收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 一堆
12
返回列表 发新帖
楼主: zane_xzz
 收起左侧

[病毒样本] 一堆

[复制链接]
残缺的唯美
发表于 2007-9-3 15:25:07 | 显示全部楼层
我的咖啡就杀了3个
回复

举报

啊弥陀佛
发表于 2007-9-3 15:28:05 | 显示全部楼层
程序: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\DH.EXE 木马程序生成以下文件: 1) C:\PROGRAM FILES\NETMEETING\RAVDHMON.EXE 2) C:\PROGRAM FILES\NETMEETING\RAVDHMON.DAT 是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\MH.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVGJMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVGJMON.DAT
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\MS.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVMSMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVMSMON.DAT
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\MY.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVMYMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVMYMON.DAT
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\QJ.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVQJMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVQJMON.DAT
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\RX.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\MSSQL.DLL
2) C:\WINDOWS\SYSTEM32\MSSOCK.SYS
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\TJ.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SYWTC.EXE
2) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\REJOI.VXD
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\TL.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
是否删除木马程序及其衍生物?


微点全杀咯

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

uhthn2002
发表于 2007-9-3 15:52:23 | 显示全部楼层
Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 2646
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\11

C:\Documents and Settings\uhthn\Desktop\11\dh.exe - Infected with PDB-2114 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\mh.exe - Infected with PDB-952 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\ms.exe - Infected with PDB-2024 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\my.exe - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\11\qj.exe - Infected with PDB-492 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\rx.exe - Infected with PDB-350 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\tj.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\11\tl.exe - Infected with Win32.PDB-1359 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\wd.exe - Infected with PDB-2182 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\zt.exe - Infected with PDB-145 Malware program (Paranoia Database) - Deleted
C:\Documents and Settings\uhthn\Desktop\11\zx.exe - Suspicious of Trojan-PSW.OnLineGames.2

11 Files scanned
8 Infected files found
3 Suspicious files found
0 Files cured
8 Files deleted
回复

举报

timhas266
发表于 2007-9-3 17:06:43 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\11.zip'
C:\Documents and Settings\tim\桌面\11.zip
  [0] Archive type: ZIP
  --> 11/dh.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bkq
  --> 11/mh.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.fjk
  --> 11/ms.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.csd
  --> 11/my.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bki
  --> 11/qj.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bko
  --> 11/rx.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.PC
  --> 11/tj.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lineage.mz.5
  --> 11/tl.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/WinterLove.BJ.1 Backdoor server programs
  --> 11/wd.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bkr
  --> 11/zt.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.fjm
  --> 11/zx.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bdv
      [INFO]      A backup was created as '4709cecc.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-16 10:28 , Processed in 0.085516 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表