收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 15个更新的
12下一页
返回列表 发新帖
查看: 3295|回复: 14
收起左侧

[病毒样本] 15个更新的

[复制链接]
qianwenxiang
发表于 2007-10-24 22:09:39 | 显示全部楼层 |阅读模式
晕死..很多更新的毒都是重量级的,体积巨大

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

qigang
发表于 2007-10-24 22:14:05 | 显示全部楼层
怎么不用之前那网盘了呢??
回复

举报

qigang
发表于 2007-10-24 22:15:13 | 显示全部楼层

29/9

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Trojan.PSW.Win32.ZhengTu.ylm
病毒: Worm.Win32.PaBug.bu      
病毒: Trojan.PSW.Win32.XYOnline.oe
病毒: Trojan.PSW.Win32.LMir.yxs
病毒: Trojan.PSW.Win32.GameOnline.gn
病毒: Trojan.PSW.Win32.Agent.vhq
病毒: Dropper.Win32.Microjoin.cn
病毒: Trojan.PSW.Win32.WorldOnline.ip
病毒: Trojan.DL.Win32.Agent.zil

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.15.22
回复

举报

wangjay1980
发表于 2007-10-24 22:23:41 | 显示全部楼层
11个
回复

举报

The EQs
发表于 2007-10-24 22:24:30 | 显示全部楼层

12个

C:\Documents and Settings\Don johnson\桌面\1024\3721.exe - Win32/Agent.NMP trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host1.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host2.exe - probably a variant of Win32/AutoRun.Q worm - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host3.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host4.exe - Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host6.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host7.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\host9.exe - a variant of Win32/PSW.OnLineGames.NFN trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\Installer.exe - probably unknown NewHeur_PE virus - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\qq.exe - a variant of Win32/AutoRun.BO worm - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\server.exe - a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1024\zhuxian.exe - Win32/PSW.OnLineGames.NFE trojan - cleaned by deleting - quarantined
回复

举报

uhthn2002
发表于 2007-10-24 22:29:26 | 显示全部楼层
Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 667
Paranoia Database - 48130
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder (2)

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host6.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host7.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host9.exe - Suspected TROJAN-PSW.SMALL.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\3721.exe - Infected TROJAN-PSW.QQPASS.2 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\200701250235.exe - OK
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\zhuxian.exe - OK
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\server.exe - Infected WIN32.BACKDOOR.HUPIGON.R - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\qq.exe - Infected WIN32.TROJAN-DOWNLOADER.BANLOAD.3 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\iexplore.exe - Infected WIN32.BACKDOOR.HUPIGON.10 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\destino.exe - Suspected MaliciousScope:WIN32.GENERIC.PSW.24
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\Installer.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host1.exe - Suspected MaliciousScope:GENERIC.PSW.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host2.exe - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host3.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\host4.exe - Suspected MaliciousScope:GENERIC.PSW.3

15 Files scanned
8 Infected files found
5 Suspected files found
0 Files cured
8 Files deleted
回复

举报

mofunzone
发表于 2007-10-24 23:02:12 | 显示全部楼层
全灭
Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\1024'
C:\Users\morgan\Documents\1024\
  200701250235.exe
      [DETECTION] Contains detection pattern of the dropper DR/MicroJoiner.Gen
      [INFO]      The file was deleted!
  3721.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.ece.1
      [INFO]      The file was deleted!
  destino.exe
      [DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
      [INFO]      The file was deleted!
  host1.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
  host2.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.ail
      [INFO]      The file was deleted!
  host3.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47925ecb.qua'!
  host4.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.21068.1
      [INFO]      The file was deleted!
  host6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fsx
      [INFO]      The file was deleted!
  host7.exe
      [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
      [INFO]      The file was deleted!
  host9.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fsd.2
      [INFO]      The file was deleted!
  iexplore.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
  Installer.exe
      [DETECTION] Is the Trojan horse TR/Agent.77824.32
      [INFO]      The file was deleted!
  qq.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
  server.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [INFO]      The file was deleted!
  zhuxian.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47945ec5.qua'!


End of the scan: 2007年10月24日  08:01
Used time: 00:05 min

The scan has been done completely.

      1 Scanning directories
     15 Files were scanned
     13 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
     13 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes
回复

举报

wangjay1980
发表于 2007-10-25 09:44:29 | 显示全部楼层
全杀
回复

举报

啊弥陀佛
发表于 2007-10-25 10:36:15 | 显示全部楼层
微点砍掉


蠕虫名称:Worm.Win32.AutoRun.cq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\IEXPLORE.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\3721.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\DLLCACHE\ATIEVAXIT.EXE
是否删除木马程序及其衍生物?

广告软件名称:AdWare.Win32.Cinmus.anz
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ACPIDISK.SYS
是广告软件!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\200701250235.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DODOLOOK057.EXE
2) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL  SETTINGS\TEMP\NSEAF.TMP\SYSTEM.DLL
3) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\1545.EXE
4) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DOSSSETUP.DLL
5) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ACPIDISK.SYS
6) C:\DOCUMENTS AND  SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MY_70226.EXE
7) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\AD1760.EXE
8) C:\PROGRAM FILES\COMMON FILES\CPUSH\UNINST.EXE
9) C:\PROGRAM FILES\COMMON FILES\CPUSH\CPUSH.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST1.EXE
1) C:\DFD5141015.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST2.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NVWIN75.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NVSYS74.SYS
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST3.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\QDSHM.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST4.EXE
1) C:\DFD5182421.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST6.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST7.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\QDSHM.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\HOST9.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\TLDOOR0.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\INSTALLER.EXE
木马程序生成以下文件:
1) C:\OLUHCFN\XW.EXE
2) C:\OLUHCFN\BPROTECT.EXE
3) C:\OLUHCFN\BPROTECT.AXV
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\QQ.EXE
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\SERVER.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SVCHOST
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\1024[1]\ZHUXIAN.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\ZHUXIAN4QSO.DLL
是否删除木马程序及其衍生物?
回复

举报

asdfgh
发表于 2007-10-25 20:07:04 | 显示全部楼层
考验我的杀软的时候到了
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-20 01:10 , Processed in 0.118716 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表