[MD5: 1EB401 238D05 CBDCF0]U盘里的快餐

显示全部楼层 · 发表于 2007-9-14 18:07:06

3个worm

显示全部楼层 · 发表于 2007-9-14 18:08:41

卡巴斯基互联网安全套装 7.0
The requested URL http://bbs.kafan.cn/attachment.php?aid=127587 is infected with Virus.Win32.VB.bu virus

显示全部楼层 · 发表于 2007-9-14 18:08:43

显示全部楼层 · 发表于 2007-9-14 18:18:00

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

显示全部楼层 · 发表于 2007-9-14 18:18:51

Start of the scan: 2007年9月14日  18:18

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本1.rar'
C:\Documents and Settings\Administrator\桌面\样本1.rar
  [0] Archive type: RAR
  --> EXPLORER.EXE
   [DETECTION] Is the Trojan horse TR/Agent.VB.H.1
  --> rundll.exe
   [DETECTION] Contains detection pattern of the worm WORM/VB.FI
  --> wsctf.exe
   [DETECTION] Is the Trojan horse TR/VB.IE.3
   [INFO]    The file was deleted!

End of the scan: 2007年9月14日  18:18
Used time: 00:12 min

显示全部楼层 · 发表于 2007-9-14 18:20:53

扫描开始时间: 2007-9-14 18:18:53
扫描日志
NOD32 版本 2529 (20070913) NT
命令行: C:\Documents and Settings\Administrator\桌面\样本1.rar
系统内存<病毒 - >

日期: 2007年9月14日时间: 18:19:08
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Administrator\桌面\样本1.rar
C:\Documents and Settings\Administrator\桌面\样本1.rar ?RAR ?EXPLORER.EXE<病毒 - Win32/VB.NHZ 蠕虫>
C:\Documents and Settings\Administrator\桌面\样本1.rar ?RAR ?rundll.exe<病毒 - Win32/AutoRun.M 蠕虫>
C:\Documents and Settings\Administrator\桌面\样本1.rar ?RAR ?wsctf.exe<病毒 - Win32/VB.NIH 蠕虫>
已扫描文件数量: 4
已发现病毒数量: 3
活动的病毒数量: 1

显示全部楼层 · 发表于 2007-9-14 20:03:43

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 4814
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\tonger2003

C:\Documents and Settings\uhthn\Desktop\tonger2003\EXPLORER.EXE - Suspicious file
C:\Documents and Settings\uhthn\Desktop\tonger2003\rundll.exe - OK
C:\Documents and Settings\uhthn\Desktop\tonger2003\wsctf.exe - Suspicious file

3 Files scanned
0 Infected files found
2 Suspicious files found
0 Files cured
0 Files deleted

显示全部楼层 · 发表于 2007-9-14 20:06:34

微点：
木马名称:Trojan.Win32.VB.da

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\EXPLORER.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Agent.ckg

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\RUNDLL.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.VB.bdo

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WSCTF.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

[病毒样本] [MD5: 1EB401 238D05 CBDCF0]U盘里的快餐

本帖子中包含更多资源

本帖子中包含更多资源