可疑病毒

显示全部楼层 · 发表于 2007-9-28 13:35:35

有金山清理专家报的有我看可疑文件有金山墙

[ 本帖最后由 kp2006 于 2007-9-28 13:38 编辑 ]

显示全部楼层 · 发表于 2007-9-28 13:42:05

红伞飘过。
微点报
程序:
C:\BOOT\3.14.EXE
此文件带以下驱动:
C:\WINDOWS\SYSTEM32\DRIVERS\
是否删除木马程序及其衍生物?

延迟删除

瑞星扫描无视，瑞星主防高级无视，与微点的主防相比，果然与可疑文件兼容性极好。

[ 本帖最后由 capsshift 于 2007-9-28 13:58 编辑 ]

显示全部楼层 · 发表于 2007-9-28 13:46:07

Scan performed at: 2007-9-28 13:45:38
Scanning Log
NOD32 version 2556 (20070928) NT
Command line: C:\Documents and Settings\Don johnson\桌面\autorun.rar
Operating memory - is OK

Date: 28.9.2007 Time: 13:45:42
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\autorun.rar
C:\Documents and Settings\Don johnson\桌面\autorun.rar ?RAR ?autorun.inf - INF/Autorun virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\autorun.rar ?RAR ?boot.exe - probably a variant of Win32/Spy.Delf.NEH trojan
C:\Documents and Settings\Don johnson\桌面\autorun.rar ?RAR ?IO.pif - a variant of Win32/Delf.NDL worm
Number of scanned files: 4
Number of threats found: 3
Number of files cleaned: 1
Time of completion: 13:45:42 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-9-28 13:47:11

Scan performed at: 2007-9-28 13:46:40
Scanning Log
NOD32 version 2556 (20070928) NT
Command line: C:\Documents and Settings\Don johnson\桌面\wlmsngr.rar
Operating memory - is OK

Date: 28.9.2007 Time: 13:46:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\wlmsngr.rar
C:\Documents and Settings\Don johnson\桌面\wlmsngr.rar ?RAR ?wlmsngr.exe - IRC/SdBot trojan - was a part of the deleted object
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 13:46:43 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-9-28 13:48:49

2007-9-28 13:48:14 1190958494 Administrator 1524 Sign of "Win32:Virtualizer [Cryp]" has been found in "C:\Documents and Settings\Administrator\桌面\autorun.rar\boot.exe" file.
2007-9-28 13:48:17 1190958497 Administrator 1524 Sign of "Win32:Agent-JRH [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\autorun.rar\IO.pif\[PECompact]" file.
2007-9-28 13:48:18 1190958498 Administrator 1524 Sign of "Win32:SdBot-4084 [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\wlmsngr.rar\wlmsngr.exe" file.

显示全部楼层 · 发表于 2007-9-28 13:49:30

auto红伞报两个
Begin scan in 'C:\BOOT\autorun.rar'
C:\BOOT\autorun.rar
  [0] Archive type: RAR
  --> boot.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> IO.pif
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    A backup was created as '47709583.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
剩下的，红伞报一个
Begin scan in 'C:\BOOT\wlmsngr.rar'
C:\BOOT\wlmsngr.rar
  [0] Archive type: RAR
  --> wlmsngr.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    A backup was created as '47699606.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-28 15:09:35

detected: virus Heur.Trojan.Generic File: C:\Documents and Settings\Owner\×ÀÃæ\autorun.rar/IO.pif//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: Trojan program Backdoor.Win32.SdBot.xd File: C:\Documents and Settings\Owner\×ÀÃæ\wlmsngr.rar/wlmsngr.exe

显示全部楼层 · 发表于 2007-9-28 15:47:23

卡巴28号15:44病毒库报后面两个。

显示全部楼层 · 发表于 2007-9-28 15:48:53

小a报了后2个。
http://bbs.kafan.cn/attachment.php?aid=132886\boot.exe [L] Win32:Virtualizer [Cryp] (0)
http://bbs.kafan.cn/attachment.php?aid=132887\wlmsngr.exe [L] Win32:SdBot-4084 [Trj] (0)

显示全部楼层 · 发表于 2007-9-28 16:47:42

已删除：病毒 Heur.Trojan.Generic 文件: F:\9.28\autorun.rar/IO.pif//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
已删除：木马程序 Backdoor.Win32.SdBot.xd 文件: F:\9.28\wlmsngr.rar/wlmsngr.exe

[病毒样本] 可疑病毒

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源