[凝逸反毒] 继续>>15个今天新马

显示全部楼层 · 发表于 2007-8-19 22:36:03

[凝逸.扫描记录]
MD5[464081 5DCE59 102245 6D6CC8 45E2B2 D9CCF6 73DD46 9577AB 93C89B 3CCBEE F5D6D2 77FECA 79F1AC 464081 464081 464081 5dce59 102245 6d6cc8 45e2b2 d9ccf6 73dd46 9577ab 93c89b 3ccbee f5d6d2 77feca 79f1ac ]
f:\070815\b_b\样本\464081_2838371.exe,木马
f:\070815\b_b\样本\5DCE59_wl0618.exe,木马
f:\070815\b_b\样本\102245_2temp.exe,木马
f:\070815\b_b\样本\6D6CC8_1637[1].exe,木马
f:\070815\b_b\样本\45E2B2_tempb.exe,木马
f:\070815\b_b\样本\D9CCF6_4(4).exe,木马
f:\070815\b_b\样本\73DD46_10(1).exe,木马
f:\070815\b_b\样本\9577AB_3(3).exe,木马
f:\070815\b_b\样本\93C89B_mh.exe,木马
f:\070815\b_b\样本\3CCBEE_1(8).exe,木马
f:\070815\b_b\样本\F5D6D2_wow.exe,木马
f:\070815\b_b\样本\77FECA_wow(1).exe,木马
f:\070815\b_b\样本\79F1AC_ga.exe,木马
f:\070815\b_b\样本\464081_(1)2838371.exe,木马
f:\070815\b_b\样本\464081_2838371(1).exe,木马
f:\070815\b_b\样本\464081_2838371.exe,木马
f:\070815\b_b\样本\5dce59_wl0618.exe,木马
f:\070815\b_b\样本\102245_2temp.exe,木马
f:\070815\b_b\样本\6d6cc8_1637[1].exe,木马
f:\070815\b_b\样本\45e2b2_tempb.exe,木马
f:\070815\b_b\样本\d9ccf6_4(4).exe,木马
f:\070815\b_b\样本\73dd46_10(1).exe,木马
f:\070815\b_b\样本\9577ab_3(3).exe,木马
f:\070815\b_b\样本\93c89b_mh.exe,木马
f:\070815\b_b\样本\3ccbee_1(8).exe,木马
f:\070815\b_b\样本\f5d6d2_wow.exe,木马
f:\070815\b_b\样本\77feca_wow(1).exe,木马
f:\070815\b_b\样本\79f1ac_ga.exe,木马
感染:0/文件:28
扫描完成|文件:28|耗时:1082

----------
[凝逸反毒] (http://hi.baidu.com/503165656)
[凝逸.扫描病毒引擎-日志] 2007.8.19 22:33:38

[凝逸反毒] [病毒库列表]
病毒总数=18328
20070726_dw0001.axx | 病毒数:12691
20070726_kv0001.axx | 病毒数:1115
20070729_ny0001.axx | 病毒数:1319
20070801_ny0002.axx | 病毒数:302
20070802_ny0003.axx | 病毒数:384
20070802_ny0004.axx | 病毒数:196
20070811_ny0005.axx | 病毒数:469
20070816_ny0006.axx | 病毒数:1233
20070816_ny0007.axx | 病毒数:49
20070819_ny0008.axx | 病毒数:570
初始化成功
文件:F:\070815\b_b\样本\464081_(1)2838371.exe | 感染:Trojan.NtRootKit.248 [149>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\464081_2838371(1).exe | 感染:Trojan.NtRootKit.248 [149>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\464081_2838371.exe | 感染:Trojan.NtRootKit.248 [149>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\5DCE59_wl0618.exe | 感染:Trojan.DownLoader.30290 [131>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\102245_2temp.exe | 感染:UPX [136>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\6D6CC8_1637[1].exe | 感染:UPACK [146>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\45E2B2_tempb.exe | 感染:Win32.Virut.5 [157>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\D9CCF6_4(4).exe | 感染:Trojan.MulDrop.8338 [137>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\73DD46_10(1).exe | 感染:Trojan.MulDrop.8332 [138>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\9577AB_3(3).exe | 感染:Trojan.Havedo [139>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\93C89B_mh.exe | 感染:Trojan.Havedo [155>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\3CCBEE_1(8).exe | 感染:Trojan.Havedo [140>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\F5D6D2_wow.exe | 感染:Trojan.PWS.Wsgame [154>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\77FECA_wow(1).exe | 感染:Trojan.PWS.Wsgame.1106 [132>20070819_ny0008.axx]3(1.1)
操作:删除文件
文件:F:\070815\b_b\样本\79F1AC_ga.exe | 感染:Win32.HLLW.Autoruner.249 [147>20070819_ny0008.axx]3(1.1)
操作:删除文件
扫描完成|病毒:15 文件:16|耗时:2934
----------

