此帖已改

显示全部楼层 · 发表于 2008-1-15 13:21:05

此帖已改

都上报完，没必要留此帖了

大家的敌人是病毒，不是别的杀软，形成合力，才能克敌

[ 本帖最后由 spaceplane 于 2008-1-15 19:21 编辑 ]

显示全部楼层 · 发表于 2008-1-15 13:26:00

费尔25个

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX11\BANDY.EXE TrojanPSW.Delf.ame.ydlc 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 Bandy.rar>>Bandy.exe TrojanPSW.Delf.ame.ydlc 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX12\12\38.EXE Trojan.Cap81110.dwdl 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 cant 12.rar>>12\38.exe Trojan.Cap81110.dwdl 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX13\F\F\A1.EXE Trojan.KillAV.gez.dmid 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 F.rar>>F\F\a1.exe Trojan.KillAV.gez.dmid 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX14\HFILE.SYS Rootkit.Agent.st.dwfy 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 hfile.rar>>hfile.sys Rootkit.Agent.st.dwfy 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 kugooexe.rar>>kugooexe.exe_ TrojanDownloader.Delf.dup.hhdi 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX16\PACK\PACK\6.EXE W32.Warezov.p 病毒还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 pack.rar>>pack\pack\6.exe W32.Warezov.p 病毒还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX17\PAL4EXTEND绕激活补丁\PAL4EXTEND.DLL Backdoor.Hupigon.apju.tgjl.dll 后门还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 PAL4Extend.rar>>PAL4Extend绕激活补丁\pal4extend.dll Backdoor.Hupigon.apju.tgjl.dll 后门还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>1 trojan.rar>>360Safe.exe Trojan.Agent.cli.genx 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX19\011105\NEW.EXE Trojan.Agent.aev.sicb.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>2 nod can't 070111.rar>>011105\new.exe Trojan.Agent.aev.sicb.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>2 nod can't 070111.rar>>011105\one-last.exe Trojan.Agent.dqx.crwy 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX1A\TPACK\MESSENGER-8.0.EXE TrojanSpy.Banbra.jet.liit 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>2 tpack.rar>>tpack\messenger-8.0.exe TrojanSpy.Banbra.jet.liit 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>2 tpack.rar>>tpack\setup.exe Trojan.BHO.aop.mwnn.arc 木马还未处理
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX1B\TEST.EXE Trojan.Cap81110.dwdl 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>5 新建文件夹.rar>>014.exe Trojan.Cap81110.dwdl 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>5 新建文件夹.rar>>bd.exe Trojan.Cap81110.dwdl 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>5 新建文件夹.rar>>newrl.exe Trojan.Cap81110.dwdl 木马还未处理
C:\Documents and Settings\Administrator\桌面\17个.rar>>5 新建文件夹.rar>>test.exe Trojan.Cap81110.dwdl 木马还未处理

另外微点全部KILL！！！

显示全部楼层 · 发表于 2008-1-15 14:04:42

0 Scanning directories
   30 Files were scanned
   14 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   16 Files not concerned
   12 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-15 14:21:21

木马名称:Rootkit.Win32.Agent.oo
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\17个\1 HFILE\HFILE.SYS
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan.Win32.Agent.ind
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\17个\1 TROJAN\360SAFE.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\17个\2 NOD CAN'T 070111\011105\ONE-LAST.EXE
木马程序生成以下文件:
1) C:\WINDOWS\TWAIN_32.EXE
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-1-15 14:27:38

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\setup.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  setup.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.aop
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\6.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  6.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nmg
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\014.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  014.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.noi
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\38.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  38.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.noi
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\360Safe.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  360Safe.exe
   [DETECTION] Is the Trojan horse TR/Agent.Cli.3
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\a1.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  a1.exe
   [DETECTION] Is the Trojan horse TR/Agent.DFE
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\a.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  a.exe
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\Bandy.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  Bandy.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains suspicious code HEUR/Crypted
         [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\bd.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  bd.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.noi
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\hfile.sys'
C:\Documents and Settings\Administrator\My Documents\17个\
  hfile.sys
   [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ST
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\kugooexe.exe_'
C:\Documents and Settings\Administrator\My Documents\17个\
  kugooexe.exe_
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.dup
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\new.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  new.exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.cds
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\newrl.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  newrl.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.noi
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\one-last.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  one-last.exe
   [DETECTION] Is the Trojan horse TR/Agent.dqx
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\pal4extend.dll'
C:\Documents and Settings\Administrator\My Documents\17个\
  pal4extend.dll
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\test.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  test.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.noi
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\17个\messenger-8.0.exe'
C:\Documents and Settings\Administrator\My Documents\17个\
  messenger-8.0.exe

