下午茶一小包13个样本

moonsilver

8个

BING126

小A只报了8个！

woai_jolin

TrustPort Antivirus On-Demand Scanner






     Status          Quarantined
     Target          G:\v\TEMP.rar
                              Options
                                                        , Requested action: Move to quarantine, Excluded extensions
                              disabled, Excluded objects disabled, Heuristics enabled, Sandbox enabled,
                              Scan archives

              Statistics          Details

                                                       Files          Boot sectorsRegistry key

                              Scanned              15                       0                               0
                               Infected              10                       0                               0
                              Repaired               0                        0                               0
                             Renamed               0                         -                               -
                          Quarantined              1                         -                               -
                                 Deleted              0                         -                               0

zengmingwh

We received the following archive files:



File ID  Filename  Size (Byte) Result
1324129  TEMP.rar 18.67 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
205687  SC.EXE  30.5 KB  KNOWN CLEAN
1323854  rising102.exe  5.53 KB  DAMAGED FILE (UNKNOWN)
1323855  o.js  7.24 KB  CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result
SC.EXE  KNOWN CLEAN

The file 'SC.EXE' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Windows XP (SP0)'.

Filename Result
rising102.exe  DAMAGED FILE (UNKNOWN)

The file 'rising102.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

Filename Result
o.js  CLEAN

The file 'o.js' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.


--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.
Print this page

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.QQHX.tqd
病毒： Trojan.PSW.Win32.OnlineGames.zbt
病毒： Trojan.PSW.Win32.QQPass.yru
病毒： Trojan.PSW.Win32.QQPass.yru
病毒： Trojan.PSW.Win32.QQHX.tqe

MAC地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：19.43

king6808

已删除：木马程序 Trojan-PSW.Win32.OnLineGames.drd        文件　: G:\10.1\TEMP.rar/RSZTBSP.EXE//UPack
已删除：病毒 Virus.Win32.AutoRun.qd        文件　: G:\10.1\TEMP.rar/S168[1].exe//UPack
已删除：病毒 Virus.Win32.AutoRun.pi        文件　: G:\10.1\TEMP.rar/SYSWIN74.JMP//UPX
已删除：病毒 Virus.Win32.AutoRun.pi        文件　: G:\10.1\TEMP.rar/WINSYS74.SYS
已删除：木马程序 Trojan-PSW.Win32.WOW.ys        文件　: G:\10.1\TEMP.rar/wodoor0.dll
检测到：木马程序 Trojan-PSW.Win32.OnLineGames.dpz        文件　: G:\10.1\TEMP.rar/17cube病毒文件.exe//#//NSPack
已删除：病毒 Virus.Win32.AutoRun.pi        文件　: G:\10.1\TEMP.rar/A0009158.EXE//UPX
已删除：病毒 Virus.Win32.AutoRun.pi        文件　: G:\10.1\TEMP.rar/AUTORUN.EXE//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.drb        文件　: G:\10.1\TEMP.rar/KAQHDAZ.EXE//UPack
已删除：木马程序 Trojan-Downloader.JS.IstBar.az        文件　: G:\10.1\TEMP.rar/o.js
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.drc        文件　: G:\10.1\TEMP.rar/RARJBTL.EXE//UPack

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 279
Paranoia Database - 6309
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\RSZTBSP.EXE - Infected with PDB:ce5 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\S168[1].exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\SC.EXE - Suspicious of Win32.Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\SYSWIN74.JMP - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\WINSYS74.SYS - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\wodoor0.dll - Infected with SDB:MalwareSpy.Trojan-Downloader.Agent.3 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\rising102.exe - Suspicious of Win32.Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\17cube病毒文件.exe - Infected with SDB:MalwareSpy.Win32.Trojan-Downloader.Agent.3 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\A0009158.EXE - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\AUTORUN.EXE - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\KAQHDAZ.EXE - Infected with PDB:232 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\o.js - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\RARJBTL.EXE - Infected with PDB:e19 Malware program - Deleted

13 Files scanned
9 Infected files found
4 Suspicious files found
0 Files cured
9 Files deleted

woai_jolin

===================================================================================================
On-demand scanner 7.0.0.9

