来自lixinyuan的病毒样本

显示全部楼层 · 发表于 2008-1-8 12:32:21

占这么多楼，楼主浪费国家网络资源……

显示全部楼层 · 发表于 2008-1-8 12:34:15

rs 79ge

显示全部楼层 · 发表于 2008-1-8 12:35:16

84ge

以下卡巴未杀的

Hello,

11.22_12.exek, CameraFixer.exek, comadmin.dll, comempty.dat,
comexp.msc, comrepl.exek, comrereg.exek, Domino.exek, Microsoft.comk,
mtsadmin.tlb, sha.pifk, task.exek, TASKMAN.exek, usnpstd3.exek

No malicious code were found in these files.

11.22_8.exek

This file is corrupted.

[ 本帖最后由 wangjay1980 于 2008-1-8 14:34 编辑 ]

显示全部楼层 · 发表于 2008-1-8 12:56:55

ESET 74
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\123.exe - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\4.exe - probably a variant of Win32/PSW.QQShou.EP trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\fb07.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\file.exe - Win32/TrojanDownloader.Nurech.NAT trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\hot.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\kl.jpg - a variant of Win32/TrojanDownloader.Ani.Gen trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\o.htm - VBS/TrojanDownloader.Psyme.FM trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\popup[1].htm - JS/TrojanDownloader.IstBar.G trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\rull.exe - Win32/Viking.CW virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\10个\ve.com » RAR » vQHxLWF.com - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_1.exe - a variant of Win32/TrojanDownloader.Delf.NHL trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_10.exe - probably a variant of Win32/TrojanDownloader.Small trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_13.exe - a variant of Win32/TrojanDownloader.Small.NEC trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_2.exe - probably a variant of Win32/TrojanDownloader.Small trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_3.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_5.exe - Win32/Small.NBS worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_6.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_7.exe - Win32/TrojanDownloader.SMW.A trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\13\13\11.22_9.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\12.exe - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\15.exe - probably a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\16.exe - probably a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\17.exe - probably a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\18.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\2.exe - Win32/PSW.WOW.WZ trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\20.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\21.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\6.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\7.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\8.exe - probably a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\22\9.exe - probably a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\4\4\ad.rar » RAR » ad.exe - a variant of Win32/AutoRun.K worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\608769M.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\608769MM.DLL - Win32/PSW.Legendmir.NFF trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\a15.exe - Win32/PSW.OnLineGames.NJD trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\a4.exe - Win32/TrojanDownloader.SMW.A trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\a8.exe - Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\gdqqhxi32.dll - Win32/PSW.OnLineGames.NJD trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\7个病毒样本\7\qwdjrxchns.dll - Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\asm\asm.exe - probably unknown WIN32 virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\auto\auto.exe - Win32/TrojanDownloader.Flux.B trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\AutoRun\AutoRun.exe - Win32/PSW.QQPass.NCO trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\ay\ay.exe - a variant of Win32/DoS.Sypak trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\c\c.exe - a variant of Win32/AutoRun.K worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\Com\Com\LSASS.EXE - a variant of Win32/Xorer virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\Com\Com\pagefile.pif - a variant of Win32/Xorer virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\Com\Com\SMSS.EXE - a variant of Win32/Xorer virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\DUsystem32\userinit.exe - Win32/Jalous.N worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\EXPLORER\EXPLORER.EX - Win32/Luder.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\look\0531\Lock.ex - a variant of Win32/TrojanDownloader.Delf.NSA trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\oobtwtr\oobtwtr.exe_ - a variant of Win32/Delf.NDF worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\QQPASS\AutoRun.exe - Win32/PSW.QQPass.ANV trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\setup\setup.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\sever\sever.EXE - probably a variant of Win32/Hupigon trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\system32\userinit.exe - Win32/Jalous.N worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\userinit【可以突破影子系统】\userinit.exe - Win32/TrojanDownloader.Agent.NRU trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\天使下载者\1.exe - probably a variant of Win32/AutoRun.ED worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\小毒\KAV.exe - probably a variant of Win32/Delf trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\新马\mumu1.exe - probably a variant of Win32/Delf trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\样本\样本\样本.exe - probably a variant of Win32/Hupigon trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\熊猫烧香\QQ.ex_ - Win32/Fujacks.damaged virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒\BJKCDPF.EXE - probably a variant of Win32/Delf.NDF worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒\FPBWEJW.EXE - probably a variant of Win32/Delf.NDF worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒\WQOETFL.EXE - probably a variant of Win32/Delf.NDF worm
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\634.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\891.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\9.exe - Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\新建文件夹\rising342.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\新建文件夹\rising538.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\新建文件夹\rising737.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\病毒包5\病毒包\新建文件夹\rising891.exe - probably a variant of Win32/Pacex.Gen virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\禽兽不如的病毒\新建文件夹 (2)\niu.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\1\bbs\请谨慎使用\Svchost.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1\bbs\超级加壳\样本\样本.exe - probably a variant of Win32/Hupigon trojan

