同事存储卡中抓的一包。。

显示全部楼层 · 发表于 2007-10-11 16:40:22

没有经过修饰的。。

显示全部楼层 · 发表于 2007-10-11 16:45:22

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.bin]
                  …………发现Spy！报告: [4]
文件信息:  大小:959  MD5:62059131773bac3819b9af053349a50e

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:778240  MD5:874423c8965f158dd7ae06150b0254c6

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.exe.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:778240  MD5:874423c8965f158dd7ae06150b0254c6

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\AUTORUN.FCB]
                  …………发现Spy！报告: [4]
文件信息:  大小:203  MD5:05998585f18cc81ecb3aadb668a1109f

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\Autorun.ico]
                  …………发现Spy！报告: [4]
文件信息:  大小:2238  MD5:8fa404e93114b1eea28f7444cfff3082

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.inf.rar]
                  …………发现Spy！报告: [4]
文件信息:  大小:317635  MD5:877b8e87d07ecd33eef95f6b992e54a9

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.inf_被屏蔽木马]
                  …………发现Spy！报告: [4]
文件信息:  大小:203  MD5:05998585f18cc81ecb3aadb668a1109f

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\Autorun.ini]
                  …………发现Spy！报告: [4] [2]
文件信息:  大小:17213  MD5:e14f20bf1fc3f18a516824aeaa344d83

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.pif]
                  …………发现Spy！报告: [4]
文件信息:  大小:967  MD5:0a5d116ce3058adfceb3407577e42d82

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.rar]
                  …………发现Spy！报告: [4]
文件信息:  大小:15210  MD5:912efae8e9c2989438fb10a0c7dfa906

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.txt]
                  …………发现Spy！报告: [4]
文件信息:  大小:24  MD5:8e8429e415c19ca2c02abe4c5684a23e

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.wsh]
                  …………发现Spy！报告: [4]
文件信息:  大小:72  MD5:a9900490cf34dee22f588255088c7d77

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\Autorun.~ex]
                  …………发现Spy！报告: [4]
文件信息:  大小:61440  MD5:3a9bcde21a8d27f0c4b7f43615e0e821

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\dtsvitiq.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:11264  MD5:a675f930fe69cf396ac37fab80759a38

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\phshursc.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:16896  MD5:3f66df9f070853d88cd3707b455162e4

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\Recycled\desktop.ini]
                  …………发现Spy！报告: [4]  [3]
文件信息:  大小:63  MD5:e783bdd20a976eaeaae1ff4624487420

[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.inf.rar]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\Virus\vir\新建文件夹\autorun.rar]
                  …………特征码引擎[1]发现病毒
文件数:22 病毒数:18  比重:0.8181818181818
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

[ 本帖最后由 FBAV 于 2007-10-11 16:47 编辑 ]

显示全部楼层 · 发表于 2007-10-11 16:46:25

2007-10-11 16:45:59 1192092359 Administrator 3316 Sign of "VBS:Small-B [Trj]" has been found in "D:\Downloads\vir.rar\新建文件夹\AUTORUN.FCB" file.
2007-10-11 16:46:01 1192092361 Administrator 3316 Sign of "BV:Small-B [Trj]" has been found in "D:\Downloads\vir.rar\新建文件夹\autorun.inf.rar\autorun.bat" file.
2007-10-11 16:46:01 1192092361 Administrator 3316 Sign of "VBS:Small-B [Trj]" has been found in "D:\Downloads\vir.rar\新建文件夹\autorun.inf.rar\autorun.inf" file.
2007-10-11 16:46:02 1192092362 Administrator 3316 Sign of "VBS:Small-B [Trj]" has been found in "D:\Downloads\vir.rar\新建文件夹\autorun.inf_被屏蔽木马" file.
2007-10-11 16:46:02 1192092362 Administrator 3316 Sign of "Win32:VB-EPJ [Trj]" has been found in "D:\Downloads\vir.rar\新建文件夹\dtsvitiq.exe\[UPX]" file.
2007-10-11 16:46:02 1192092362 Administrator 3316 Sign of "Win32:Autorun-AL" has been found in "D:\Downloads\vir.rar\新建文件夹\phshursc.exe\[UPX]" file.

显示全部楼层 · 发表于 2007-10-11 16:49:38

avast!报

显示全部楼层 · 发表于 2007-10-11 16:51:38

過了第n次......

