一包24个~ 看看你的杀几个~

will

24个…    看看你的杀几个~
3个包全部下载后再解压任意一个即可

[ 本帖最后由 yimike 于 2008-1-16 10:31 编辑 ]

llgiggs

2008-1-16,10:12:44 [WARNING] Is the Trojan horse TR/Dldr.Agent.65536.10!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempA.exe
2008-1-16,10:12:44 [WARNING] Is the Trojan horse TR/Dropper.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempB.exe
2008-1-16,10:12:52 [WARNING] Is the Trojan horse TR/Agent.72192.4!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempD.exe
2008-1-16,10:12:53 [WARNING] Is the Trojan horse TR/Crypt.FKM.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempI.exe
2008-1-16,10:12:53 [WARNING] Is the Trojan horse TR/Crypt.FKM.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempJ.exe
2008-1-16,10:12:54 [WARNING] Is the Trojan horse TR/Delphi.Downloader.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempK.exe
2008-1-16,10:12:54 [WARNING] Is the Trojan horse TR/Dropper.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempL.exe
2008-1-16,10:12:55 [WARNING] Is the Trojan horse TR/Dropper.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempQ.exe
2008-1-16,10:12:55 [WARNING] Is the Trojan horse TR/Delphi.Downloader.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempM.exe
2008-1-16,10:12:56 [WARNING]  Suspicious file: Contains suspicious code HEUR/Malware!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempS.exe
2008-1-16,10:12:57 [WARNING] Contains detection pattern of the Windows virus W32/AutoRun.BK!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempT.exe
2008-1-16,10:12:57 [WARNING] Contains detection pattern of the dropper DR/Delphi.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempU.exe
2008-1-16,10:12:58 [WARNING] Is the Trojan horse TR/Rootkit.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\lz3wjdsb.sys
2008-1-16,10:12:58 [WARNING] Is the Trojan horse TR/Rootkit.Gen!
  C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempV.exe
2008-1-16,10:12:59 [WARNING] Is the Trojan horse TR/Drop.RKit.AJ!
  C:\Documents and Settings\Administrator\桌面\a0116_24\tempaq
2008-1-16,10:12:59 [WARNING] Is the Trojan horse TR/Agent.19968.173!
  C:\Documents and Settings\Administrator\桌面\a0116_24\top.exe


報16枚，

開了高啓發模式掃描再掃到4枚：
C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempC.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47f66b51.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\driversTempR.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47f66b52.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\services.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47ff6b45.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\smss.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '48006b4d.qua'!


End of the scan: 2008年1月16日  10:24
Used time: 00:03 min
The scan has been done completely.
      1 Scanning directories
      8 Files were scanned
      0 viruses and/or unwanted programs were found
      4 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

    以上共計20枚，剩餘4枚已上報，掃描信息如下：
VirSCAN.org Scanned Report :
Scanned time   : 2008/01/16 11:02:55 (CST)
Scanner results: 17%的杀软(6/36)报告发现病毒
File Name      : TempA.exe
File Size      : 181286 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : ee39590eb66cef508fce96955c1c3140
SHA1           : 17f5273fde7ec831d120f943eb85dd0d5c5ea33b
Online report  : http://virscan.org/report/8fa3dcfc1cba2c713bb635938ff80b55.html
----------------------------------------------------------------------------------------------------------------------
VirSCAN.org Scanned Report :
Scanned time   : 2008/01/16 11:07:24 (CST)
Scanner results: 8%的杀软(3/36)报告发现病毒
File Name      : TempB.exe
File Size      : 20480 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : b4d6c13431d62e5c06f7a06fd94c9d5c
SHA1           : 2eeb705198831cc9869a195eaa8d0db6cd83b6bf
Online report  : http://virscan.org/report/dc96c0ec104a020e6635612dc3682fc3.html
----------------------------------------------------------------------------------------------------------------------------
VirSCAN.org Scanned Report :
Scanned time   : 2008/01/16 11:11:17 (CST)
Scanner results: 17%的杀软(6/36)报告发现病毒
File Name      : TempC.exe
File Size      : 61440 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : 2ac0c431cf83faaa2d733acec0a87c67
SHA1           : 09c8fe9b1187472c6dadd9313aa4339e8e726622
Online report  : http://virscan.org/report/2770dc705af392d6d96e8068a3369529.html
-------------------------------------------------------------------------------------------------------------------------------
VirSCAN.org Scanned Report :
Scanned time   : 2008/01/16 11:14:32 (CST)
Scanner results: 14%的杀软(5/36)报告发现病毒
File Name      : TempI.exe
File Size      : 227166 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : 84c96085748c05cf2c12aa354b23439e
SHA1           : b4c0806184099a6e5cc21a867f0e25d546942db6
Online report  : http://virscan.org/report/39376b02085401ea4643654d6434b093.html

