65个，下载者生成物

显示全部楼层 · 发表于 2007-8-20 17:51:16

怪叔叔一堆
VMWARE崩溃13次
流氓木马病毒共存亡

[ 本帖最后由 qwerasdf123 于 2007-8-20 17:56 编辑 ]

显示全部楼层 · 发表于 2007-8-20 17:56:53

扫描进行于：2007-8-20 17:55:39
扫描日志
NOD32版本 2470 (20070819) NT
命令行： F:\Documents and Settings\simasc\桌面\kasper

日期： 20.8.2007 时间：17:55:41
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：F:\Documents and Settings\simasc\桌面\kasper\
F:\Documents and Settings\simasc\桌面\kasper\kasper\111.exe - 未查明的 NewHeur_PE 病毒 [7]
F:\Documents and Settings\simasc\桌面\kasper\kasper\112.exe - 未查明的 NewHeur_PE 病毒 [7]
F:\Documents and Settings\simasc\桌面\kasper\kasper\1228.exe >>NSIS >>loadadv579.exe - Win32/TrojanDownloader.Small.NUS 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\1228.exe >>NSIS >>wr-1-321.exe - Win32/TrojanDownloader.Small.EQN 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\1228.exe >>NSIS >>1228.exe >>NSIS >>aabb.exe - Win32/TrojanDownloader.Agent.BYS 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\13d012.exe >>NSIS >>netdde32.exe - 未查明的 NewHeur_PE 病毒 [7]
F:\Documents and Settings\simasc\桌面\kasper\kasper\13d012.exe >>NSIS >>d03.exe >>NSIS >>cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\162.exe >>NSIS >>aabb.exe - Win32/TrojanDownloader.Agent.BYS 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\2D72ED5C.EXE - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\555.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\567.exe - Win32/Small.NBT 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\60E6410.DLL - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\61E6FE84.DLL - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\61E6FE84.EXE - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\82B64774.DLL - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\854.exe - Win32/Agent.NAU 蠕虫的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\85ij5fz.sys - Win32/Rootkit.Agent.NBQ 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\987.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\aabb.exe - Win32/TrojanDownloader.Agent.BYS 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\acpidisk.sys - Win32/Adware.Cinmus 应用程序的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\ad3770.exe >>NSIS >>cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\AlxRes070819.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\auto.exe - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\B0B0111C.EXE - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\bw.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\dodolook451.exe >>NSIS >>1582.exe >>NSIS >>acpidisk.sys - Win32/Adware.Cinmus 应用程序的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\husjdd8s.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251001.exe - 可能是 Win32/Agent.NEO 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251022.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251033.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251146.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251168.exe - Win32/Agent.NAU 蠕虫的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245284499.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875967952.exe - Win32/TrojanDownloader.Ieser 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875967963.exe >>NSIS >>ad3770.exe >>NSIS >>cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875967963.exe >>NSIS >>dodolook347.exe >>NSIS >>1590.exe >>NSIS >>acpidisk.sys - Win32/Adware.Cinmus 应用程序的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875968026.exe - Win32/Agent.NAU 蠕虫的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875968069.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759681012.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759681213.exe - Win32/Agent.NEJ 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\kksi8s3.exe - Win32/Adware.Toolbar.Baidu 应用程序的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\mgeqmm.exe - 可能是 Win32/TrojanProxy.Ranky 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\oqqtvbghycoyw.dll - Win32/TrojanDownloader.Ieser 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\rundll03.exe >>NSIS >>cpush.dll - 可能是 Win32/Adware.BHO.AV 应用程序的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\scrsys070819.scr - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\svchost.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempA.exe - Win32/PSW.Agent.NEC 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempB.exe - 未查明的 NewHeur_PE 病毒 [7]
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempC.exe - 可能是 Win32/Genetik 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\vjqxijbfuwqyz.dll - Win32/TrojanDownloader.Ieser 木马的变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\winsys32_070819.dll - 可能是 Win32/Spy.Delf.NEN 木马的一个变种
F:\Documents and Settings\simasc\桌面\kasper\kasper\wr-1-26.exe - Win32/TrojanDownloader.Small.EQN 木马
F:\Documents and Settings\simasc\桌面\kasper\kasper\xxx.exe - 可能是 Win32/Agent.NEO 木马的一个变种
已扫描的文件数目：77
已发现的病毒数目：54
完成时间： 17:56:31 总扫描时间：50 秒 (00:00:50)

