【md5内详】16只

显示全部楼层 · 发表于 2007-8-17 08:56:02

464081|881646|58cc4f|e40d6a|6fb68f|50255d|f5fbdc|74545b|64f98b|4efe96|62bb33|41cd51|6a85eb|101e45|8ec825|5cdf6d

复制代码

[ 本帖最后由 jimmyleo 于 2007-8-17 08:58 编辑 ]

显示全部楼层 · 发表于 2007-8-17 08:57:31

Undet [             ](    ) in E:\VirusTest\exe\16.rar,(runtime.sys)
Found [  TROJ_SMALL.HZU]( 1) in E:\VirusTest\exe\16.rar,(loadadv591.exe)
Found [  TSPY_WLHACK.AG]( 1) in E:\VirusTest\exe\16.rar,(ip6fw.sys)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(svchost.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(hoed.exe)
Found [ TROJ_TIBS.ALP]( 1) in E:\VirusTest\exe\16.rar,(downloader.exe)
Found [Possible_Nucrp-4]( 1) in E:\VirusTest\exe\16.rar,(5.dllb)
Found [  WORM_NUWAR.APU]( 1) in E:\VirusTest\exe\16.rar,(win32.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(2838371.exe)
Found [TROJ_DLOADER.NQI]( 1) in E:\VirusTest\exe\16.rar,(loader.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(xar5043v7.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(clean_289993.dll)
Found [TROJ_DLOADER.RAQ]( 1) in E:\VirusTest\exe\16.rar,(de.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(runtime2.sys)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(ntos.exe)
Undet [             ](    ) in E:\VirusTest\exe\16.rar,(L50.exe)

Found 7 viruses totally.

显示全部楼层 · 发表于 2007-8-17 08:58:22

14个

显示全部楼层 · 发表于 2007-8-17 09:00:36

detected: Trojan program Rootkit.Win32.Agent.dw File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/runtime.sys//PE_Patch
detected: Trojan program Trojan-Downloader.Win32.LoadAdv.gen File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/loadadv591.exe//PE_Patch.UPX//UPX
detected: Trojan program Rootkit.Win32.Agent.dp File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/ip6fw.sys//PE_Patch
detected: Trojan program Trojan-Downloader.Win32.Small.cib File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/hoed.exe
detected: virus Packed.Win32.Tibs.ab File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/downloader.exe
detected: virus Heur.Downloader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/5.dllb
detected: virus Email-Worm.Win32.Zhelatin.gv File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/win32.exe
detected: Trojan program Trojan.Win32.Agent.ady File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/2838371.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.boy File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/loader.exe
detected: Trojan program Trojan-Downloader.Win32.Alphabet.gen File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/xar5043v7.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.bqr File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/clean_289993.dll
detected: Trojan program Trojan-Downloader.Win32.Agent.bqr File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/de.exe
detected: Trojan program Rootkit.Win32.Agent.ey File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/runtime2.sys//PE_Patch
detected: Trojan program Trojan-Spy.Win32.Bancos.aco File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/ntos.exe
detected: Trojan program Trojan.Win32.Agent.aqw File: C:\Documents and Settings\Owner\×ÀÃæ\16.rar/L50.exe
15

显示全部楼层 · 发表于 2007-8-17 09:00:40

D:\download\VirusScan\16\runtime.sys - Signature 'Rootkit.Win32.Agent.dw' found
D:\download\VirusScan\16\loadadv591.exe - Signature 'Trojan-Downloader.LoadAdv.B' found
D:\download\VirusScan\16\ip6fw.sys - Signature 'Rootkit.Win32.Agent.dp' found
D:\download\VirusScan\16\svchost.exe - Signature 'Trojan-Downloader.Win32.Femad' found
D:\download\VirusScan\16\hoed.exe - Signature 'Backdoor.Agent.YTP' found
D:\download\VirusScan\16\downloader.exe - Signature 'Packed.Win32.Tibs.ab' found
D:\download\VirusScan\16\5.dllb
D:\download\VirusScan\16\win32.exe - Signature 'Packed.Win32.Tibs.bg' found
D:\download\VirusScan\16\2838371.exe - Signature 'Trojan.Win32.Agent.ady' found
D:\download\VirusScan\16\loader.exe - Signature 'Trojan-Downloader.Win32.Agent.boy' found
D:\download\VirusScan\16\xar5043v7.exe - Signature 'Trojan-Downloader.Win32.Alphabet' found
D:\download\VirusScan\16\clean_289993.dll - Signature 'Trojan-Downloader.Win32.Small.ems' found
D:\download\VirusScan\16\de.exe - Signature 'Trojan-Downloader.Win32.Small.ems' found
D:\download\VirusScan\16\runtime2.sys - Signature 'Rootkit.Win32.Agent.ey' found
D:\download\VirusScan\16\ntos.exe - Signature 'Trojan-Spy.Win32.Bancos.aam' found
D:\download\VirusScan\16\L50.exe - Signature 'Trojan.Win32.Agent.arl' found

