6个

显示全部楼层 · 发表于 2007-9-6 16:02:14

ESS beta2

C:\Documents and Settings\Administrator\桌面\g.rar » RAR » 5.exe.out.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\g.rar » RAR » 4.exe.out.exe - a variant of Win32/PSW.Delf.NIY trojan
C:\Documents and Settings\Administrator\桌面\g.rar » RAR » 3.exe.out.exe - a variant of Win32/TrojanDownloader.Delf.NSA trojan
C:\Documents and Settings\Administrator\桌面\g.rar » RAR » 2.exe.out.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Administrator\桌面\g.rar » RAR » 6.exe.out.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan

显示全部楼层 · 发表于 2007-9-6 17:52:45

F:\g.rar >>RAR >>6.exe.out.exe - 可能是 Win32/PSW.OnLineGames.YA 木马的一个变种
F:\g.rar >>RAR >>2.exe.out.exe - Win32/PSW.OnLineGames.YA 木马的变种
F:\g.rar >>RAR >>3.exe.out.exe - Win32/TrojanDownloader.Delf.NSA 木马的变种
F:\g.rar >>RAR >>4.exe.out.exe - Win32/PSW.Delf.NIY 木马的变种
F:\g.rar >>RAR >>5.exe.out.exe - 可能是 Win32/Genetik 木马的一个变种

显示全部楼层 · 发表于 2007-9-6 17:53:47

显示全部楼层 · 发表于 2007-9-6 18:29:02

Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\g.rar'
C:\Documents and Settings\tim\桌面\g.rar
  [0] Archive type: RAR
  --> 6.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 2.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 3.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 4.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 5.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 1.exe.out.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    A backup was created as '4751d692.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-6 18:37:16

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 3303
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\6.exe.out.exe - Suspicious of MalwareSpy.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\2.exe.out.exe - Suspicious of MalwareSpy.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\3.exe.out.exe - Suspicious of MalwareSpy.Win32.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\4.exe.out.exe - Suspicious of MalwareSpy.Win32.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\5.exe.out.exe - Suspicious of MalwareSpy.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1.exe.out.exe - Suspicious of MalwareSpy.Trojan-Downloader.Delf.1

6 Files scanned
0 Infected files found
6 Suspicious files found
0 Files cured
0 Files deleted

显示全部楼层 · 发表于 2007-9-6 22:48:45

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\g.rar'
C:\Documents and Settings\Administrator\My Documents\
  g.rar
[0] Archive type: RAR
--> 6.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 2.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 3.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 4.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 5.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 1.exe.out.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年9月6日  07:48
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   7 Files were scanned
   6 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   7 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-9-7 20:54:52

----------
[凝逸反毒] (http://hi.baidu.com/503165656)

[凝逸.扫描病毒引擎-日志] 2007.9.7 20:54:38

文件:F:\070907\g\6.exe.out.exe | 感染:Trojan.DownLoader.4293 [93>20070906_ny0014.axx]3(1.1)
操作:删除文件
文件:F:\070907\g\2.exe.out.exe | 感染:Trojan.DownLoader.4293 [92>20070906_ny0014.axx]3(1.1)
操作:删除文件
文件:F:\070907\g\3.exe.out.exe | 感染:Trojan.DownLoader.4293 [95>20070906_ny0014.axx]3(1.1)
操作:删除文件
文件:F:\070907\g\4.exe.out.exe | 感染:Trojan.DownLoader.4293 [96>20070906_ny0014.axx]3(1.1)
操作:删除文件
文件:F:\070907\g\5.exe.out.exe | 感染:Trojan.DownLoader.4293 [97>20070906_ny0014.axx]3(1.1)
操作:删除文件
文件:F:\070907\g\1.exe.out.exe | 感染:Trojan.DownLoader.4293 [94>20070906_ny0014.axx]3(1.1)
操作:删除文件

扫描完成|病毒:6 文件:6|耗时:3955
----------

显示全部楼层 · 发表于 2007-9-7 23:38:11

扫描报告
2007年9月7日 23:38:33 - 23:38:34
计算机名称: 2FF87FC2B9AB46F
扫描类型: 扫描目标
目标: F:\v\g.rar

--------------------------------------------------------------------------------

结果: 找到 5 恶意软件
Trojan-PSW.Win32.OnLineGames.cbd (病毒)
F:\v\g.rar\6.exe.out.exe
Trojan-PSW.Win32.OnLineGames.caz (病毒)
F:\v\g.rar\2.exe.out.exe
Virus.Win32.AutoRun.jj (病毒)
F:\v\g.rar\3.exe.out.exe
Trojan-PSW.Win32.Delf.aak (病毒)
F:\v\g.rar\4.exe.out.exe
Trojan-PSW.Win32.OnLineGames.cbc (病毒)
F:\v\g.rar\5.exe.out.exe

--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 7
未扫描: 0
结果:
病毒: 5
间谍软件: 0
可疑项目: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
删除: 0
已隔离: 0
失败: 0
启动扇区:
已扫描: 0
受感染: 0
可疑项目: 0
已杀毒: 0

--------------------------------------------------------------------------------

选项
定义版本:
病毒: 2007-09-07_07
间谍软件: 2007-09-07_07
扫描引擎:
F-Secure AVP: 7.00.171, 2007-09-07
F-Secure Libra: 2.04.01, 2007-09-07
F-Secure Orion: 1.02.37, 2007-09-07
F-Secure Draco: 1.00.35, 2007-09-03
扫描选项:
扫描所有文件
扫描内部存档
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

6个

本帖子中包含更多资源