显示全部楼层 · 发表于 2008-1-8 13:10:24

没有办法，附件大了传不上去，说是要在512k以下，只有这样了，大家将就一下吧

显示全部楼层 · 发表于 2008-1-8 13:54:58

88个

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\bbs'
C:\Documents and Settings\Administrator\My Documents\bbs\10个\
  123.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.26719.1
   [INFO]    The file was deleted!
  4.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.76412
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  fb07.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.emq.1
   [INFO]    The file was deleted!
  file.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Tiny.DC
   [INFO]    The file was deleted!
  hot.exe
   [DETECTION] Is the Trojan horse TR/Dldr.ZSKiller.2
   [INFO]    The file was deleted!
  kl.jpg
   [DETECTION] Contains detection pattern of the exploits EXP/Ani.Gen
   [INFO]    The file was deleted!
  o.htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Psyme.FM
   [INFO]    The file was deleted!
  popup[1].htm
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.IstBar.G
   [INFO]    The file was deleted!
  rull.exe
   [DETECTION] Contains detection pattern of the Windows virus W32/Viking.B
   [INFO]    The file was deleted!
  ve.com
[0] Archive type: RAR
--> vQHxLWF.com
      [DETECTION] Is the Trojan horse TR/PSW.Steal.26719.1
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\13\13\
  11.22_1.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  11.22_10.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.PD.5 Backdoor server programs
   [INFO]    The file was deleted!
  11.22_11.exe
   [DETECTION] Is the Trojan horse TR/Agent.6656.142
   [INFO]    The file was deleted!
  11.22_12.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
  11.22_13.exe
   [DETECTION] Is the Trojan horse TR/Agent.4096.151
   [INFO]    The file was deleted!
  11.22_2.exe
   [DETECTION] Is the Trojan horse TR/Conime.8192
   [INFO]    The file was deleted!
  11.22_3.exe
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
   [INFO]    The file was deleted!
  11.22_4.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
  11.22_5.exe
   [DETECTION] Is the Trojan horse TR/Agent.cue
   [INFO]    The file was deleted!
  11.22_6.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.hwt
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  11.22_7.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  11.22_8.exe
  11.22_9.exe
   [DETECTION] Is the Trojan horse TR/Agent.2560.156
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\22\
  12.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Winterlove.BJ.1 Backdoor server programs
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  15.exe
   [DETECTION] Is the Trojan horse TR/Agent.12366
   [INFO]    The file was deleted!
  16.exe
   [DETECTION] Is the Trojan horse TR/Agent.12444
   [INFO]    The file was deleted!
  17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.bke
   [INFO]    The file was deleted!
  18.exe
   [DETECTION] Is the Trojan horse TR/Agent.12580
   [INFO]    The file was deleted!
  2.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Wow.UV
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  20.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.PK
   [INFO]    The file was deleted!
  21.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.PL
   [INFO]    The file was deleted!
  6.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.Ace.1
   [INFO]    The file was deleted!
  7.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  8.exe
   [DETECTION] Is the Trojan horse TR/Agent.11112
   [INFO]    The file was deleted!
  9.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.acb
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\4\4\
  ad.rar
[0] Archive type: RAR
--> ad.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  D.EXE
   [DETECTION] Contains detection pattern of the dropper DR/PSW.Dialupass.B
   [INFO]    The file was deleted!
  GHO.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  iebho.dll.dl
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.aqu
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\7个病毒样本\7\
  608769M.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  a15.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [INFO]    The file was deleted!
  a4.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  a8.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.inn
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  gdqqhxi32.dll
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivl.25
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
  qwdjrxchns.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.inn
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\asm\
  asm.exe
   [DETECTION] Is the Trojan horse TR/Agent.Hidding.I
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\auto\
  auto.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\AutoRun\
