[病毒样本] 35

显示全部楼层 · 发表于 2007-10-3 01:07:46

FSIS扫描共有29个

显示全部楼层 · 发表于 2007-10-3 01:39:26

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 282
Paranoia Database - 6400
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\cagher.php - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\contact_us.htm - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\cyber.wmf - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\ddos.exe - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\gixqwflek - Infected with PDB:c15 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\ifuckhackerdewife.js - Suspicious of Trojan-Downloader.VBS.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\imgir.pps - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\index1.html - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\index(146).html - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\Installer.class - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\loool.html - Suspicious of Trojan-Downloader.VBS.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\MagicApplet.class - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\mcntmso - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\MDA5 - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\MDAy - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\MDk1 - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\ms07-017.ani - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\Ms06014.htm - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\MTY2 - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\MTY5 - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\pmsg.html - Suspicious of Trojan-Downloader.VBS.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\riff_last(1).bin - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\riff_last.bin - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\rueaolurby.php - Infected with PDB:511 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\tvkqjf.php - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\!update-4295.0000 - Suspicious of Trojan-Dropper.Rime.2
C:\Documents and Settings\uhthn\Desktop\New Folder\!update-4395.0000 - Suspicious of Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\129.net - Suspicious of Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\188.ani - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\ah.c - OK
C:\Documents and Settings\uhthn\Desktop\New Folder\ani491.html - Suspicious of Not-A-Virus:Porn-Dialer.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\ani494.html - Suspicious of Not-A-Virus:Porn-Dialer.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\ani760.html - Suspicious of Not-A-Virus:Porn-Dialer.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder\ani_ms.php - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\aslibyu.php - Infected with PDB:511 Malware program - Deleted

35 Files scanned
3 Infected files found
21 Suspicious files found
0 Files cured
3 Files deleted

显示全部楼层 · 发表于 2007-10-3 06:33:50

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\35'
C:\Users\morgan\Documents\35\
  !update-4295.0000
   [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.CO.10
   [INFO]    The file was deleted!
  !update-4395.0000
   [DETECTION] Is the Trojan horse TR/Dldr.PuritySca.A
   [INFO]    The file was deleted!
  129.net
   [DETECTION] Contains detection pattern of the dropper DR/WebHancer.390.7
   [INFO]    The file was deleted!
  188.ani
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  ah.c
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  ani491.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
   [INFO]    The file was deleted!
  ani494.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
   [INFO]    The file was deleted!
  ani760.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
   [INFO]    The file was deleted!
  ani_ms.php
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Psyme.GX.3
   [INFO]    The file was deleted!
  aslibyu.php
   [DETECTION] Is the Trojan horse TR/Tiny.705
   [INFO]    The file was deleted!
  cagher.php
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bxu Backdoor server programs
   [INFO]    The file was deleted!
  contact_us.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.K
   [INFO]    The file was deleted!
  cyber.wmf
   [DETECTION] Contains detection pattern of the exploits EXP/MS06-001.WMF
   [INFO]    The file was deleted!
  ddos.exe
   [DETECTION] Is the Trojan horse TR/Drop.Small.avb
   [INFO]    The file was deleted!
  gixqwflek
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
  ifuckhackerdewife.js
   [DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
   [INFO]    The file was moved to '4777c79d.qua'!
  imgir.pps
   [DETECTION] Is the Trojan horse TR/Spy.Banbra.MR.6
   [INFO]    The file was deleted!
  index(146).html
  index1.html
  Installer.class
   [DETECTION] Is the Trojan horse TR/Dldr.Java.OpenConnection.AO
   [INFO]    The file was deleted!
  loool.html
   [DETECTION] Contains detection pattern of the exploits EXP/Psyme.T.1
   [INFO]    The file was deleted!
  MagicApplet.class
   [DETECTION] Contains detection pattern of the exploits EXP/Java.Bytver.5.B
   [INFO]    The file was deleted!
  mcntmso
   [DETECTION] Is the Trojan horse TR/Drop.Agent.cbl.2
   [INFO]    The file was deleted!
  MDA5
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
   [INFO]    The file was deleted!
  MDAy
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
   [INFO]    The file was deleted!
  MDk1
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
   [INFO]    The file was deleted!
  Ms06014.htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Huti
   [INFO]    The file was deleted!
  ms07-017.ani
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  MTY2
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
   [INFO]    The file was deleted!
  MTY5
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
   [INFO]    The file was deleted!
  pmsg.html
   [DETECTION] Contains detection pattern of the exploits EXP/Psyme.T.1
   [INFO]    The file was deleted!
  riff_last(1).bin
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  riff_last.bin
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  rueaolurby.php
   [DETECTION] Is the Trojan horse TR/Tiny.705
   [INFO]    The file was deleted!
  tvkqjf.php
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bxu Backdoor server programs
   [INFO]    The file was deleted!

End of the scan: 2007年10月2日  15:33
Used time: 00:05 min

The scan has been done completely.

