7个

promised

其中一个vb程序貌似是刷流量的
Quick Scanning
C:\ABC\样本\555.exe
C:\ABC\样本\555.exe\FILE:0000
C:\ABC\样本\555.exe\FILE:0000\SfxArchiveData
C:\ABC\样本\555.exe\FILE:0000\SfxArchiveData\屋顶修~2.EXE
>>> Virus 'Mal/Behav-043' found in file C:\ABC\样本\555.exe\FILE:0000\SfxArchiveData\屋顶修~2.EXE
C:\ABC\样本\555.exe\SfxArchiveData
C:\ABC\样本\555.exe\SfxArchiveData\屋顶修~2.EXE
>>> Virus 'Mal/Behav-043' found in file C:\ABC\样本\555.exe\SfxArchiveData\屋顶修~2.EXE
>>> File "C:\ABC\样本\555.exe" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\样本\dd0.exe
>>> File "C:\ABC\样本\dd0.exe" has been identified as suspicious 'Sus/UnkPacker'.
C:\ABC\样本\dwipse10.exe
C:\ABC\样本\hei.exe
C:\ABC\样本\hei.exe\FILE:0000
C:\ABC\样本\hei.exe\FILE:0000\FILE:0000
C:\ABC\样本\hei.exe\FILE:0000\FILE:0001
C:\ABC\样本\hei.exe\FILE:0000\FILE:0002
C:\ABC\样本\hei.exe\FILE:0000\FILE:0003
C:\ABC\样本\hei.exe\FILE:0000\FILE:0004
C:\ABC\样本\hei.exe\FILE:0000\FILE:0005
C:\ABC\样本\hei.exe\FILE:0000\FILE:0006
C:\ABC\样本\hei.exe\FILE:0000\FILE:0007
>>> Virus 'Mal/Generic-A' found in file C:\ABC\样本\hei.exe\FILE:0000
C:\ABC\样本\hei.exe\FILE:0001
>>> Virus 'Mal/EncPk-AP' found in file C:\ABC\样本\hei.exe\FILE:0001
>>> File "C:\ABC\样本\hei.exe" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\样本\IEFILES.exe
C:\ABC\样本\IEFILES.exe\SfxArchiveData
C:\ABC\样本\IEFILES.exe\SfxArchiveData\屋顶修~2.EXE
>>> Virus 'Mal/Behav-043' found in file C:\ABC\样本\IEFILES.exe\SfxArchiveData\屋顶修~2.EXE
C:\ABC\样本\Intrwt.dll
>>> Virus 'Mal/Behav-043' found in file C:\ABC\样本\Intrwt.dll
C:\ABC\样本\MSINET.OCX
7 files swept in 11 seconds.
6 viruses were discovered.
3 suspicious files were discovered.
5 files out of 7 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.

[ 本帖最后由 promised 于 2007-11-24 12:18 编辑 ]

promised

C:\ABC\样本\555.exe - 特征码 'Trojan-PWS.Win32.Delf.mc' 被发现
C:\ABC\样本\dd0.exe - 可疑代码段 被发现 (Level: 5)
C:\ABC\样本\dwipse10.exe
C:\ABC\样本\hei.exe
C:\ABC\样本\IEFILES.exe - 特征码 'Trojan-Downloader.Win32.Delf.asz' 被发现
C:\ABC\样本\Intrwt.dll - 特征码 'Backdoor.Win32.GrayBird.oc' 被发现
C:\ABC\样本\MSINET.OCX

        7 文件被扫描
          (0 压缩档 0 文件)
        3 特征码被侦测
        1 可疑代码段被发现
        耗时: 0:01.609

f286168511

AVG AV     5个

无尽藏海

Begin scan in 'C:\Documents and Settings\无尽藏海\桌面\样本.rar'
C:\Documents and Settings\无尽藏海\桌面\
  样本.rar
    [0] Archive type: RAR
    --> Ñù±¾\555.exe
    --> Ñù±¾\dd0.exe
        [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> Ñù±¾\dwipse10.exe
    --> Ñù±¾\hei.exe
        [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.2
        [WARNING]   Infected files in archives cannot be repaired!
    --> Ñù±¾\IEFILES.exe
    --> Ñù±¾\Intrwt.dll
    --> Ñù±¾\MSINET.OCX
        [INFO]      The file was moved to '47760e5f.qua'!


End of the scan: 2007年11月24日  12:23
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      1 Archives were scanned
      2 Warnings
      0 Notes

Graybird

The file 'MSINET.OCX' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Windows 2003 Server (SP0)'.

jimmyleo

[Found possible virus] <W32/Threat-HLLPEM-based!Maximus> D:\Download\VirusScan\dd0.exe
[Found backdoor] <W32/Hupigon.A.gen!Eldorado (generic, not disinfectable)>
D:\Download\VirusScan\Intrwt.dll




D:\DOWNLOAD\VIRUSSCAN\hei.exe\hei.exe\000b1258.EXE\000b1258.EXE ... Found the NetSniff trojan !!!
D:\DOWNLOAD\VIRUSSCAN\Intrwt.dll ... Found trojan or variant New Malware.gr !!!



Found 0 viruses totally. 趋势




D:\Download\VirusScan\555.exe : infected MalwareScope.Trojan-PSW.Game.13
D:\Download\VirusScan\dd0.exe : infected Worm.Win32.Agent.y
D:\Download\VirusScan\hei.exe : is suspected of Embedded.Trojan.PWS.Lineage
D:\Download\VirusScan\Intrwt.dll : infected OScope.Backdoor.XiaoBird.6AF9

Nerazzurri

deleted: Trojan program Backdoor.Win32.Hupigon.zod        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\555.exe
deleted: Trojan program Backdoor.Win32.Agent.cte        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\dd0.exe
deleted: adware not-a-virus:AdWare.Win32.Agent.uz        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\dwipse10.exe
deleted: Trojan program Backdoor.Win32.Agent.cpt        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\hei.exe//PE_Patch.UPX//UPX
deleted: Trojan program Backdoor.Win32.Hupigon.zod        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\IEFILES.exe/&Icirc;&Yacute;&para;&yen;&ETH;&THORN;~2.EXE
deleted: Trojan program Backdoor.Win32.Hupigon.zod        File: C:\Documents and Settings\Nerazzurri\×&Agrave;&Atilde;&aelig;\&Ntilde;ù±&frac34;.rar/&Ntilde;ù±&frac34;\Intrwt.dll

will

BitDefender
C:\Documents and Settings\Administrator\Desktop\001\Copy of 样本\dd0.exe        被感染的: GenPack:Trojan.Downloader.Agent.YJC
C:\Documents and Settings\Administrator\Desktop\001\Copy of 样本\Intrwt.dll        被感染的: GenPack:Generic.Graybird.915BF8E1
C:\Documents and Settings\Administrator\Desktop\001\Copy of 样本\屋顶修~2.EXE        被感染的: GenPack:Generic.Graybird.915BF8E1

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Backdoor.Win32.Agent.bzb
病毒： Backdoor.Win32.Agent.cpt

用户来源：互联网

软件版本：20.19.50

sam.to

已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.zod    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\555.exe
已刪除: 特洛伊木馬程式 Backdoor.Win32.Agent.cte    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\dd0.exe
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Agent.uz    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\dwipse10.exe
已刪除: 特洛伊木馬程式 Backdoor.Win32.Agent.cpt    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\hei.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.zod    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\IEFILES.exe/挌階党~2.EXE
已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.zod    檔案: C:\Documents and Settings\kato9096\桌面\161137\样本\Intrwt.dll

6个,一个没报,已上报