乱七八糟一堆

promised

[ 本帖最后由 promised 于 2007-11-2 22:35 编辑 ]

wangjay1980

shenme?

无敌敏敏

Starting the file scan:

Begin scan in 'E:\ad.part2.rar'
E:\ad.part2.rar
  [0] Archive type: RAR
  --> ad\ad\server.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.HN.29
  --> ad\ad\Setsfc.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.z
  --> ad\ad\SoundMan.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.Z.1
  --> ad\ad\XBG.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.PY.2
      [INFO]      The file was deleted!

Starting the file scan:

Begin scan in 'E:\ad.part1.rar'
E:\ad.part1.rar
  [0] Archive type: RAR
  --> ad\ad\102350.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Dm.H.4
  --> ad\ad\1283.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.AT.1
      [1] Archive type: RAR SFX (self extracting)
      --> xboxcenter.dll
          [DETECTION] Contains detection pattern of the dropper DR/Agent.UT.4.B
      --> ehuupdate.exe
          [DETECTION] Contains detection pattern of the dropper DR/Agent.UT.4.A
  --> ad\ad\2060.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.asa.2
  --> ad\ad\corder.exe
      [DETECTION] Is the Trojan horse TR/VB.ats.1
  --> ad\ad\JXJ_QQ.Exe
      [DETECTION] Is the Trojan horse TR/PSW.QQShou.IQ.1
  --> ad\ad\killqq.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
  --> ad\ad\KNQQ.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.OC.35
  --> ad\ad\Kuaiso_06006.exe
      [DETECTION] Contains detection pattern of the dropper DR/Kuaiso.A.16
  --> ad\ad\kw_wl_lyric_036.exe
      [DETECTION] Is the Trojan horse TR/Dldr.alk.1
  --> ad\ad\M_ayi.exe
      [DETECTION] Is the Trojan horse TR/Agent.anz.2
  --> ad\ad\QQUpdate.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bae
      [INFO]      The file was deleted!

The EQs

C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\102350.exe - Win32/Adware.DM application - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\1283.exe » RAR » xboxcenter.dll - Win32/Agent.NBT trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\1283.exe » RAR » ehuupdate.exe - Win32/Agent.NBT trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\1283.exe - Win32/Agent.NBT trojan - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\2006929112921bind_40072.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\2060.exe » RAR » tool.exe - Win32/Adware.DM application - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\2060.exe - Win32/Adware.DM application - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\5106.exe - Win32/Adware.BHO.IEHelper application - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\corder.exe - Win32/VB.ATS trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\JXJ_QQ.Exe - probably a variant of Win32/PSW.QQShou.EP trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\killqq.exe - probably a variant of Win32/PSW.QQPass.VD trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\KNQQ.exe - probably a variant of Win32/PSW.QQShou trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\Kuaiso_06006.exe » NSIS » Kuaiso_06003.dll - probably a variant of Win32/Adware.Agent application - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\Kuaiso_06006.exe - probably a variant of Win32/Adware.Agent application - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\kuaiso_06045.exe » NSIS » kuaiso_06040.dll - probably a variant of Win32/Adware.Agent application - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\kuaiso_06045.exe - probably a variant of Win32/Adware.Agent application - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\kw_wl_lyric_036.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\ad\ad\ad\M_ayi.exe » UPX v12_m2 » NSIS » 龏

平淡

The EQs

最后还剩下一个QQUPDATE。。。。上报了

wangjay1980

detected: Trojan program Trojan-Downloader.Win32.Adload.cz        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\102350.exe
detected: Trojan program Trojan.Win32.Agent.ut        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\1283.exe//data.rar/xboxcenter.dll
detected: Trojan program Trojan.Win32.Agent.ut        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\1283.exe//data.rar/ehuupdate.exe
detected: Trojan program Trojan-Downloader.NSIS.QQHelper.r        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\2006929112921bind_40072.exe//data0001
detected: adware not-a-virus:AdWare.Win32.Dm.g        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\2060.exe//data.rar/tool.exe
detected: adware not-a-virus:AdWare.Win32.IEHlpr.q        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\5106.exe
detected: Trojan program Trojan.Win32.VB.ats        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\corder.exe
detected: Trojan program Trojan-PSW.Win32.QQShou.iq        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\JXJ_QQ.Exe
detected: Trojan program Trojan-PSW.Win32.QQPass.wa        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\killqq.exe//FSG
detected: Trojan program Trojan-PSW.Win32.QQPass.sg        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\KNQQ.exe//UPX
detected: adware not-a-virus:AdWare.Win32.Kuaiso.a        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\Kuaiso_06006.exe//stream//data0001
detected: adware not-a-virus:AdWare.Win32.Kuaiso.a        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\kuaiso_06045.exe//stream//data0013
detected: Trojan program Trojan-Downloader.Win32.Agent.anz        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\M_ayi.exe//PE_Patch.UPX//UPX//stream//data0001
detected: Trojan program Trojan-PSW.Win32.QQPass.hn        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\server.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.z        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\Setsfc.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.z        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\SoundMan.exe
detected: Trojan program Trojan-PSW.Win32.Delf.py        File: C:\Documents and Settings\Owner\×ÀÃæ\ad\ad\XBG.exe

