20个毒网上的

显示全部楼层 · 发表于 2007-10-25 22:21:37

全部是从某个FTP挖到的，样本没仔细看，可能有重复

显示全部楼层 · 发表于 2007-10-25 22:28:35

C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » Winhelp.dll - probably a variant of Win32/TrojanDownloader.Small trojan
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » cr4r.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crst.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crt1.exe - a variant of Win32/Delf.NDL worm
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crtc.exe - a variant of Win32/Delf.NDL worm
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » oldcrr.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crr1.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crt2.exe - a variant of Win32/Delf.NDL worm
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crrcc.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crrold.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » crtbv.exe - Win32/PSW.OnLineGames.EAU trojan
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » good1.exe - a variant of Win32/Delf.NDL worm
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » good.exe - Win32/PSW.OnLineGames.EAU trojan
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » in.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » ini.exe - a variant of Win32/Hupigon trojan
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » inq1.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » oldcrrs.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » tfp1.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\1025.rar » RAR » tfp.exe - probably unknown NewHeur_PE virus

显示全部楼层 · 发表于 2007-10-25 22:28:36

显示全部楼层 · 发表于 2007-10-25 22:32:34

红伞 14+5
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\1025.rar'
C:\Documents and Settings\Administrator\桌面\1025.rar
  [0] Archive type: RAR
  --> Winhelp.dll
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> cr4r.exe
   [DETECTION] Is the Trojan horse TR/Drop.Mudrop.EQ
  --> crst.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> crt1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> crtc.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQpass.baz
  --> oldcrr.exe
   [DETECTION] Is the Trojan horse TR/Agent.71682
  --> crr1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Mudrop.EQ
  --> crt2.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQpass.baz
  --> crrcc.exe
   [DETECTION] Is the Trojan horse TR/Drop.Mudrop.EO
  --> crrold.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> crtbv.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eau.1
  --> good1.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQpass.baz
  --> good.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eau.1
  --> in.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> ini.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Graybird.AA544144 Backdoor server programs
  --> inq1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> oldcrrs.exe
   [DETECTION] Is the Trojan horse TR/Agent.71682
  --> tfp1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Mudrop.EQ
  --> tfp.exe
   [DETECTION] Is the Trojan horse TR/Drop.Mudrop.EO
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-10-25 22:33:38

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Agent.yqk
病毒： Trojan.Win32.VB.ykd
病毒： Trojan.PSW.Win32.QQPass.baz
病毒： Worm.Win32.VB.jw
病毒： Trojan.Win32.VB.ykn
病毒： Trojan.PSW.Win32.OnlineGames.znw

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.15.32

显示全部楼层 · 发表于 2007-10-25 22:40:39

8个重复的实际只有12个
卡巴 125 杀11个还有一个似乎没问题

已删除: 病毒 Virus.Win32.AutoRun.ny       文件: F:\病毒样本\1025\in.exe//NSPack
已删除: 病毒 Virus.Win32.AutoRun.oj       文件: F:\病毒样本\1025\crt1.exe//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
已删除: 木马程序 Backdoor.Win32.Hupigon.uaw       文件: F:\病毒样本\1025\ini.exe//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
已删除: 木马程序 Trojan-Downloader.Win32.Small.fqm       文件: F:\病毒样本\1025\oldcrrs.exe//NSPack
已删除: 木马程序 Trojan-Downloader.Win32.Tiny.lw       文件: F:\病毒样本\1025\Winhelp.dll
已删除: 木马程序 Trojan-Dropper.Win32.Mudrop.eo       文件: F:\病毒样本\1025\tfp.exe//NSPack
已删除: 木马程序 Trojan-Dropper.Win32.Mudrop.ep       文件: F:\病毒样本\1025\crst.exe//NSPack
已删除: 木马程序 Trojan-Dropper.Win32.Mudrop.eq       文件: F:\病毒样本\1025\tfp1.exe//NSPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.eau       文件: F:\病毒样本\1025\good.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.QQPass.baz       文件: F:\病毒样本\1025\good1.exe//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
已删除: 木马程序 Trojan.Win32.VB.bim       文件: F:\病毒样本\1025\inq1.exe//NSPack

[ 本帖最后由浪滔天于 2007-10-25 22:45 编辑 ]

显示全部楼层 · 发表于 2007-10-25 22:59:28

tftpd32.exe - KNOW CLEAN

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 692
Paranoia Database - 48194
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder (2)

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\Winhelp.dll - Infected MaliciousScope:TROJAN-DOWNLOADER.AGENT.3 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\cr4r.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crst.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crt1.exe - Suspected MaliciousScope:WIN32.MALWARE.PSW.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crtc.exe - Suspected MaliciousScope:WIN32.MALWARE.PSW.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\oldcrr.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crr1.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crt2.exe - Suspected MaliciousScope:WIN32.MALWARE.PSW.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crrcc.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crrold.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\crtbv.exe - Suspected MaliciousScope:MALWARE.PSW.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\good1.exe - Suspected MaliciousScope:WIN32.MALWARE.PSW.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\good.exe - Suspected MaliciousScope:MALWARE.PSW.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\in.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\ini.exe - Suspected MaliciousScope:WIN32.MALWARE.PSW.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\inq1.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\oldcrrs.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\tfp1.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\tfp.exe - Suspected MaliciousScope:TROJAN-DOWNLOADER.DELF.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\tftpd32.exe - KNOW CLEAN