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 443
Paranoia Database - 7092
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\vir

C:\Documents and Settings\uhthn\Desktop\vir\autorun.001 - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.bin - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.exe - Infected Win32.Trojan-PSW.OnLineGames.a
C:\Documents and Settings\uhthn\Desktop\vir\autorun.exe.exe - Infected Win32.Trojan-PSW.OnLineGames.a
C:\Documents and Settings\uhthn\Desktop\vir\AUTORUN.FCB - Suspected Trojan.Autorun.1
C:\Documents and Settings\uhthn\Desktop\vir\Autorun.ico - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.inf.rar - Infected Virus.autorun.7
C:\Documents and Settings\uhthn\Desktop\vir\autorun.inf_被屏蔽木? - OK
C:\Documents and Settings\uhthn\Desktop\vir\Autorun.ini - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.pif - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.rar - Infected Virus.autorun.7
C:\Documents and Settings\uhthn\Desktop\vir\autorun.srm - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.txt - OK
C:\Documents and Settings\uhthn\Desktop\vir\autorun.wsh - Infected Virus.autorun.4
C:\Documents and Settings\uhthn\Desktop\vir\Autorun.~ex - Suspected Trojan.Autorun.1
C:\Documents and Settings\uhthn\Desktop\vir\dtsvitiq.exe - OK
C:\Documents and Settings\uhthn\Desktop\vir\phshursc.exe - OK
C:\Documents and Settings\uhthn\Desktop\vir\Recycled\desktop.ini - OK

18 Files scanned
5 Infected files found
2 Suspected files found
0 Files cured
5 Files deleted

显示全部楼层 · 发表于 2007-10-11 16:56:55

C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\autorun.inf.rar » RAR » autorun.bat - VBS/Small.NAB worm
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\autorun.inf.rar » RAR » autorun.inf - VBS/Small.NAB worm
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\autorun.inf.rar » RAR » Autorun.exe - archive damaged - the file could not be extracted.
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\autorun.inf.rar » RAR » autorun.reg - archive damaged - the file could not be extracted.
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\autorun.inf.rar » RAR » autorun.vbs - archive damaged - the file could not be extracted.
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\dtsvitiq.exe - probably a variant of Win32/AutoRun.E worm
C:\Documents and Settings\Don johnson\桌面\vir.rar » RAR » 新建文件夹\phshursc.exe - a variant of Win32/AutoRun.E worm

显示全部楼层 · 发表于 2007-10-11 17:13:12

Result: 6 malware found
Virus.VBS.Small.a (virus)
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\AUTORUN.FCB
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\autorun.inf.rar\autorun.inf
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\autorun.inf_±»ÆÁ±ÎÄ¾Âí
BAT/Autorun.C@troj (virus)
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\autorun.inf.rar\autorun.bat
Trojan.Win32.VB.bbr (virus)
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\dtsvitiq.exe
Virus.Win32.AutoRun.br (virus)
C:\Users\Administrator\Desktop\vir.rar\ÐÂ½¨ÎÄ¼þ¼Ð\phshursc.exe

显示全部楼层 · 发表于 2007-10-11 18:01:01

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-10-9
开始时间: 2007-10-11 17:56
引擎: KAV 引擎 (AVK 17.8716), BD 引擎 (BD 17.5530)
启发式: 打开
压缩文件: 打开
系统区域: 关闭

扫描所选择的目录和文件...
对象: 新建文件夹 AUTORUN.FCB
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Virus.VBS.Small.a (KAV 引擎)
对象: 新建文件夹/autorun.inf.rar autorun.bat
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Virus.VBS.Small.a (KAV 引擎)
对象: 新建文件夹/autorun.inf.rar autorun.inf
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Virus.VBS.Small.a (KAV 引擎)
对象: 新建文件夹 autorun.inf_被屏蔽木马
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Virus.VBS.Small.a (KAV 引擎)
对象: 新建文件夹 dtsvitiq.exe
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Trojan.Win32.VB.bbr (KAV 引擎)
对象: 新建文件夹 phshursc.exe
在压缩档案里: E:\娱乐\网址\美女做爱\vir.rar
Status: 已发现病毒
病毒: Virus.Win32.AutoRun.br (KAV 引擎)

显示全部楼层 · 发表于 2007-10-11 18:02:25

色字头上一把刀，果然不假。良好的上网习惯的确很重要!

显示全部楼层 · 发表于 2007-10-11 18:10:18

卡巴 7.0.0.125
6个

已删除: 病毒 Virus.VBS.Small.a 文件: F:\病毒样本\vir.rar/新建文件夹\AUTORUN.FCB
已删除: 病毒 Virus.VBS.Small.a 文件: F:\病毒样本\vir.rar/新建文件夹\autorun.inf.rar/autorun.bat
已删除: 病毒 Virus.VBS.Small.a 文件: F:\病毒样本\vir.rar/新建文件夹\autorun.inf.rar/autorun.inf
已删除: 病毒 Virus.VBS.Small.a 文件: F:\病毒样本\vir.rar/新建文件夹\autorun.inf_被屏蔽木马
已删除: 木马程序 Trojan.Win32.VB.bbr 文件: F:\病毒样本\vir.rar/新建文件夹\dtsvitiq.exe//UPX
已删除: 病毒 Virus.Win32.AutoRun.br 文件: F:\病毒样本\vir.rar/新建文件夹\phshursc.exe//UPX

[病毒样本] 同事存储卡中抓的一包。。

本帖子中包含更多资源