12个

显示全部楼层 · 发表于 2007-10-4 18:46:07

卡巴斯基反病毒软件 7.0

The requested URL http://bbs.kafan.cn/attachment.php?aid=135260 is infected with Trojan-PSW.Win32.Lmir.bjh virus

显示全部楼层 · 发表于 2007-10-4 18:47:12

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (12).exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:34350  MD5:140baf6946fdf49f162c8fa31c00480b

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (3).exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:24034  MD5:c6111826a0e8b41ad5e139074da2985e

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (4).exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:21447  MD5:3d9838c527d09d82dcbbc000d349306a

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (5).exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:29889  MD5:6431ef4ee64c50844ca3394bfc541c0a

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (6).exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:21447  MD5:ab0e21987b23c1cfb97fa96e4480a4be

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (9).exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:483346  MD5:0c5ac4dbc6c81d465a6d6b2f5a56d052

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (10).exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:7612  MD5:1a8a4ef80f53d23b1c66b1a0849f40b7

[C:\Documents and Settings\Administrator\桌面\Virus\12\MCxVbopsCy (11).exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:34161  MD5:3685b6154bdbe3e3ac0377e1fa006e7c

文件数:12 病毒数:8  比重:0.6666666666667
OK  扫描完毕！
  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

[ 本帖最后由 FBAV 于 2007-10-4 18:49 编辑 ]

显示全部楼层 · 发表于 2007-10-4 18:47:22

Result: 9 malware found
Trojan-PSW.Win32.Lmir.bjh (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (12).exe
Backdoor.Win32.Agent.ait (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (1).exe
Trojan-PSW.Win32.QQPass.xw (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (3).exe
Trojan-Downloader.Win32.Delf.bnj (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (4).exe
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (6).exe
Trojan-Downloader.Win32.Delf.bpb (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (7).exe
Trojan-PSW.Win32.QQGame.j (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (8).exe
Trojan-Spy.Win32.VB.rw (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (9).exe
Trojan-Downloader.Win32.VB.bhx (virus)
C:\Users\Administrator\Desktop\12.rar\MCxVbopsCy (10).exe

显示全部楼层 · 发表于 2007-10-4 18:47:35

Scan performed at: 2007-10-4 18:47:11
Scanning Log
NOD32 version 2571 (20071004) NT
Command line: C:\Documents and Settings\Don johnson\桌面\12.rar
Operating memory - is OK

Date: 4.10.2007 Time: 18:47:15
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\12.rar
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (12).exe - probably a variant of Win32/PSW.QQShou trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (1).exe - Win32/Agent.AIT trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (3).exe - probably a variant of Win32/PSW.QQShou trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (4).exe - probably a variant of Win32/TrojanDownloader.Delf trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (5).exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (6).exe - probably a variant of Win32/TrojanDownloader.Delf trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (8).exe - Win32/PSW.QQGame.J trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (9).exe - probably a variant of Win32/Spy.VB trojan
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (10).exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\12.rar ?RAR ?MCxVbopsCy (11).exe - probably a variant of Win32/Genetik trojan
Number of scanned files: 13
Number of threats found: 10
Number of files cleaned: 1
Time of completion: 18:47:18 Total scanning time: 3 sec (00:00:03)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-10-4 18:54:53

卡巴斯基反病毒软件 7.0

显示全部楼层 · 发表于 2007-10-4 18:55:53

卡巴 7.0.0.125
9个

已删除: 木马程序 Backdoor.Win32.Agent.ait 文件: F:\病毒样本\12.rar/MCxVbopsCy (1).exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bnj 文件: F:\病毒样本\12.rar/MCxVbopsCy (4).exe//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bnj 文件: F:\病毒样本\12.rar/MCxVbopsCy (6).exe//UPX
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bpb 文件: F:\病毒样本\12.rar/MCxVbopsCy (7).exe
已删除: 木马程序 Trojan-Downloader.Win32.VB.bhx 文件: F:\病毒样本\12.rar/MCxVbopsCy (10).exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.Lmir.bjh 文件: F:\病毒样本\12.rar/MCxVbopsCy (12).exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.QQGame.j 文件: F:\病毒样本\12.rar/MCxVbopsCy (8).exe
已删除: 木马程序 Trojan-PSW.Win32.QQPass.xw 文件: F:\病毒样本\12.rar/MCxVbopsCy (3).exe//UPack
已删除: 木马程序 Trojan-Spy.Win32.VB.rw 文件: F:\病毒样本\12.rar/MCxVbopsCy (9).exe

