38个

显示全部楼层 · 发表于 2007-12-8 16:38:24

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\38\1.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:17244  MD5:3628201a1850cfbb77555d7d0b6244c9

[C:\Documents and Settings\Administrator\桌面\Virus\38\2.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:17420  MD5:a2c73a99ebeb29e2f5d30a3f92e22ffa

[C:\Documents and Settings\Administrator\桌面\Virus\38\3.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:33301  MD5:42504bf338a417118566b014481cd4b5

[C:\Documents and Settings\Administrator\桌面\Virus\38\4.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15636  MD5:d6d01c3ebaa24c26aef7e37ee7ce52cf

[C:\Documents and Settings\Administrator\桌面\Virus\38\5.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16164  MD5:06e07a6bce852df8917adfff9fa22943

[C:\Documents and Settings\Administrator\桌面\Virus\38\6.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:17292  MD5:111df44abb398c02b27413ebae8df8e2

[C:\Documents and Settings\Administrator\桌面\Virus\38\7.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:42289  MD5:9be1b9f7024d53d73d776e312d6df13e

[C:\Documents and Settings\Administrator\桌面\Virus\38\8.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15020  MD5:e99872bb4d5c79d7eee4218421245a6c

[C:\Documents and Settings\Administrator\桌面\Virus\38\9.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:14700  MD5:ef4bd7c2a8a20a12e6bc0110fc787321

[C:\Documents and Settings\Administrator\桌面\Virus\38\a.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16264  MD5:64b78447744da9cdcc3389fc801d9a2b

[C:\Documents and Settings\Administrator\桌面\Virus\38\b.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19868  MD5:782951f65e5001828b76206f8840b7b2

[C:\Documents and Settings\Administrator\桌面\Virus\38\e.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20444  MD5:5e9dafe52b4953601fb2184ca3571044

[C:\Documents and Settings\Administrator\桌面\Virus\38\f.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:33915  MD5:80f66e5170d934f8de5e679eb598bfd9

[C:\Documents and Settings\Administrator\桌面\Virus\38\g.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:23846  MD5:b00bee17ba827aac62e6330423ef98c2

[C:\Documents and Settings\Administrator\桌面\Virus\38\KVMonXP15.exe]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:28188  MD5:0c1ff267cb97c2b745fedb43b345587d

[C:\Documents and Settings\Administrator\桌面\Virus\38\use15.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:17408  MD5:4dfb8390aaaccb5ccdc5388d9a7dc7de

[C:\Documents and Settings\Administrator\桌面\Virus\38\user32.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:30208  MD5:497c58794c67fbc38e9f05e4aee013c9

[C:\Documents and Settings\Administrator\桌面\Virus\38\nlooks.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:49152  MD5:54bdd5be708dfc8371f5a6d9af0c4689

[C:\Documents and Settings\Administrator\桌面\Virus\38\Wn_Sys8x.Sys]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:48763  MD5:5cf6885502a98840c61b5b7d3cdb24f1

[C:\Documents and Settings\Administrator\桌面\Virus\38\608769MM.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:47409  MD5:97e1e498888d110943c4f0c1a4bb0198

[C:\Documents and Settings\Administrator\桌面\Virus\38\608769WO.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:48945  MD5:e38f1d5e54e6f3be76ba4d9745942ec9

[C:\Documents and Settings\Administrator\桌面\Virus\38\cmdbcs.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:27648  MD5:48aa45b48351dc63a897dd3904e649f5

[C:\Documents and Settings\Administrator\桌面\Virus\38\gddh3i32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:16752  MD5:f454aa0a32449deda9d7c0de0397a844

[C:\Documents and Settings\Administrator\桌面\Virus\38\gddhi32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:17323  MD5:c0785466ccd52b1e62510ad1b2ec7da9

[C:\Documents and Settings\Administrator\桌面\Virus\38\gdgei32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:11334  MD5:e274949f3dc144f42b8ce98038329a92

[C:\Documents and Settings\Administrator\桌面\Virus\38\gdjzi32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:11651  MD5:00f3e8bc2e6244edb253457e2d628613

[C:\Documents and Settings\Administrator\桌面\Virus\38\gdwli32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:12861  MD5:45281509f22c7b15f3ab3b1dab9128dd

[C:\Documents and Settings\Administrator\桌面\Virus\38\MsPrint32D.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:25088  MD5:84c51bd8628cdce649ed4c92d3b17b75

[C:\Documents and Settings\Administrator\桌面\Virus\38\upxdnd.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:26112  MD5:71f9212a481f84ae93d43524db232285

[C:\Documents and Settings\Administrator\桌面\Virus\38\WinForm.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:28160  MD5:47545dc65c787c6ba025c288285eab5b