20 Files scanned
1 Infected files found
18 Suspected files found
0 Files cured
1 Files deleted

显示全部楼层 · 发表于 2007-10-25 23:05:38

有8个重复了。

显示全部楼层 · 发表于 2007-10-26 07:52:02

小a 18个

2007-10-26 7:51:30 1193356290 Administrator 236 Sign of "Win32:Agent-JRB [Trj]" has been found in "D:\Downloads\1025.rar\Winhelp.dll\[NsPack]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Hupigon-BHJ [Trj]" has been found in "D:\Downloads\1025.rar\cr4r.exe\[NsPack]\[Embedded#0d95c]\[Embedded#19688]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Small-BPW [Trj]" has been found in "D:\Downloads\1025.rar\crst.exe\[NsPack]\[Embedded#0a95c]\[Embedded#0e6b8]\[NsPack]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Agent-JRH [Trj]" has been found in "D:\Downloads\1025.rar\crt1.exe\[PECompact]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Pakes-EO [Trj]" has been found in "D:\Downloads\1025.rar\crtc.exe" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Small-BPW [Trj]" has been found in "D:\Downloads\1025.rar\oldcrr.exe\[NsPack]\[Embedded#0d95c]\[Embedded#0e6b8]\[NsPack]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Hupigon-BHJ [Trj]" has been found in "D:\Downloads\1025.rar\crr1.exe\[NsPack]\[Embedded#0d95c]\[Embedded#19688]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:Pakes-EO [Trj]" has been found in "D:\Downloads\1025.rar\crt2.exe" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:AutoRun-W" has been found in "D:\Downloads\1025.rar\crrcc.exe\[NsPack]\[Embedded#0995c]" file.
2007-10-26 7:51:33 1193356293 Administrator 236 Sign of "Win32:VB-EUM [Trj]" has been found in "D:\Downloads\1025.rar\crrold.exe\[NsPack]\[Embedded#0995c]\[Embedded#0d688]" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "D:\Downloads\1025.rar\crtbv.exe\[Upack]\[Embedded#MUSIC]" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:Pakes-EO [Trj]" has been found in "D:\Downloads\1025.rar\good1.exe" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "D:\Downloads\1025.rar\good.exe\[Upack]\[Embedded#MUSIC]" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:VB-EUM [Trj]" has been found in "D:\Downloads\1025.rar\in.exe\[NsPack]\[Embedded#0995c]\[Embedded#0d688]" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:Hupigon-ZA [Trj]" has been found in "D:\Downloads\1025.rar\ini.exe\[PECompact]" file.
2007-10-26 7:51:34 1193356294 Administrator 236 Sign of "Win32:Small-BPW [Trj]" has been found in "D:\Downloads\1025.rar\oldcrrs.exe\[NsPack]\[Embedded#0d95c]\[Embedded#0e6b8]\[NsPack]" file.
2007-10-26 7:51:35 1193356295 Administrator 236 Sign of "Win32:Hupigon-BHJ [Trj]" has been found in "D:\Downloads\1025.rar\tfp1.exe\[NsPack]\[Embedded#0d95c]\[Embedded#19688]" file.
2007-10-26 7:51:35 1193356295 Administrator 236 Sign of "Win32:AutoRun-W" has been found in "D:\Downloads\1025.rar\tfp.exe\[NsPack]\[Embedded#0995c]" file.

显示全部楼层 · 发表于 2007-10-26 07:53:28

Result: 19 malware found
Trojan-Downloader.Win32.Tiny.lw (virus)
C:\Users\Administrator\Desktop\1025.rar\Winhelp.dll
Trojan-Dropper.Win32.Mudrop.eq (virus)
C:\Users\Administrator\Desktop\1025.rar\cr4r.exe
C:\Users\Administrator\Desktop\1025.rar\crr1.exe
C:\Users\Administrator\Desktop\1025.rar\tfp1.exe
Trojan-Dropper.Win32.Mudrop.ep (virus)
C:\Users\Administrator\Desktop\1025.rar\crst.exe
Virus.Win32.AutoRun.oj (virus)
C:\Users\Administrator\Desktop\1025.rar\crt1.exe
Trojan-PSW.Win32.QQPass.baz (virus)
C:\Users\Administrator\Desktop\1025.rar\crtc.exe
C:\Users\Administrator\Desktop\1025.rar\crt2.exe
C:\Users\Administrator\Desktop\1025.rar\good1.exe
Trojan-Downloader.Win32.Small.fqm (virus)
C:\Users\Administrator\Desktop\1025.rar\oldcrr.exe
C:\Users\Administrator\Desktop\1025.rar\oldcrrs.exe
Trojan-Dropper.Win32.Mudrop.eo (virus)
C:\Users\Administrator\Desktop\1025.rar\crrcc.exe
C:\Users\Administrator\Desktop\1025.rar\tfp.exe
Virus.Win32.AutoRun.ny (virus)
C:\Users\Administrator\Desktop\1025.rar\crrold.exe
C:\Users\Administrator\Desktop\1025.rar\in.exe
Trojan-PSW.Win32.OnLineGames.eau (virus)
C:\Users\Administrator\Desktop\1025.rar\crtbv.exe
C:\Users\Administrator\Desktop\1025.rar\good.exe
Backdoor.Win32.Hupigon.uaw (virus)
C:\Users\Administrator\Desktop\1025.rar\ini.exe
Trojan.Win32.VB.bim (virus)
C:\Users\Administrator\Desktop\1025.rar\inq1.exe

[病毒样本] 20个毒网上的

本帖子中包含更多资源

19个

本帖子中包含更多资源

36/13

浏览过的版块