微点砍.玩主防的来测测

显示全部楼层 · 发表于 2007-12-15 00:35:08

过费尔动态防御

显示全部楼层 · 发表于 2007-12-15 00:40:13

UGuard Log (Digital Fox - gankeyu@126.com) - AutoProtect Log
保护模块版本: 1.5.8
* 反Rootkit : 启动
* 反广告 : 启动
* 注册表监视 : 启动
* 行为分析 : 启动
* 关联分析 : 启动
* 词汇过滤 : 启动但仅提示
* 简洁报告 : 启用

WScript.exe 试图进行未授权的活动。 - 拒绝
手动回滚 - WScript.exe 由于用户可能感染了 Generic.ScriptVirus - 自动处理
WScript.exe 签名验证成功，已被忽略。
自动处理 - 扫描到 WScript.exe 的命令行包含 Administrator.vbs ，已被隔离。

显示全部楼层 · 发表于 2007-12-15 00:45:06

卡巴过~~~~~~~

显示全部楼层 · 发表于 2007-12-15 00:47:38

没过卡巴，报已知

The requested URL http://bbs.kafan.cn/attachment.php?aid=168549 is infected with Worm.VBS.Headtail.a virus

显示全部楼层 · 发表于 2007-12-15 00:54:10

我是说主防过了~~

显示全部楼层 · 发表于 2007-12-15 01:15:46

1) D:\DELL.VBS
2) D:\AUTORUN.INF
3) C:\AUTORUN.INF
4) E:\AUTORUN.INF
5) C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ADDR_FILE.HTML
6) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\16421031946[1].HTM
7) C:\DOCUMENTS AND SETTINGS\DELL\LOCALSETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADFSHOW[1].HTM
8) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADFSHOW[3].HTM
8) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADFSHOW[3].HTM
9) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADV[1].HTM
10) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADV[2].HTM
11) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADV[3].HTM
12) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADV[4].HTM
13) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ADV[5].HTM
14) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\6QEZRWVE\ALIMAMAL[1].HTM

[ 本帖最后由 scottxzt 于 2007-12-15 01:17 编辑 ]

显示全部楼层 · 发表于 2007-12-15 01:59:10

Starting the file scan:

Begin scan in 'K:\Administrator.rar'
K:\Administrator.rar
  [0] Archive type: RAR
  --> Administrator.vbs
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Changeset.A
   [INFO]    A backup was created as '47cfc4ad.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-12-15 02:16:45

不玩主防的可以吗？？

显示全部楼层 · 发表于 2007-12-15 07:40:04

2007-12-15 7:39:52 1197675592 SYSTEM 1184 Sign of "VBS:Agent-BC" has been found in "http://bbs.kafan.cn/attachment.php?aid=168549\Administrator.vbs" file.

显示全部楼层 · 发表于 2007-12-15 07:43:10

C:\Users\Wesley\Downloads\Administrator.rar » RAR » Administrator.vbs - VBS/Invadesys.A virus

[病毒样本] 微点砍.玩主防的来测测

本帖子中包含更多资源

本帖子中包含更多资源

ESET Smart Security

浏览过的版块