显示全部楼层 · 发表于 2007-8-19 22:38:29

11个

显示全部楼层 · 发表于 2007-8-19 22:39:56

Scan performed at: 2007-8-19 22:38:48
Scanning Log
NOD32 version 2469 (20070818) NT
Command line: C:\virus\样本.rar

Date: 19.8.2007 Time: 22:38:50
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\virus\样本.rar
C:\virus\样本.rar ?RAR ?45E2B2_tempb.exe - Win32/Virut.NAK virus
C:\virus\样本.rar ?RAR ?464081_(1)2838371.exe - Win32/Wigon.Z trojan
C:\virus\样本.rar ?RAR ?464081_2838371(1).exe - Win32/Wigon.Z trojan
C:\virus\样本.rar ?RAR ?464081_2838371.exe - Win32/Wigon.Z trojan
C:\virus\样本.rar ?RAR ?5DCE59_wl0618.exe - Win32/PSW.OnLineGames.NEP trojan
C:\virus\样本.rar ?RAR ?6D6CC8_1637[1].exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\virus\样本.rar ?RAR ?102245_2temp.exe - a variant of Win32/Agent.NEJ trojan
C:\virus\样本.rar ?RAR ?3CCBEE_1(8).exe - a variant of Win32/Agent.NIK trojan
Number of scanned files: 8
Number of threats found: 8
Time of completion: 22:38:50 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-8-19 22:40:23

Scan performed at: 2007-8-19 22:39:18
Scanning Log
NOD32 version 2469 (20070818) NT
Command line: C:\virus\2样本.rar

Date: 19.8.2007 Time: 22:39:20
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\virus\2样本.rar
C:\virus\2样本.rar ?RAR ?73DD46_10(1).exe - a variant of Win32/Agent.NIK trojan
C:\virus\2样本.rar ?RAR ?77FECA_wow(1).exe - probably a variant of Win32/Genetik trojan
C:\virus\2样本.rar ?RAR ?79F1AC_ga.exe - probably a variant of Win32/PSW.Delf.NHI trojan
C:\virus\2样本.rar ?RAR ?93C89B_mh.exe - a variant of Win32/Agent.NIK trojan
C:\virus\2样本.rar ?RAR ?9577AB_3(3).exe - a variant of Win32/Agent.NIK trojan
C:\virus\2样本.rar ?RAR ?D9CCF6_4(4).exe - a variant of Win32/Agent.NIK trojan
C:\virus\2样本.rar ?RAR ?F5D6D2_wow.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
Number of scanned files: 7
Number of threats found: 7
Time of completion: 22:39:21 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-8-19 22:41:27

显示全部楼层 · 发表于 2007-8-19 22:42:55

kill all..

Scan performed at: 2007-8-19 22:38:02
Scanning Log
NOD32 version 2469 (20070818) NT
Command line: F:\2样本.rar F:\样本.rar
Operating memory - is OK

