9

liunanyuan

.......................

绅博周幸

扫描报告
2007年12月17日 22:48:37 - 22:48:37
计算机名称: XING-PC
扫描类型: 扫描指定目标
目标: C:\Users\Xing\Desktop\Downloads\9.rar


--------------------------------------------------------------------------------

结果: 发现4个恶意软件
Trojan-Downloader.Win32.Agent.fzu (病毒)
C:\Users\Xing\Desktop\Downloads\9.rar\svcos[1].exe
Worm.Win32.Downloader.cx (病毒)
C:\Users\Xing\Desktop\Downloads\9.rar\sysupdate[1].exe
Trojan-Downloader.HTML.IFrame.bz (病毒)
C:\Users\Xing\Desktop\Downloads\9.rar\dm[1].htm
Trojan-Downloader.HTML.IFrame.by (病毒)
C:\Users\Xing\Desktop\Downloads\9.rar\eastctn[1].htm




--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 10
未扫描: 0
结果:
病毒: 4
间谍软件: 0
可疑对象: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
删除: 0
已隔离: 0
失败: 0
引导区:
已扫描: 0
受感染: 0
可疑对象: 0
已杀毒: 0


--------------------------------------------------------------------------------

选项
病毒定义版本:
病毒: 2007-12-18_02
间谍软件: 2007-12-17_10
扫描引擎:
F-Secure AVP: 7.00.171, 2007-12-17
F-Secure Libra: 2.04.01, 2007-12-17
F-Secure Orion: 1.02.37, 2007-12-18
F-Secure Draco: 1.00.35, 2007-11-28
扫描选项:
扫描指定类型的文件: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
扫描压缩包内部
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

--------------------------------------------------------------------------------

版权 © 1998-2007 产品支持 | 发送病毒样本到 F-Secure
对于 F-Secure 网页上所链接的由第三方创建和发布的材料， F-Secure 不承担任何责任。 除非已通过电子邮件或 F-Secure CGI 电子邮件向任一台服务器提交材料以清楚说明情况， 您同意 通过 F-Secure 网页或硬拷贝发布已有的材料。 单击带下划线的链接，可访问 F-Secure 公共网站。此时， 系统会在专用访问统计信息中用域名记录您的访问。 此信息不会提供给任何第三方。 您同意不针对所提交的材料向我们提出诉讼。 除非您已明确说明，否则应提交材料以保证 F-Secure 针对可能在 F-Secure 产品/出版物中采用的概念， 不承担任何责任。

Graybird

Starting the file scan:

Begin scan in 'E:\Virus\9.rar'
E:\Virus\9.rar
  [0] Archive type: RAR
  --> popn_131377_2[1].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> popn_131377_2[2].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> popn_131377_2[4].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> svcos[1].exe
      [DETECTION] Is the Trojan horse TR/Agent.23040.26
  --> sysupdate[1].exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> xpkk[1].js
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> 11[1].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Shengho
  --> dm[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Iframe.W
  --> eastctn[1].htm
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
      [WARNING]   The file was ignored!


End of the scan: 2007年12月18日  14:50
Used time: 00:19 min

The scan has been done completely.

      0 Scanning directories
     10 Files were scanned
      7 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes

伊の星

Starting the file scan:

Begin scan in 'C:\Documents and Settings\etly\桌面\9.rar'
C:\Documents and Settings\etly\桌面\9.rar
  [0] Archive type: RAR
  --> popn_131377_2[1].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> popn_131377_2[2].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> popn_131377_2[4].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Boran.1
  --> svcos[1].exe
      [DETECTION] Is the Trojan horse TR/Agent.23040.26
  --> sysupdate[1].exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> xpkk[1].js
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> 11[1].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Shengho
  --> dm[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Iframe.W
  --> eastctn[1].htm
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
      [INFO]      The file was deleted!

伊の星

看来样本区也需要速度发帖~~

扫描进行于：2007-12-18 15:20:06
扫描日志
NOD32版本 2729 (20071218) NT
命令行： F:\virus\9.rar

日期： 18.12.2007  时间：15:20:07
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：F:\virus\9.rar
F:\virus\9.rar >>RAR >>svcos[1].exe - 未查明的 NewHeur_PE 病毒 [7]
F:\virus\9.rar >>RAR >>sysupdate[1].exe - Win32/Jalous 蠕虫的变种
F:\virus\9.rar >>RAR >>11[1].js - VBS/TrojanDownloader.Psyme.NDO 木马
已扫描的文件数目：9
已发现的病毒数目：3
完成时间： 15:20:07 总扫描时间：0 秒 (00:00:00)

注意：
[7] 该文件可能感染上未知病毒。

Graybird

The file 'xpkk[1].js' has been determined to be 'MALWARE'. Our analysts named the threat VBS/Dldr.Agent.CE. The term "VBS/" denotes a Visual Basic script-virus.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Exploit.HTML.

The file 'eastctn[1].htm' has been determined to be 'MALWARE'. Our analysts named the threat HTML/Dldr.Iframe.AG. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Exploit.HTML.

啊弥陀佛

微点砍掉

挪威的冬天

对网页继续不敏感。。。

信息 2007-12-18  19:18:28 您此次查毒共查出2个病毒以及危险代码   
信息 2007-12-18  19:18:28 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件11个   
信息 2007-12-18  19:18:28 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒   
病毒 2007-12-18  19:18:28 C:\Documents and Settings\Norways Winter\桌面\9.rar\sysupdate[1].exe Win32.Hack.AgentT.ty.131072 跳过，未处理
病毒 2007-12-18  19:18:28 C:\Documents and Settings\Norways Winter\桌面\9.rar\svcos[1].exe Win32.TrojDownloader.Agent.126976 跳过，未处理

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Mnless.zyt  

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.23.11