23个【MD5略】

显示全部楼层 · 发表于 2007-10-1 14:29:30

如题

显示全部楼层 · 发表于 2007-10-1 14:31:32

nod32 14
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » wxpSetup204.txt » RAR » jshelp.exe - a variant of Win32/Adware.MoKeAD application
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » wxpSetup204.txt » RAR » jsshow.dll - a variant of Win32/Adware.MoKeAD application
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » wxpSetup204.txt - a variant of Win32/Adware.MoKeAD application
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » 2(1)(2).exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » 4(1).exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » 12(1)(1).exe - probably a variant of Win32/AutoRun.Q worm
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » 12(2).exe - probably a variant of Win32/AutoRun.Q worm
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » 18(1).exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » mh(1).exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » mh.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » mminstall.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » moon.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » moyu.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » qiji.exe - probably unknown NewHeur_PE virus
D:\Documents and Settings\EKINCHENG\桌面\23.zip » RAR » qq.exe - probably a variant of Win32/AutoRun.Q worm
D:\Documents and Settings\EKINCHENG\桌面\23.zip - multiple threats - deleted - quarantined

显示全部楼层 · 发表于 2007-10-1 14:32:33

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\23.zip'
C:\Users\morgan\Documents\
  23.zip
[0] Archive type: RAR
--> tempL.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> wxpSetup204.txt
      [1] Archive type: RAR SFX (self extracting)
      --> jshelp.exe
         [DETECTION] Is the Trojan horse TR/Drop.Webhelp
         [WARNING] Infected files in archives cannot be repaired!
      --> jsshow.dll
--> 2(1)(2).exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 03ms.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> 4(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> 6.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 7(1)(2).exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 7(2)(1).exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 11(1)(1).exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dtc
      [WARNING] Infected files in archives cannot be repaired!
--> 11(1).exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dtc
      [WARNING] Infected files in archives cannot be repaired!
--> 11wd.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 12(1)(1).exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 12(2).exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 18(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> mh(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> mh.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> mminstall.exe
--> moon.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> moyu.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> ms.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> qiji.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> qq.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> tempI.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年9月30日  23:31
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   26 Files were scanned
   14 viruses and/or unwanted programs were found
   8 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   12 Files not concerned
   2 Archives were scanned
   23 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-1 14:33:52

C:\ABC\23\03ms.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\11(1)(1).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\11(1).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\11wd.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\12(1)(1).exe - 特征码 'Virus.Win32.AutoRun.bs' 被发现
C:\ABC\23\12(2).exe - 特征码 'Virus.Win32.AutoRun.bs' 被发现
C:\ABC\23\18(1).exe - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\23\2(1)(2).exe
C:\ABC\23\4(1).exe - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\23\6.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\7(1)(2).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\7(2)(1).exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\mh(1).exe - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\23\mh.exe - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\23\mminstall.exe
C:\ABC\23\moon.exe - 特征码 'Trojan-PWS.Win32.Agent.BU' 被发现
C:\ABC\23\moyu.exe - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\23\ms.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\qiji.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\23\qq.exe - 特征码 'Virus.Win32.AutoRun.bs' 被发现
C:\ABC\23\tempI.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\tempL.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\23\wxpSetup204.txt:\jshelp.exe - 特征码 'not-a-virus:AdWare.Win32.Agent.bs' 被发现
C:\ABC\23\wxpSetup204.txt:\jsshow.dll - 特征码 'not-a-virus:AdWare.Win32.Agent.bs' 被发现
C:\ABC\23\wxpSetup204.txt

25 文件被扫描
(1 压缩档 2 文件)
22 特征码被侦测
0 可疑代码段被发现
耗时: 0:04.218

显示全部楼层 · 发表于 2007-10-1 14:38:56

谁来猜猜看瑞星扫描杀了几个

显示全部楼层 · 发表于 2007-10-1 14:41:46

我猜我猜我猜猜猜

显示全部楼层 · 发表于 2007-10-1 14:42:05

5个

显示全部楼层 · 发表于 2007-10-1 14:45:23

错了，和真正数量差5个 [:27:]

显示全部楼层 · 发表于 2007-10-1 14:47:15

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyi File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/tempL.exe//PE_Patch//UPack
deleted: Trojan program Trojan.Win32.Agent.btp File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/wxpSetup204.txt//data.rar/jshelp.exe
deleted: Trojan program Trojan.Win32.Agent.btp File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/wxpSetup204.txt//data.rar/jsshow.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxx File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/2(1)(2).exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyb File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/03ms.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxu File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/4(1).exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bmz File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/6.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bmz File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/7(1)(2).exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bmz File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/7(2)(1).exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxw File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/11(1)(1).exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxw File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/11(1).exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyc File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/11wd.exe
deleted: Trojan program Trojan-PSW.Win32.QQPass.afw File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/12(1)(1).exe//UPX
deleted: Trojan program Trojan-PSW.Win32.QQPass.afw File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/12(2).exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxu File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/18(1).exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyd File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/mh(1).exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyd File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/mh.exe//UPack
deleted: Trojan program Trojan-Downloader.Win32.Hmir.aw File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/mminstall.exe
deleted: Trojan program Backdoor.Win32.Agent.bxm File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/moon.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dye File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/moyu.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyf File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/ms.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dyg File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/qiji.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.QQGame.ai File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/qq.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.Lmir.bmz File: F:\Documents and Settings\Crusade\×ÀÃæ\23.zip/tempI.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-10-1 14:49:04

mminstall.exe加了upx
卡巴分析师带upx入库
估计发烧了

[病毒样本] 23个【MD5略】

本帖子中包含更多资源

回复 7楼 wangjay1980 的帖子