注意：
[7] 该文件可能感染上未知病毒。

显示全部楼层 · 发表于 2007-8-20 17:57:14

_____________________________________________

         风暴微塔反病毒
                        [内测版]
               http://www.v0day.com/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\111.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\112.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\2D72ED5C.EXE]
                  …………引擎[2]发现病毒:Win32.Nop u?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\555.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\60E6410.DLL]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\61E6FE84.DLL]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\61E6FE84.EXE]
                  …………引擎[2]发现病毒:Win32.Nop ?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\82B64774.DLL]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\854.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\987.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\987.exe]
                  …………引擎[2]发现病毒:Win32.Nop yt>
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\aabb.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\AlxRes070819.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\auto.exe]
                  …………引擎[2]发现病毒:Win32.Nop u?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\B0B0111C.EXE]
                  …………引擎[2]发现病毒:Win32.Nop {_?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\bw.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\cpush.dll]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\dodolook133.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\husjdd8s.exe]
                  …………引擎[2]发现病毒:Win32.Nop |1?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251001.exe]
                  …………引擎[2]发现病毒:Win32.Nop ??
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251022.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251033.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251033.exe]
                  …………引擎[2]发现病毒:Win32.Nop yt>
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251125.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251146.exe]
                  …………引擎[2]发现病毒:Win32.Nop |1?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245251168.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11245284499.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11875967952.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11875968026.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k11875968069.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k118759680710.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k118759681012.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k118759681213.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\k118759681415.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\kksi8s3.exe]
                  …………引擎[2]发现病毒:Win32.Nop v?
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\my_70145.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\osiesd3.dll]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\scrsys070819.scr]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\setup291.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\SVCH0ST.EXE]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\svchost.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\svchost.exe]
                  …………引擎[2]发现病毒:Win32.Nop yt>
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\TempB.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\wr-1-26.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\wr-1-26.exe]
                  …………引擎[2]发现病毒:Win32.BadUpx
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\xxx.exe]
                  …………引擎[2]发现病毒:Win32.Nop 腍BG
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\~tmp4544.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\kasper\kasper\~tmp4544.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:65 病毒数:48  比重:0.7384615384615
OK  扫描完毕！

[ 本帖最后由 FBAV 于 2007-8-20 18:01 编辑 ]

显示全部楼层 · 发表于 2007-8-20 17:57:57

avira 61个

Start of the scan: 2007年8月20日  17:57

Starting the file scan:

Begin scan in 'F:\Documents and Settings\simasc\桌面\kasper'
F:\Documents and Settings\simasc\桌面\kasper\kasper\112.exe
   [DETECTION] Is the Trojan horse TR/Dldr.VB.atk.58
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\1228.exe
   [DETECTION] Contains signature of the dropper DR/Dldr.LoadAdv.69783
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\13d012.exe
   [DETECTION] Is the Trojan horse TR/Dldr.QQHel.VN.23
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\162.exe
   [DETECTION] Contains signature of the dropper DR/Dldr.Agent.bys.2
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\2D72ED5C.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\555.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\567.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\60E6410.DLL
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\61E6FE84.DLL
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\61E6FE84.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\82B64774.DLL
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\854.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\85ij5fz.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\987.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\aabb.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.bys
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\acpidisk.sys
   [DETECTION] Contains signature of the rootkit RKIT/Cinmus.M
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\ad3770.exe
   [DETECTION] Contains signature of the dropper DR/BHO.AV.515
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\AlxRes070819.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\auto.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\B0B0111C.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\bw.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.PN.341
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\dodolook451.exe
   [DETECTION] Contains signature of the dropper DR/Cinmus.PA
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\husjdd8s.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251001.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251022.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251033.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251125.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.ccl.1
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251146.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245251168.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11245284499.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875967952.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875967963.exe
   [DETECTION] Contains signature of the dropper DR/BHO.AV.516
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875968026.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k11875968069.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759680710.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46fa65bd.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759681012.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759681213.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.bmc.8
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\k118759681415.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '46fa65be.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\kksi8s3.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\mgeqmm.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\my_70145.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '47286606.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\oqqtvbghycoyw.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '473a65fe.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\osiesd3.dll
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Exaal.45056 Backdoor server programs
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\protector.sys
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hacdef.Q Backdoor server programs
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\rundll01.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\rundll03.exe
   [DETECTION] Contains signature of the dropper DR/BHO.AV.513
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\scrsys070819.scr
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\setup291.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.HU.3
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\soft210.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\spooIsv.exe
   [DETECTION] Contains signature of the worm WORM/Poebot.IE.13
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\SVCH0ST.EXE
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '470c65e4.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\svchost.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\system.dat
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.ccl
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempA.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempB.exe
   [DETECTION] Is the Trojan horse TR/PSW.4096
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\TempC.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\vjqxijbfuwqyz.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '473a65f8.qua'!
F:\Documents and Settings\simasc\桌面\kasper\kasper\winsys32_070819.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\wr-1-26.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\xxx.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
F:\Documents and Settings\simasc\桌面\kasper\kasper\~tmp4544.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Zhidao
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-20 17:59:09

