[病毒样本] 33

显示全部楼层 · 发表于 2007-10-2 17:35:50

还有六百个后缀各异但杀软又没报毒的东东..吐血

显示全部楼层 · 发表于 2007-10-2 17:38:05

Scan performed at: 2007-10-2 17:37:28
Scanning Log
NOD32 version 2564 (20071002) NT
Command line: C:\Documents and Settings\Don johnson\桌面\33.rar
Operating memory - is OK

Date: 2.10.2007 Time: 17:37:31
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\33.rar
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?1_z.html - probably a variant of HTML/Exploit.Agent trojan
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?crash.html - JS/Exploit.Blinker trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?ddrmhpkf.php - a variant of Win32/TrojanDownloader.Agent.CTI trojan
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?h.htm - VBS/TrojanDownloader.Small.DC trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?index(1).php - probably a variant of VBS/TrojanDownloader.Small trojan
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?nhdnxkuv.php - a variant of Win32/TrojanDownloader.Agent.CTI trojan
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?test.html - JS/TrojanDownloader.Psyme.NBZ trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?wu.htm - JS/Exploit.ADODB.Stream.NAX trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?1.html - HTML/Exploit.IframeBof trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?aslibyu.php.VIR - probably a variant of Win32/Agent trojan
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?besplatni-pornici.html.VIR - HTML/TrojanDownloader.XXXToolbar Adware - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?ifuckhackerdewife.js.VIR - JS/TrojanDownloader.Psyme.GW trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?index(95).html.VIR - HTML/TrojanDownloader.XXXToolbar Adware - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\33.rar ?RAR ?rueaolurby.php.VIR - probably a variant of Win32/Agent trojan
Number of scanned files: 34
Number of threats found: 14
Number of files cleaned: 1
Time of completion: 17:37:45 Total scanning time: 14 sec (00:00:14)

显示全部楼层 · 发表于 2007-10-2 17:40:32

21
detected: malware Exploit.HTML.Agent.j File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/1_z.html
detected: malware not-virus:BadJoke.JS.Blinker File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/crash.html
detected: Trojan program Trojan.Win32.Pakes.dm File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/ddrmhpkf.php
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(1).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(2).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(3).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(4).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(5).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(6).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(7).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(8).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1(9).htm
detected: Trojan program Trojan-Downloader.JS.Agent.of File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/exp1.htm
detected: Trojan program Trojan-Downloader.VBS.Small.dc File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/h.htm
detected: malware Exploit.VBS.Phel.do File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/in.php
detected: Trojan program Trojan-Downloader.VBS.Small.dn File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/index(1).php
detected: Trojan program Trojan-Clicker.Win32.Agent.lw File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/index(86).html
detected: Trojan program Trojan.Win32.Pakes.dm File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/nhdnxkuv.php
detected: Trojan program Trojan-Downloader.JS.Agent.hv File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/test.html
detected: Trojan program Trojan-Downloader.VBS.Psyme.gj File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/wu.htm
detected: malware Exploit.HTML.IframeBof File: C:\Documents and Settings\Owner\×ÀÃæ\33.rar/1.html

显示全部楼层 · 发表于 2007-10-2 17:42:19

国外的？

[ 本帖最后由 FBAV 于 2007-10-2 17:50 编辑 ]

显示全部楼层 · 发表于 2007-10-2 17:43:08

Starting the file scan:

Begin scan in 'F:\Documents and Settings\kafan\桌面\33.rar'
F:\Documents and Settings\kafan\桌面\33.rar
  [0] Archive type: RAR
  --> 1_z.html
   [DETECTION] Contains detection pattern of the exploits EXP/HTML.Agent.J
  --> crash.html
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Blinker
  --> ddrmhpkf.php
   [DETECTION] Contains detection pattern of the worm WORM/Ntech.M
  --> exp1(1).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(2).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(3).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(4).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(5).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(6).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(7).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(8).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1(9).htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> exp1.htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
  --> h.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.Psyme.BP
  --> index(1).php
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Drop.213
  --> index(86).html
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> nhdnxkuv.php
   [DETECTION] Contains detection pattern of the worm WORM/Ntech.M
  --> test.html
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Delf
  --> wu.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.Agent.6171
  --> 1.html
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Shelled.A
  --> aslibyu.php.VIR
   [DETECTION] Is the Trojan horse TR/Tiny.705
  --> bbpkbwem.php.VIR
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> ifuckhackerdewife.js.vir
   [DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
  --> index(100).html.vir
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
  --> index(128).html.vir
   [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> rueaolurby.php.VIR
   [DETECTION] Is the Trojan horse TR/Tiny.705
  --> syvscc.php.VIR
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was deleted!

End of the scan: 2007年10月2日  17:42
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   35 Files were scanned
   11 viruses and/or unwanted programs were found
   16 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   24 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-2 18:01:33

原帖由 FBAV 于 2007-10-2 17:42 发表
国外的？

算是吧..