  AutoRun.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.11
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\ay\
  ay.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bdn.1 Backdoor server programs
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\c\
  c.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\Com\Com\
  comadmin.dll
  comempty.dat
  comexp.msc
  comrepl.exe
  comrereg.exe
  LSASS.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.C0mo.A
   [INFO]    The file was deleted!
  mtsadmin.tlb
  netcfg.000
   [DETECTION] Is the Trojan horse TR/Agent.AGEP
   [INFO]    The file was deleted!
  netcfg.dll
   [DETECTION] Is the Trojan horse TR/Agent.AGEP
   [INFO]    The file was deleted!
  pagefile.pif
   [DETECTION] Is the Trojan horse TR/Dldr.C0mo.A
   [INFO]    The file was deleted!
  SMSS.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.C0mo.A
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\Domino\
  Domino.EXE
C:\Documents and Settings\Administrator\My Documents\bbs\DUsystem32\
  userinit.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.AU.11
   [INFO]    The file was deleted!
  usrinit.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.AU.1
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\EXPLORER\
  EXPLORER.EX
   [DETECTION] Is the Trojan horse TR/Luder.Patched.84
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\look\0531\
  Lock.ex
   [DETECTION] Is the Trojan horse TR/PSW.LdPinch.jm1
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\oobtwtr\
  autorun.inf
  oobtwtr.exe_
   [DETECTION] Is the Trojan horse TR/Agent.25287
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\QQPASS\
  AutoRun.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.QQpass.anv
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\setup\
  setup.exe
   [DETECTION] Is the Trojan horse TR/Delf.18944
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\sever\
  sever.EXE
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.vcq Backdoor server programs
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\system32\
  userinit.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.AU.11
   [INFO]    The file was deleted!
  usrinit.exe
   [DETECTION] Contains detection pattern of the worm WORM/Downloader.AU.1
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\userinit【可以突破影子系统】\
  userinit.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.8
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\UserReg[1]\
  UserReg[1].htm
   [DETECTION] Contains suspicious code HEUR/HTML.Malware
   [INFO]    The fund was classified as suspicious.
   [INFO]    The file was moved to '47e8107c.qua'!
C:\Documents and Settings\Administrator\My Documents\bbs\_suspicious_action\
  Games.exe
   [DETECTION] Contains detection pattern of the worm WORM/Fujack.Z.11
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\天使下载者\
  1.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\小毒\
  KAV.exe
   [DETECTION] Is the Trojan horse TR/Delf.anl
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\新马\
  mumu1.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\样本\样本\
  样本.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\毒\毒\
  sha.pif
   [DETECTION] Is the Trojan horse TR/Small.WS
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\熊猫烧香\
  QQ.ex_
   [DETECTION] Is the Trojan horse TR/Agent.1476943
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\病毒\
  autorun.inf
  BJKCDPF.EXE
   [DETECTION] Is the Trojan horse TR/PSW.39636
   [INFO]    The file was deleted!
  FPBWEJW.EXE
   [DETECTION] Is the Trojan horse TR/PSW.39636
   [INFO]    The file was deleted!
  WQOETFL.EXE
   [DETECTION] Is the Trojan horse TR/PSW.39636
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\病毒包5\病毒包\
  634.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  891.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  9.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
   [INFO]    The file was deleted!
  CameraFixer.exe
  Microsoft.com
  task.exe
   [DETECTION] Is the Trojan horse TR/Tiny.10240.A
   [INFO]    The file was deleted!
  TASKMAN.EXE
  usnpstd3.exe
C:\Documents and Settings\Administrator\My Documents\bbs\病毒包5\病毒包\新建文件夹\
  rising342.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  rising538.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  rising737.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
  rising891.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\禽兽不如的病毒\新建文件夹 (2)\
  niu.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\My Documents\bbs\请谨慎使用\
  Svchost.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [INFO]    The file was deleted!
  请谨慎使用，如果你不怕就开着杀软玩吧.txt
C:\Documents and Settings\Administrator\My Documents\bbs\超级加壳\样本\
  样本.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [INFO]    The file was deleted!

End of the scan: 2008年1月7日  21:54
Used time: 00:05 min

The scan has been done completely.

