一堆又一堆

显示全部楼层 · 发表于 2007-8-14 23:25:08

卡巴KIS7.0

病毒扫描 : 完成
---------------
已扫描: 46
已检测: 9
未清除: 0
开始时间: 2007-8-14 23:23:00
持续时间: 00:00:07
结束时间: 2007-8-14 23:23:07

已检测
------
状态对象
---- ----
已删除: 木马程序 Trojan-Downloader.Win32.LoadAdv.gen 文件: D:\Suspicious2.rar/loadadv579.exe//PE_Patch.UPX//UPX
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx
已删除: 病毒 Virus.Win32.AutoRun.gr 文件: D:\Suspicious2.rar/NewTemp.dll//PE_Patch
已删除: 病毒 Virus.Win32.AutoRun.go 文件: D:\Suspicious2.rar/shenji.exe
已删除: 病毒 Virus.Win32.AutoRun.go 文件: D:\Suspicious2.rar/svchost.exe
已删除: 木马程序 Trojan-PSW.Win32.Agent.mi 文件: D:\Suspicious2.rar/SysWin64.Jmp//FSG
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn 文件: D:\Suspicious2.rar/winsys16_070812.dll
已删除: 木马程序 Trojan-PSW.Win32.Agent.mi 文件: D:\Suspicious2.rar/WinSys64.Sys
已删除: 木马程序 Trojan-Downloader.Win32.Small.eqn 文件: D:\Suspicious2.rar/wr-1-20.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX

事件
----
时间名称状态原因
---- ---- ---- ----
2007-8-14 23:23:00 文件: D:\Suspicious2.rar 压缩文件 RAR
2007-8-14 23:23:00 文件: D:\Suspicious2.rar/ieBF0E.tmp ok 已扫描
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll 压缩 UPX
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll//UPX ok 已扫描
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll//# 压缩 UPX
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll//#//UPX ok iChecker
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll//# ok 已扫描
2007-8-14 23:23:01 文件: D:\Suspicious2.rar/InfoWin.Dll//# 压缩 UPX
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Dll//#//UPX ok 已扫描
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Dll//# ok 已扫描
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Dll//# ok 已扫描
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Dll ok 已扫描
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Sys 压缩 UPX
2007-8-14 23:23:02 文件: D:\Suspicious2.rar/InfoWin.Sys//UPX ok iChecker
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/InfoWin.Sys ok 已扫描
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe 压缩 PE_Patch.UPX
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe//PE_Patch.UPX 压缩 UPX
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe//PE_Patch.UPX//UPX 已检测木马程序 'Trojan-Downloader.Win32.LoadAdv.gen'
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe 备份
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe//PE_Patch.UPX//UPX 未清除无法清除
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/loadadv579.exe 删除
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/mscpx32r.det ok 已扫描
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/my_70145[1].exe//# ok 已扫描
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/my_70145[1].exe ok 已扫描
2007-8-14 23:23:03 文件: D:\Suspicious2.rar/netdde32.exe 压缩 PE_Patch.Upolyx
2007-8-14 23:23:04 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx//# ok 已扫描
2007-8-14 23:23:05 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx//# ok iChecker
2007-8-14 23:23:05 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx 已检测新变种病毒 'Heur.Trojan.Generic'
2007-8-14 23:23:05 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx 已检测新变种病毒 'Heur.Trojan.Generic'
2007-8-14 23:23:05 文件: D:\Suspicious2.rar/netdde32.exe//PE_Patch.Upolyx 已检测新变种病毒 'Heur.Trojan.Generic'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/netdde32.exe 隔离
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/NewTemp.dll 压缩 PE_Patch
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/NewTemp.dll//PE_Patch 已检测病毒 'Virus.Win32.AutoRun.gr'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/NewTemp.dll 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/nshA.tmp ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/ocinfo.dat ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/s11870848861.dat ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/s11870848862.dat ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/shenji.exe 已检测病毒 'Virus.Win32.AutoRun.go'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/shenji.exe 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/svchost.dat ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/svchost.exe 已检测病毒 'Virus.Win32.AutoRun.go'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/svchost.exe 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/SVKP.sys ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/SysWin64.Jmp 压缩 FSG
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/SysWin64.Jmp//FSG 已检测木马程序 'Trojan-PSW.Win32.Agent.mi'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/SysWin64.Jmp 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/Uninst.exe 压缩文件 NSIS
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/Uninst.exe//stream 压缩文件 NSIS
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/Uninst.exe//stream//Script ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/Uninst.exe//stream ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/Uninst.exe ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/UPDE.tmp ok 已扫描
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/winsys16_070812.dll 已检测木马程序 'Trojan-Spy.Win32.Agent.pn'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/winsys16_070812.dll 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/WinSys64.Sys 已检测木马程序 'Trojan-PSW.Win32.Agent.mi'
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/WinSys64.Sys 删除
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/wr-1-20.exe 压缩 PE_Patch.Upolyx
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/wr-1-20.exe//PE_Patch.Upolyx 压缩 PE_Patch.UPX
2007-8-14 23:23:06 文件: D:\Suspicious2.rar/wr-1-20.exe//PE_Patch.Upolyx//PE_Patch.UPX 压缩 UPX
2007-8-14 23:23:07 文件: D:\Suspicious2.rar/wr-1-20.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX 已检测木马程序 'Trojan-Downloader.Win32.Small.eqn'
2007-8-14 23:23:07 文件: D:\Suspicious2.rar/wr-1-20.exe 删除

