patch//UPack
detected: Trojan program Backdoor.Win32.Hupigon.ddi File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\sofzlcn.exe
detected: Trojan program Backdoor.Win32.Hupigon.ene File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\sys.dll
detected: Trojan program Trojan-PSW.Win32.Gamec.cg File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\tl.exe//#//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\Virus\zt.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-8-14 20:50:02

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 8/14/2007
开始时间: 8/14/2007 20:47
引擎: KAV 引擎 (AVK 17.6863), AVST 引擎 (AVKB 17.338)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: Cuteqq_CN.vbs
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan.VBS.Runner.w (KAV 引擎)
对象: GHO.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Win32:Delf-FKN [Trj] (AVST 引擎)
对象: InfoMs.sys
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Win32:QQRob-CU [Trj] (AVST 引擎)
对象: InfoMs.tdm
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.Gamec.cg (KAV 引擎), Win32:Delf-FHQ [Trj] (AVST 引擎)
对象: ms.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎)
对象: mssql.dll
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Win32:Agent-IYU [Trj] (AVST 引擎)
对象: NTDETECT.EXE
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan.VBS.Runner.w (KAV 引擎)
对象: RAV00A0.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎)
对象: RAV00AE.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎)
对象: sofzlcn.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Backdoor.Win32.Hupigon.ddi (KAV 引擎)
对象: sys.dll
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Backdoor.Win32.Hupigon.ene (KAV 引擎)
对象: tl.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Win32:QQRob-CU [Trj] (AVST 引擎)
对象: zt.exe
路径: D:\病毒库\Virus[1]\Virus
狀態: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎)
扫描完成: 8/14/2007 20:47
已检查 18 个文件
已发现 13 个染毒文件

显示全部楼层 · 发表于 2007-8-14 20:54:07

微点：
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\GHO.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Huigezi.xdv

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\SOFZLCN.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Delf.brb

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\SYS.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\1TEMP.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MSSQL.DLL
2) C:\WINDOWS.0\SYSTEM32\MSSOCK.SYS
是否删除木马程序及其衍生物?
木马名称:Trojan.Win32.Delf.brb

程序:
C:\WINDOWS.0\SYSTEM32\SYS.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\GZ.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\SYS.DLL
是否删除木马程序及其衍生物?
木马名称:Trojan.Win32.Delf.brb

程序:
C:\WINDOWS.0\SYSTEM32\SYS.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\GZ[1].EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\MS.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RAV00A0.EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\MSSOCK.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\RAV00A0.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\RAV00AE.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\RAV00AE.EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\RX.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\TL.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\INFOMS.SYS
2) C:\PROGRAM FILES\INTERNET EXPLORER\INFOMS.TDM
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\ZT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

NTDETECT.EXE这个东西么，是什么东西啊

好像见过很多回了

显示全部楼层 · 发表于 2007-8-14 20:57:14

11个

显示全部楼层 · 发表于 2007-8-14 21:13:28

17
Starting the file scan:

Begin scan in 'G:\样本\Virus[1]'
G:\样本\Virus[1]\Virus\
  1temp.exe
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
   [WARNING] The file was ignored!
  Cuteqq_CN.vbs
  GHO.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [WARNING] The file was ignored!
  gz.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [WARNING] The file was ignored!
  gz[1].exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [WARNING] The file was ignored!
  InfoMs.sys
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
   [WARNING] The file was ignored!
  InfoMs.tdm
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
   [WARNING] The file was ignored!
  ms.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [WARNING] The file was ignored!
  mssock.sys
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
   [WARNING] The file was ignored!
  mssql.dll
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
   [WARNING] The file was ignored!
  NTDETECT.EXE
   [DETECTION] Contains signature of the VBS script virus VBS/Nowed.1
   [WARNING] The file was ignored!
  RAV00A0.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [WARNING] The file was ignored!
  RAV00AE.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [WARNING] The file was ignored!
  rx.exe
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
   [WARNING] The file was ignored!
  sofzlcn.exe
   [DETECTION] Is the Trojan horse TR/Agent.crv
   [WARNING] The file was ignored!
  sys.dll
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [WARNING] The file was ignored!
  tl.exe
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
   [WARNING] The file was ignored!
  zt.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-8-14 21:14:23