[C:\Documents and Settings\Administrator\桌面\Virus\38\0.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:31604  MD5:809fb32248b4d52dcd77cb5882e03dd7

文件数:38 病毒数:31  比重:0.8157894736842
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

[ 本帖最后由 FBAV 于 2007-12-8 16:40 编辑 ]

显示全部楼层 · 发表于 2007-12-8 16:41:38

江民26

显示全部楼层 · 发表于 2007-12-8 16:42:07

Starting the file scan:

Begin scan in 'E:\样本.rar'
E:\样本.rar
  [0] Archive type: RAR
  --> pcihdd.sys
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jlh.2
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.Jer.7
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jti
  --> a.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jgq.10
  --> b.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
  --> c.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> e.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jqp.1
  --> f.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.9
  --> g.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
  --> KVMonXP15.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> user32.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> nlooks.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
  --> Wn_Sys8x.Sys
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.9
  --> nlook.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 608769WL.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 608769WO.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> gddh3i32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
  --> gddhi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
  --> gdgei32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtj
  --> gdjzi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfd
  --> gdwli32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jht
  --> GenProtect.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iqw.1
  --> HookHelp.sys
   [DETECTION] Is the Trojan horse TR/PSW.Agent.UJ.1
  --> MsPrint32D.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> WinForm.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jlh.2
  --> 0.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.BN
  --> down.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年12月8日  16:42
Used time: 00:38 min

The scan has been done completely.

   0 Scanning directories
   39 Files were scanned
   35 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-8 16:45:00

已刪除: 病毒 Worm.Win32.Downloader.bn 檔案: C:\Documents and Settings\kato9096\桌面\168178\0.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.isb 檔案: C:\Documents and Settings\kato9096\桌面\168178\1.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.isb 檔案: C:\Documents and Settings\kato9096\桌面\168178\2.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Delf.axx 檔案: C:\Documents and Settings\kato9096\桌面\168178\3.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.isb 檔案: C:\Documents and Settings\kato9096\桌面\168178\4.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.isb 檔案: C:\Documents and Settings\kato9096\桌面\168178\5.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.isb 檔案: C:\Documents and Settings\kato9096\桌面\168178\6.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jcr 檔案: C:\Documents and Settings\kato9096\桌面\168178\608769MM.DLL
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iay 檔案: C:\Documents and Settings\kato9096\桌面\168178\608769WL.DLL
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.boy 檔案: C:\Documents and Settings\kato9096\桌面\168178\7.exe//ASPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jer 檔案: C:\Documents and Settings\kato9096\桌面\168178\8.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jti 檔案: C:\Documents and Settings\kato9096\桌面\168178\9.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jgq 檔案: C:\Documents and Settings\kato9096\桌面\168178\a.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jqp 檔案: C:\Documents and Settings\kato9096\桌面\168178\b.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hfr 檔案: C:\Documents and Settings\kato9096\桌面\168178\c.exe//ASPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jyq 檔案: C:\Documents and Settings\kato9096\桌面\168178\cmdbcs.dll
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.fts 檔案: C:\Documents and Settings\kato9096\桌面\168178\down.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jqp 檔案: C:\Documents and Settings\kato9096\桌面\168178\e.exe//PE_Patch//UPack
已刪除: 病毒 Virus.Win32.AutoRun.afd 檔案: C:\Documents and Settings\kato9096\桌面\168178\f.exe//UPX
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Delf.axx 檔案: C:\Documents and Settings\kato9096\桌面\168178\g.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jrc 檔案: C:\Documents and Settings\kato9096\桌面\168178\gddh3i32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jsn 檔案: C:\Documents and Settings\kato9096\桌面\168178\gddhi32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jtj 檔案: C:\Documents and Settings\kato9096\桌面\168178\gdgei32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jfd 檔案: C:\Documents and Settings\kato9096\桌面\168178\gdjzi32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jht 檔案: C:\Documents and Settings\kato9096\桌面\168178\gdwli32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iqw 檔案: C:\Documents and Settings\kato9096\桌面\168178\GenProtect.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Agent.uj 檔案: C:\Documents and Settings\kato9096\桌面\168178\HookHelp.sys
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jyg 檔案: C:\Documents and Settings\kato9096\桌面\168178\MsPrint32D.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.boy 檔案: C:\Documents and Settings\kato9096\桌面\168178\nlook.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.blm 檔案: C:\Documents and Settings\kato9096\桌面\168178\nlooks.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.blm 檔案: C:\Documents and Settings\kato9096\桌面\168178\pcihdd.sys
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jxx 檔案: C:\Documents and Settings\kato9096\桌面\168178\upxdnd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.jlh 檔案: C:\Documents and Settings\kato9096\桌面\168178\WinForm.dll
已刪除: 病毒 Virus.Win32.AutoRun.aen 檔案: C:\Documents and Settings\kato9096\桌面\168178\Wn_Sys8x.Sys