16 Files scanned
(0 Archives with 0 files)
15 Signatures found
0 Suspect code-parts found
Used time: 0:01.973

显示全部楼层 · 发表于 2007-8-17 09:13:48

Scanning Log
NOD32 version 2467 (20070816) NT
Command line: R:\16.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3.  ?
?physical disk. Error reading sector.
Date: 17.8.2007  Time: 09:05:00
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\16.rar
R:\16.rar ?RAR ?runtime.sys - probably a variant of  ?
?Win32/Rootkit trojan
R:\16.rar ?RAR ?loadadv591.exe - a variant of  ?
?Win32/TrojanDownloader.Small.NUS trojan
R:\16.rar ?RAR ?ip6fw.sys - a variant of Win32/Rootkit. ?
?Agent.DP trojan
R:\16.rar ?RAR ?svchost.exe - probably a variant of  ?
?Win32/TrojanDownloader.Small.AMB trojan
R:\16.rar ?RAR ?downloader.exe - probably a variant of  ?
?Win32/Obfuscated trojan
R:\16.rar ?RAR ?5.dllb - a variant of  ?
?Win32/TrojanDownloader.Small.AWA trojan
R:\16.rar ?RAR ?win32.exe - Win32/Nuwar.Gen worm
R:\16.rar ?RAR ?2838371.exe - Win32/Wigon.Z trojan
R:\16.rar ?RAR ?loader.exe - Win32/TrojanDownloader.Agent. ?
?BOY trojan
R:\16.rar ?RAR ?xar5043v7.exe - probably unknown  ?
?NewHeur_PE virus [7]
R:\16.rar ?RAR ?clean_289993.dll - Win32/PSW.Sinowal.Gen  ?
?trojan
R:\16.rar ?RAR ?de.exe - Win32/PSW.Sinowal.Gen trojan
R:\16.rar ?RAR ?runtime2.sys - a variant of Win32/Rootkit. ?
?Agent.EY trojan
R:\16.rar ?RAR ?ntos.exe - Win32/Spy.Agent.NDL trojan
R:\16.rar ?RAR ?L50.exe - probably a variant of  ?
?Win32/Agent trojan
Number of scanned files: 16
Number of threats found: 15
Time of completion: 09:05:02 Total scanning time: 2 sec  ?
?(00:00:02)
Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-8-17 09:15:41

--> runtime.sys
      [DETECTION] Is the Trojan horse TR/Pushu.B
      [WARNING] Infected files in archives cannot be repaired!
--> loadadv591.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ip6fw.sys
      [DETECTION] Contains signature of the rootkit RKIT/Agent.DQ.31.A
      [WARNING] Infected files in archives cannot be repaired!
--> svchost.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> hoed.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YTP.2 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> downloader.exe
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 5.dllb
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> win32.exe
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 2838371.exe
      [DETECTION] Is the Trojan horse TR/Agent.ady.117
      [WARNING] Infected files in archives cannot be repaired!
--> loader.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.boy.8
      [WARNING] Infected files in archives cannot be repaired!
--> xar5043v7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
      [WARNING] Infected files in archives cannot be repaired!
--> clean_289993.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bqr.1
      [WARNING] Infected files in archives cannot be repaired!
--> de.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bqr.1
      [WARNING] Infected files in archives cannot be repaired!
--> runtime2.sys
      [DETECTION] Contains signature of the rootkit RKIT/Posh.A
      [WARNING] Infected files in archives cannot be repaired!
--> ntos.exe
      [DETECTION] Is the Trojan horse TR/Spy.Bancos.aco.2
      [WARNING] Infected files in archives cannot be repaired!
--> L50.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    A backup was created as '46f2f6be.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!
红伞16

显示全部楼层 · 发表于 2007-8-17 09:19:23

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-8-15
开始时间: 2007-8-17 9:17
引擎: KAV 引擎 (AVK 17.6876), BD  引擎 (BD 17.4738)
启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: runtime.sys
路径: G:\样本\16
Status: 已发现病毒
病毒: Rootkit.Win32.Agent.dw (KAV 引擎), Rootkit.Agent.DP (BD  引擎)
对象: loadadv591.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.LoadAdv.gen (KAV 引擎), Trojan.Downloader.LoadAdv.B (BD  引擎)
对象: ip6fw.sys
路径: G:\样本\16
Status: 已发现病毒
病毒: Rootkit.Win32.Agent.dp (KAV 引擎), Rootkit.Agent.Q (BD  引擎)
对象: svchost.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan.Downloader.Femad.XA (BD  引擎)
对象: hoed.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Backdoor.Agent.YTP (BD  引擎)
对象: downloader.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Packed.Win32.Tibs.ab (KAV 引擎), Trojan.Peed.OQ (BD  引擎)
对象: 5.dllb
路径: G:\样本\16
Status: 已发现病毒
病毒: GenPack:Trojan.Downloader.Small.AAEG (BD  引擎)
对象: win32.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Email-Worm.Win32.Zhelatin.gv (KAV 引擎), Trojan.Peed.IEL (BD  引擎)
对象: 2838371.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan.Win32.Agent.ady (KAV 引擎), Trojan.Dropper.Ntrootkit.A (BD  引擎)
对象: loader.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.boy (KAV 引擎), Trojan.Downloader.Agent.BOY (BD  引擎)
对象: xar5043v7.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Alphabet.gen (KAV 引擎), Generic.Drop.Alpha.2CE4F242 (BD  引擎)
对象: clean_289993.dll
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.bqr (KAV 引擎), Trojan.Downloader.Agent.BQR (BD  引擎)
对象: de.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.bqr (KAV 引擎), Trojan.Downloader.Agent.BQR (BD  引擎)
对象: runtime2.sys
路径: G:\样本\16
Status: 已发现病毒
病毒: Rootkit.Win32.Agent.ey (KAV 引擎), Rootkit.Agent.GV (BD  引擎)
对象: ntos.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan-Spy.Win32.Bancos.aco (KAV 引擎), Trojan.Spy.Banker.ZMJ (BD  引擎)
对象: L50.exe
路径: G:\样本\16
Status: 已发现病毒
病毒: Trojan.Win32.Agent.aqw (KAV 引擎), Trojan.Agent.AAMW (BD  引擎)
分析完毕: 2007-8-17 9:18
已检查 16 个文件
已发现 16 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2007-8-17 09:22:59

