Q上看到的网页挂的一堆

dikex

Q上看到的网页：http://www.loveyou250.cn


在最下面挂了一堆，还有就是它们下载的，这些是被卡巴（2007-11-05 10:38:17）砍剩的

密码：virus

[ 本帖最后由 dikex 于 2007-12-28 00:23 编辑 ]

hahacomcn

红伞报了7个，剩下了00027.exe等几个没报。

上报看看。

LZ不要加密哦~！

nosferatu

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\TEMP'
C:\Documents and Settings\Administrator\桌面\TEMP\DownSetup.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TEMP\NewTemp.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47a5e793.qua'!
C:\Documents and Settings\Administrator\桌面\TEMP\NewTemp.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TEMP\soft210.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TEMP\tg.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\TEMP\WinD.tmp.exe.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [INFO]      The file was deleted!


End of the scan: 星期一 2007年11月5日  17:49
Used time: 00:05 min

The scan has been done completely.

      1 Scanning directories
     11 Files were scanned
      5 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:

dikex

原帖由 hahacomcn 于 2007-11-5 17:48 发表
红伞报了7个，剩下了00027.exe等几个没报。

上报看看。

LZ不要加密哦~！

有的论坛要密码；

一起发上去，所以就加了

tonguewiz

ENA六只
C:\Documents and Settings\David\Desktop\TEMP\00027.exe - a variant of Win32/TrojanDropper.Small.NGH trojan
C:\Documents and Settings\David\Desktop\TEMP\NewTemp.dll - probably a variant of Win32/PSW.OnLineGames.NBR trojan
C:\Documents and Settings\David\Desktop\TEMP\NewTemp.exe - probably a variant of Win32/PSW.Delf.NHI trojan
C:\Documents and Settings\David\Desktop\TEMP\rxjh.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\David\Desktop\TEMP\tg.exe - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\David\Desktop\TEMP\WinD.tmp.exe.exe - probably a variant of Win32/TrojanDownloader.Delf.NSA trojan

caocao

KIS7
已清除：木马程序 Trojan.Win32.Agent.cne        文件: D:\Downloads\TEMP.rar/00027.exe//#/Setup.exe
已隔离：病毒 Heur.Trojan.Generic (修改)        文件: D:\Downloads\TEMP.rar/tg.exe
已隔离：病毒 Heur.Trojan.Generic (修改)        文件: D:\Downloads\TEMP.rar/WinD.tmp.exe.exe//PE_Patch.UPX

wangfeng66

C:\\NewTemp.dll - probably infected with DLOADER.Trojan
C:\\NewTemp.exe - infected with Win32.HLLW.Autoruner.origin
C:\\soft210.exe - infected with Trojan.DownLoader.origin
C:\\WinD.tmp.exe.exe - infected with Win32.HLLW.Autoruner.origin

drweb 4.44

haol

trend found 2 threats(possible_infostl)

曲中求

opera没得反应，非得要用IE内核的才行

wangjay1980

detected: Trojan program Trojan.Win32.Agent.cnl        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/00027.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.cul        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/DownSetup.exe//ASPack
detected: virus Worm.Win32.AutoRun.bd        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/NewTemp.dll//UPX//PEPatch
detected: virus Worm.Win32.AutoRun.be        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/NewTemp.exe//UPX//PEPatch
detected: Trojan program Trojan.Win32.StartPage.atq        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/rxjh.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.cun        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/soft210.exe
detected: Trojan program Trojan-Downloader.Win32.Flux.ah        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/tg.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.eux        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/WinD.tmp.exe.exe
detected: Trojan program Backdoor.Win32.Agent.cmg        File: C:\Documents and Settings\Owner\×ÀÃæ\TEMP.rar/zt.exe