[ 本帖最后由 llgiggs 于 2008-1-16 11:21 编辑 ]

wangjay1980

a

nosferatu

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\a0116_24'
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempA.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.65536.10
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempB.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempC.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47f66b95.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempD.exe
      [DETECTION] Is the Trojan horse TR/Agent.72192.4
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempI.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempJ.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempK.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempL.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempM.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempQ.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempR.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47f66b96.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempS.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4657fef7.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempT.exe
      [DETECTION] Contains detection pattern of the Windows virus W32/AutoRun.BK
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempU.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\driversTempV.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\lz3wjdsb.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\services.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47ff6b8a.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\smss.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '48006b92.qua'!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\tempaq
      [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\a0116_24\a0116_24\top.exe
      [DETECTION] Is the Trojan horse TR/Agent.19968.173
      [INFO]      The file was deleted!


End of the scan: 星期三 2008年1月16日  10:25
Used time: 00:10 min

The scan has been done completely.

      2 Scanning directories
     24 Files were scanned
     15 viruses and/or unwanted programs were found
      5 Files were classified as suspicious:
     15 files were deleted
      0 files were repaired
      5 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      9 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

28654621

费尔 可怜的11个

D:\download\a0116_24.part1.rar>>a0116_24\driversTempA.exe        Backdoor.Bifrose.cah.fjhi        后门        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempB.exe>>emb-1.dll        Trojan.Adclicker.aali.dll        木马        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempD.exe        TrojanDownloader.BFO.dzzo        木马        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempI.exe        Trojan.IMMSG.TBMSG.ykw.lvze        木马        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempJ.exe        Heuri.Suspicious.ERNM        启发式扫描        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempL.exe        Heuri.Suspicious.ERNM        启发式扫描        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempM.exe        W32.Warezov.p        病毒        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempQ.exe        Heuri.Suspicious.ERNM        启发式扫描        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\driversTempV.exe>>emb-1.dll        Trojan.Gampass.akif.dll        木马        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\tempaq        Trojan.Cap712323.enqt        木马        还未处理
D:\download\a0116_24.part1.rar>>a0116_24\top.exe        TrojanDownloader.Agent.ygs.fcsu        木马        还未处理

hookon_miriam

AVG 13ge

citydj

ESS 15个
2008-1-16 11:08:26        文件系统实时防护        文件        E:\a0116_24\a0116_24\top.exe        可能是 Win32/TrojanDownloader.Satray.AA 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:25        文件系统实时防护        文件        E:\a0116_24\a0116_24\TempI.exe        可能是 Win32/Adware.Boran 应用程序 的变种        已删除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:19        文件系统实时防护        文件        E:\a0116_24\a0116_24\tempaq        Win32/TrojanDownloader.QQHelper.NDW 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:14        文件系统实时防护        文件        E:\a0116_24\a0116_24\lz3wjdsb.sys        Win32/Rootkit.Agent.NBQ 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:13        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempV.exe        可能是 Win32/PSW.OnLineGames.MUG 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:11        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempU.exe        Win32/PSW.QQGame.J 特洛伊木马        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:08        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempT.exe        未查明的 NewHeur_PE 病毒        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:07        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempS.exe        可能是 Win32/Genetik 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:06        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempR.exe        可能是 Win32/Genetik 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:02        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempK.exe        未查明的 NewHeur_PE 病毒        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:02        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempJ.exe        可能是 Win32/Genetik 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:08:00        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempI.exe        可能是 Win32/Genetik 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:07:59        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempD.exe        可能是 Win32/Genetik 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:07:58        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempC.exe        未查明的 NewHeur_PE 病毒        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-16 11:07:57        文件系统实时防护        文件        E:\a0116_24\a0116_24\driversTempA.exe        Win32/DoS.Sypak 特洛伊木马 的变种        通过删除清除 - 已隔离        NT AUTHORITY\SYSTEM        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.