   46 Scanning directories
105 Files were scanned
   87 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   87 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   18 Files not concerned
   12 Archives were scanned
   16 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-8 13:58:52

antivir没报的文件
File ID    Filename    Size (Byte) Result
994782    usnpstd3.exe    20 KB    CLEAN
2246365    11.22_8.exe    14 KB    DAMAGED FILE (UNKNOWN)
901475    comadmin.dll    190.5 KB    KNOWN CLEAN
89000    comempty.dat    60 KB    KNOWN CLEAN
1043933    comexp.msc    75.53 KB    KNOWN CLEAN
513921    comrepl.exe    9.5 KB    KNOWN CLEAN
1043935    comrereg.exe    5 KB    KNOWN CLEAN
73827    mtsadmin.tlb    19 KB    KNOWN CLEAN
535892    Domino.EXE    48 KB    CLEAN
994780    CameraFixer.exe    20 KB    CLEAN
601705    Microsoft.com    35 Byte    CLEAN
206786    TASKMAN.EXE    15 KB    KNOWN CLEAN

显示全部楼层 · 发表于 2008-1-8 14:10:35

2008-1-8 14:12:52 QQ.ex_ C:\Documents and Settings\zh\桌面\新建文件夹\熊猫烧香 Win32.HLLP.Whboy 8
2008-1-8 14:12:52 ad.rar C:\Documents and Settings\zh\桌面\新建文件夹\4\4 10
ad.exe Win32.HLLW.Autoruner.1011
2008-1-8 14:12:52 D.EXE C:\Documents and Settings\zh\桌面\新建文件夹\4\4 10
data001 Tool.DialupPass
2008-1-8 14:12:52 GHO.exe C:\Documents and Settings\zh\桌面\新建文件夹\4\4 BackDoor.Pigeon.1604 10
2008-1-8 14:12:52 iebho.dll.dl C:\Documents and Settings\zh\桌面\新建文件夹\4\4 Adware.Hotbar 10
2008-1-8 14:12:52 608769M.exe C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Legmir.1988 10
2008-1-8 14:12:52 608769MM.DLL C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Legmir.1988 10
2008-1-8 14:12:52 a15.exe C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Wsgame.2273 10
2008-1-8 14:12:52 a4.exe C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.DownLoader.30488 10
2008-1-8 14:12:52 a8.exe C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Wow.652 10
2008-1-8 14:12:52 gdqqhxi32.dll C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Wsgame.2273 10
2008-1-8 14:12:52 qwdjrxchns.dll C:\Documents and Settings\zh\桌面\新建文件夹\7个病毒样本\7 Trojan.PWS.Wow.652 10
2008-1-8 14:12:52 123.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 Trojan.PWS.Qqpass.1080 10
2008-1-8 14:12:52 4.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 Trojan.PWS.Qqpass.539 10
2008-1-8 14:12:52 fb07.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 Trojan.DownLoader.21305 10
2008-1-8 14:12:52 file.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 Trojan.DownLoader.21441 10
2008-1-8 14:12:52 hot.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 10
data001 3
data001 3
cdnaux.dll Adware.Cdn
data002 Adware.Cdn
data004 Adware.Cdn
data005 Adware.Cdn
data006 Adware.Cdn
data002 Adware.Dongtian
data003 Adware.Dongtian
2008-1-8 14:12:52 kl.jpg C:\Documents and Settings\zh\桌面\新建文件夹\10个 Exploit.ANIFile 10
2008-1-8 14:12:52 o.htm C:\Documents and Settings\zh\桌面\新建文件夹\10个 VBS.Psyme.239 10
2008-1-8 14:12:52 rull.exe C:\Documents and Settings\zh\桌面\新建文件夹\10个 Win32.HLLW.Gavir.54 10
2008-1-8 14:12:52 ve.com C:\Documents and Settings\zh\桌面\新建文件夹\10个 10
vQHxLWF.com Trojan.PWS.Qqpass.1080
2008-1-8 14:12:52 11.22_1.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.35888 10
2008-1-8 14:12:52 11.22_10.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.35885 10
