9个

显示全部楼层 · 发表于 2007-12-20 23:45:52

小A杀了两个

显示全部楼层 · 发表于 2007-12-21 13:04:31

扫描进行于：2007-12-21 13:02:03
扫描日志
NOD32版本 2740 (20071221) NT
命令行： Z:\9.rar
日期： 21.12.2007 时间：13:02:05
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：Z:\9.rar
Z:\9.rar >>RAR >>s5vgh2u.dll - 可能是 Win32/TrojanDownloader.Agent.NPO 木马的一个变种
Z:\9.rar >>RAR >>tempaq - Win32/TrojanDownloader.QQHelper.NDW 木马的变种
Z:\9.rar >>RAR >>viyr.sys - Win32/Rootkit.Agent.NCK 木马的变种
Z:\9.rar >>RAR >>y2vnsx.sys - Win32/Rootkit.Agent.NBQ 木马的变种
已扫描的文件数目：9
已发现的病毒数目：4
完成时间： 13:02:07 总扫描时间：2 秒 (00:00:02)

显示全部楼层 · 发表于 2007-12-28 16:34:02

红伞全秒

显示全部楼层 · 发表于 2007-12-28 16:51:46

冷门杀软秒掉4个

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2007-12-28, 6:07

Scan name: [Custom Scan]
Path to scan: F:\|

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-12-28, 16:49:37
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive G:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Clean] F:\18 WoS American Long Haul\config.cfg
[Clean] F:\18 WoS American Long Haul\controls.def
[Clean] F:\18 WoS American Long Haul\prism3d.log
[Clean] F:\18 WoS American Long Haul\save\1\game.sii
[Clean] F:\18 WoS American Long Haul\save\1\info.sii
[Clean] F:\18 WoS American Long Haul\save\1\preview.mat
[Clean] F:\18 WoS American Long Haul\save\1\preview.tga
[Clean] F:\18 WoS American Long Haul\save\1\preview.tobj
[Clean] F:\18 WoS American Long Haul\save\2\game.sii
[Clean] F:\18 WoS American Long Haul\save\2\info.sii
[Clean] F:\18 WoS American Long Haul\save\2\preview.mat
[Clean] F:\18 WoS American Long Haul\save\2\preview.tga
[Clean] F:\18 WoS American Long Haul\save\2\preview.tobj
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00001.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00002.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00005.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00006.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00007.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00009.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00013.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00014.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00015.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00016.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00019.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00021.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00023.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00024.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00025.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00026.JPG
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00026.png
[Clean] F:\18 WoS American Long Haul\screenshot\alh_00029.png
[Clean] F:\9.rar->收藏.url
[Clean] F:\9.rar->logo[1].jpg
[Clean] F:\9.rar->logo[3].jpg
[Clean] F:\9.rar->logo[4].jpg
[Clean] F:\9.rar->rm6_stat[1].js
[Found downloader] <W32/Downloader.A.gen!Eldorado (not disinfectable, generic)> F:\9.rar->s5vgh2u.dll
[Found downloader] <W32/Downloader!969d (exact, not disinfectable)> F:\9.rar->tempaq
[Found adware] <W32/Cinmus.E.gen!Eldorado (not disinfectable, generic)> F:\9.rar->viyr.sys
[Found security risk] <W32/SYStroj.B.gen!Eldorado (not disinfectable, generic)> F:\9.rar->y2vnsx.sys
[Contains infected objects] F:\9.rar
[Quarantined] F:\9.rar->y2vnsx.sys
[Clean] F:\Diskeeper\IFaastRegions.dat
[Clean] F:\Extratorrent_com_18_Wheels_of_Steel_American_Long_Haul-ice187.torrent
[Clean] F:\ProfileList.dat
[Clean] F:\RECYCLER\S-1-5-21-343818398-1123561945-1801674531-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-343818398-1123561945-1801674531-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\INFO2
[Clean] F:\RECYCLER\S-1-5-21-776561741-651377827-725345543-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-776561741-651377827-725345543-500\INFO2
[Clean] F:\rwwwshell-1_6[1].rar->rwwwshell-1_6.pl
[Clean] F:\rwwwshell-1_6[1].rar
[Clean] F:\Zilder\Photo\20071214204950.jpg
[Clean] F:\Zilder\Photo\20071214204950.jpg.small
[Clean] F:\Zilder\Photo\20071214224029.jpg