Date: 19.8.2007 Time: 22:38:05
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\2样本.rar; F:\样本.rar
F:\2样本.rar ?RAR ?73DD46_10(1).exe - a variant of Win32/Agent.NIK trojan
F:\2样本.rar ?RAR ?77FECA_wow(1).exe - probably a variant of Win32/Genetik trojan
F:\2样本.rar ?RAR ?79F1AC_ga.exe - probably a variant of Win32/PSW.Delf.NHI trojan
F:\2样本.rar ?RAR ?93C89B_mh.exe - a variant of Win32/Agent.NIK trojan
F:\2样本.rar ?RAR ?9577AB_3(3).exe - a variant of Win32/Agent.NIK trojan
F:\2样本.rar ?RAR ?D9CCF6_4(4).exe - a variant of Win32/Agent.NIK trojan
F:\2样本.rar ?RAR ?F5D6D2_wow.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
F:\样本.rar ?RAR ?45E2B2_tempb.exe - Win32/Virut.NAK virus
F:\样本.rar ?RAR ?464081_(1)2838371.exe - Win32/Wigon.Z trojan
F:\样本.rar ?RAR ?464081_2838371(1).exe - Win32/Wigon.Z trojan
F:\样本.rar ?RAR ?464081_2838371.exe - Win32/Wigon.Z trojan
F:\样本.rar ?RAR ?5DCE59_wl0618.exe - Win32/PSW.OnLineGames.NEP trojan
F:\样本.rar ?RAR ?6D6CC8_1637[1].exe - a variant of Win32/PSW.OnLineGames.NEP trojan
F:\样本.rar ?RAR ?102245_2temp.exe - a variant of Win32/Agent.NEJ trojan
F:\样本.rar ?RAR ?3CCBEE_1(8).exe - a variant of Win32/Agent.NIK trojan
Number of scanned files: 17
Number of threats found: 15
Number of files cleaned: 2
Time of completion: 22:38:06 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-8-19 22:46:54

卡巴拦截掉了

显示全部楼层 · 发表于 2007-8-19 22:49:52

Start of the scan: 2007年8月19日  22:49

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\样本.rar
  [0] Archive type: RAR
  --> 45E2B2_tempb.exe
   [DETECTION] Contains code of the Windows virus W32/Virut.P
  --> 464081_(1)2838371.exe
   [DETECTION] Is the Trojan horse TR/Agent.ady.117
  --> 464081_2838371(1).exe
   [DETECTION] Is the Trojan horse TR/Agent.ady.117
  --> 464081_2838371.exe
   [DETECTION] Is the Trojan horse TR/Agent.ady.117
  --> 5DCE59_wl0618.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
  --> 6D6CC8_1637[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
  --> 102245_2temp.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 3CCBEE_1(8).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
   [INFO]    The file was deleted!
H:\AV-TEST\2样本.rar
  [0] Archive type: RAR
  --> 73DD46_10(1).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> 77FECA_wow(1).exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 79F1AC_ga.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.15671.B
  --> 93C89B_mh.exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> 9577AB_3(3).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> D9CCF6_4(4).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> F5D6D2_wow.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年8月19日  22:49
Used time: 00:18 min

The scan has been done completely.

   1 Scanning directories
   17 Files were scanned
   15 viruses and/or unwanted programs were found
   1 classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-19 22:56:22

这个叫什么新马，都是老的

显示全部楼层 · 发表于 2007-8-19 23:03:09

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/17 08:03:55 (830940 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 851298
Command line: "@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~OD31.tmp"
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: F:\v\
      0 ms F:\v\102245_2temp.exe                                     Trojan W32/Malware.AEAR ()
      0 ms F:\v\102245_2temp.exe:Zone.Identifier
   422 ms F:\v\3CCBEE_1(8).exe                                        Virus W32/Smalltroj.dam.dropper ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* Decompressing PEC2.
* File length:       24576 bytes.

[ Changes to filesystem ]
* Creates file C:\sample.dat.

[ Signature Scanning ]
* C:\sample.dat (20992 bytes) : W32/Smalltroj.dam.

