流行网马更新X7 [MD5: E7BCF5 B79AE1 EE67B1 C37978 DD4933 89D9AE 85BC35]

显示全部楼层 · 发表于 2007-10-9 18:50:19

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\样本3\ndmai.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:51712  MD5:b79ae13dbd02e0c9de129e14443ee7f0

[C:\Documents and Settings\Administrator\桌面\Virus\样本3\ndmai.exe]
                  …………发现Spy！报告: [4] [1]
文件信息:  大小:64000  MD5:ee67b17dc175f5a95722ac2fef375f38

[C:\Documents and Settings\Administrator\桌面\Virus\样本3\NewInfo.bmp]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:28066  MD5:dd4933069815298cd48a2a53b1e020de

[C:\Documents and Settings\Administrator\桌面\Virus\样本3\xzz.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:32317  MD5:89d9ae03b6752d2647728d6768b5f7a5

[C:\Documents and Settings\Administrator\桌面\Virus\样本3\svcos.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:16417  MD5:85bc35691ce159b7b4050edecf5db14d

文件数:7 病毒数:5  比重:0.7142857142857
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

显示全部楼层 · 发表于 2007-10-9 18:51:59

[扫描路径] C:\Documents and Settings\wangcheng\桌面\样本3.rar
>>C:\Documents and Settings\wangcheng\桌面\样本3.rar\bbbb.exe 已被感染了 :  BackDoor.WebDor
>>C:\Documents and Settings\wangcheng\桌面\样本3.rar\ndmai.dll 已被感染了 :  Trojan.PWS.Wow.origin
>>>>C:\Documents and Settings\wangcheng\桌面\样本3.rar\ndmai.exe 已被感染了 :  Trojan.PWS.Lineage.origin
>>C:\Documents and Settings\wangcheng\桌面\样本3.rar\pk.exe 已被感染了 :  Trojan.PWS.Gamania
>C:\Documents and Settings\wangcheng\桌面\样本3.rar\NewInfo.bmp 已被感染了 :  Trojan.PWS.Gamania
>>C:\Documents and Settings\wangcheng\桌面\样本3.rar\xzz.exe 已被感染了 :  Win32.HLLW.Autoruner.695
C:\Documents and Settings\wangcheng\桌面\样本3.rar - 发现档案文件中有受感染的对象

显示全部楼层 · 发表于 2007-10-9 18:53:38

Start of the scan: 2007年10月9日  18:53

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本3.rar'
C:\Documents and Settings\Administrator\桌面\样本3.rar
  [0] Archive type: RAR
  --> bbbb.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> ndmai.dll
   [DETECTION] Is the Trojan horse TR/PWS.Lineage.ZQ.3
  --> ndmai.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.adu
  --> pk.exe
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.Psyme.GR.2
  --> NewInfo.bmp
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.Psyme.GR.3
  --> xzz.exe
   [DETECTION] Is the Trojan horse TR/Agent.32245
  --> svcos.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    A backup was created as '473ec4e0.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: 2007年10月9日  18:53
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   9 Files were scanned
   6 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-9 18:54:30

卡巴
7个
已删除: 病毒 Virus.Win32.AutoRun.hw 文件: F:\病毒样本\样本3.rar/bbbb.exe//PE_Patch.UPX//UPX
已删除: 病毒 Virus.Win32.AutoRun.rx 文件: F:\病毒样本\样本3.rar/xzz.exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.Delf.adu 文件: F:\病毒样本\样本3.rar/ndmai.exe//PE_Patch.PECompact//PecBundle//PECompact
已删除: 木马程序 Trojan-PSW.Win32.Delf.qc 文件: F:\病毒样本\样本3.rar/NewInfo.bmp
已删除: 木马程序 Trojan-PSW.Win32.Delf.qc 文件: F:\病毒样本\样本3.rar/pk.exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.elj 文件: F:\病毒样本\样本3.rar/ndmai.dll//PE_Patch.PECompact//PecBundle//PECompact
已删除: 木马程序 Trojan.Win32.VB.bhp 文件: F:\病毒样本\样本3.rar/svcos.exe//FSG

显示全部楼层 · 发表于 2007-10-9 19:10:05

江民3个

显示全部楼层 · 发表于 2007-10-9 20:48:25

symantec endpoint

2007-10-9 20:47:31,W32.Dotex,Quarantined,xzz.exe
2007-10-9 20:47:30,Infostealer,Quarantined,NewInfo.bmp
2007-10-9 20:47:30,Infostealer,Quarantined,pk.exe
2007-10-9 20:47:29,W32.Fubalca.E,Quarantined,bbbb.exe

显示全部楼层 · 发表于 2007-10-9 22:05:08

7
detected: virus Virus.Win32.AutoRun.hw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/bbbb.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.elj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/ndmai.dll//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.Delf.adu File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/ndmai.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.Delf.qc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/pk.exe//UPX
detected: Trojan program Trojan-PSW.Win32.Delf.qc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/NewInfo.bmp
detected: virus Virus.Win32.AutoRun.rx File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/xzz.exe//FSG
detected: Trojan program Trojan.Win32.VB.bhp File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾3.rar/svcos.exe//FSG

显示全部楼层 · 发表于 2007-10-9 22:08:18

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 352
Paranoia Database - 6972
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\bbbb.exe - Infected Win32.Trojan-Downloader.zlob.2
C:\Documents and Settings\uhthn\Desktop\New Folder\ndmai.dll - Suspected MalwareDetector:Win32.Generic.PSW.16
C:\Documents and Settings\uhthn\Desktop\New Folder\ndmai.exe - Suspected MalwareDetector:Win32.Generic.PSW.16
C:\Documents and Settings\uhthn\Desktop\New Folder\pk.exe - Infected Win32.Generic.Malware.cc1
C:\Documents and Settings\uhthn\Desktop\New Folder\NewInfo.bmp - Infected Win32.Trojan-PSW.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\xzz.exe - Infected Generic.Malware.685
C:\Documents and Settings\uhthn\Desktop\New Folder\svcos.exe - Suspected MalwareDetector:Generic.PSW.2

7 Files scanned
4 Infected files found
3 Suspected files found
0 Files cured
4 Files deleted

显示全部楼层 · 发表于 2007-10-9 22:08:34

C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » bbbb.exe - Win32/Delf.NDV worm
C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » ndmai.dll - a variant of Win32/PSW.Lineage.DN trojan
C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » pk.exe - a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » NewInfo.bmp - Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » xzz.exe - probably a variant of Win32/Delf.NDF worm
C:\Documents and Settings\Don johnson\桌面\样本3.rar » RAR » svcos.exe - probably unknown NewHeur_PE virus

[病毒样本] 流行网马更新X7 [MD5: E7BCF5 B79AE1 EE67B1 C37978 DD4933 89D9AE 85BC35]

本帖子中包含更多资源

6

浏览过的版块