9只 [MD5: 935BA8 DDE0F5 9BB593 CFD856 6A3E7F 093CE1 4628EC FC9ABF F5F2DB]

显示全部楼层 · 发表于 2007-8-30 21:46:58

2007-8-30 21:47:00 Scanning Log
2007-8-30 21:47:00 Version of virus signature database: 2492 (20070830)
2007-8-30 21:47:00 Date: 30.8.2007 Time: 21:47:00
2007-8-30 21:47:00 Scanned disks, folders and files: F:\v\样本.rar
2007-8-30 21:47:03 F:\v\样本.rar » RAR » NewTemp.dll - probably a variant of Win32/PSW.OnLineGames.NBR trojan
2007-8-30 21:47:03 F:\v\样本.rar » RAR » rksldk.bak - a variant of Win32/PSW.OnLineGames.NBR trojan
2007-8-30 21:47:03 F:\v\样本.rar » RAR » rksldk.dll - a variant of Win32/PSW.OnLineGames.NBR trojan
2007-8-30 21:47:03 F:\v\样本.rar » RAR » nm32.dll - is OK
2007-8-30 21:47:03 F:\v\样本.rar » RAR » nm070814.dll - is OK
2007-8-30 21:47:03 F:\v\样本.rar » RAR » nm070814.exe - probably a variant of Win32/Genetik trojan
2007-8-30 21:47:03 F:\v\样本.rar » RAR » nm070824.dll - is OK
2007-8-30 21:47:03 F:\v\样本.rar » RAR » nm070824.exe - probably a variant of Win32/Genetik trojan
2007-8-30 21:47:03 F:\v\样本.rar » RAR » NewTemp.bak - probably a variant of Win32/PSW.Delf.NHI trojan
2007-8-30 21:47:03 Number of scanned files: 10
2007-8-30 21:47:03 Number of threats found: 6
2007-8-30 21:47:03 Time of completion: 21:47:03 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-8-30 21:46:59

Starting the file scan:

Begin scan in 'F:\病毒样本\样本.rar'
F:\病毒样本\样本.rar
  [0] Archive type: RAR
  --> NewTemp.dll
   [DETECTION] Is the Trojan horse TR/PSW.Delf.WH.13
  --> rksldk.bak
   [DETECTION] Is the Trojan horse TR/Autorun.BK
  --> rksldk.dll
   [DETECTION] Is the Trojan horse TR/Spy.Mush.26671
  --> nm32.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> nm070814.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> nm070824.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> NewTemp.bak
   [DETECTION] Is the Trojan horse TR/PSW.Delf.WH.13
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-8-30 21:47:25

C:\Documents and Settings\uhthn\Desktop\virus\NewTemp.dll : infected Trojan-PSW.Win32.Delf.wh
C:\Documents and Settings\uhthn\Desktop\virus\rksldk.bak : is suspected of Trojan-PSW.Game.18 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\virus\rksldk.dll : is suspected of Trojan-PSW.Game.18 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\virus\nm070814.exe : is suspected of Trojan-PSW.Game.39 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\virus\nm070824.exe : is suspected of Trojan-PSW.Game.39 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\virus\NewTemp.bak : infected Trojan-PSW.Win32.Delf.wh

Directories    : 0    Files in archives:    Files on disks:
Archives:                - total    : 0    - total    : 9
- scanned       : 0    -  scanned : 0    - scanned    : 9
- contain viruses : 0    -  infected : 0    - infected : 2
- deleted       : 0    -  suspicious : 0    - suspicious  : 4

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Heuristics - OPEN
Scan in - C:\Documents and Settings\uhthn\Desktop\virus

C:\Documents and Settings\uhthn\Desktop\virus\NewTemp.dll - Suspicious of Win32.Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\virus\rksldk.bak - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\virus\rksldk.dll - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\virus\nm32.dll - Suspicious of Win32.Backdoor.Hupigon.5
C:\Documents and Settings\uhthn\Desktop\virus\nm070814.dll - Suspicious file
C:\Documents and Settings\uhthn\Desktop\virus\nm070814.exe - Suspicious of Trojan-PSW.Game.4
C:\Documents and Settings\uhthn\Desktop\virus\nm070824.dll - Suspicious file
C:\Documents and Settings\uhthn\Desktop\virus\nm070824.exe - Suspicious of Trojan-PSW.Game.4
C:\Documents and Settings\uhthn\Desktop\virus\NewTemp.bak - Suspicious of Win32.Trojan-PSW.Game.1