2008-1-8 14:12:52 11.22_11.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.37388 10
2008-1-8 14:12:52 11.22_12.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.Based 10
2008-1-8 14:12:52 11.22_13.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.3905 10
2008-1-8 14:12:52 11.22_2.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.Minoc 10
2008-1-8 14:12:52 11.22_3.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.Packed.213 10
2008-1-8 14:12:52 11.22_4.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.21840 10
2008-1-8 14:12:52 11.22_5.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Win32.HLLW.Autoruner.868 10
2008-1-8 14:12:52 11.22_6.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.PWS.Gamania.5954 10
2008-1-8 14:12:52 11.22_7.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.30488 10
2008-1-8 14:12:52 11.22_9.exe C:\Documents and Settings\zh\桌面\新建文件夹\13\13 Trojan.DownLoader.37450 10
2008-1-8 14:12:52 12.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Qqpass.1350 10
2008-1-8 14:12:52 15.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3933 10
2008-1-8 14:12:52 16.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3927 10
2008-1-8 14:12:52 17.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Wsgame.1305 10
2008-1-8 14:12:52 18.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.MulDrop.8696 10
2008-1-8 14:12:52 2.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Wow 10
2008-1-8 14:12:52 20.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Wsgame.1298 10
2008-1-8 14:12:52 21.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3943 10
2008-1-8 14:12:52 6.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3894 10
2008-1-8 14:12:52 7.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Wsgame.2323 10
2008-1-8 14:12:52 8.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3914 10
2008-1-8 14:12:52 9.exe C:\Documents and Settings\zh\桌面\新建文件夹\22 Trojan.PWS.Gamania.3927 10
2008-1-8 14:12:52 asm.exe C:\Documents and Settings\zh\桌面\新建文件夹\asm Trojan.Hidn 10
2008-1-8 14:12:52 auto.exe C:\Documents and Settings\zh\桌面\新建文件夹\auto Trojan.DownLoader.19512.Based 10
2008-1-8 14:12:52 AutoRun.exe C:\Documents and Settings\zh\桌面\新建文件夹\AutoRun Win32.HLLW.Autoruner.943 10
2008-1-8 14:12:52 ay.exe C:\Documents and Settings\zh\桌面\新建文件夹\ay DDoS.Bonke 10
2008-1-8 14:12:52 c.exe C:\Documents and Settings\zh\桌面\新建文件夹\c Win32.HLLW.Autoruner.1011 10
2008-1-8 14:12:52 userinit.exe C:\Documents and Settings\zh\桌面\新建文件夹\DUsystem32 Win32.HLLW.Rubbish 10
2008-1-8 14:12:52 EXPLORER.EX C:\Documents and Settings\zh\桌面\新建文件夹\EXPLORER BackDoor.Generic.1451 10
2008-1-8 14:12:52 Lock.ex C:\Documents and Settings\zh\桌面\新建文件夹\look\0531 Trojan.MulDrop.6156 10
2008-1-8 14:12:52 oobtwtr.exe_ C:\Documents and Settings\zh\桌面\新建文件夹\oobtwtr Trojan.PWS.Maran 10
2008-1-8 14:12:52 setup.exe C:\Documents and Settings\zh\桌面\新建文件夹\setup 10
data001 DLOADER.Trojan
data002 Trojan.Hooker.256
2008-1-8 14:12:52 sever.EXE C:\Documents and Settings\zh\桌面\新建文件夹\sever BackDoor.Pigeon.6620 10
2008-1-8 14:12:52 userinit.exe C:\Documents and Settings\zh\桌面\新建文件夹\system32 Win32.HLLW.Rubbish 10
2008-1-8 14:12:52 userinit.exe C:\Documents and Settings\zh\桌面\新建文件夹\userinit【可以突破影子系统】 Trojan.DownLoader.33566 10