NSE revision 5.91.07
nvcbin.def revision 5.90.00 of 2007/09/28 15:46:54 (967863 variants)
nvcmacro.def revision 5.90.00 of 2007/09/25 15:36:51 (20411 variants)
Total number of variants: 988274
===================================================================================================

       Time  Filename                                                     Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: G:\
- Scanning system areas of drive: G:\
- Scanning files in the directory: G:\v\
     13469 ms G:\v\17cube病毒文件.exe                                      Virus W32/Hupigon.gen67 ( [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * Accesses executable file from resource section.
    * Decompressing UPX.
    * **Locates window "NULL [class AVP.AlertDialog]" on desktop.
    * **Locates window "NULL [class AVP.Product_Notification]" on desktop.
    * File length:       662528 bytes.

[ Changes to filesystem ]
    * Creates file C:\WINDOWS\TEMP\.\start.exe.
    * Creates file C:\WINDOWS\TEMP\.\tmp2.tmp.

[ Process/window information ]
    * Creates an event called YUTDFGHKHCOOLWW_WO.
    * Enumerates running processes.
    * Enumerates running processes several parses....

)
- File G:\v\17cube病毒文件.exe quarantined.
- File G:\v\17cube病毒文件.exe deleted.
        0 ms G:\v\A0009158.EXE                                            Trojan W32/Malware.AVQF ()
- File G:\v\A0009158.EXE quarantined.
- File G:\v\A0009158.EXE deleted.
        0 ms G:\v\AUTORUN.EXE                                             Trojan W32/Malware.AVQF ()
- File G:\v\AUTORUN.EXE quarantined.
- File G:\v\AUTORUN.EXE deleted.
        0 ms G:\v\KAQHDAZ.EXE                                             Security Risk W32/Suspicious_U.gen ()
- File G:\v\KAQHDAZ.EXE quarantined.
- File G:\v\KAQHDAZ.EXE deleted.
       16 ms G:\v\o.js                                                   
        0 ms G:\v\RARJBTL.EXE                                             Security Risk W32/Suspicious_U.gen ()
- File G:\v\RARJBTL.EXE quarantined.
- File G:\v\RARJBTL.EXE deleted.
        0 ms G:\v\rising102.exe                                           Trojan W32/Malware.AVEY ()
- File G:\v\rising102.exe quarantined.
- File G:\v\rising102.exe deleted.
        0 ms G:\v\RSZTBSP.EXE                                             Security Risk W32/Suspicious_U.gen ()
- File G:\v\RSZTBSP.EXE quarantined.
- File G:\v\RSZTBSP.EXE deleted.
        0 ms G:\v\S168[1].exe                                             Security Risk W32/Suspicious_U.gen ()
- File G:\v\S168[1].exe quarantined.
- File G:\v\S168[1].exe deleted.
       63 ms G:\v\SC.EXE                                                
       15 ms G:\v\SYSWIN74.JMP                                            Trojan W32/Malware.AVQF ()
- File G:\v\SYSWIN74.JMP quarantined.
- File G:\v\SYSWIN74.JMP deleted.
        0 ms G:\v\WINSYS74.SYS                                            Trojan W32/AutoRun.VQ ()
- File G:\v\WINSYS74.SYS quarantined.
- File G:\v\WINSYS74.SYS deleted.
        0 ms G:\v\wodoor0.dll                                             Trojan W32/Hupigon.gen67 ()
- File G:\v\wodoor0.dll quarantined.
- File G:\v\wodoor0.dll deleted.

===================================================================================================

The scanning started: 2007/10/02 13:06:45
               ended: 2007/10/02 13:06:59
Logged on as        : Administrator
on hostname         : C3EF58622174424

Scanning results:
   Total number of files found..............................:      13
   Number of files scanned..................................:      13
   Number of files/directories skipped due to exclude list..:       0
   Number of files that could not be opened.................:       0
   Number of archive files unpacked.........................:       0
   Number of archive files not unpacked.....................:       0
   Number of infections.....................................:      11

Copyright (c) 1993-2005 Norman ASA.