傻猪猪米走鸡

D:\firefox download\a0116_24\a0116_24\driversTempA.exe - a variant of Win32/DoS.Sypak trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempB.exe - is OK
D:\firefox download\a0116_24\a0116_24\driversTempC.exe - probably unknown NewHeur_PE virus - deleted - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempD.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempI.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempJ.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempK.exe - probably unknown NewHeur_PE virus - deleted - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempL.exe - is OK
D:\firefox download\a0116_24\a0116_24\driversTempM.exe - is OK
D:\firefox download\a0116_24\a0116_24\driversTempQ.exe - is OK
D:\firefox download\a0116_24\a0116_24\driversTempR.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempS.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempT.exe - probably unknown NewHeur_PE virus - deleted - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempU.exe - Win32/PSW.QQGame.J trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\driversTempV.exe - probably a variant of Win32/PSW.OnLineGames.MUG trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\lz3wjdsb.sys - a variant of Win32/Rootkit.Agent.NBQ trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\services.exe » UPX v12_m2 - is OK
D:\firefox download\a0116_24\a0116_24\smss.exe » UPX v12_m2 - is OK
D:\firefox download\a0116_24\a0116_24\TempA.exe » NSIS » Entries.bin - is OK
D:\firefox download\a0116_24\a0116_24\TempA.exe » NSIS » Strings.txt - is OK
D:\firefox download\a0116_24\a0116_24\TempA.exe » NSIS » 02.exe - is OK
D:\firefox download\a0116_24\a0116_24\tempaq - a variant of Win32/TrojanDownloader.QQHelper.NDW trojan - cleaned by deleting - quarantined
D:\firefox download\a0116_24\a0116_24\TempB.exe - is OK
D:\firefox download\a0116_24\a0116_24\TempC.exe » PECompact v2.xx - is OK
D:\firefox download\a0116_24\a0116_24\TempI.exe » NSIS » Entries.bin - is OK
D:\firefox download\a0116_24\a0116_24\TempI.exe » NSIS » Strings.txt - is OK
D:\firefox download\a0116_24\a0116_24\TempI.exe » NSIS » InsShell.exe - probably a variant of Win32/Adware.Boran application - was a part of the deleted object
D:\firefox download\a0116_24\a0116_24\TempI.exe - probably a variant of Win32/Adware.Boran application - deleted - quarantined
D:\firefox download\a0116_24\a0116_24\top.exe - probably a variant of Win32/TrojanDownloader.Satray.AA trojan - cleaned by deleting - quarantined

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\a0116_24'
C:\Documents and Settings\Administrator\My Documents\a0116_24\
  driversTempA.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.65536.10
      [INFO]      The file was deleted!
  driversTempB.exe
    [0] Archive type: RSRC
    --> Object
      [INFO]      The file was deleted!
  driversTempC.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47f6781a.qua'!
  driversTempD.exe
      [DETECTION] Is the Trojan horse TR/Agent.72192.4
      [INFO]      The file was deleted!
  driversTempI.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      The file was deleted!
  driversTempJ.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      The file was deleted!
  driversTempK.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
  driversTempL.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
      [INFO]      The file was deleted!
  driversTempM.exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  driversTempQ.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  driversTempR.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  driversTempS.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47f6781b.qua'!
  driversTempT.exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  driversTempU.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  driversTempV.exe
    [0] Archive type: RSRC
    --> Object
      [INFO]      The file was deleted!
  lz3wjdsb.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was deleted!
  services.exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  smss.exe
    [0] Archive type: Runtime Packed
    --> Object
      [INFO]      The file was deleted!
  TempA.exe
  tempaq
      [DETECTION] Is the Trojan horse TR/Drop.RKit.AJ
      [INFO]      The file was deleted!
  TempB.exe
  TempC.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
  TempI.exe
  top.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/Agent.19968.173
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!


End of the scan: 2008年1月15日  19:19
Used time: 00:05 min

The scan has been done completely.

      1 Scanning directories
     24 Files were scanned
     11 viruses and/or unwanted programs were found
      9 Files were classified as suspicious:
     18 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     13 Files not concerned
      8 Archives were scanned
      7 Warnings
      0 Notes

wangjay1980

Hello,

driversTempA.exek - Worm.Win32.Agent.do,
driversTempB.exek - Trojan-Downloader.Win32.Small.hsd,
driversTempC.exek - Trojan-Downloader.Win32.VB.cfc,
driversTempJ.exek - Trojan-Downloader.Win32.Flux.db,
driversTempL.exek - Trojan-Spy.Win32.Pophot.aak,
driversTempM.exek - Trojan-Downloader.Win32.Agent.hku,
driversTempQ.exek - Trojan-Downloader.Win32.Delf.dxb,
driversTempR.exek - Trojan-PSW.Win32.OnLineGames.ojx,
driversTempT.exek - Worm.Win32.AutoRun.bup,
driversTempV.exek - Trojan-PSW.Win32.OnLineGames.ojy,
lz3wjdsb.sys - Trojan-Downloader.Win32.Hmir.su,
services.exek - Trojan-Clicker.Win32.VB.ys,
smss.exek - Trojan-Downloader.Win32.VB.cfd,
tempaq - Trojan-Downloader.Win32.Hmir.sv,
TempB.exek - Trojan-Downloader.Win32.Agent.hkr,
TempC.exek - Trojan-Downloader.Win32.Agent.hkt,
top.exek - Trojan-Downloader.Win32.Agent.hks

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

TempA.exek - Backdoor.Win32.Rbot.gol

This file is already detected. Please update your antivirus bases.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: a0116_24.zip