12个广告

qianwenxiang

广告软件体积巨大..

浪滔天

卡巴 7.0.0.125
9个
已删除: 色情程序 not-a-virus:Porn-Dialer.Win32.InstantAccess.f        文件: F:\病毒样本\1002Adware[1]\EGDACCESS_1064.dll//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Baser.w        文件: F:\病毒样本\1002Adware[1]\1.exe//PE_Patch.UPX//UPX
已删除: 广告程序 not-a-virus:AdWare.Win32.Mostofate.ar        文件: F:\病毒样本\1002Adware[1]\00110.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Iebar.m        文件: F:\病毒样本\1002Adware[1]\iebar23.0.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Iebar.h        文件: F:\病毒样本\1002Adware[1]\barhelp24.0.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.HotBar.bj        文件: F:\病毒样本\1002Adware[1]\hbinstie.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Excite.a        文件: F:\病毒样本\1002Adware[1]\x8Setp.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Diybar.b        文件: F:\病毒样本\1002Adware[1]\diybar2.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.c        文件: F:\病毒样本\1002Adware[1]\siinstaller.exe//data0002

IllusionWing

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.1.0
HC0.rlb = 2.8.9
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\1.exe
[扫描] [Level 1] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\1.exe 检测到 Generic.Virus
[扫描] [Level 2] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\1.exe 检测到 Win32.Autorun.hw
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\00110.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\Abasetup.exe
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\Abasetup.exe//Stream_01
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\Abasetup.exe//Stream_02
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\Abasetup.exe 检测到 Generic.Binder
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\barhelp24.0.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\Direcpll.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\diybar2.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\diybar2.dll//Stream_01
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\diybar2.dll//Stream_02
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\diybar2.dll 检测到 Generic.Binder
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\EGDACCESS_1064.dll
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\EGDACCESS_1064.dll 检测到 Packed.Generic.UPX.Modified
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\hbinstie.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\iebar23.0.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\siinstaller.exe
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\tbhelper.dll
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\x8Setp.exe
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\x8Setp.exe//Stream_01
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\x8Setp.exe//Stream_02
[扫描] 开始 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\x8Setp.exe//Stream_03
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\x8Setp.exe 检测到 Generic.Binder
检测到了 5 个未知的恶意程序，请上报。
任务 扫描 完成。共耗费的时间：0-00-00 00:00:03:0312，共扫描的文件数量：19，共扫描到的威胁数量：6，威胁率：0.31578947

The EQs

Scan performed at: 2007-10-2 12:47:09
Scanning Log
NOD32 version 2564 (20071002) NT
Command line: C:\Documents and Settings\Don johnson\桌面\1002Adware
Operating memory - is OK

Date: 2.10.2007  Time: 12:47:14
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\1002Adware\
C:\Documents and Settings\Don johnson\桌面\1002Adware\1.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\1002Adware\barhelp24.0.dll - probably a variant of Win32/Adware.Agent application
C:\Documents and Settings\Don johnson\桌面\1002Adware\EGDACCESS_1064.dll - a variant of Win32/Dialer.Egroup application
C:\Documents and Settings\Don johnson\桌面\1002Adware\hbinstie.dll - a variant of Win32/Adware.HotBar application
C:\Documents and Settings\Don johnson\桌面\1002Adware\iebar23.0.dll - Win32/Adware.Toolbar.IEBar application - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\1002Adware\siinstaller.exe - Win32/Adware.Comet application - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\1002Adware\x8Setp.exe - Win32/AdInstaller application - quarantined - unable to clean - deleted
Number of scanned files: 27
Number of threats found: 7
Number of files cleaned: 7
Time of completion: 12:47:17 Total scanning time: 3 sec (00:00:03)

微点卫士

木马名称:Trojan-Downloader.Win32.Baser.h

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1002ADWARE[1]\1.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
广告软件名称:AdWare.Win32.Iebar.b

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1002ADWARE[1]\IEBAR23.0.DLL
是广告软件!
已成功阻止其运行,是否要删除此文件?
恶意程序名称:AdWare.Win32.Comet.d

程序:
C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\BIN\SCREENSAVERSINST.DLL
是恶意程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1002ADWARE[1]\SIINSTALLER.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\BIN\SCREENSAVERSINST.DLL
2) C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\BIN\SIUNINST.EXE
是否删除木马程序及其衍生物?
程序:
C:\PROGRAM FILES\EXCITE\X8BAR\1.BIN\X8BAR.DLL
是可疑程序，是否阻止该进程继续运行?
程序:
C:\PROGRAM FILES\EXCITE\X8BAR\1.BIN\X8BAR.DLL
是否删除病毒程序?程序:
C:\PROGRAM FILES\EXCITE\X8BAR\1.BIN\X8BAR.DLL
是可疑程序，是否阻止该进程继续运行?

