某下载者下载列表中挖出来的

显示全部楼层 · 发表于 2008-1-19 15:43:59

-----------------------------------------------------------------------------------------------------------------------------IK
I:\virus\0119002.rar:\9.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\10.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\12.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\13.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\14.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\0119002.rar:\15.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\0119002.rar:\nvwkanx1.cab\nvwkanx1.dll - Signature 'Trojan-Downloader.Win32.Adload.oy' found
I:\virus\0119002.rar:\0276.exe - Signature 'Trojan-Downloader.Win32.Delf.dqk' found
I:\virus\0119002.rar:\1.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\0119002.rar:\2.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\0119002.rar:\3.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\4.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\5.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\0119002.rar:\6.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\0119002.rar:\7.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\0119002.rar:\8.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found

20 Files scanned
(1 Archiv with 19 files)
16 Signatures found
0 Suspect code-parts found
Used time: 0:00.282

[ 本帖最后由冷_冷于 2008-1-21 23:09 编辑 ]

显示全部楼层 · 发表于 2008-1-19 15:54:26

E:\xiazai\0119002.rar>>9.exe TrojanPSW.OnLineGames.odb.zkbp 木马已删除/隔离
E:\xiazai\0119002.rar>>10.exe TrojanPSW.OnLineGames.opg.dxxy 木马已删除/隔离
E:\xiazai\0119002.rar>>12.exe Trojan.AvKiller.v.sqmw 木马已删除/隔离
E:\xiazai\0119002.rar>>13.exe TrojanPSW.GamesOnline.ik.vpgz 木马已删除/隔离
E:\xiazai\0119002.rar>>14.exe W32.Viking.k 病毒已删除/隔离
E:\xiazai\0119002.rar>>15.exe W32.Viking.k 病毒已删除/隔离
E:\xiazai\0119002.rar>>nvwkanx1.cab>>nvwkanx1.dll TrojanDownloader.Adload.oy.thsq.dll 木马已删除/隔离
E:\xiazai\0119002.rar>>0276.exe TrojanDownloader.Delf.dqk.yfxn 木马已删除/隔离
E:\xiazai\0119002.rar>>1.exe W32.Warezov.p 病毒已删除/隔离
E:\xiazai\0119002.rar>>2.exe TrojanPSW.XYOnline.aai.fdpu 木马已删除/隔离
E:\xiazai\0119002.rar>>3.exe TrojanPSW.ZhengTu.ymm.qcri 木马已删除/隔离
E:\xiazai\0119002.rar>>4.exe TrojanPSW.OnLineGames.opg.dejy 木马已删除/隔离
E:\xiazai\0119002.rar>>5.exe TrojanPSW.OnLineGames.onw.cdzb 木马已删除/隔离
E:\xiazai\0119002.rar>>6.exe W32.Viking.k 病毒已删除/隔离
E:\xiazai\0119002.rar>>7.exe TrojanPSW.Delf.amr.odnl 木马已删除/隔离
E:\xiazai\0119002.rar>>8.exe TrojanPSW.OnLineGames.odx.jrkz 木马已删除/隔离

显示全部楼层 · 发表于 2008-1-19 16:00:18

一招鲜

d:\download\virusscan\0119002\9.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\10.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\12.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\13.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\14.exe: PUA.Packed.UPack-1 FOUND
d:\download\virusscan\0119002\15.exe: PUA.Packed.UPack-1 FOUND
d:\download\virusscan\0119002\1.exe: Trojan.Downloader-662 FOUND
d:\download\virusscan\0119002\3.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\4.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\5.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119002\6.exe: PUA.Packed.UPack-1 FOUND
d:\download\virusscan\0119002\7.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119002\8.exe: PUA.Packed.UPack FOUND