End of the scan: 2008年1月14日  22:27
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   17 Files were scanned
   13 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   14 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-15 14:28:48

antivir没杀的3个文件
File ID    Filename    Size (Byte) Result
3646502    17.rar 455.04 KB OK

A listing of files contained inside archives alongside their results can be found below:File ID    Filename    Size (Byte) Result
3645568    a.exe    316 Byte    CLEAN
3646021    pal4extend.dll    436.5 KB    CLEAN
3617087    messenger-8.0.exe    29.3 KB    DAMAGED FILE (UNKNOWN)

显示全部楼层 · 发表于 2008-1-15 14:44:22

Home / Scan for Virus
Kaspersky Virus Scanner

Scanned file: 1.rar - Infected
1.rar/1 hfile.rar/hfile.sys - infected by Rootkit.Win32.Agent.st
1.rar/1 kugooexe.rar/kugooexe.exe_ - infected by Trojan-Downloader.Win32.Delf.dup
1.rar/1 pack.rar/pack/pack/6.exe - infected by Trojan-PSW.Win32.OnLineGames.nmg
1.rar/1 Bandy.rar/Bandy.exe - infected by Trojan-PSW.Win32.Delf.ame
1.rar/1 cant 12.rar/12/38.exe - infected by Trojan-PSW.Win32.OnLineGames.noi
1.rar/1 F.rar/F/F/a1.exe - infected by Trojan.Win32.Pakes.bvv

Scanned file: 2.rar - Infected
2.rar/2 nod can't 070111.rar/011105/one-last.exe - infected by Trojan.Win32.Agent.dqx
2.rar/2 nod can't 070111.rar/011105/new.exe/script - OK
2.rar/2 nod can't 070111.rar/011105/new.exe/file1 - infected by Trojan.Win32.Agent.cds
2.rar/2 tpack.rar/tpack/setup.exe/data0001 - OK
2.rar/2 tpack.rar/tpack/setup.exe/data0002 - infected by Trojan.Win32.BHO.aop
2.rar/2 tpack.rar/tpack/setup.exe/data0003 - OK
2.rar/2 tpack.rar/tpack/setup.exe/data0004 - OK
2.rar/2 tpack.rar/tpack/setup.exe/data0005 - OK
2.rar/2 tpack.rar/tpack/messenger-8.0.exe - OK
2.rar/2 tpack.rar/tpack/messenger-8.0.exe - OK
2.rar/5 ·s«Ø¤å¥ó?.rar/014.exe - infected by Trojan-PSW.Win32.OnLineGames.noi
2.rar/5 ·s«Ø¤å¥ó?.rar/bd.exe - infected by Trojan-PSW.Win32.OnLineGames.noi
2.rar/5 ·s«Ø¤å¥ó?.rar/newrl.exe - infected by Trojan-PSW.Win32.OnLineGames.noi
2.rar/5 ·s«Ø¤å¥ó?.rar/a.exe - OK
2.rar/5 ·s«Ø¤å¥ó?.rar/test.exe - infected by Trojan-PSW.Win32.OnLineGames.noi
2.rar/1 PAL4Extend.rar/PAL4ExtendÈÆ¼¤»î²¹¶¡/pal4extend.dll - OK
2.rar/1 PAL4Extend.rar - OK
2.rar/1 trojan.rar/360Safe.exe - infected by Trojan.Win32.Agent.cli

不报的上报

显示全部楼层 · 发表于 2008-1-15 15:20:34

不报的不是病毒

显示全部楼层 · 发表于 2008-1-15 16:22:54

辛苦

显示全部楼层 · 发表于 2008-1-15 16:37:30

明白了

果然小红是对的

[病毒样本] 此帖已改

本帖子中包含更多资源

回复 7楼 kato9096 的帖子

回复 8楼 kato9096 的帖子

浏览过的版块