Abasetup自动安装的，晕

FBAV

谢谢啦

[ 本帖最后由 FBAV 于 2007-10-2 12:54 编辑 ]

woai_jolin

===================================================================================================
On-demand scanner 7.0.0.9

NSE revision 5.91.07
nvcbin.def revision 5.90.00 of 2007/09/28 15:46:54 (967863 variants)
nvcmacro.def revision 5.90.00 of 2007/09/25 15:36:51 (20411 variants)
Total number of variants: 988274
===================================================================================================

       Time  Filename                                                     Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: G:\
- Scanning system areas of drive: G:\
- Scanning files in the directory: G:\v\
      281 ms G:\v\00110.dll                                             
       16 ms G:\v\1.exe                                                   Trojan W32/Malware.AMWF ()
- File G:\v\1.exe quarantined.
- File G:\v\1.exe deleted.
        0 ms G:\v\Abasetup.exe                                          
        0 ms G:\v\barhelp24.0.dll                                       
        0 ms G:\v\Direcpll.dll                                          
        0 ms G:\v\diybar2.dll                                             Aggressive commersial W32/Diybar.C ()
- File G:\v\diybar2.dll quarantined.
- File G:\v\diybar2.dll deleted.
       16 ms G:\v\EGDACCESS_1064.dll                                      Trojan W32/Dialer.YP ()
- File G:\v\EGDACCESS_1064.dll quarantined.
- File G:\v\EGDACCESS_1064.dll deleted.
       31 ms G:\v\hbinstie.dll                                            Aggressive commersial W32/HotBar.LE ()
- File G:\v\hbinstie.dll quarantined.
- File G:\v\hbinstie.dll deleted.
       31 ms G:\v\iebar23.0.dll                                           Aggressive commersial W32/Iebar.V ()
- File G:\v\iebar23.0.dll quarantined.
- File G:\v\iebar23.0.dll deleted.
       31 ms G:\v\siinstaller.exe                                         Trojan Comet.AF.dropper ()
- File G:\v\siinstaller.exe quarantined.
- File G:\v\siinstaller.exe deleted.
        0 ms G:\v\tbhelper.dll                                          
       31 ms G:\v\x8Setp.exe                                              Aggressive commersial W32/Excite.E ()
- File G:\v\x8Setp.exe quarantined.
- File G:\v\x8Setp.exe deleted.

===================================================================================================

The scanning started: 2007/10/02 12:58:00
               ended: 2007/10/02 12:58:02
Logged on as        : Administrator
on hostname         : C3EF58622174424

Scanning results:
   Total number of files found..............................:      12
   Number of files scanned..................................:      12
   Number of files/directories skipped due to exclude list..:       0
   Number of files that could not be opened.................:       0
   Number of archive files unpacked.........................:       0
   Number of archive files not unpacked.....................:       0
   Number of infections.....................................:       7

Copyright (c) 1993-2005 Norman ASA.

kkgh

瑞星的广告查杀能力还不如金山，其中瑞星只杀了3个，金山杀了7个

IllusionWing

新引擎.哈哈..

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.1.1
HC0.rlb = 2.8.9
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\00110.dll 检测到 Generic.IEBar.Installer
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\barhelp24.0.dll 检测到 Generic.IEBar.Installer
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\diybar2.dll 检测到 Generic.IEBar.Installer
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\hbinstie.dll 检测到 Generic.IEBar.Installer
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\iebar23.0.dll 检测到 Generic.IEBar.Installer
[扫描] [EmuCOM] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹\1002Adware[1]\tbhelper.dll 检测到 Generic.IEBar.Installer
检测到了 6 个未知的恶意程序，请上报。
任务 扫描 完成。共耗费的时间：0-00-00 00:00:02:0156，共扫描的文件数量：10，共扫描到的威胁数量：6，威胁率：0.6

电影结束了

对象: 1.exe
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: BehavesLike:Win32.ExplorerHijack (BD 引擎)
对象: barhelp24.0.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Iebar.L (BD 引擎)
对象: diybar2.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Diybar.A (BD 引擎)
对象: EGDACCESS_1064.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Dialer.BAX (BD 引擎)
对象: hbinstie.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Hotbar.ER (BD 引擎)
对象: iebar23.0.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Iebar.M (BD 引擎)
对象: siinstaller.exe
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Comet.K (BD 引擎)
对象: tbhelper.dll
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Softomate.EA (BD 引擎)
对象: x8Setp.exe
        路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
        Status: 病毒文件已删除
        病毒: Adware.Excite.A (BD 引擎)