33个 clamwin13个 红伞32个

lanvin

Scan Started Mon Dec 10 03:58:24 2007
-------------------------------------------------------------------------------


C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_16.exe: Trojan.Crypted-4 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_9.exe: Trojan.Zhelatin FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_34.exe: Trojan.Downloader-17106 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_17.exe: Trojan.Downloader-12752 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_36.exe: Trojan.PcClient-260 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_19.exe: Trojan.Crypted-4 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_3.exe: Trojan.Packed-70 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_10.exe: Trojan.Dropper-2466 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_11.exe: Trojan.Delf-1428 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_28.EXE: Trojan.Crypted-4 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\not-a-virus AdWare.Win32.Thesa.c.exe: Trojan.Crypted-3 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Backdoor.Win32.Hupigon.zjo.exe: Trojan.Crypted-4 FOUND
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\Test_33.exe: Trojan.Crypted-4 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 174215
Engine version: 0.91.2
Scanned directories: 1
Scanned files: 33
Skipped non-executable files: 0
Infected files: 13

Data scanned: 1.70 MB
Time: 11.517 sec (0 m 11 s)
--------------------------------------
Completed
--------------------------------------

[ 本帖最后由 lanvin 于 2007-12-10 03:59 编辑 ]

lanvin

Analysis Report for Test_28.EXE        Comment on this report


Summary:Description         Risk
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.        
Changes security settings of Internet Explorer: This system alteration could seriousley affect safety surfing the World Wide Web.
具体分析：http://analysis.seclab.tuwien.ac ... 533a0&refresh=1
详细介绍情看我的blog：http://hi.baidu.com/tomatolabs/b ... 34fff8fbed50d9.html

7even

NOD32  V3.0 扫描结果

正在扫描日志
病毒库版本: 2711 (20071207)
日期: 2007-12-9  时间: 21:32:37
已扫描的磁盘、文件夹和文件: D:\Mes documents\桌面\新建文件夹 (2).rar
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_1.exe - Win32/Ceckno.DL 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_14.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_20.exe - 未查明的 NewHeur_PE 病毒 [7]
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_25.exe - Win32/Ceckno.DL 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_29.exe - Win32/Bifrose.BKR 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_34.exe - Win32/TrojanDownloader.Agent.NTA 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_17.exe ?NSIS ?aabb.exe - Win32/TrojanDownloader.Agent.BYS 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_36.exe - Win32/PcClient.ZI 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_19.exe - 可能是 Win32/TrojanDownloader.Delf.NSA 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_7.exe - Win32/TrojanDropper.Delf.NFH 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_24.exe - Win32/Packed.PEArmor.Gen 应用程序
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_10.exe - Win32/TrojanDropper.Delf.NFG 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_11.exe - Win32/Delf.VE 特洛伊木马
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_28.EXE ?CAB ?复件QQ~1.EXE - 可能是 Win32/Genetik 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\not-a-virus AdWare.Win32.Thesa.c.exe - Win32/Agent.NEJ 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Backdoor.Win32.Hupigon.zjo.exe - 可能是 Win32/TrojanDownloader.Delf.NSA 特洛伊木马 的变种
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_31.exe - Win32/Jalous.N 蠕虫
D:\Mes documents\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\Test_33.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
已扫描的对象数: 37
发现的威胁数: 18
完成时间: 21:33:07  总扫描时间: 30 秒 (00:00:30)

[ 本帖最后由 7even 于 2007-12-9 21:49 编辑 ]

绅博周幸

Starting the file scan:

