今天的10个新木马

显示全部楼层 · 发表于 2007-8-19 22:14:00

[凝逸.扫描记录]
MD5[9B58D1 2B08E2 E852C1 168209 8B8A78 848D45 256BA3 0F56CE DFF6D5 9b58d1 2b08e2 e852c1 168209 8b8a78 848d45 256ba3 0f56ce dff6d5 ]
f:\070815\剪切文件\9B58D1_zx.exe,木马
f:\070815\剪切文件\2B08E2_zt.exe,木马
f:\070815\剪切文件\E852C1_qj.exe,木马
f:\070815\剪切文件\168209_3(2).exe,木马
f:\070815\剪切文件\8B8A78_(1)10.exe,木马
f:\070815\剪切文件\848D45_11.exe,木马
f:\070815\剪切文件\256BA3_(2)15.exe,木马
f:\070815\剪切文件\0F56CE_(2)6.exe,木马
f:\070815\剪切文件\DFF6D5_(3)2.exe,木马
f:\070815\剪切文件\9b58d1_zx.exe,木马
f:\070815\剪切文件\2b08e2_zt.exe,木马
f:\070815\剪切文件\e852c1_qj.exe,木马
f:\070815\剪切文件\168209_3(2).exe,木马
f:\070815\剪切文件\8b8a78_(1)10.exe,木马
f:\070815\剪切文件\848d45_11.exe,木马
f:\070815\剪切文件\256ba3_(2)15.exe,木马
f:\070815\剪切文件\0f56ce_(2)6.exe,木马
f:\070815\剪切文件\dff6d5_(3)2.exe,木马
感染:0/文件:11
扫描完成|文件:11|耗时:802

[凝逸反毒] (http://hi.baidu.com/503165656)
[凝逸.扫描病毒引擎-日志] 2007.8.19 22:11:48

[凝逸反毒] [病毒库列表]
病毒总数=18328
20070726_dw0001.axx | 病毒数:12691
20070726_kv0001.axx | 病毒数:1115
20070729_ny0001.axx | 病毒数:1319
20070801_ny0002.axx | 病毒数:302
20070802_ny0003.axx | 病毒数:384
20070802_ny0004.axx | 病毒数:196
20070811_ny0005.axx | 病毒数:469
20070816_ny0006.axx | 病毒数:1233
20070816_ny0007.axx | 病毒数:49
20070819_ny0008.axx | 病毒数:570
初始化成功

文件:F:\070815\剪切文件\9B58D1_zx.exe | 感染:Trojan.PWS.Gamania.3410 [213>20070819_ny0008.axx]3(1.2)
操作:删除文件
文件:F:\070815\剪切文件\2B08E2_zt.exe | 感染:virus [505>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\剪切文件\E852C1_qj.exe | 感染:BACKDOOR.Trojan [214>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\剪切文件\168209_3(2).exe | 感染:virus [512>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\剪切文件\8B8A78_(1)10.exe | 感染:Trojan.PWS.Gamania.3410 [217>20070819_ny0008.axx]3(2.2)
操作:删除文件
文件:F:\070815\剪切文件\848D45_11.exe | 感染:Trojan.PWS.Gamania.3411 [218>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\剪切文件\256BA3_(2)15.exe | 感染:virus [515>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\剪切文件\0F56CE_(2)6.exe | 感染:virus [517>20070819_ny0008.axx]3(3.3)
操作:删除文件
文件:F:\070815\剪切文件\DFF6D5_(3)2.exe | 感染:Trojan.PWS.Gamania.3411 [219>20070819_ny0008.axx]3(1.2)
操作:删除文件
扫描完成|病毒:9 文件:11|耗时:1632
----------

[ 本帖最后由 qqq000@qq.com 于 2007-8-19 09:17 编辑 ]

显示全部楼层 · 发表于 2007-8-19 22:17:21

8个

显示全部楼层 · 发表于 2007-8-19 22:22:08

显示全部楼层 · 发表于 2007-8-19 22:22:53

Scan performed at: 2007-8-19 22:21:52
Scanning Log
NOD32 version 2469 (20070818) NT
Command line: C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar
Operating memory - is OK

Date: 19.8.2007 Time: 22:22:03
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?168209_3(2).exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?256BA3_(2)15.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?2B08E2_zt.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?848D45_11.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?8B8A78_(1)10.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?9B58D1_zx.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?DFF6D5_(3)2.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?E852C1_qj.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Administrator\×ÀÃæ\aaa.rar ?RAR ?0F56CE_(2)6.exe - probably a variant of Win32/Genetik trojan
Number of scanned files: 10
Number of threats found: 9
Number of files cleaned: 1
Time of completion: 22:22:08 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2007-8-19 22:26:30