9 Files scanned
0 Infected files found
9 Suspicious files found
0 Files cured
0 Files deleted

显示全部楼层 · 发表于 2007-8-30 21:47:29

Ilarus:
30:08:2007 21:46:49 SEARCHTASK "USER_DEFINED" started...
scan item: C:\Documents and Settings\zhenjia\桌面\样本
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\NewTemp.bak - SIGNATURE FOUND "Trojan-PWS.Win32.Delf.mc"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\NewTemp.dll - SIGNATURE FOUND "Virus.Win32.AutoRun.am"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\nm070814.dll - SIGNATURE FOUND "Trojan-PWS.Win32.OnLineGames.yh"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\nm070814.exe - SIGNATURE FOUND "Trojan-Spy.Win32.Agent.pn"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\nm070824.exe - SIGNATURE FOUND "Trojan-Spy.Win32.Delf.PD"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\nm32.dll - SIGNATURE FOUND "Trojan-Downloader.Win32.Delf.bcm"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\rksldk.bak - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\样本\rksldk.dll - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
30:08:2007 21:46:50 SEARCHTASK "USER_DEFINED" FINISHED...
----------------------------------------------------
Directories scanned: 1
Files scanned: 9
Virus found: 8
----------------------------------------------------

显示全部楼层 · 发表于 2007-8-30 21:47:31

C:\ABC\NewTemp.bak - 特征码 'Trojan-PWS.Win32.Delf.mc' 被发现
C:\ABC\NewTemp.dll - 特征码 'Virus.Win32.AutoRun.am' 被发现
C:\ABC\nm070814.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.yh' 被发现
C:\ABC\nm070814.exe - 特征码 'Trojan-Spy.Win32.Agent.pn' 被发现
C:\ABC\nm070824.dll - 可疑代码段被发现 (Level: 30)
C:\ABC\nm070824.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
C:\ABC\nm32.dll - 特征码 'Trojan-Downloader.Win32.Delf.bcm' 被发现
C:\ABC\rksldk.bak - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\rksldk.dll - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现

      9 文件被扫描
      (0 压缩档 0 文件)
      8 特征码被侦测
      1 可疑代码段被发现
      耗时: 0:00.250

那位用套装的肯定8个

还是用CLS吧

[ 本帖最后由 promised 于 2007-8-30 21:50 编辑 ]

显示全部楼层 · 发表于 2007-8-30 21:48:07

微点：
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RKSLDK.BAK
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\RKSLDK.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Delf.eug

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NEWTEMP.BAK
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NM070814.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\NM070814.EXE
2) C:\PROGRAM FILES\INTERNET EXPLORER\NM32.DLL
3) C:\PROGRAM FILES\INTERNET EXPLORER\NM070814.DLL
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NM070814.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本\NM070824.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\NM070824.EXE
2) C:\PROGRAM FILES\INTERNET EXPLORER\NM32.DLL
3) C:\PROGRAM FILES\INTERNET EXPLORER\NM070824.DLL
是否删除木马程序及其衍生物?

运行的杀咯

显示全部楼层 · 发表于 2007-8-30 22:02:27

Result: 4 malware found
Trojan-PSW.Win32.Delf.wh (virus)
C:\Documents and Settings\ssy\×ÀÃæ\2.rar\NewTemp.dll
C:\Documents and Settings\ssy\×ÀÃæ\2.rar\NewTemp.bak
Trojan-Downloader.Win32.Delf.bcm (virus)
C:\Documents and Settings\ssy\×ÀÃæ\2.rar\nm070814.dll
C:\Documents and Settings\ssy\×ÀÃæ\2.rar\nm070814.exe

显示全部楼层 · 发表于 2007-8-30 22:03:50

Uhthn Anti-Spyware V3 Alpha

和那个ILARUS

真变态

显示全部楼层 · 发表于 2007-8-31 00:20:57

----------
[凝逸反毒] (http://hi.baidu.com/503165656)

[凝逸.扫描病毒引擎-日志] 2007.8.31 0:20:51

文件:F:\070801\样本\NewTemp.bak | 感染:Win32.HLLW.Autoruner.249 [10>20070822_ny0010.axx]3(2.4)
操作:删除文件

扫描完成|病毒:1 文件:9|耗时:1662
----------

[病毒样本] 9只 [MD5: 935BA8 DDE0F5 9BB593 CFD856 6A3E7F 093CE1 4628EC FC9ABF F5F2DB]

本帖子中包含更多资源

7个