13
[Scan path] G:\样本\Virus[1]
>G:\样本\Virus[1]\Virus\1temp.exe infected with Trojan.PWS.Gamania.3212
G:\样本\Virus[1]\Virus\Cuteqq_CN.vbs - Ok
G:\样本\Virus[1]\Virus\GHO.exe - Ok
G:\样本\Virus[1]\Virus\gz.exe infected with BackDoor.Beizhu.191
G:\样本\Virus[1]\Virus\gz[1].exe infected with BackDoor.Beizhu.191
>G:\样本\Virus[1]\Virus\InfoMs.sys infected with Trojan.StartPage.372
>G:\样本\Virus[1]\Virus\InfoMs.tdm probably infected with DLOADER.Trojan
>G:\样本\Virus[1]\Virus\ms.exe infected with Trojan.PWS.Gamania.3231
G:\样本\Virus[1]\Virus\mssock.sys - Ok
>G:\样本\Virus[1]\Virus\mssql.dll - Ok
G:\样本\Virus[1]\Virus\NTDETECT.EXE - Ok
>G:\样本\Virus[1]\Virus\RAV00A0.exe infected with Trojan.PWS.Gamania.3231
>G:\样本\Virus[1]\Virus\RAV00AE.exe infected with Trojan.PWS.Gamania.3198
>G:\样本\Virus[1]\Virus\rx.exe infected with Trojan.PWS.Gamania.3212
>>G:\样本\Virus[1]\Virus\sofzlcn.exe infected with BackDoor.Pigeon.2254
G:\样本\Virus[1]\Virus\sys.dll infected with BackDoor.Beizhu.191
>G:\样本\Virus[1]\Virus\tl.exe infected with Trojan.StartPage.372
>G:\样本\Virus[1]\Virus\zt.exe infected with Trojan.PWS.Gamania.3198

显示全部楼层 · 发表于 2007-8-14 21:15:17

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-8-13
开始时间: 2007-8-14 21:14
引擎: KAV 引擎 (AVK 17.6833), BD  引擎 (BD 17.4714)
启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: Cuteqq_CN.vbs
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan.VBS.Runner.w (KAV 引擎)
对象: GHO.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: GenPack:Generic.Malware.SBdldsp.FE89077C (BD  引擎)
对象: gz.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: DeepScan:Generic.Graybird.7DA20FB4 (BD  引擎)
对象: gz[1].exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: DeepScan:Generic.Graybird.7DA20FB4 (BD  引擎)
对象: InfoMs.sys
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan.Delf.NEB (BD  引擎)
对象: InfoMs.tdm
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan-PSW.Win32.Gamec.cg (KAV 引擎), Generic.Malware.Fdldsp.E78E5351 (BD  引擎)
对象: ms.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎), BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: mssock.sys
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan.Keylogger.ADL (BD  引擎)
对象: NTDETECT.EXE
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan.VBS.Runner.w (KAV 引擎)
对象: RAV00A0.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎), BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: RAV00AE.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Dropped:Trojan.PWS.OnLineGames.BDH (BD  引擎)
对象: sofzlcn.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.ddi (KAV 引擎)
对象: sys.dll
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Backdoor.Win32.Hupigon.ene (KAV 引擎), Generic.Graybird.BD9C9B79 (BD  引擎)
对象: tl.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan.Delf.NEB (BD  引擎)
对象: zt.exe
路径: G:\样本\Virus[1]\Virus
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Dropped:Trojan.PWS.OnLineGames.BDH (BD  引擎)
分析完毕: 2007-8-14 21:14
已检查 18 个文件
已发现 15 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2007-8-14 22:00:09

Start of the scan: 2007年8月14日  21:59

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\Virus[1].part1.rar
  [0] Archive type: RAR
  --> Virus\1temp.exe
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
  --> Virus\GHO.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> Virus\gz.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> Virus\gz[1].exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> Virus\InfoMs.sys
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
  --> Virus\InfoMs.tdm
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
  --> Virus\ms.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
  --> Virus\mssock.sys
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
  --> Virus\NTDETECT.EXE
   [DETECTION] Contains signature of the VBS script virus VBS/Nowed.1
  --> Virus\RAV00A0.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
  --> Virus\RAV00AE.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
  --> Virus\rx.exe
   [DETECTION] Is the Trojan horse TR/Keylogger.ADL.1
   [INFO]    The file was deleted!
H:\AV-TEST\Virus.part3.rar
  [0] Archive type: RAR
  --> Virus\sys.dll
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> Virus\tl.exe
   [DETECTION] Is the Trojan horse TR/Agent.23696.1
  --> Virus\zt.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
   [INFO]    The file was deleted!

End of the scan: 2007年8月14日  21:59
Used time: 00:22 min

The scan has been done completely.

   1 Scanning directories
   20 Files were scanned
   15 viruses and/or unwanted programs were found
   0 classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   3 Archives were scanned
   0 Warnings
   1 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-14 22:54:39

[病毒样本] 一堆 md5内

本帖子中包含更多资源

本帖子中包含更多资源

红伞15个

本帖子中包含更多资源