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\ad'
C:\Users\morgan\Documents\ad\
  102350.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Dm.H.4
      [INFO]      The file was deleted!
  1283.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.AT.1
      [INFO]      The file was deleted!
  2006929112921bind_40072.exe
  2060.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.asa.2
      [INFO]      The file was deleted!
  5106.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/IEHlpr.Q
      [INFO]      The file was deleted!
  corder.exe
      [DETECTION] Is the Trojan horse TR/VB.ats.1
      [INFO]      The file was deleted!
  JXJ_QQ.Exe
      [DETECTION] Is the Trojan horse TR/PSW.QQShou.IQ.1
      [INFO]      The file was deleted!
  killqq.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [INFO]      The file was deleted!
  KNQQ.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.OC.35
      [INFO]      The file was deleted!
  Kuaiso_06006.exe
      [DETECTION] Contains detection pattern of the dropper DR/Kuaiso.A.16
      [INFO]      The file was deleted!
  kuaiso_06045.exe
  kw_wl_lyric_036.exe
      [DETECTION] Is the Trojan horse TR/Dldr.alk.1
      [INFO]      The file was deleted!
  M_ayi.exe
      [DETECTION] Is the Trojan horse TR/Agent.anz.2
      [INFO]      The file was deleted!
  QQUpdate.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bae
      [INFO]      The file was deleted!
  rjzc139_cns_yassist.exe
      [DETECTION] Is the Trojan horse TR/Dldr.ZSKiller.5
      [INFO]      The file was deleted!
  server.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.HN.29
      [INFO]      The file was deleted!
  Setsfc.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.z
      [INFO]      The file was deleted!
  SoundMan.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.Z.1
      [INFO]      The file was deleted!
  XBG.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.PY.2
      [INFO]      The file was deleted!


End of the scan: 2007年11月2日  08:11
Used time: 00:05 min

The scan has been done completely.

      1 Scanning directories
     19 Files were scanned
     17 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     17 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

458506

使用 AntiVirusKit 进行病毒扫描
版本
病毒签名 11/2/2007
开始时间: 11/2/2007 23:10
引擎: KAV 引擎 (AVK 18.141), BD  引擎 (BD 18.120)
高启发: 开启
文件: 开启
系统区域: 开启

扫描系统区域...
扫描选中目录和文件...
项目: 102350.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-Downloader.Win32.Adload.cz (KAV 引擎)
项目: data.rar xboxcenter.dll
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\1283.exe
        状态: 发现病毒
        病毒: Trojan.Win32.Agent.ut (KAV 引擎)
项目: data.rar ehuupdate.exe
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\1283.exe
        状态: 发现病毒
        病毒: Trojan.Win32.Agent.ut (KAV 引擎)
项目: 1283.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan.Win32.Agent.ut (2x) (KAV 引擎)
项目: 2006929112921bind_40072.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan.Dldr.Qqhel.Q.3.A (BD  引擎)
项目: data.rar tool.exe
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\2060.exe
        状态: 发现病毒
        病毒: not-a-virus:AdWare.Win32.Dm.g (KAV 引擎)
项目: 2060.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: not-a-virus:AdWare.Win32.Dm.g (KAV 引擎)
项目: 5106.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: not-a-virus:AdWare.Win32.IEHlpr.q (KAV 引擎)
项目: corder.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan.Win32.VB.ats (KAV 引擎)
项目: JXJ_QQ.Exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQShou.iq (KAV 引擎)
项目: killqq.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQPass.wa (KAV 引擎)
项目: KNQQ.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQPass.sg (KAV 引擎)
项目: stream data0001
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\Kuaiso_06006.exe
        状态: 发现病毒
        病毒: not-a-virus:AdWare.Win32.Kuaiso.a (KAV 引擎)
项目: Kuaiso_06006.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: not-a-virus:AdWare.Win32.Kuaiso.a (KAV 引擎)
项目: stream data0013
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\kuaiso_06045.exe
        状态: 发现病毒
        病毒: not-a-virus:AdWare.Win32.Kuaiso.a (KAV 引擎)
项目: kuaiso_06045.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: not-a-virus:AdWare.Win32.Kuaiso.a (KAV 引擎)
项目: kw_wl_lyric_036.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan.Downloader.ALK (BD  引擎)
项目: stream data0001
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\M_ayi.exe
        状态: 发现病毒
        病毒: Trojan-Downloader.Win32.Agent.anz (KAV 引擎)
项目: M_ayi.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-Downloader.Win32.Agent.anz (KAV 引擎)
项目: (NSIS o) lzma_solid_nsis0002
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\rjzc139_cns_yassist.exe
        状态: 发现病毒
        病毒: Adware.CnsMin.A (BD  引擎)
项目: (NSIS o) lzma_solid_nsis0003
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\rjzc139_cns_yassist.exe
        状态: 发现病毒
        病毒: Adware.CDN (BD  引擎)
项目: (NSIS o) lzma_solid_nsis0004
        检查档案: C:\Users\AJUN\Desktop\ad\ad\ad\rjzc139_cns_yassist.exe
        状态: 发现病毒
        病毒: Adware.CDN (BD  引擎)
项目: rjzc139_cns_yassist.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Adware.CnsMin.A, Adware.CDN (2x) (BD  引擎)
项目: server.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQPass.hn (KAV 引擎)
项目: Setsfc.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQPass.z (KAV 引擎)
项目: SoundMan.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.QQPass.z (KAV 引擎)
项目: XBG.exe
        路径: C:\Users\AJUN\Desktop\ad\ad\ad
        状态: 病毒,文件删除
        病毒: Trojan-PSW.Win32.Delf.py (KAV 引擎)
病毒分析完成: 11/2/2007 23:10
    19 文件被检查
    18 感染文件发现
    0 发现可疑文件

xemacs

卡8