显示全部楼层 · 发表于 2007-8-19 22:28:05

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/17 08:03:55 (830940 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 851298
Command line: "@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~OD27.tmp"
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: F:\v\
   47 ms F:\v\0F56CE_(2)6.exe                                        Security Risk W32/Suspicious_U.gen ()
   15 ms F:\v\0F56CE_(2)6.exe:Zone.Identifier
      0 ms F:\v\168209_3(2).exe                                        Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\168209_3(2).exe:Zone.Identifier
      0 ms F:\v\256BA3_(2)15.exe                                     Security Risk W32/Suspicious_U.gen ()
   16 ms F:\v\256BA3_(2)15.exe:Zone.Identifier
      0 ms F:\v\2B08E2_zt.exe                                        Security Risk W32/Suspicious_U.gen ()
   15 ms F:\v\2B08E2_zt.exe:Zone.Identifier
      0 ms F:\v\848D45_11.exe                                        Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\848D45_11.exe:Zone.Identifier
      0 ms F:\v\8B8A78_(1)10.exe                                     Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\8B8A78_(1)10.exe:Zone.Identifier
      0 ms F:\v\9B58D1_zx.exe                                        Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\9B58D1_zx.exe:Zone.Identifier
      0 ms F:\v\DFF6D5_(3)2.exe                                        Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\DFF6D5_(3)2.exe:Zone.Identifier
   16 ms F:\v\E852C1_qj.exe                                        Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\E852C1_qj.exe:Zone.Identifier
- File F:\v\0F56CE_(2)6.exe quarantined.
- File F:\v\0F56CE_(2)6.exe deleted.
- File F:\v\168209_3(2).exe quarantined.
- File F:\v\168209_3(2).exe deleted.
- File F:\v\256BA3_(2)15.exe quarantined.
- File F:\v\256BA3_(2)15.exe deleted.
- File F:\v\2B08E2_zt.exe quarantined.
- File F:\v\2B08E2_zt.exe deleted.
- File F:\v\848D45_11.exe quarantined.
- File F:\v\848D45_11.exe deleted.
- File F:\v\8B8A78_(1)10.exe quarantined.
- File F:\v\8B8A78_(1)10.exe deleted.
- File F:\v\9B58D1_zx.exe quarantined.
- File F:\v\9B58D1_zx.exe deleted.
- File F:\v\DFF6D5_(3)2.exe quarantined.
- File F:\v\DFF6D5_(3)2.exe deleted.
- File F:\v\E852C1_qj.exe quarantined.
- File F:\v\E852C1_qj.exe deleted.

===================================================================================================

The scanning started: 2007/08/19 22:28:03
            ended: 2007/08/19 22:28:04
Logged on as       : Administrator
on hostname       : 2FF87FC2B9AB46F

Scanning results:
Total number of files found..............................:    18
Number of files scanned..................................:    18
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    9

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-8-19 23:04:58

Start of the scan: 2007年8月19日  23:04

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\aaa.rar
  [0] Archive type: RAR
  --> 168209_3(2).exe
   [DETECTION] Is the Trojan horse TR/Agent.11863
  --> 256BA3_(2)15.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 2B08E2_zt.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 848D45_11.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.78
  --> 8B8A78_(1)10.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 9B58D1_zx.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> DFF6D5_(3)2.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.99
  --> E852C1_qj.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
  --> 0F56CE_(2)6.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.83
   [INFO]    The file was deleted!

End of the scan: 2007年8月19日  23:04
Used time: 00:11 min

The scan has been done completely.

   1 Scanning directories
   10 Files were scanned
   9 viruses and/or unwanted programs were found
   4 classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-19 23:11:34

vba32 miss all

显示全部楼层 · 发表于 2007-8-19 23:14:18

老婆不让用瑞星，叫我测试金山

显示全部楼层 · 发表于 2007-8-19 23:15:51

扫描引擎 11.00.700
病毒库日期 2007-08-19
更新日期 2007-08-19

扫描目标 C:\Documents and Settings\yin\桌面\aaa\

开始时间 2007-08-19 23:15:05

在 C:\Documents and Settings\yin\桌面\aaa\168209_3(2).exe 中发现 Trojan/Agent.nkx 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\aaa\848D45_11.exe 中发现 TrojanDownloader.Agent.nph 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\aaa\DFF6D5_(3)2.exe 中发现 TrojanDownloader.Agent.nph 病毒, 已删除
在 C:\Documents and Settings\yin\桌面\aaa\0F56CE_(2)6.exe 中发现 TrojanSpy.Delf.agb 病毒, 已删除
正常结束。

扫描结果:
               文件数 :9                                  病毒体 :4
               删除 :4                                  解毒 :0
扫描速度(千字节/秒) :105                            扫描时间 :00:00:01
扫描文件速度(个/秒) :9

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -    - - - - - - - - - - - -

[病毒样本] 今天的10个新木马

本帖子中包含更多资源

本帖子中包含更多资源

AVK

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块