4个不报，已上报

显示全部楼层 · 发表于 2007-12-8 16:50:45

C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?pcihdd.sys - Win32/TrojanDownloader.Agent.BLM 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?1.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?2.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?3.exe - Win32/PSW.WOW.WU 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?4.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?5.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?6.exe - Win32/PSW.OnLineGames.YA 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?7.exe - Win32/PSW.WOW.WU 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?8.exe - Win32/PSW.OnLineGames.JER 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?a.exe - Win32/PSW.OnLineGames.JGQ 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?b.exe - Win32/PSW.OnLineGames.NFC 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?c.exe - Win32/PSW.WOW.WU 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?e.exe - Win32/PSW.OnLineGames.NFC 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?f.exe - Win32/AutoRun.EA 蠕虫
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?g.exe - Win32/PSW.WOW.WU 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?KVMonXP15.exe - 可能是 Win32/Genetik 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?nlooks.exe - Win32/Agent.NLW 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?Wn_Sys8x.Sys - Win32/AutoRun.DP 蠕虫
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?nlook.exe - Win32/PSW.WOW.WU 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?608769MM.DLL - Win32/PSW.Legendmir.NFF 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?608769WL.DLL - Win32/PSW.Legendmir.NFN 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?608769WO.DLL - Win32/PSW.Legendmir.NFF 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?cmdbcs.dll - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?gddh3i32.dll - Win32/PSW.OnLineGames.NFC 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?gddhi32.dll - Win32/PSW.OnLineGames.NFC 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?gdjzi32.dll - Win32/PSW.OnLineGames.JER 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?gdwli32.dll - Win32/PSW.OnLineGames.NHF 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?GenProtect.dll - Win32/PSW.OnLineGames.HCV 特洛伊木马
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?HookHelp.sys - Win32/PSW.OnLineGames.NFC 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?MsPrint32D.dll - Win32/PSW.OnLineGames.HCV 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?upxdnd.dll - 可能是 Win32/PSW.OnLineGames.HCV 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?WinForm.dll - 可能是 Win32/PSW.OnLineGames.HCV 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?0.exe - Win32/Jalous.P 蠕虫
C:\Documents and Settings\Administrator\桌面\样本.rar ?RAR ?down.exe - Win32/AutoRun.K 蠕虫的变种

34毒 38文件

显示全部楼层 · 发表于 2007-12-8 16:51:07

全杀

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.5.6
HC0.rlb = 3.9.4
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\0.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\1.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\2.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\3.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\4.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\5.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\6.exe 检测到 Packed.Generic.Modified
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\608769MM.DLL 检测到 Generic.nFile
[扫描] [Level 2] 在 C:\Users\干孟泽\Desktop\样本\608769WL.DLL 检测到 Trojan.WOW.wu
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\608769WO.DLL 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\7.exe 检测到 Packed.Unknown.2b6e
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\8.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\9.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\a.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\b.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\c.exe 检测到 Packed.Unknown.2b6e
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\cmdbcs.dll 检测到 Packed.Unknown.ca53
[扫描] [Level 1] 在 C:\Users\干孟泽\Desktop\样本\down.exe//UPX 检测到 Generic.Virus
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\e.exe 检测到 Packed.Generic.Modified
[扫描] [捆绑检测] 在 C:\Users\干孟泽\Desktop\样本\f.exe//UPX 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\g.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gddh3i32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gddhi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdgei32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdjzi32.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\gdwli32.dll 检测到 Generic.nFile
[扫描] [Level 2] 在 C:\Users\干孟泽\Desktop\样本\GenProtect.dll 检测到 Generic.Downloader.b
[扫描] [Level 2] 在 C:\Users\干孟泽\Desktop\样本\HookHelp.sys 检测到 Rootkit.SystemHook
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\KVMonXP15.exe 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\MsPrint32D.dll 检测到 Packed.Unknown.ca53
[扫描] [捆绑检测] 在 C:\Users\干孟泽\Desktop\样本\nlook.exe 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\nlooks.exe 检测到 Packed.Unknown.c6e7
[扫描] [Level 2] 在 C:\Users\干孟泽\Desktop\样本\pcihdd.sys 检测到 Downloader.Agent.blm
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\upxdnd.dll 检测到 Packed.Unknown.ca53
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\use15.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\user32.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Users\干孟泽\Desktop\样本\WinForm.dll 检测到 Packed.Unknown.ca53
[扫描] [nFile Detect 2] 在 C:\Users\干孟泽\Desktop\样本\Wn_Sys8x.Sys 检测到 Generic.nFile
检测到了 35 个未知的恶意程序，请上报。
任务扫描完成。共耗费的时间：0-00-00 00:00:01:0061，共扫描的文件数量：40，共扫描到的威胁数量：38，威胁率：95%，扫描速率： 37.7 文件/秒，扫描速度： 1155.21 千字节/秒，共扫描了 1225.68 千字节。

