又是HOST下载的..15个

显示全部楼层 · 发表于 2007-8-15 14:52:14

[MD5: FB0E02 27B7A8 7FCF38 DD7DDD 94AAD0 70DDB0 001879 FDD92F D41D8C 9C6E25 196345 789FB3 B331B2 8F3B47 AFB4C7]

显示全部楼层 · 发表于 2007-8-15 14:57:33

微点：
木马名称:Trojan-PSW.Win32.OnLineGames.iit

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\WINFORM.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.BHO.og

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\13D003.EXE
是广告软件!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.BHO.od

程序:
C:\PROGRAM FILES\COMMON FILES\CPUSH\CPUSH.DLL
是广告软件!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\14D003.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\NETDDE32.EXE
2) C:\WINDOWS.0\SYSTEM32\D03.EXE
3) C:\PROGRAM FILES\COMMON FILES\CPUSH\UNINST.EXE
4) C:\PROGRAM FILES\COMMON FILES\CPUSH\CPUSH.DLL
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\14D003.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\A.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2729
远端地址:61.152.116.132(上海)
远端端口:80
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\A.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WLMA.EXE
2) C:\WINDOWS.0\SYSTEM32\AVISTREAM_API.DLL
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\AVISTREAM_API.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

微点在测b.exe时出现故障，需要重启。但还是能拦截
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\CHAJIAN_201.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CHAJIAN_201.EXE
2) C:\WINDOWS.0\SYSTEM32\SYSTEM.DAT
是否删除木马程序及其衍生物?广告软件名称:AdWare.Win32.Cinmus.aty
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ACPIDISK.SYS
是广告软件!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\0815TEST[1]\NTSVC.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\NTSVC.EXE
是否删除木马程序及其衍生物?

[ 本帖最后由微点卫士于 2007-8-15 15:00 编辑 ]

显示全部楼层 · 发表于 2007-8-15 14:57:35

Start of the scan: 2007年8月15日  14:57

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\新建文件夹'
C:\Documents and Settings\Administrator\桌面\新建文件夹\13d003.exe
   [DETECTION] Contains signature of the dropper DR/BHO.CX.33
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\a.exe
   [DETECTION] Is the Trojan horse TR/PSW.156569
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\AVIStream_API.dll
   [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\netdde32.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\KB908224.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46fba40c.qua'!
C:\Documents and Settings\Administrator\桌面\新建文件夹\my_70204.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '4721a443.qua'!
C:\Documents and Settings\Administrator\桌面\新建文件夹\Chajian_201.exe
   [DETECTION] Is the Trojan horse TR/Hijack.Explor.3961
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\ntsvc.exe
   [DETECTION] Is the Trojan horse TR/PSW.Lmir.aje
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\inin.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新建文件夹\alsmt.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.NW
   [INFO]    The file was deleted!

End of the scan: 2007年8月15日  14:57
Used time: 00:09 min

The scan has been done completely.

   1 Scanning directories
   14 Files were scanned
   10 viruses and/or unwanted programs were found
   2 classified as suspicious:
   8 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-15 14:58:51

看看....

显示全部楼层 · 发表于 2007-8-15 15:11:57

detected: Trojan program Trojan-PSW.Win32.OnLineGames.acf File: E:\Ñù±¾\bingdu\WinForm.dll
detected: adware not-a-virus:AdWare.Win32.Boran.y File: E:\Ñù±¾\bingdu\alsmt.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.byn File: E:\Ñù±¾\bingdu\13d003.exe//data0002
detected: adware not-a-virus:AdWare.Win32.BHO.cx File: E:\Ñù±¾\bingdu\13d003.exe//data0003//stream//data0001
detected: Trojan program Trojan-Downloader.Win32.Delf.bdc File: E:\Ñù±¾\bingdu\b.exe//PE_Patch.PECompact//PecBundle//PECompact//#//NSPack
detected: Trojan program Trojan-Downloader.Win32.QQHelper.vn File: E:\Ñù±¾\bingdu\14d003.exe//data0002//PE_Patch.Upolyx
detected: adware not-a-virus:AdWare.Win32.BHO.av File: E:\Ñù±¾\bingdu\14d003.exe//data0003
detected: virus Heur.Invader (modification) File: E:\Ñù±¾\bingdu\a.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Heur.Invader (modification) File: E:\Ñù±¾\bingdu\AVIStream_API.dll//NSPack
detected: Trojan program Trojan-Downloader.Win32.QQHelper.vn File: E:\Ñù±¾\bingdu\netdde32.exe//PE_Patch.Upolyx
detected: virus Heur.Invader (modification) File: E:\Ñù±¾\bingdu\Chajian_201.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-Downloader.Win32.Dadobra.es File: E:\Ñù±¾\bingdu\ntsvc.exe//UPX
detected: virus Virus.Win32.AutoRun.gw File: E:\Ñù±¾\bingdu\inin.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: E:\Ñù±¾\bingdu\dodolook451.exe//stream//data0002//data0003
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: E:\Ñù±¾\bingdu\dodolook451.exe//stream//data0002//data0004
15

