[病毒样本] 2/4

显示全部楼层 · 发表于 2008-1-7 22:50:45

Begin scan in 'D:\Downloads\样本\010702.rar'
D:\Downloads\样本\010702.rar
  [0] Archive type: RAR
  --> start2.exe
   [DETECTION] Is the Trojan horse TR/Dialer.CJ.2777
  --> is6ge.dll
   [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
  --> gdnVE1733.exe
   [DETECTION] Is the Trojan horse TR/Small.Crypted.Gen
  --> cartao.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> dodolook412.exe
   [DETECTION] Contains detection pattern of the dropper DR/Cinmus.aiu
  --> 899151422.exe
   [DETECTION] Contains detection pattern of the dial-up program DIAL/302391
  --> toolbar_uninstall.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
   [WARNING] The file was ignored!

End of the scan: 2008年1月7日  22:47
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   9 Files were scanned
   7 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-7 22:51:50

C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » start2.exe - a variant of Win32/Dialer trojan
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » is6ge.dll - a variant of Win32/Adware.BHO.V application
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » gdnVE1733.exe - a variant of Win32/TrojanDownloader.Busky.BU trojan
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » cartao.exe - Win32/TrojanDownloader.Banload.NJE trojan
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » dodolook412.exe » NSIS » 84.exe » NSIS » DoSSSetup.dll - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » dodolook412.exe » NSIS » 84.exe » NSIS » acpidisk.sys - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » 899151422.exe - a variant of Win32/Dialer trojan
C:\Documents and Settings\Don johnson\桌面\010702.rar » RAR » toolbar_uninstall.exe - Win32/Obfuscated.A1 trojan

显示全部楼层 · 发表于 2008-1-7 22:52:42

卡巴

已删除: 木马程序 Trojan.Win32.Dialer.cj 文件: F:\病毒样本\010702.rar/start2.exe//UPX
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.v 文件: F:\病毒样本\010702.rar/is6ge.dll
已删除: 木马程序 Trojan-Downloader.Win32.Obfuscated.n 文件: F:\病毒样本\010702.rar/gdnVE1733.exe
已删除: 木马程序 Trojan-Downloader.Win32.Dadobra.mk 文件: F:\病毒样本\010702.rar/cartao.exe//ASPack
已删除: 广告程序 not-a-virus:AdWare.Win32.Cinmus.aiu 文件: F:\病毒样本\010702.rar/dodolook412.exe//stream//data0002//data0003
已删除: 广告程序 not-a-virus:AdWare.Win32.Cinmus.aiu 文件: F:\病毒样本\010702.rar/dodolook412.exe//stream//data0002//data0004
已删除: 木马程序 Trojan.Win32.Dialer.cj 文件: F:\病毒样本\010702.rar/899151422.exe//UPX
已删除: 木马程序 Trojan.Win32.Obfuscated.bx 文件: F:\病毒样本\010702.rar/toolbar_uninstall.exe

显示全部楼层 · 发表于 2008-1-8 00:55:57

D:\1\010702.rar\start2.exe - is a Dialer program Dialer.Virgilio
D:\1\010702.rar\is6ge.dll - is an AdWare program Adware.Crew
D:\1\010702.rar\gdnVE1733.exe - infected with Trojan.DownLoader.based
D:\1\010702.rar\cartao.exe - infected with Trojan.DownLoader.14413
D:\1\010702.rar\899151422.exe - is a Dialer program Dialer.Virgilio
D:\1\010702.rar\toolbar_uninstall.exe - infected with Trojan.Packed.149

Archive contains 6 infected items

对象: 899151422.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: Trojan.Win32.Dialer.cj (KAV 引擎), Win32:Dialer-gen [Trj] (AVST 引擎)
对象: cartao.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: Trojan-Downloader.Win32.Dadobra.mk (KAV 引擎), Win32:Trojan-gen {Other} (AVST 引擎)
对象: stream/data0002 data0003
在压缩档案里: D:\1\010702\dodolook412.exe
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.aiu (KAV 引擎)
对象: stream/data0002 data0004
在压缩档案里: D:\1\010702\dodolook412.exe
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.aiu (KAV 引擎)
对象: dodolook412.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.aiu (2x) (KAV 引擎)
对象: gdnVE1733.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: Trojan-Downloader.Win32.Obfuscated.n (KAV 引擎), Win32:Downloader-gen [Trj] (AVST 引擎)
对象: is6ge.dll
路径: D:\1\010702
狀態: 已发现病毒
病毒: not-a-virus:AdWare.Win32.BHO.v (KAV 引擎), Win32:Klone-BL [Trj] (AVST 引擎)
对象: start2.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: Trojan.Win32.Dialer.cj (KAV 引擎), Win32:Dialer-gen [Trj] (AVST 引擎)
对象: toolbar_uninstall.exe
路径: D:\1\010702
狀態: 已发现病毒
病毒: Trojan.Win32.Obfuscated.bx (KAV 引擎), Win32:Obfuscated-BPO [Trj] (AVST 引擎)

显示全部楼层 · 发表于 2008-1-8 03:22:17

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:22:30 2008-1-8

+ Scan result:

C:\Documents and Settings\Administrator\桌面\010702.rar/is6ge.dll -> Adware.Crew : No action taken.
C:\Documents and Settings\Administrator\桌面\010702.rar/cartao.exe -> Downloader.Dadobra.bo : No action taken.
C:\Documents and Settings\Administrator\桌面\010702.rar/899151422.exe -> Trojan.Dialer.cj : No action taken.
C:\Documents and Settings\Administrator\桌面\010702.rar/start2.exe -> Trojan.Dialer.cj : No action taken.
C:\Documents and Settings\Administrator\桌面\010702.rar/toolbar_uninstall.exe -> Trojan.Obfuscated.bx : No action taken.

::Report end

显示全部楼层 · 发表于 2008-1-8 10:51:26

2008-1-8 10:54:47 010702.rar C:\Documents and Settings\zh\桌面 3
start2.exe Dialer.Virgilio
is6ge.dll Adware.Crew
gdnVE1733.exe Trojan.DownLoader.based
cartao.exe Trojan.DownLoader.14413
899151422.exe Dialer.Virgilio
toolbar_uninstall.exe Trojan.Packed.149

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.Dialer.dev
病毒： Trojan.DL.Mnless.et
病毒： Trojan.DL.Obfuscated.gs
病毒： Trojan.DL.Dadobra.aip
病毒： Trojan.FatObfus.q

用户来源：互联网

软件版本：20.26.02

显示全部楼层 · 发表于 2008-1-8 12:41:01

rs 8ge

显示全部楼层 · 发表于 2008-1-8 16:12:44

The file 'my_70092.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dldr.QQHelper.ake. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.01.201.

显示全部楼层 · 发表于 2008-1-8 19:56:24

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Dialer.dev
病毒： Trojan.DL.Mnless.et
病毒： Trojan.DL.Obfuscated.gs
病毒： Trojan.DL.Dadobra.aip
病毒： Trojan.FatObfus.q

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.26.12

[病毒样本] 2/4

本帖子中包含更多资源

回复 2楼无尽藏海的帖子

18/8

[病毒样本] 2/4

本帖子中包含更多资源

回复 2楼 无尽藏海 的帖子

18/8

回复 2楼无尽藏海的帖子