Begin scan in 'C:\Users\Xing\Downloads\新建文件夹_(2).rar'
C:\Users\Xing\Downloads\新建文件夹_(2).rar
  [0] Archive type: RAR
  --> н¨Îļþ¼Ð (2)\Test_1.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ceckno.FP.3 Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_14.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> н¨Îļþ¼Ð (2)\Test_16.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> н¨Îļþ¼Ð (2)\Test_18.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.MT.1
  --> н¨Îļþ¼Ð (2)\Test_5.exe
      [DETECTION] Is the Trojan horse TR/Expl.Agent.BB
  --> н¨Îļþ¼Ð (2)\Test_20.exe
      [DETECTION] Is the Trojan horse TR/Agent.2856
  --> н¨Îļþ¼Ð (2)\Test_22.exe
      [DETECTION] Contains detection pattern of the SPR/Hoax.Spycar.A.10 program
  --> н¨Îļþ¼Ð (2)\Test_23.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.fod
  --> н¨Îļþ¼Ð (2)\Test_9.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.my
  --> н¨Îļþ¼Ð (2)\Test_25.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> н¨Îļþ¼Ð (2)\Test_26.exe
      [DETECTION] Is the Trojan horse TR/Drop.Enpeca
  --> н¨Îļþ¼Ð (2)\Test_29.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.BKY Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_13.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.ZZ.3 Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_32.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> н¨Îļþ¼Ð (2)\Test_15.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> н¨Îļþ¼Ð (2)\Test_34.exe
      [DETECTION] Is the Trojan horse TR/Dldr.SpyShredder
  --> н¨Îļþ¼Ð (2)\Test_17.exe
      [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.bys.4
  --> н¨Îļþ¼Ð (2)\Test_36.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.ZI.7 Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_19.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> н¨Îļþ¼Ð (2)\Test_3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> н¨Îļþ¼Ð (2)\Test_21.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> н¨Îļþ¼Ð (2)\Test_6.exe
      [DETECTION] Is the Trojan horse TR/Patched.Service
  --> н¨Îļþ¼Ð (2)\Test_7.exe
      [DETECTION] Is the Trojan horse TR/PCK.CPEX-based.R
  --> н¨Îļþ¼Ð (2)\Test_24.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> н¨Îļþ¼Ð (2)\Test_10.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> н¨Îļþ¼Ð (2)\Test_11.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Delf.VE.2 Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_27.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.OF.36
  --> н¨Îļþ¼Ð (2)\not-a-virus AdWare.Win32.Thesa.c.exe
      [DETECTION] Is the Trojan horse TR/ChangeDate
  --> н¨Îļþ¼Ð (2)\Backdoor.Win32.Hupigon.zjo.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> н¨Îļþ¼Ð (2)\Test_30.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.ajh.6 Backdoor server programs
  --> н¨Îļþ¼Ð (2)\Test_31.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.23552
  --> н¨Îļþ¼Ð (2)\Test_33.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.ctc Backdoor server programs
      [WARNING]   The file was ignored!


End of the scan: 2007年12月9日  12:48
Used time: 00:13 min

The scan has been done completely.

      0 Scanning directories
     35 Files were scanned
     30 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes


25,25,28 are sent to Avira

绅博周幸

We received the following archive files:



File ID  Filename  Size (Byte) Result
3396640  新建文件夹_(2).rar 95.82 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3396641  Test_25.exe  20.1 KB  UNDER ANALYSIS
2255626  Test_15.exe  32.61 KB  MALWARE
3396633  Test_28.EXE  95.5 KB  UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:

Filename Result
Test_25.exe  UNDER ANALYSIS

The file 'Test_25.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
Test_15.exe  MALWARE

The file 'Test_15.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/Small.TH. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.00.01.55. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

Filename Result
Test_28.EXE  UNDER ANALYSIS

The file 'Test_28.EXE' has been determined to be 'UNDER ANALYSIS'.


--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

7even

25,25,28 are sent to Avira

应该是是 25 .15 .28 file吧....
德国人的办事效率蛮高的~
nod32 v3.0病毒库还是停留在 12月07日

mofunzone

红伞漏掉的那个是变形压缩包的原因，我把那个文件当成bur report扔给v8测试的那群人了，说引擎没法解包，希望v8能更改。。

HC303

毒霸10+1，瑞星18，红伞30+2

cageblue

F-Secure 7.1
已掃描:

• 檔案: 34
• 未掃描: 0

結果:

• 病毒: 29
• 間諜軟體: 1
• 可疑項目: 1
• 危險軟體: 0

選項定義版本:

• 病毒: 2007-12-09_02
• 間諜軟體: 2007-12-09_01

掃描引擎:

• F-Secure AVP: 7.00.171, 2007-12-09
• F-Secure Libra: 2.04.01, 2007-11-28
• F-Secure Orion: 1.02.37, 2007-12-09
• F-Secure Draco: 1.00.35, 2007-11-28

掃描選項:

啊弥陀佛

木马名称:Backdoor.Win32.EggDrop.avv
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_14.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Injecter.ao
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_18.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.ncw
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_20.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.GreyPigeon.bsp
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_13.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Delf.hyq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_32.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
恶意程序名称:Hoax.Win32.Renos.lh
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_34.EXE
是恶意程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Agent.jee
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_17.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
恶意程序名称:Packed.Win32.CPEX-based.af
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_7.EXE
是恶意程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Dropper.Win32.Agent.fet
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_10.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Delf.ccq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_11.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\BACKDOOR.WIN32.HUPIGON.ZJO.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_1.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\TEST_1.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_3.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SVCHOST.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_15.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\EVENR.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_16.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_19.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_23.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_33.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SNOWFALL.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_36.EXE
病毒程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\NETTPM.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_28.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\IXP000.TMP\复件QQ~1.EXE
2) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\ATMQQ2.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_27.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\NEROCHECK.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_25.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\TEST_25.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_26.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (2)\新建文件夹 (2)\TEST_29.EXE
是否删除木马程序及其衍生物?