统计
----
对象已扫描已检测未清除已删除移动到隔离区压缩文件压缩文件密码保护损坏
---- ------ ------ ------ ------ ------------ -------- -------- -------- ----
所有对象 46 9 0 8 1 3 12 0 0
D:\Suspicious2.rar 46 9 0 8 1 3 12 0 0

设置
----
参数值
---- --
安全级别自定义
操作清除, 删除如果清除失败
运行模式手动
文件类型扫描所有文件
只扫描新建和改变的文件否
扫描附件全部
扫描嵌入 OLE 对象全部
如果扫描对象超过指定大小则跳过否
如果扫描超过指定时间则跳过否
分析邮件格式是
扫描有密码保护的压缩文件是
启用iChecker技术是
启用iSwift技术是
在"已检测"标签页显示已检测威胁是
Rootkit 扫描是
扩展 rootkit 扫描是
使用启发式分析器是
启发式分析等级 10

显示全部楼层 · 发表于 2007-8-15 00:32:50

C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\InfoWin.Dll : is suspected of Embedded.MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\InfoWin.Sys : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\loadadv579.exe : infected Trojan-Downloader.Win32.LoadAdv.gen
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\NewTemp.dll : is suspected of Trojan-PSW.Game.18 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\SysWin64.Jmp : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\winsys16_070812.dll : is suspected of Trojan-PSW.Game.39 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\WinSys64.Sys : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\Suspicious2.rar:<RAR>\wr-1-20.exe : infected Trojan-Downloader.Win32.Small.eqn

Directories    : 0    Files in archives:    Files on disks:
Archives:                - total    : 22    - total    : 1
- scanned       : 1    -  scanned : 22    - scanned    : 1
- contain viruses : 1    -  infected : 5    - infected : 1
- deleted       : 0    -  suspicious : 3    - suspicious  : 0

显示全部楼层 · 发表于 2007-8-15 03:18:28

显示全部楼层 · 发表于 2007-8-15 08:42:40

===================================================================================================
Norman Virus Control On-demand scanner 7.0.0.9

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/09 20:07:15 (824384 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 844742
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: F:\
- Scanning system areas of drive: F:\
- Scanning files in the directory: F:\v\v1\
      0 ms F:\v\v1\ieBF0E.tmp
   313 ms F:\v\v1\InfoWin.Dll
      0 ms F:\v\v1\InfoWin.Sys
      0 ms F:\v\v1\loadadv579.exe                                     Trojan Tibs.gen116 ()
- File F:\v\v1\loadadv579.exe quarantined.
- File F:\v\v1\loadadv579.exe deleted.
   16 ms F:\v\v1\mscpx32r.det
   172 ms F:\v\v1\my_70145[1].exe
   344 ms F:\v\v1\netdde32.exe
      0 ms F:\v\v1\NewTemp.dll
      0 ms F:\v\v1\nshA.tmp
      0 ms F:\v\v1\ocinfo.dat
      0 ms F:\v\v1\s11870848861.dat
      0 ms F:\v\v1\s11870848862.dat
   16 ms F:\v\v1\shenji.exe                                        Trojan Hupigon.gen66 ()
- File F:\v\v1\shenji.exe quarantined.
- File F:\v\v1\shenji.exe deleted.
      0 ms F:\v\v1\svchost.dat
      0 ms F:\v\v1\svchost.exe                                        Trojan Hupigon.gen66 ()
- File F:\v\v1\svchost.exe quarantined.
- File F:\v\v1\svchost.exe deleted.
   93 ms F:\v\v1\SVKP.sys
   219 ms F:\v\v1\SysWin64.Jmp                                        Security Risk Suspicious_F.gen ()
- File F:\v\v1\SysWin64.Jmp quarantined.
- File F:\v\v1\SysWin64.Jmp deleted.
   703 ms F:\v\v1\Uninst.exe
      0 ms F:\v\v1\UPDE.tmp
      0 ms F:\v\v1\winsys16_070812.dll
      0 ms F:\v\v1\WinSys64.Sys
   15 ms F:\v\v1\wr-1-20.exe                                        Trojan W32/DLoader.DBBL ()
- File F:\v\v1\wr-1-20.exe quarantined.
- File F:\v\v1\wr-1-20.exe deleted.

===================================================================================================

The scanning started: 2007/08/15 08:42:30
            ended: 2007/08/15 08:42:34
Logged on as       : Administrator
on hostname       : 2FF87FC2B9AB46F

Scanning results:
Total number of files found..............................:    22
Number of files scanned..................................:    22
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    5

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-8-15 10:49:37

显示全部楼层 · 发表于 2007-8-15 13:37:57

Virus: Win32:Delf-FHQ [Trj], Win32:LoadAdv-I [Trj], Win32:Nilage-AI [Trj], Win32:Agent-JQL [Trj], Win32:Agent-HFX [Trj] (2x), Win32:Small-DJC [Trj], Win32:Boran-J [Trj], Win32:Delf-ECW [Trj], Win32:Small-GWM [Trj]

Virus found while downloading Web content.

Address: bbs.kafan.cn

[病毒样本] 一堆又一堆

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源