微点；
木马名称:Trojan.Win32.Rootkit.aj

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\IP6FW.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?
恶意程序名称:Packed.Win32.Tibs.sx

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DOWNLOADER.EXE
是恶意程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.hzr

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\LOADER.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Spy.Win32.Bancos.auq

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\NTOS.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Agent.gzb

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\L50.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\2838371.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\KSYS.SYS
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\LOADADV591.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\HOED.EXE
是否阻止该进程继续运行?
程序:
C:\WINDOWS.0\SYSTEM32\DRIVERS\SAFEMON.SYS
是否删除RootKit程序?
要删除此类病毒需要重启系统,您是否需要重启机器?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\HOED.EXE
是否删除病毒程序及其衍生物?
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:1513
远端地址:85.255.118.45(乌克兰)
远端端口:80
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6MERMK0M\SYSTEMS[1].EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BPAH.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WIN32.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\KERNELWIND32.EXE
是否删除木马程序及其衍生物?
程序:
C:\WINDOWS.0\SYSTEM32\DRIVERS\SAFEMON.SYS
是否删除RootKit程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\XAR5043V7.EXE
可疑程序生成以下文件:
1) C:\WINDOWS.0\AVP.EXE
2) C:\TEMP2.BAT
3) C:\TEMP2.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
要删除此类病毒需要重启系统,您是否需要重启机器?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\XAR5043V7.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\AVP.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\XAR5043V7.EXE
1) C:\TEMP2.BAT
2) C:\TEMP2.BAT
是否删除可疑程序?、
程序:
C:\WINDOWS.0\SYSTEM32\DRIVERS\SAFEMON.SYS
是否删除RootKit程序?
要删除此类病毒需要重启系统,您是否需要重启机器?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DE.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CLEAN_104D08.DLL
是否删除木马程序及其衍生物?
程序:
C:\WINDOWS.0\SYSTEM32\DRIVERS\SAFEMON.SYS
是否删除RootKit程序?

能运行的都杀了

显示全部楼层 · 发表于 2007-8-17 09:33:04

[ Fri Aug 17 09:27:36 2007 ] Rootkit/NTRootkit.AI in d:\download\virusscan\16.RAR[runtime.sys]
[ Fri Aug 17 09:27:36 2007 ] Generic Malware       in d:\download\virusscan\16.RAR[loadadv591.exe]
[ Fri Aug 17 09:27:36 2007 ] Trj/Spy.G             in d:\download\virusscan\16.RAR[ip6fw.sys]
[ Fri Aug 17 09:27:36 2007 ] Adware/Adsmart       in d:\download\virusscan\16.RAR[downloader.exe]
[ Fri Aug 17 09:27:36 2007 ] Generic Trojan       in d:\download\virusscan\16.RAR[2838371.exe]
[ Fri Aug 17 09:27:36 2007 ] Trj/Downloader.MDW    in d:\download\virusscan\16.RAR[loader.exe]
[ Fri Aug 17 09:27:36 2007 ] Adware/DriveCleaner in d:\download\virusscan\16.RAR[xar5043v7.exe]
[ Fri Aug 17 09:27:36 2007 ] Trj/Downloader.MDW    in d:\download\virusscan\16.RAR[clean_289993.dll]
[ Fri Aug 17 09:27:36 2007 ] Generic Malware       in d:\download\virusscan\16.RAR[de.exe]
[ Fri Aug 17 09:27:36 2007 ] Generic Malware       in d:\download\virusscan\16.RAR[ntos.exe]
[ Fri Aug 17 09:27:36 2007 ] Trj/Downloader.MDW    in d:\download\virusscan\16.RAR[L50.exe]

[病毒样本] 【md5内详】16只

本帖子中包含更多资源

本帖子中包含更多资源