显示全部楼层 · 发表于 2007-10-2 18:15:15

===================================================================================================
On-demand scanner 7.0.0.9

NSE revision 5.91.07
nvcbin.def revision 5.90.00 of 2007/09/28 15:46:54 (967863 variants)
nvcmacro.def revision 5.90.00 of 2007/09/25 15:36:51 (20411 variants)
Total number of variants: 988274
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: G:\
- Scanning system areas of drive: G:\
- Scanning files in the directory: G:\v\
      0 ms G:\v\1.html                                                 Trojan HTML/IFrameBof.A ()
- File G:\v\1.html quarantined.
- File G:\v\1.html deleted.
      0 ms G:\v\1_z.html
      0 ms G:\v\aslibyu.php.VIR                                        Trojan Harnig.gen1 ()
- File G:\v\aslibyu.php.VIR quarantined.
- File G:\v\aslibyu.php.VIR deleted.
   12000 ms G:\v\bbpkbwem.php.VIR
      0 ms G:\v\besplatni-pornici.html.VIR
   15 ms G:\v\crash.html
   1000 ms G:\v\ddrmhpkf.php
   16 ms G:\v\exp1(1).htm
   16 ms G:\v\exp1(2).htm
      0 ms G:\v\exp1(3).htm
   15 ms G:\v\exp1(4).htm
   16 ms G:\v\exp1(5).htm
      0 ms G:\v\exp1(6).htm
      0 ms G:\v\exp1(7).htm
   15 ms G:\v\exp1(8).htm
   16 ms G:\v\exp1(9).htm
      0 ms G:\v\exp1.htm
   31 ms G:\v\h.htm                                                 Trojan VBS/Psyme.AE ()
- File G:\v\h.htm quarantined.
- File G:\v\h.htm deleted.
      0 ms G:\v\ifuckhackerdewife.js.VIR
   15 ms G:\v\in.php
      0 ms G:\v\index(1).php
   32 ms G:\v\index(100).html.VIR
      0 ms G:\v\index(106).html.VIR
   46 ms G:\v\index(128).html.VIR
   32 ms G:\v\index(146).html.VIR                                  Trojan JS/Laume.gen1 ()
- File G:\v\index(146).html.VIR quarantined.
- File G:\v\index(146).html.VIR deleted.
   16 ms G:\v\index(31).html.VIR
   16 ms G:\v\index(86).html
      0 ms G:\v\index(95).html.VIR                                     Trojan JS/Istbar.A ()
- File G:\v\index(95).html.VIR quarantined.
- File G:\v\index(95).html.VIR deleted.
   1000 ms G:\v\nhdnxkuv.php
      0 ms G:\v\rueaolurby.php.VIR                                     Trojan Harnig.gen1 ()
- File G:\v\rueaolurby.php.VIR quarantined.
- File G:\v\rueaolurby.php.VIR deleted.
   12079 ms G:\v\syvscc.php.VIR
   31 ms G:\v\test.html                                              Trojan JS/Psyme.AA ()
- File G:\v\test.html quarantined.
- File G:\v\test.html deleted.
      0 ms G:\v\wu.htm

===================================================================================================

The scanning started: 2007/10/02 18:14:39
            ended: 2007/10/02 18:15:06
Logged on as       : Administrator
on hostname       : C3EF58622174424

Scanning results:
Total number of files found..............................:    33
Number of files scanned..................................:    33
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    7

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-10-2 19:16:26

已删除：恶意程序 Exploit.HTML.Agent.j 文件: F:\10.2\33.rar/1_z.html
已删除：恶意程序 not-virus:BadJoke.JS.Blinker 文件: F:\10.2\33.rar/crash.html
已删除：木马程序 Trojan.Win32.Pakes.dm 文件: F:\10.2\33.rar/ddrmhpkf.php
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(1).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(2).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(3).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(4).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(5).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(6).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(7).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(8).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1(9).htm
已删除：木马程序 Trojan-Downloader.JS.Agent.of 文件: F:\10.2\33.rar/exp1.htm
已删除：木马程序 Trojan-Downloader.VBS.Small.dc 文件: F:\10.2\33.rar/h.htm
已删除：恶意程序 Exploit.VBS.Phel.do 文件: F:\10.2\33.rar/in.php
已删除：木马程序 Trojan-Downloader.VBS.Small.dn 文件: F:\10.2\33.rar/index(1).php
已删除：木马程序 Trojan-Clicker.Win32.Agent.lw 文件: F:\10.2\33.rar/index(86).html
已删除：木马程序 Trojan.Win32.Pakes.dm 文件: F:\10.2\33.rar/nhdnxkuv.php
已删除：木马程序 Trojan-Downloader.JS.Agent.hv 文件: F:\10.2\33.rar/test.html
已删除：木马程序 Trojan-Downloader.VBS.Psyme.gj 文件: F:\10.2\33.rar/wu.htm
已删除：恶意程序 Exploit.HTML.IframeBof 文件: F:\10.2\33.rar/1.html

[病毒样本] 33

本帖子中包含更多资源