显示全部楼层 · 发表于 2007-12-8 16:55:23

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\38'
C:\Users\morgan\Documents\38\
  0.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.BN
   [INFO]    The file was deleted!
  1.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains suspicious code HEUR/Malware
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  2.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jlh.2
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  3.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
            [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  4.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains suspicious code HEUR/Malware
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  5.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Spy.Gen
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  6.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains suspicious code HEUR/Malware
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  608769WL.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!
  608769WO.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  7.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.Jer.7
   [INFO]    The file was deleted!
  9.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jti
   [INFO]    The file was deleted!
  a.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jgq.10
   [INFO]    The file was deleted!
  b.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  c.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Spy.Gen
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The fund was classified as suspicious.
   [INFO]    The file was moved to '47be5c59.qua'!
  down.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  e.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jqp.1
   [INFO]    The file was deleted!
  f.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.9
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  g.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
            [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  gddh3i32.dll
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  gddhi32.dll
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  gdgei32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtj
   [INFO]    The file was deleted!
  gdjzi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jfd
   [INFO]    The file was deleted!
  gdwli32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jht
   [INFO]    The file was deleted!
  GenProtect.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iqw.1
   [INFO]    The file was deleted!
  HookHelp.sys
   [DETECTION] Is the Trojan horse TR/PSW.Agent.UJ.1
   [INFO]    The file was deleted!
  KVMonXP15.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  MsPrint32D.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The fund was classified as suspicious.
   [INFO]    The file was moved to '47aa5c5f.qua'!
  nlook.exe
[0] Archive type: RSRC
--> Object
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  nlooks.exe
[0] Archive type: RSRC
--> Object
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  pcihdd.sys
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
   [INFO]    The file was deleted!
  upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!
  use15.dll
  user32.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  WinForm.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jlh.2
   [INFO]    The file was deleted!
  Wn_Sys8x.Sys
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.9
   [INFO]    The file was deleted!

End of the scan: 2007年12月8日  00:55
Used time: 00:06 min

The scan has been done completely.

   1 Scanning directories
   38 Files were scanned
   32 viruses and/or unwanted programs were found
   5 Files were classified as suspicious:
   35 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   15 Archives were scanned
   16 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-8 16:58:52

瑞星27个

显示全部楼层 · 发表于 2007-12-8 17:12:38

木马名称:未知间谍软件

程序:
C:\PROGRAM FILES\NLOOKS.EXE程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\4.EXE
木马程序生成以下文件:程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\5.EXE
木马程序生成以下文件:
1) C:\WINDOWS\UPXDND.EXE程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\6.EXE
木马程序生成以下文件:
1) C:\WINDOWS\CMDBCS.EXE
2) C:\WINDOWS\SYSTEM32\CMDBCS.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\7.EXE
木马程序生成以下文件:
1) C:\WINDOWS\684745M.EXE
2) C:\WINDOWS\684745MM.DLL
是否删除木马程序及其衍生物?
程序:
C:\WINDOWS\SYSTEM32\REG.EXE
修改注册表项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
是否阻止?程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\DOWN.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\TXHMOU.EXE
2) C:\SOS.EXE
是否删除木马程序及其衍生物?程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\F.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WN_SYS8X.SYS
是否删除木马程序及其衍生物?木马名称:Trojan-Downloader.Win32.Agent.jzd

程序:
C:\WINDOWS\SYSTEM32\DRIVERS\PCIHDD.SYS程序:
C:\PROGRAM FILES\INTERNET EXPLORER\NLOOKS.EXE
木马程序生成以下文件:木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\NLOOKS.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
1) C:\WINDOWS\SYSTEM32\DRIVERS\PCIHDD.SYS
是否删除木马程序及其衍生物?

是木马程序!
已成功阻止其运行,是否要删除此文件?

2) C:\WINDOWS\SYSTEM32\UPXDND.DLL
是否删除木马程序及其衍生物?

1) C:\WINDOWS\MSPRINT32D.EXE
2) C:\WINDOWS\SYSTEM32\MSPRINT32D.DLL
是否删除木马程序及其衍生物?

是木马程序!
已成功阻止其运行,是否要删除此文件?

[病毒样本] 38个

本帖子中包含更多资源

37