显示全部楼层 · 发表于 2007-8-15 15:13:54

Start of the scan: 2007年8月15日  15:12

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\0815test[1].part1.rar
  [0] Archive type: RAR
  --> WinForm.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> alsmt.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.NW
  --> 13d003.exe
   [DETECTION] Contains signature of the dropper DR/BHO.CX.33
   [INFO]    The file was deleted!
H:\AV-TEST\0815test[1].part2.rar
  [0] Archive type: RAR
  --> a.exe
   [DETECTION] Is the Trojan horse TR/PSW.156569
  --> AVIStream_API.dll
   [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
  --> netdde32.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> KB908224.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> my_70204.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!
H:\AV-TEST\0815test[1].part3.rar
  [0] Archive type: RAR
  --> ntsvc.exe
   [DETECTION] Is the Trojan horse TR/PSW.Lmir.aje
  --> inin.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年8月15日  15:13
Used time: 00:25 min

The scan has been done completely.

   1 Scanning directories
   16 Files were scanned
   10 viruses and/or unwanted programs were found
   2 classified as suspicious:
   3 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   3 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-15 15:15:45

下载时驱逐舰干掉三个~~~~~~~~···

显示全部楼层 · 发表于 2007-8-15 15:17:21

BD 9个~~~~~~~~~~~~

C:\Documents and Settings\同同\桌面\0815test.part1.rar=>WinForm.dll Infected: Generic.PWS.Games.4.57EC806A
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>WinForm.dll Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>WinForm.dll Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>alsmt.exe Infected: Trojan.Spy.Agent.NW
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>alsmt.exe Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>alsmt.exe Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>13d003.exe=>(NSIS o)=>lzma_nsis0002 Detected: Adware.BHO.WPQ
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>13d003.exe=>(NSIS o)=>lzma_nsis0002 Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>13d003.exe=>(NSIS o)=>lzma_nsis0002 Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>14d003.exe=>(NSIS o)=>lzma_nsis0002=>(NSIS o)=>lzma_solid_nsis0001 Detected: Adware.CPush.G
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>14d003.exe=>(NSIS o)=>lzma_nsis0002=>(NSIS o)=>lzma_solid_nsis0001 Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>14d003.exe=>(NSIS o)=>lzma_nsis0002=>(NSIS o)=>lzma_solid_nsis0001 Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>a.exe Infected: DeepScan:Generic.PWS.WoW.8FF421FE
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>a.exe Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>a.exe Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>Chajian_201.exe Infected: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>Chajian_201.exe Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>Chajian_201.exe Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>ntsvc.exe Infected: Win32.Worm.Fasong.E
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>ntsvc.exe Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>ntsvc.exe Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0000 Infected: Trojan.Cinmeng.A
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0000 Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0000 Move failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0002 Infected: DeepScan:Generic.Adw.Cinmus.2.C41E0643
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0002 Disinfection failed
C:\Documents and Settings\同同\桌面\0815test.part1.rar=>dodolook451.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>lzma_nsis0002 Move failed

显示全部楼层 · 发表于 2007-8-15 15:41:51

===================================================================================================
Norman Virus Control On-demand scanner 7.0.0.9