[Clean] F:\Zilder\Photo\20071214224029.jpg.small
[Clean] F:\Zilder\playersave\commondt.sav
[Clean] F:\Zilder\playersave\playersave
[Clean] F:\Zilder\playersave2\commondt.sav
[Clean] F:\Zilder\playersave2\playersave
[Clean] F:\Zilder\Radio\My\01 TAKE ME TO YOUR HEART.wma
[Clean] F:\Zilder\Radio\My\02 STOP STOP STOP.wma
[Clean] F:\Zilder\Radio\My\02.MP3
[Clean] F:\Zilder\Radio\My\04(2).mp3
[Clean] F:\Zilder\Radio\My\06(1).mp3
[Clean] F:\Zilder\Radio\My\07.mp3
[Clean] F:\Zilder\Radio\My\11(1).mp3
[Clean] F:\Zilder\Radio\My\11(2).mp3
[Clean] F:\Zilder\Radio\My\12.mp3
[Clean] F:\Zilder\Radio\My\13 QUIT PLAYING GAME.wma
[Clean] F:\Zilder\Radio\My\198087.mp3
[Clean] F:\Zilder\Radio\My\20030308442881.wma
[Clean] F:\Zilder\Radio\My\20061212175916809.wma
[Clean] F:\Zilder\Radio\My\all_i_have_to_do_is_dream.mp3
[Clean] F:\Zilder\Radio\My\Billy Idol - White wedding.mp3
[Clean] F:\Zilder\Radio\My\bluenight.mp3
[Clean] F:\Zilder\Radio\My\Dragostea Din Tei.mp3
[Clean] F:\Zilder\Radio\My\evergreen.mp3
[Clean] F:\Zilder\Radio\My\Far_Away_From_Home.mp3
[Clean] F:\Zilder\Radio\My\peerless darin.mp3
[Clean] F:\Zilder\Radio\My\The_day_you_went_away.mp3
[Clean] F:\Zilder\Radio\My\yzdxl-rhythm of the rain.mp3
[Clean] F:\Zilder\Radio\Radio Bot\9 Volter - Colour of Fire.mp3
[Clean] F:\Zilder\Radio\Radio Bot\Alpine Stars - Carbon Kid.mp3
[Clean] F:\Zilder\Radio\Radio Bot\Back Again - Boy Kill Boy.mp3
[Clean] F:\Zilder\Radio\Radio Bot\finally free - clearlake.mp3
[Clean] F:\Zilder\Radio\Radio Bot\Fix the Cracks - Humanzi.mp3
[Clean] F:\Zilder\Radio\Radio Bot\handshakes - metric.mp3
[Clean] F:\Zilder\Radio\Radio Bot\Here we go - Broken Dolls.mp3
[Clean] F:\Zilder\Radio\Radio Bot\Radio Tokyo - Vanlustenbader.mp3
[Clean] F:\Zilder\Radio\Radio Bot\The Remedy - Seether.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Hungarian Dance N4 - Brahms.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Ride Of The Valkyries - Wagner.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Sonata A Maj 'Alla Turca - Mozart.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Swan Lake - Tchaikovsky.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Symphony N5 - Beethoven.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Symphony N9 - Dvorak.mp3
[Clean] F:\Zilder\Radio\Radio Classik\The 4 Seasons  Summer - Vivaldi.mp3
[Clean] F:\Zilder\Radio\Radio Classik\The Magic Flute - Mozart.mp3
[Clean] F:\Zilder\Radio\Radio Classik\Toccata In D Min - Bach.mp3
[Clean] F:\Zilder\Radio\Radio Classik\William Tel Overture - Rossini.mp3
[Clean] F:\Zilder\Radio\Radio Djey\And I'm hip - Sgt.Rock.mp3
[Clean] F:\Zilder\Radio\Radio Djey\Angels Go Bald Too - Howie B.mp3
[Clean] F:\Zilder\Radio\Radio Djey\another excuse - soulwax.mp3
[Clean] F:\Zilder\Radio\Radio Djey\captain korma - the orb.mp3
[Clean] F:\Zilder\Radio\Radio Djey\compute - soulwax.mp3
[Clean] F:\Zilder\Radio\Radio Djey\feels closer - layo & bushwacka.mp3
[Clean] F:\Zilder\Radio\Radio Djey\no love - roots manuva.mp3
[Clean] F:\Zilder\Radio\Radio Djey\purple sah vs the light - gus gus.mp3
[Clean] F:\Zilder\Radio\Radio Djey\rise to the challenge - AsianDubF.mp3
[Clean] F:\Zilder\Radio\Radio Djey\Time2MoveOn - Will Hensal.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\(I'm A) Roadrunner - Jr. Walker.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\(them) Changes - Buddy Miles.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\cissy popcorn - preston love.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\follow me home - yonderboi.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\Funk Number 49 - James Gang.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\Funky Soul - Bobby Byrd.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\Ratpack - Roger James Cooke.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\slingshot - lefties soul connection.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\Supernatural - Cerrone.mp3
[Clean] F:\Zilder\Radio\Sweet Radio\Who Do You Love - Juicy Lucy.mp3

