更新第二波vip产物16个

显示全部楼层 · 发表于 2007-8-28 08:09:15

[MD5: 618C15 45430D 43DB27 3EAD8F 5FD8B9 F80B85 274BC8 C65F40 8A9B7F 4A95E6 83AF2B 168BE0 438AB2 CAF1B9 DA9ACC BB1F7C]

[ 本帖最后由 promised 于 2007-8-28 08:16 编辑 ]

显示全部楼层 · 发表于 2007-8-28 08:12:34

Result: 10 malware found
Trojan-PSW.Win32.Lmir.bjy (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\dh.exe
Backdoor.Win32.Delf.awy (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\fy.exe
Trojan-Spy.Win32.Delf.uv (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\jh.exe
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\mh.exe
Trojan-PSW.Win32.OnLineGames.aqv (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\mir.exe
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\qqhx.exe
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\wd.exe
Virus.Win32.AutoRun.ix (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\qst.exe
Trojan-PSW.Win32.OnLineGames.akg (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\zt.exe
Trojan-PSW.Win32.OnLineGames.akh (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\zx.exe

显示全部楼层 · 发表于 2007-8-28 08:13:16

Scanning Log
NOD32 version 2486 (20070827) NT
Command line: R:\??.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Date: 28.8.2007  Time: 08:12:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\??.rar
R:\??.rar ?RAR ?cs.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?dh.exe - a variant of Win32/PSW. ?
?OnLineGames.NEN trojan
R:\??.rar ?RAR ?fy.exe - Win32/Delf.NFD trojan
R:\??.rar ?RAR ?jh.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?mh.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?mir.exe - a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?my.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?qj.exe - probably a variant of Win32/PSW. ?
?OnLineGames.NEN trojan
R:\??.rar ?RAR ?qqhx.exe - a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?qst.exe - a variant of Win32/AutoRun.Q worm
R:\??.rar ?RAR ?tl.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?wd.exe - a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?wl.exe - probably a variant of Win32/PSW. ?
?OnLineGames.NEN trojan
R:\??.rar ?RAR ?wow.exe - probably unknown NewHeur_PE  ?
?virus [7]
R:\??.rar ?RAR ?zt.exe - a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?zx.exe - a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
Number of scanned files: 16
Number of threats found: 16
Time of completion: 08:12:46 Total scanning time: 3 sec  ?
?(00:00:03)
Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-8-28 08:17:01

对象: cs.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.C92E23C6 (BD 引擎)
对象: dh.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.2F2D8B50 (BD 引擎)
对象: fy.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: Backdoor.Agent.YPT (BD 引擎)
对象: jh.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.EE2F0B29 (BD 引擎)
对象: mh.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.67FD57A2 (BD 引擎)
对象: my.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.1823EEA1 (BD 引擎)
对象: qj.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: Generic.Malware.SBdldg.2F483757 (BD 引擎)
对象: qst.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: Trojan.PWS.Delf.MO (BD 引擎)
对象: tl.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.011BB943 (BD 引擎)
对象: wl.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: Generic.Malware.SBdldg.520ED059 (BD 引擎)
对象: wow.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\样本.rar
Status: 已发现病毒
病毒: Generic.PWS.WoW.744CD76B (BD 引擎)

显示全部楼层 · 发表于 2007-8-28 08:18:09

--> cs.exe
      [DETECTION] Is the Trojan horse TR/Agent.11753
      [WARNING] Infected files in archives cannot be repaired!
--> dh.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bjy
      [WARNING] Infected files in archives cannot be repaired!
--> fy.exe
      [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
      [WARNING] Infected files in archives cannot be repaired!
--> jh.exe
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.132
      [WARNING] Infected files in archives cannot be repaired!
--> mh.exe
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.136
      [WARNING] Infected files in archives cannot be repaired!
--> mir.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
      [WARNING] Infected files in archives cannot be repaired!
--> my.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> qj.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> qqhx.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> qst.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> tl.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> wd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> wl.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> wow.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
      [WARNING] Infected files in archives cannot be repaired!
--> zt.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
      [WARNING] Infected files in archives cannot be repaired!
--> zx.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    A backup was created as '470669d4.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-28 08:21:06

已删除: 木马程序 Trojan-PSW.Win32.Lmir.bjy 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/dh.exe//UPack
已删除: 木马程序 Backdoor.Win32.Delf.awy 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/fy.exe
已删除: 木马程序 Trojan-Spy.Win32.Delf.uv 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/jh.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/mir.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqn 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/qj.exe//UPack//#
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/qqhx.exe
已删除: 病毒 Virus.Win32.AutoRun.ix 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/qst.exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/wd.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.akg 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/zt.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.akh 文件: C:\Documents and Settings\Administrator\桌面\样本.rar/zx.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-8-28 08:23:03

detected: Trojan program Trojan-PSW.Win32.Lmir.bjy File: E:\Ñù±¾\bingdu\dh.exe//UPack
detected: Trojan program Backdoor.Win32.Delf.awy File: E:\Ñù±¾\bingdu\fy.exe
detected: Trojan program Trojan-Spy.Win32.Delf.uv File: E:\Ñù±¾\bingdu\jh.exe//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.uv File: E:\Ñù±¾\bingdu\mh.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: E:\Ñù±¾\bingdu\mir.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqn File: E:\Ñù±¾\bingdu\qj.exe//UPack//#
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: E:\Ñù±¾\bingdu\qqhx.exe
detected: virus Virus.Win32.AutoRun.ix File: E:\Ñù±¾\bingdu\qst.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: E:\Ñù±¾\bingdu\wd.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.akg File: E:\Ñù±¾\bingdu\zt.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.akh File: E:\Ñù±¾\bingdu\zx.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-8-28 08:33:29

Starting the file scan:

Begin scan in 'F:\病毒样本\样本.rar'
F:\病毒样本\样本.rar
  [0] Archive type: RAR
  --> cs.exe
   [DETECTION] Is the Trojan horse TR/Agent.11753
  --> dh.exe
   [DETECTION] Is the Trojan horse TR/PSW.Lmir.bjy
  --> fy.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> jh.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.132
  --> mh.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.136
  --> mir.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> my.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> qj.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> qqhx.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> qst.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> tl.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> wd.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> wl.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> wow.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> zt.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> zx.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-28 08:35:03

为PC护航风暴微塔
_____________________________________________

         风暴微塔反间谋
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
                        [内测版]
               http://www.v0day.com/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\样8本\cs.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\dh.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\样8本\dh.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\fy.exe]
                  …………引擎[2]发现病毒:Win32.NkHack.FSG.A
[C:\Documents and Settings\Administrator\桌面\virus\样8本\jh.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\mh.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\mir.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\my.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\qj.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\qqhx.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\qst.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\样8本\tl.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\wd.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\wl.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\wow.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\样8本\wow.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\zt.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\样8本\zt.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\样8本\zx.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\样8本\zx.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:16 病毒数:20  比重:1.25
OK  扫描完毕！

曲曲小度

显示全部楼层 · 发表于 2007-8-28 08:59:17

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.XYOnline.gh
病毒： Trojan.PSW.Win32.ZeroOnline.ae
病毒： Trojan.Mnless.lpi
病毒： Trojan.PSW.Win32.SunOnline.bg
病毒： Worm.Win32.Pabug.k
病毒： Trojan.PSW.Win32.OnlineGames.xwo

发现病毒数：13个

软件版本：20.07.02

[病毒样本] 更新第二波vip产物16个

本帖子中包含更多资源

浏览过的版块