多重感染??

显示全部楼层 · 发表于 2007-10-25 17:42:21

刚刚想找点XP主题时找到的..
http://www.down101.com/soft/Setup_611.exe

显示全部楼层 · 发表于 2007-10-25 17:44:56

2007-10-25 17:43:39 1193305419 Administrator 1208 Sign of "Win32:Agent-BFG [Trj]" has been found in "D:\Downloads\Setup_611.exe" file.

显示全部楼层 · 发表于 2007-10-25 17:45:17

卡巴 125

已检测到: 广告程序 not-a-virus:AdWare.Win32.Boran.w URL: http://www.down101.com/soft/Setup_611.exe//data0002//stream//data0001

显示全部楼层 · 发表于 2007-10-25 18:37:03

广告+小马

分离了几个出来

显示全部楼层 · 发表于 2007-10-25 19:09:06

原帖由 dikex 于 2007-10-25 18:37 发表
广告+小马

分离了几个出来

卡巴全干了

已删除: 广告程序 not-a-virus:AdWare.Win32.Agent.ap 文件: F:\病毒样本\TEMP.zip/InShell.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.s 文件: F:\病毒样本\TEMP.zip/R0
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.w 文件: F:\病毒样本\TEMP.zip/insshell.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.w 文件: F:\病毒样本\TEMP.zip/albus.dll//UPX
已删除: 木马程序 Trojan-Downloader.Win32.QQHelper.va 文件: F:\病毒样本\TEMP.zip/tongji.exe

显示全部楼层 · 发表于 2007-10-25 19:28:54

Malicious code found in file C:\Users\Administrator\AppData\Local\Temp\tongji.exe.
Infection: Trojan-Downloader.Win32.QQHelper.va
Action: The file was deleted.

扫描不报运行报

显示全部楼层 · 发表于 2007-10-25 19:29:34

Result: 1 malware found
Trojan-Downloader.Win32.QQHelper.va (virus)
C:\Users\Administrator\Desktop\Setup_611.exe Action: deleted
然后扫描继续报=。=

显示全部楼层 · 发表于 2007-10-25 21:34:28

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 692
Paranoia Database - 48194
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder (2)

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\tongji.exe - Suspected TROJAN-DOWNLOADER (HTTP://{REMOVED}/...)
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\R0 - Infected ADWARE.BORAN.5 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\albus.dll - Infected TROJAN-DOWNLOADER.AGENT.19 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\InShell.exe - Suspected TROJAN-DOWNLOADER.AGENT.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\insshell.exe - Infected TROJAN-DOWNLOADER.AGENT.19 - Deleted

5 Files scanned
3 Infected files found
2 Suspected files found
0 Files cured
3 Files deleted

显示全部楼层 · 发表于 2007-10-25 21:38:19

C:\Documents and Settings\Don johnson\桌面\TEMP.zip » ZIP » tongji.exe - probably a variant of Win32/TrojanDownloader.QQHelper trojan
C:\Documents and Settings\Don johnson\桌面\TEMP.zip » ZIP » R0 - Win32/Adware.Boran application
C:\Documents and Settings\Don johnson\桌面\TEMP.zip » ZIP » albus.dll - Win32/Adware.Boran application
C:\Documents and Settings\Don johnson\桌面\TEMP.zip » ZIP » InShell.exe - probably a variant of Win32/Adware.Agent application
C:\Documents and Settings\Don johnson\桌面\TEMP.zip » ZIP » insshell.exe - Win32/Adware.Boran application

显示全部楼层 · 发表于 2007-10-25 22:48:13

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\Setup_611.exe'
C:\TDDOWNLOAD\
  Setup_611.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.QQHelper.VA.35
   [INFO]    The file was deleted!

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\TEMP.zip'
C:\Users\morgan\Documents\
  TEMP.zip
[0] Archive type: ZIP
--> tongji.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Harnig.5
      [WARNING] Infected files in archives cannot be repaired!
--> R0
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Boran.S
      [WARNING] Infected files in archives cannot be repaired!
--> albus.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/BDSearch.A.3
      [WARNING] Infected files in archives cannot be repaired!
--> InShell.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Boran.AC.2
      [WARNING] Infected files in archives cannot be repaired!
--> insshell.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Bor.X.19.C.4
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

[病毒样本] 多重感染??

本帖子中包含更多资源

5个