显示全部楼层 · 发表于 2007-10-4 19:00:52

2007-10-4 19:00:39 1191495639 Administrator 2596 Sign of "Win32:Nilage-AI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (12).exe\[Upack]\[Embedded#DLLFILE]" file.
2007-10-4 19:00:43 1191495643 Administrator 2596 Sign of "Win32:Agent-GKC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (1).exe\[Embedded#2060]" file.
2007-10-4 19:00:43 1191495643 Administrator 2596 Sign of "Win32:Agent-GKC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (1).exe" file.
2007-10-4 19:00:43 1191495643 Administrator 2596 Sign of "Win32:QQPass-MH [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (3).exe\[Upack]\[Embedded#DLLFILE]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Cardspy-C [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (4).exe\[UPX]\[Embedded#3b18]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Delf-FOQ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (5).exe" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Cardspy-C [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (6).exe\[UPX]\[Embedded#3b18]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Nilage-AI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (7).exe\[Embedded#DLLFILE]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Nilage-AI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (7).exe" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Nilage-AI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (8).exe\[Embedded#DLLFILE]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Nilage-AI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (8).exe" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:VB-EPN [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (9).exe\[Embedded#1278c]\[Embedded#059ac]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:VB-EPN [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (9).exe\[Embedded#1278c]" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:VB-EPN [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (9).exe" file.
2007-10-4 19:00:44 1191495644 Administrator 2596 Sign of "Win32:Hacko [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\12.rar\MCxVbopsCy (11).exe" file.

显示全部楼层 · 发表于 2007-10-4 19:01:45

AVAST居然扫除15个

显示全部楼层 · 发表于 2007-10-4 19:04:28

Protokol o skenováníDatum: 4. ?jna 2007 19:02:59Cíl:
G:\V\12.rar
Možnosti:

Skenovací metoda	Všechny soubory
Heuristika	Povoleno
Použít virtuální počítač	Ano
Skenovat archívy	Ano
Použít vyřazené přípony	Ne
Vyřazené přípony	Není definováno
Použít vyřazené objekty	Ne
Vyřazené objekty	Není definováno

Verze antiviru:
TrustPort Workstation Antivirus 2.7.0.1419
Výsledky:
Soubory:

Cesta	Výsledek skenování	Jméno viru	Provedená akce
G:\V\12.rar:\MCxVbopsCy (12).exe	Infikováno!	PSW.Generic5.AVC	Do karantény
G:\V\12.rar:\MCxVbopsCy (1).exe	Infikováno!	BackDoor.Agent.EFK	Do karantény
G:\V\12.rar:\MCxVbopsCy (3).exe	Infikováno!	PSW.Generic4.ZTN	Do karantény
G:\V\12.rar:\MCxVbopsCy (4).exe	Infikováno!	Downloader.Generic5.GHM	Do karantény
G:\V\12.rar:\MCxVbopsCy (5).exe	Infikováno!	Generic5.ZTT	Do karantény
G:\V\12.rar:\MCxVbopsCy (6).exe	Infikováno!	Downloader.Generic5.GHM	Do karantény
G:\V\12.rar:\MCxVbopsCy (7).exe	Infikováno!	Generic5.VRD	Do karantény
G:\V\12.rar:\MCxVbopsCy (8).exe	Infikováno!	Generic6.SI	Do karantény
G:\V\12.rar:\MCxVbopsCy (9).exe	Infikováno!	PSW.Generic5.DRW	Do karantény
G:\V\12.rar:\MCxVbopsCy (10).exe	Infikováno!	Downloader.VB.RY	Do karantény
G:\V\12.rar:\MCxVbopsCy (11).exe	Infikováno!	Generic6.BAA	Do karantény
G:\V\12.rar	Infikováno!	PSW.Generic5.AVC	Karanténa

Statistika
Zaváděcí sektory:

Oskenováno:	0
Infikováno:	0
Opraveno:	0

Soubory:

Oskenováno:	14
Infikováno:	11
Opraveno:	0
Přejmenováno:	0
Přesunuto do karantény:	1
Smazáno:	0

Registry:

Oskenováno:	0
Infikováno:	0
Opraveno:	0
Smazáno:	0

[病毒样本] 12个

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块