13

显示全部楼层 · 发表于 2008-1-19 16:02:48

趋势 16

Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\9.exe
Found [ TSPY_ONLINEG.WN]( 1) in D:\Download\VirusScan\0119002\10.exe
Found [ TSPY_ONLINEG.WN]( 1) in D:\Download\VirusScan\0119002\12.exe
Found [ TSPY_ONLINEG.WN]( 1) in D:\Download\VirusScan\0119002\13.exe
Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\14.exe
Found [ Possible_MLWR-1]( 1) in D:\Download\VirusScan\0119002\15.exe
Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\top.exe
Undet [             ](    ) in D:\Download\VirusScan\0119002\nvwkanx1.cab,(nvwkanx1.inf)
Error [             ](    ) in D:\Download\VirusScan\0119002\nvwkanx1.cab,(nvwkanx1.dll),,(Error -94)
Undet [             ](    ) in D:\Download\VirusScan\0119002\nvwkanx1.cab
Found [TROJ_GENERIC.APC]( 1) in D:\Download\VirusScan\0119002\0276.exe
Found [  PACKER-GEN.006]( 1) in D:\Download\VirusScan\0119002\1.exe
Found [  Possible_Virus]( 1) in D:\Download\VirusScan\0119002\2.exe
Found [ TSPY_ONLINEG.WN]( 1) in D:\Download\VirusScan\0119002\3.exe
Found [ TSPY_ONLINEG.WN]( 1) in D:\Download\VirusScan\0119002\4.exe
Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\5.exe
Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\6.exe
Found [  PACKER-GEN.001]( 1) in D:\Download\VirusScan\0119002\7.exe
Found [ TSPY_DIKENS.A]( 1) in D:\Download\VirusScan\0119002\8.exe

显示全部楼层 · 发表于 2008-1-19 16:04:10

16个～

C:\Users\Administrator\Downloads\0119002.rar
  [0] Archive type: RAR
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.165
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> top.exe
   [DETECTION] Contains suspicious code HEUR/Malware
--> nvwkanx1.cab
   [1] Archive type: CAB (Microsoft)
   --> nvwkanx1.dll
      [DETECTION] Is the Trojan horse TR/Dldr.AlexaBar.J
  --> 0276.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.dqk
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ony
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 7.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B

显示全部楼层 · 发表于 2008-1-19 16:04:25

漏掉一个。。
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\0119002.rar'
C:\Documents and Settings\Administrator\My Documents\
  0119002.rar
[0] Archive type: RAR
   --> 9.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 10.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 12.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 13.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 14.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.165
            [WARNING] Infected files in archives cannot be repaired!
   --> 15.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> top.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
   --> nvwkanx1.cab
      [1] Archive type: CAB (Microsoft)
      --> nvwkanx1.inf
      --> nvwkanx1.dll
         [DETECTION] Is the Trojan horse TR/Dldr.AlexaBar.J
         [WARNING] Infected files in archives cannot be repaired!
--> 0276.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.dqk
      [WARNING] Infected files in archives cannot be repaired!
   --> 1.exe
      [1] Archive type: OVL
      --> Object
      --> Object
         [DETECTION] Contains suspicious code HEUR/Malware
         [WARNING] Infected files in archives cannot be repaired!
--> 2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ony
      [WARNING] Infected files in archives cannot be repaired!
   --> 3.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 4.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 5.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 6.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> 7.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> 8.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/WuDisable.B
            [WARNING] Infected files in archives cannot be repaired!
   [WARNING] The file was ignored!

End of the scan: 2008年1月19日  00:04
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   20 Files were scanned
   12 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   8 Files not concerned
   16 Archives were scanned
   10 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-19 16:08:35

v8和v7还漏的不一样
v8杀不到top.exe，实际运行后会杀一个dll，报heur/malware ，而v7杀了
v7不杀1.exe，v8拖壳后给杀了。。

显示全部楼层 · 发表于 2008-1-19 16:13:33

Starting the file scan:

Begin scan in 'E:\0119002.rar'
E:\0119002.rar
  [0] Archive type: RAR
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.165
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> top.exe
   [DETECTION] Contains suspicious code HEUR/Malware
--> nvwkanx1.cab
   [1] Archive type: CAB (Microsoft)
   --> nvwkanx1.dll
      [DETECTION] Is the Trojan horse TR/Dldr.AlexaBar.J
  --> 0276.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.dqk
  --> 1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ony
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 7.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
   [INFO]    The file was deleted!

End of the scan: 2008年1月19日  16:13
Used time: 00:52 min

The scan has been done completely.

   0 Scanning directories
   20 Files were scanned
   14 viruses and/or unwanted programs were found
   3 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-19 16:16:04

[病毒样本] 某下载者下载列表中挖出来的

本帖子中包含更多资源

本帖子中包含更多资源

Avira AntiVir

回复 6楼 zwl2828 的帖子

本帖子中包含更多资源