[可疑文件] 11

显示全部楼层 · 发表于 2014-7-9 11:34:57

本帖最后由 lizw9382 于 2014-7-9 13:52 编辑

http://rghost.net/56798003

显示全部楼层 · 发表于 2014-7-9 12:02:50

显示全部楼层 · 发表于 2014-7-9 12:30:18

显示全部楼层 · 发表于 2014-7-9 12:31:59

费尔+数字

显示全部楼层 · 发表于 2014-7-9 12:44:34

卡巴斯基杀

显示全部楼层 · 发表于 2014-7-9 13:14:12

火绒三杀

显示全部楼层 · 发表于 2014-7-9 13:51:09

本帖最后由 fzshot 于 2014-7-10 06:40 编辑

Dr.Web 5x kill 6x miss

Object(s) to scan:
- C:\Users\PRODUCTION I.G\Desktop\11

>C:\Users\PRODUCTION I.G\Desktop\11\2014-07-08-Sweet-Orange-EK-malware-payload.exe - packed by FLY-CODE
C:\Users\PRODUCTION I.G\Desktop\11\FlashPlayer__4369_i1017315282_il26.exe - is adware program Adware.Downware.5717
C:\Users\PRODUCTION I.G\Desktop\11\FlashPlayer__4369_i1017315282_il26.exe - infected
>C:\Users\PRODUCTION I.G\Desktop\11\JavaSetup7u60.exe - packed by FLY-CODE
C:\Users\PRODUCTION I.G\Desktop\11\zbrush-4r6.exe - infected with Trojan.Packed.24524
C:\Users\PRODUCTION I.G\Desktop\11\zbrush-4r6.exe - infected
C:\Users\PRODUCTION I.G\Desktop\11\2014-07-08-Sweet-Orange-EK-malware-payload.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\944b0e3db52bdbb268e694b22c466d20 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\84a69b32fef13f7c514e8972e86711c8 - Ok
>>C:\Users\PRODUCTION I.G\Desktop\11\JavaSetup7u60.exe is NSIS container
C:\Users\PRODUCTION I.G\Desktop\11\JavaSetup7u60.exe - container
>C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe is ZIP archive
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\finish.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\loading.gif - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\loading.xml - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\logo.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\main.xml - Ok
>C:\Users\PRODUCTION I.G\Desktop\11\الحكومة تخشى تكرار أزمة غزة عند إعلانها صرف رواتب الشهر الماضي.exe is AUTOIT container
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\next.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\pos_download.png - Ok
>>C:\Users\PRODUCTION I.G\Desktop\11\الحكومة تخشى تكرار أزمة غزة عند إعلانها صرف رواتب الشهر الماضي.exe\Users\h.p\AppData\Local\AutoIt v3\Aut2Exe\autE983.tmp.tok - packed by ASCRIPT
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\pos_download_left.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\pos_download_right.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\skin.xml - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\soft.png - Ok
>>C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\style.xml is JS-HTML container
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\style.xml - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\accept.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\bg.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\bg_download.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\bk_pane_bottom.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\booksreport_scroll_bg.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\booksreport_scroll_thumb.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\btn_sys_minimize.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\checkbox_normal.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe\download_ok.png - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\java_installer.exe - archive
C:\Users\PRODUCTION I.G\Desktop\11\الحكومة تخشى تكرار أزمة غزة عند إعلانها صرف رواتب الشهر الماضي.exe - container
>C:\Users\PRODUCTION I.G\Desktop\11\HD CODEC setup3.exe is NSIS container
>>C:\Users\PRODUCTION I.G\Desktop\11\HD CODEC setup3.exe\_殌\md5dll.dll - packed by UPX
C:\Users\PRODUCTION I.G\Desktop\11\gburner3-x64.exe - is adware program Adware.Conduit.82
C:\Users\PRODUCTION I.G\Desktop\11\gburner3-x64.exe - infected
>>C:\Users\PRODUCTION I.G\Desktop\11\HD CODEC setup3.exe\nungmoviehd_downloader_by_nungmoviehd.exe is NSIS container
C:\Users\PRODUCTION I.G\Desktop\11\HD CODEC setup3.exe\nungmoviehd_downloader_by_nungmoviehd.exe\biclient.exe - is adware program Adware.Somoto.17
C:\Users\PRODUCTION I.G\Desktop\11\HD CODEC setup3.exe - infected container
>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe is NSIS container
>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi is OLE container
>>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000 is CAB archive
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\AxCrypt.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\AxCrypt2Go.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\AxDecrypt.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\ChangeLog.txt - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\Config.xml - Ok
>>>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\License.rtf is RTF container
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\License.rtf - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\Messages.dll - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\ReadMe.html - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\RelNotes.txt - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\ShellExt.dll - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000\Sigs.xml - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream000 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream001 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi\stream002 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-Win32-en-US.msi - Ok
>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi is OLE container
>>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000 is CAB archive
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\AxCrypt.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\AxCrypt2Go.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\AxDecrypt.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\ChangeLog.txt - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\Config.xml - Ok
>>>>C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\License.rtf is RTF container
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\License.rtf - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\Messages.dll - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\ReadMe.html - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\RelNotes.txt - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\ShellExt.dll - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000\Sigs.xml - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream000 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream001 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi\stream002 - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\AxCrypt-1.7.2976.0-x64-en-US.msi - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\_殌\OCSetupHlp.dll - is adware program Adware.OpenCandy.7
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\_殌\OCSetupHlp.dll - infected
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\_殌\System.dll - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe\Call - Ok
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe - infected container
C:\Users\PRODUCTION I.G\Desktop\11\AxCrypt-1.7.2976.0-Setup.exe - infected container

Rest to Dr.Web

Original file name: 84a69b32fef13f7c514e8972e86711c8       This file presents no threat to your system.
Original file name: 944b0e3db52bdbb268e694b22c466d20       Threat: Trojan.Packed.28198
Original file name: java_installer.exe       Threat: Adware.Downware.5721
Original file name: 2014-07-08-Sweet-Orange-EK-malware-payload.exe       Threat: BackDoor.Qbot.228
Original file name: JavaSetup7u60.exe       Threat: Adware.Downware.5719, Adware.Downware.5720
Original file name: الحكومة تخشى تكرار أزمة غزة عند إعلانها صرف رواتب الشهر الماضي.exe       Threat: VBS.Worm.23

显示全部楼层 · 发表于 2014-7-9 15:58:15

楼主下次能不能弄个国内网盘，国外的下到一半停住不动

[可疑文件] 11

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源