2008-1-8 14:12:52 BJKCDPF.EXE C:\Documents and Settings\zh\桌面\新建文件夹\病毒 Trojan.DownLoader.4293 10
2008-1-8 14:12:52 FPBWEJW.EXE C:\Documents and Settings\zh\桌面\新建文件夹\病毒 Trojan.DownLoader.4293 10
2008-1-8 14:12:52 WQOETFL.EXE C:\Documents and Settings\zh\桌面\新建文件夹\病毒 Trojan.DownLoader.4293 10
2008-1-8 14:12:52 634.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 891.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 9.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包 Trojan.PWS.Bonque 10
2008-1-8 14:12:52 rising342.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包\新建文件夹 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 rising538.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包\新建文件夹 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 rising737.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包\新建文件夹 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 rising891.exe C:\Documents and Settings\zh\桌面\新建文件夹\病毒包5\病毒包\新建文件夹 Win32.HLLW.Autoruner 10
2008-1-8 14:12:52 niu.exe C:\Documents and Settings\zh\桌面\新建文件夹\禽兽不如的病毒\新建文件夹 (2) DLOADER.Trojan 10
2008-1-8 14:12:52 Svchost.exe C:\Documents and Settings\zh\桌面\新建文件夹\请谨慎使用 BackDoor.Pigeon.1604 10
2008-1-8 14:12:52 1.exe C:\Documents and Settings\zh\桌面\新建文件夹\天使下载者 Win32.HLLW.Autoruner.947 10
2008-1-8 14:12:52 mumu1.exe C:\Documents and Settings\zh\桌面\新建文件夹\新马 Trojan.PWS.Gamania 10
瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Worm.Nimaya.d
病毒： Backdoor.Win32.Gpigeon2007.dj
病毒： Worm.Nimaya.co
病毒： Worm.Win32.Autorun.jcn
病毒： Dropper.Win32.Agent.ylm
病毒： Worm.Win32.Agent.zfn
病毒： Trojan.PSW.Win32.LMir.yzb
病毒： Trojan.PSW.Win32.LMir.yzb
病毒： Trojan.PSW.Win32.QQHX.tsg
病毒： Trojan.DL.Delf.xxb
病毒： Trojan.PSW.Win32.WoWar.afr
病毒： Trojan.PSW.Win32.QQHX.tsg
病毒： Trojan.PSW.Win32.WoWar.afr
病毒： Trojan.PSW.QQPass.tgk
病毒： Trojan.PSW.OnlineGames.anz
病毒： Trojan.DL.Win32.Small.emq
病毒： Trojan.DL.Small.uxs
病毒： Hack.SuspiciousAni
病毒： Trojan.DL.VBS.Small.ez
病毒： Packer.Mian007
病毒： Trojan.DL.Win32.Direct.ko
病毒： Trojan.Win32.Mnless.zmy
病毒： Trojan.DL.Win32.Mnless.ea
病毒： Trojan.DL.Small.vai
病毒： Trojan.Clicker.Win32.Agent.adg
病毒： Trojan.Win32.Mnless.zfq
病毒： Packer.RyCrypt
病毒： Worm.Win32.DiskGen.p
病毒： Trojan.PSW.Win32.XYOnline.sf
病毒： Trojan.DL.Win32.Mnless.eb
病毒： Trojan.PSW.Win32.QQPass.tqq
病毒： Trojan.PSW.Win32.OnlineGames.yba
病毒： Trojan.PSW.Win32.OnlineGames.yem
病毒： Trojan.PSW.Win32.OnLineGames.yed
病毒： Trojan.PSW.Win32.ZeroOnline.am
病毒： Trojan.PSW.Win32.Wowar.vr
病毒： Trojan.PSW.Win32.Agent.pk
病毒： Trojan.PSW.Win32.NPSword.a
病毒： Trojan.PSW.Win32.XYOnline.gw
病毒： Trojan.PSW.Win32.OnlineGames.ycs
病毒： Trojan.PSW.Win32.OnlineGames.yaz
病毒： Trojan.Win32.Mnless.zjk
病毒： Packer.Win32.VmpPacker.a
病毒： Worm.Win32.PaBug.ep
病毒： Backdoor.Win32.Jusi.bi
病毒： Worm.Win32.DiskGen.au
病毒： Worm.Win32.DiskGen.au
病毒： Worm.Win32.DiskGen.au
病毒： Win32.UIWrapper.a
病毒： Trojan.Win32.VB.ywy
病毒： Dropper.Win32.Small.axw
病毒： Worm.Agent.we
病毒： Worm.Win32.PaBug.eu
病毒： Backdoor.Win32.Remote.bp
病毒： Dropper.Win32.Gpigeon.gm
病毒： Trojan.DL.Win32.Mnless.np
病毒： Worm.Win32.AvKiller.bg
病毒： Worm.Win32.Autorun.iqo
病毒： Worm.Win32.Destroy.a
病毒： Trojan.DL.Win32.Autorun.yxx
病毒： Trojan.Win32.Mnless.zwq
病毒： Trojan.PSW.OnlineGames.vt

用户来源：互联网

软件版本：20.26.10

[病毒样本] 来自lixinyuan的病毒样本

本帖子中包含更多资源

本帖子中包含更多资源

回复 13楼 moonsilver 的帖子

浏览过的版块