显示全部楼层 · 发表于 2007-8-20 18:02:44

反正就看到雨伞报壳一堆~
不在上报它了...

显示全部楼层 · 发表于 2007-8-20 18:05:47

江民只干掉29个

显示全部楼层 · 发表于 2007-8-20 18:08:26

剩得上报没?

显示全部楼层 · 发表于 2007-8-20 18:12:51

65个
End of the scan: 2007年8月20日  18:03
Used time: 00:06 min
The scan has been done completely.
   0 Scanning directories
   65 Files were scanned
   65 viruses and/or unwanted programs were found
   6 classified as suspicious:
   59 files were deleted
   0 files were repaired
   65 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -6 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-8-20 18:36:50

已删除: 木马程序 Trojan-Downloader.Win32.LoadAdv.gen 文件: E:\test\kasper\kasper\1228.exe//stream//data0001//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Small.eqn 文件: E:\test\kasper\kasper\1228.exe//stream//data0002//PE_Patch.Upolyx//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bys 文件: E:\test\kasper\kasper\1228.exe//stream//data0003//stream//data0002
已删除: 木马程序 Trojan-Downloader.Win32.QQHelper.vn 文件: E:\test\kasper\kasper\13d012.exe//data0002//PE_Patch.Upolyx
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.av 文件: E:\test\kasper\kasper\13d012.exe//data0003
已删除: 木马程序 Trojan-Downloader.Win32.Agent.bys 文件: E:\test\kasper\kasper\162.exe//stream
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\2D72ED5C.EXE
已删除: 病毒 Heur.Invader (变种) 文件: E:\test\kasper\kasper\555.exe//ASPack
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\61E6FE84.EXE
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.av 文件: E:\test\kasper\kasper\ad3770.exe//stream//data0001
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\auto.exe
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\B0B0111C.EXE
已删除: 广告程序 not-a-virus:AdWare.Win32.Cinmus.j 文件: E:\test\kasper\kasper\dodolook451.exe//stream//data0002//data0003
已删除: 广告程序 not-a-virus:AdWare.Win32.Cinmus.j 文件: E:\test\kasper\kasper\dodolook451.exe//stream//data0002//data0004
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\k11245251001.exe
已检测到: 病毒 Worm.Win32.Agent.t 文件: E:\test\kasper\kasper\k11245251168.exe//#//PE_Patch.PECompact//PecBundle//PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.av 文件: E:\test\kasper\kasper\k11875967963.exe//stream//data0002
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\k11875968026.exe//PE_Patch.PECompact//PecBundle//PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.av 文件: E:\test\kasper\kasper\rundll03.exe//stream//data0001
已删除: 病毒 Heur.Invader (变种) 文件: E:\test\kasper\kasper\TempC.exe
已删除: 病毒 Heur.Trojan.Generic (变种) 文件: E:\test\kasper\kasper\xxx.exe

[病毒样本] 65个，下载者生成物

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 #4 Kav6.0 的帖子

浏览过的版块