   1 Scanning directories
   35 Files were scanned
   32 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   32 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-3 09:28:33

金山12个

显示全部楼层 · 发表于 2007-10-3 09:40:32

Start of the scan: 2007年10月3日  09:39

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\35[1].part2.rar
  [0] Archive type: RAR
  --> Installer.class
   [DETECTION] Is the Trojan horse TR/Dldr.Java.OpenConnection.AO
  --> loool.html
   [DETECTION] Contains detection pattern of the exploits EXP/Psyme.T.1
  --> MagicApplet.class
   [DETECTION] Contains detection pattern of the exploits EXP/Java.Bytver.5.B
  --> mcntmso
   [DETECTION] Is the Trojan horse TR/Drop.Agent.cbl.2
  --> MDA5
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
  --> MDAy
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
  --> MDk1
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
  --> ms07-017.ani
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
  --> Ms06014.htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Huti
  --> MTY2
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
  --> MTY5
   [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
  --> pmsg.html
   [DETECTION] Contains detection pattern of the exploits EXP/Psyme.T.1
  --> riff_last(1).bin
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
  --> riff_last.bin
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
  --> rueaolurby.php
   [DETECTION] Is the Trojan horse TR/Tiny.705
  --> tvkqjf.php
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bxu Backdoor server programs
  --> !update-4295.0000
   [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.CO.10
  --> !update-4395.0000
   [DETECTION] Is the Trojan horse TR/Dldr.PuritySca.A
  --> 129.net
   [DETECTION] Contains detection pattern of the dropper DR/WebHancer.390.7
  --> 188.ani
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
  --> ah.c
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
  --> ani491.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
  --> ani494.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
  --> ani760.html
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.CR.2
  --> ani_ms.php
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Psyme.GX.3
  --> aslibyu.php
   [DETECTION] Is the Trojan horse TR/Tiny.705
   [INFO]    The file was deleted!
H:\AV-TEST\35[1].part1.rar
  [0] Archive type: RAR
  --> cagher.php
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bxu Backdoor server programs
  --> contact_us.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.K
  --> cyber.wmf
   [DETECTION] Contains detection pattern of the exploits EXP/MS06-001.WMF
  --> ddos.exe
   [DETECTION] Is the Trojan horse TR/Drop.Small.avb
  --> gixqwflek
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> ifuckhackerdewife.js
   [DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年10月3日  09:39
Used time: 00:25 min

The scan has been done completely.

   1 Scanning directories
   36 Files were scanned
   31 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-4 08:30:32

扫描报告
2007年10月4日 8:29:58 - 8:30:00
计算机名称: C3EF58622174424
扫描类型: 扫描目标
目标: G:\v

--------------------------------------------------------------------------------

结果: 找到 32 恶意软件
Trojan-Downloader.Win32.PurityScan.co (病毒)
G:\v\!update-4295.0000 操作: 删除
Trojan-Downloader.Win32.PurityScan.dx (病毒)
G:\v\!update-4395.0000 操作: 删除
Exploit.Win32.IMG-ANI.au (病毒)
G:\v\188.ani 操作: 删除
Exploit.Win32.IMG-ANI.gen (病毒)
G:\v\ah.c 操作: 删除
G:\v\ms07-017.ani 操作: 删除
JS/CVE-2007-0038 (病毒)
G:\v\ani491.html 操作: 删除
G:\v\ani494.html 操作: 删除
G:\v\ani760.html 操作: 删除
Exploit.HTML.IESlice.l (病毒)
G:\v\ani_ms.php 操作: 删除
Backdoor.Win32.Agent.bxu (病毒)
G:\v\cagher.php 操作: 删除
G:\v\tvkqjf.php 操作: 删除
VBS/Redlof.S (病毒)
\\?\G:\v\contact_us.htm 操作: 删除
Exploit.Win32.IMG-WMF.v (病毒)
G:\v\cyber.wmf 操作: 删除
Trojan-Dropper.Win32.Small.avb (病毒)
G:\v\ddos.exe 操作: 删除
Trojan.Win32.Agent.bty (病毒)
G:\v\gixqwflek 操作: 删除
Trojan-Downloader.JS.Agent.tt (病毒)
G:\v\ifuckhackerdewife.js 操作: 删除
Trojan-Spy.Win32.Banbra.mr (病毒)
G:\v\imgir.pps 操作: 删除
Trojan-Downloader.JS.Small.gf (病毒)
G:\v\index(146).html 操作: 删除
Trojan-Downloader.Java.OpenConnection.ao (病毒)
G:\v\Installer.class 操作: 删除
G:\v\MagicApplet.class 操作: 删除
VBS/Psyme.BT@dl (病毒)
G:\v\loool.html 操作: 删除
G:\v\pmsg.html 操作: 删除
Trojan.Win32.Dialer.ri (病毒)
G:\v\mcntmso 操作: 删除
Trojan.Win32.DNSChanger.hd (病毒)
G:\v\MDA5 操作: 删除
G:\v\MDAy 操作: 删除
G:\v\MDk1 操作: 删除
G:\v\MTY2 操作: 删除
G:\v\MTY5 操作: 删除
Trojan-Downloader.VBS.Psyme.gd (病毒)
G:\v\Ms06014.htm 操作: 删除
Exploit.Win32.IMG-ANI.w (病毒)
G:\v\riff_last(1).bin 操作: 删除
G:\v\riff_last.bin 操作: 删除
AdWare.Win32.WebHancer (adware)
G:\v\129.net 操作: 删除

--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 35
未扫描: 0
结果:
病毒: 29
间谍软件: 1
可疑项目: 2
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
删除: 32
已隔离: 0
失败: 0
启动扇区:
已扫描: 0
受感染: 0
可疑项目: 0
已杀毒: 0

--------------------------------------------------------------------------------

选项
定义版本:
病毒: 2007-10-03_03
间谍软件: 2007-10-03_03
扫描引擎:
F-Secure AVP: 7.00.171, 2007-10-03
F-Secure Libra: 2.04.01, 2007-10-03
F-Secure Orion: 1.02.37, 2007-10-03
F-Secure Draco: 1.00.35, 2007-09-17
扫描选项:
扫描所有文件
扫描内部存档
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

[病毒样本] 35

本帖子中包含更多资源

浏览过的版块