rav系列[MD5: F80B85 8A9B7F 168BE0 DA9ACC BB1F7C]

显示全部楼层 · 发表于 2007-8-28 08:32:26

Starting the file scan:

Begin scan in 'F:\病毒样本\样本.rar'
F:\病毒样本\样本.rar
  [0] Archive type: RAR
  --> ravcqmon.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> ravdthxmon.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ravwdmon.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ravztmon.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> ravzxmon.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-28 08:37:21

为PC护航风暴微塔
_____________________________________________

         风暴微塔反间谋
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
                        [内测版]
               http://www.v0day.com/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravcqmon.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravdthxmon.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravwdmon.exe]
                  …………引擎[3]发现Suspicious File
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravwdmon.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravztmon.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravztmon.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravzxmon.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\RAR\ravzxmon.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:5 病毒数:8  比重:1.6
OK  扫描完毕！

曲曲小杜

显示全部楼层 · 发表于 2007-8-28 08:47:21

detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ravcqmon.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ravdthxmon.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aqv File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ravwdmon.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.akg File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ravztmon.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.akh File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/ravzxmon.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-8-28 08:55:57

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.SunOnline.bg
病毒： Trojan.PSW.Win32.OnlineGames.xwo
病毒： Trojan.PSW.Win32.OnlineGames.xwo

发现病毒数：3个

软件版本：20.07.02

显示全部楼层 · 发表于 2007-8-28 09:09:50

Started scanning at 2007-8-28 9:09:46. Engine Ver: 31.1.0. Sig Ver:5088. Sig Date: 2007-8-27. ArcLib Ver: 7.3.0.9.
F:\v\样本.rar <ravcqmon.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\样本.rar <ravdthxmon.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\样本.rar <ravwdmon.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\样本.rar <ravztmon.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\样本.rar <ravzxmon.exe> - Win32/Frethog!generic trojan. Quarantined.
F:\v\样本.rar - Could not open the file.

Files Scanned: 6
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 1
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Win32/Frethog!generic

Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Finished scanning at 2007-8-28 9:09:47.

显示全部楼层 · 发表于 2007-8-28 09:11:18

微点：
木马名称:Trojan-PSW.Win32.OnLineGames.iyx

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RAVZTMON.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.iyv

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RAVZXMON.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RAVCQMON.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVCQMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVCQMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RAVDTHXMON.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVDTHXMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVDTHXMON.DAT
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2007-8-28 10:21:02

Result: 5 malware found
Trojan-PSW.Win32.OnLineGames.aqv (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\ravcqmon.exe
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\ravdthxmon.exe
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\ravwdmon.exe
Trojan-PSW.Win32.OnLineGames.akg (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\ravztmon.exe
Trojan-PSW.Win32.OnLineGames.akh (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.rar\ravzxmon.exe

显示全部楼层 · 发表于 2007-8-28 10:23:03

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: E:\test\样本.rar/ravcqmon.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: E:\test\样本.rar/ravdthxmon.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.aqv 文件: E:\test\样本.rar/ravwdmon.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.akg 文件: E:\test\样本.rar/ravztmon.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.akh 文件: E:\test\样本.rar/ravzxmon.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-8-28 10:42:35

BD一个都没发现

Scanned files
C:\=>Master Boot Record OK
C:\=>Primary partition 1 (Active) OK
C:\=>Logical partition 1 OK
C:\=>Logical partition 2 OK
C:\=>Logical partition 3 OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar=>ravcqmon.exe OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar=>ravdthxmon.exe OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar=>ravwdmon.exe OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar=>ravztmon.exe OK
C:\Documents and Settings\lenovo\桌面\装订\样本.rar=>ravzxmon.exe OK

[病毒样本] rav系列[MD5: F80B85 8A9B7F 168BE0 DA9ACC BB1F7C]

本帖子中包含更多资源

浏览过的版块