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/09 20:07:15 (824384 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 844742
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: F:\
- Scanning system areas of drive: F:\
- Scanning files in the directory: F:\v\v1\
   47 ms F:\v\v1\13d003.exe                                        Trojan Smalltroj.gen5 ()
- File F:\v\v1\13d003.exe quarantined.
- File F:\v\v1\13d003.exe deleted.
   16 ms F:\v\v1\14d003.exe                                        Trojan Smalltroj.gen5 ()
- File F:\v\v1\14d003.exe quarantined.
- File F:\v\v1\14d003.exe deleted.
   7407 ms F:\v\v1\a.exe
   15 ms F:\v\v1\alsmt.exe                                           Trojan W32/Agent.AMHW ()
- File F:\v\v1\alsmt.exe quarantined.
- File F:\v\v1\alsmt.exe deleted.
      0 ms F:\v\v1\AVIStream_API.dll
   5485 ms F:\v\v1\b.exe
   8078 ms F:\v\v1\Chajian_201.exe                                     Virus W32/Malware ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing PEC2.
* Accesses executable file from resource section.
* Creating several executable files on hard-drive.
* File length:    208430 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\TEMP\Chajian_201.exe.
* Creates file C:\WINDOWS\Chajian_201.dll.
* Creates file C:\WINDOWS\SYSTEM32\system.dat.

[ Network services ]
* Connects to "98032.com.cn" on port 80 (IP).
* Opens URL: 98032.com.cn/count/data_add.aspx?filename=Chajian_201.exe.

[ Network ]
* Hooks into Shell explorer.

[ Process/window information ]
* Creates an event called .
* Attemps to open C:\WINDOWS\TEMP\Chajian_201.exe .
* Enumerates running processes.
* Enumerates running processes several parses....

)
- File F:\v\v1\Chajian_201.exe quarantined.
- File F:\v\v1\Chajian_201.exe deleted.
   1093 ms F:\v\v1\dodolook451.exe
   16 ms F:\v\v1\inin.exe                                           Trojan W32/Malware.AEHD ()
- File F:\v\v1\inin.exe quarantined.
- File F:\v\v1\inin.exe deleted.
   15 ms F:\v\v1\KB908224.dll                                        Trojan W32/Smalltroj.gen5 ()
- File F:\v\v1\KB908224.dll quarantined.
- File F:\v\v1\KB908224.dll deleted.
   187 ms F:\v\v1\my_70204.exe
   344 ms F:\v\v1\netdde32.exe
   16 ms F:\v\v1\ntsvc.exe                                           Trojan W32/Lmir.ALV ()
- File F:\v\v1\ntsvc.exe quarantined.
- File F:\v\v1\ntsvc.exe deleted.
   15 ms F:\v\v1\WinForm.dll

===================================================================================================

The scanning started: 2007/08/15 15:41:11
            ended: 2007/08/15 15:41:34
Logged on as       : Administrator
on hostname       : 2FF87FC2B9AB46F

Scanning results:
Total number of files found..............................:    15
Number of files scanned..................................:    14
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    7

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-8-15 16:14:17

Scan performed at: 2007-8-15 16:13:54
Scanning Log
NOD32 version 2462 (20070815) NT
Command line: C:\Documents and Settings\EQ2\桌面\0815test
Operating memory - is OK

Date: 15.8.2007 Time: 16:14:00
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\0815test\
C:\Documents and Settings\EQ2\桌面\0815test\13d003.exe ?NSIS ?netdde32.exe - probably unknown NewHeur_PE virus [7] - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\0815test\13d003.exe ?NSIS ?d03.exe ?NSIS ?cpush.dll - probably a variant of Win32/Adware.BHO.AV application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\0815test\14d003.exe ?NSIS ?netdde32.exe - probably unknown NewHeur_PE virus [7] - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\0815test\14d003.exe ?NSIS ?d03.exe ?NSIS ?cpush.dll - probably a variant of Win32/Adware.BHO.AV application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\0815test\alsmt.exe - Win32/Adware.Boran application - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\0815test\AVIStream_API.dll - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\0815test\dodolook451.exe ?NSIS ?1582.exe ?NSIS ?acpidisk.sys - a variant of Win32/Adware.Cinmus application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\0815test\inin.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\0815test\netdde32.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\0815test\ntsvc.exe - Win32/PSW.QQPass.DU trojan - quarantined - unable to clean - deleted
Number of scanned files: 23
Number of threats found: 10
Number of files cleaned: 8
Time of completion: 16:14:06 Total scanning time: 6 sec (00:00:06)

Notes:
[7] File is probably infected with an unknown virus.

[病毒样本] 又是HOST下载的..15个

本帖子中包含更多资源