---------------------------------------------------------------------
Scan ended: 2007-12-28, 16:49:41
Duration: 0:00:04

Scan result:

Scanned files:    117
Infected objects:    4
Disinfected objects:    0
Quarantined files:    1
---------------------------------------------------------------------

显示全部楼层 · 发表于 2007-12-28 19:50:59

原帖由 gho 于 2007-12-20 22:45 发表
卡巴剩下的一个未报

你是什麼版本?我只杀了4个
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Hmir.mm 檔案: C:\Documents and Settings\kato9096\桌面\174153\s5vgh2u.dll
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Hmir.mm 檔案: C:\Documents and Settings\kato9096\桌面\174153\tempaq
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Hmir.mm 檔案: C:\Documents and Settings\kato9096\桌面\174153\viyr.sys
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Hmir.mm 檔案: C:\Documents and Settings\kato9096\桌面\174153\y2vnsx.sys

不报的上报

显示全部楼层 · 发表于 2007-12-30 07:57:56

C:\Users\Wesley\Downloads\9.rar » RAR » s5vgh2u.dll - probably a variant of Win32/TrojanDownloader.Agent.NPO trojan
C:\Users\Wesley\Downloads\9.rar » RAR » tempaq - a variant of Win32/TrojanDownloader.QQHelper.NDW trojan
C:\Users\Wesley\Downloads\9.rar » RAR » viyr.sys - a variant of Win32/Rootkit.Agent.NCK trojan
C:\Users\Wesley\Downloads\9.rar » RAR » y2vnsx.sys - a variant of Win32/Rootkit.Agent.NBQ trojan

显示全部楼层 · 发表于 2007-12-30 08:00:50

---------------------------------------------------------
ewido anti-spyware - 扫描报告
---------------------------------------------------------

+ 创建时间: 8:01:00 2007-12-30

+ 扫描结果:

E:\9.rar/s5vgh2u.dll -> Downloader.Hmir.mm : 未进行操作.
E:\9.rar/viyr.sys -> Downloader.Hmir.mm : 未进行操作.
E:\9.rar/y2vnsx.sys -> Downloader.Hmir.mm : 未进行操作.

::报告结束

显示全部楼层 · 发表于 2007-12-30 08:27:27

卡巴杀了四个

显示全部楼层 · 发表于 2007-12-31 17:55:31

Hello,

##.url, rm6_stat[1].js_

No malicious code were found in these files.

logo[1].jpg_, logo[3].jpg_, logo[4].jpg_

These files are corrupted.

Please quote all when answering.

--
Best regards, Namestnikov Yury
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2007-12-31 18:17:07

红伞9只全

Starting the file scan:

Begin scan in 'f:\yuki\桌面\9.rar'
f:\yuki\桌面\9.rar
  [0] Archive type: RAR
  --> ÊÕ²Ø.url
   [DETECTION] Is the Trojan horse TR/Farfli.A.6
  --> logo[1].jpg
   [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
  --> logo[3].jpg
   [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
  --> logo[4].jpg
   [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
  --> rm6_stat[1].js
   [DETECTION] Contains detection pattern of the Java script virus JS/Spy.Agent.A
  --> s5vgh2u.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> tempaq
   [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
  --> viyr.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> y2vnsx.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!

[病毒样本] 9个

ESET Smart Security 4

浏览过的版块