)
      0 ms F:\v\3CCBEE_1(8).exe:Zone.Identifier
   1125 ms F:\v\45E2B2_tempb.exe
      0 ms F:\v\45E2B2_tempb.exe:Zone.Identifier
      0 ms F:\v\464081_(1)2838371.exe                                  Trojan W32/Malware.RAG ()
      0 ms F:\v\464081_(1)2838371.exe:Zone.Identifier
      0 ms F:\v\464081_2838371(1).exe                                  Trojan W32/Malware.RAG ()
      0 ms F:\v\464081_2838371(1).exe:Zone.Identifier
      0 ms F:\v\464081_2838371.exe                                     Trojan W32/Malware.RAG ()
      0 ms F:\v\464081_2838371.exe:Zone.Identifier
   5188 ms F:\v\5DCE59_wl0618.exe
      0 ms F:\v\5DCE59_wl0618.exe:Zone.Identifier
   5187 ms F:\v\6D6CC8_1637[1].exe
      0 ms F:\v\6D6CC8_1637[1].exe:Zone.Identifier
      0 ms F:\v\73DD46_10(1).exe                                     Trojan W32/Smalltroj.BIVR ()
      0 ms F:\v\73DD46_10(1).exe:Zone.Identifier
      0 ms F:\v\77FECA_wow(1).exe                                     Trojan Hupigon.gen83 ()
      0 ms F:\v\77FECA_wow(1).exe:Zone.Identifier
   125 ms F:\v\79F1AC_ga.exe
      0 ms F:\v\79F1AC_ga.exe:Zone.Identifier
   282 ms F:\v\93C89B_mh.exe                                        Virus W32/Smalltroj.dam.dropper ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* Decompressing PEC2.
* File length:       24064 bytes.

[ Changes to filesystem ]
* Creates file C:\sample.dat.

[ Signature Scanning ]
* C:\sample.dat (20480 bytes) : W32/Smalltroj.dam.

)
      0 ms F:\v\93C89B_mh.exe:Zone.Identifier
   562 ms F:\v\9577AB_3(3).exe                                        Virus W32/Smalltroj.dam.dropper ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* Decompressing PEC2.
* File length:       24064 bytes.

[ Changes to filesystem ]
* Creates file C:\sample.dat.

[ Signature Scanning ]
* C:\sample.dat (20480 bytes) : W32/Smalltroj.dam.

)
      0 ms F:\v\9577AB_3(3).exe:Zone.Identifier
   266 ms F:\v\D9CCF6_4(4).exe                                        Virus W32/Smalltroj.dam.dropper ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* Decompressing PEC2.
* File length:       23552 bytes.

[ Changes to filesystem ]
* Creates file C:\sample.dat.

[ Signature Scanning ]
* C:\sample.dat (19456 bytes) : W32/Smalltroj.dam.

)
      0 ms F:\v\D9CCF6_4(4).exe:Zone.Identifier
   6047 ms F:\v\F5D6D2_wow.exe
      0 ms F:\v\F5D6D2_wow.exe:Zone.Identifier
- File F:\v\102245_2temp.exe quarantined.
- File F:\v\102245_2temp.exe deleted.
- File F:\v\3CCBEE_1(8).exe quarantined.
- File F:\v\3CCBEE_1(8).exe deleted.
- File F:\v\464081_(1)2838371.exe quarantined.
- File F:\v\464081_(1)2838371.exe deleted.
- File F:\v\464081_2838371(1).exe quarantined.
- File F:\v\464081_2838371(1).exe deleted.
- File F:\v\464081_2838371.exe quarantined.
- File F:\v\464081_2838371.exe deleted.
- File F:\v\73DD46_10(1).exe quarantined.
- File F:\v\73DD46_10(1).exe deleted.
- File F:\v\77FECA_wow(1).exe quarantined.
- File F:\v\77FECA_wow(1).exe deleted.
- File F:\v\93C89B_mh.exe quarantined.
- File F:\v\93C89B_mh.exe deleted.
- File F:\v\9577AB_3(3).exe quarantined.
- File F:\v\9577AB_3(3).exe deleted.
- File F:\v\D9CCF6_4(4).exe quarantined.
- File F:\v\D9CCF6_4(4).exe deleted.

===================================================================================================

The scanning started: 2007/08/19 23:02:55
            ended: 2007/08/19 23:03:14
Logged on as       : Administrator
on hostname       : 2FF87FC2B9AB46F

Scanning results:
Total number of files found..............................:    30
Number of files scanned..................................:    30
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    10

Copyright (c) 1993-2005 Norman ASA.

[病毒样本] [凝逸反毒] 继续>>15个今天新马

本帖子中包含更多资源

本帖子中包含更多资源

AVK

本帖子中包含更多资源

浏览过的版块