收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 44
12
返回列表 发新帖
楼主: 电影结束了
 收起左侧

[病毒样本] 44

[复制链接]
风野胤
发表于 2008-1-20 13:30:33 | 显示全部楼层

回复 10楼 mofunzone 的帖子

那就看怎么取舍了
要杀的多
误报鞭尸肯定也多

要误报鞭尸少
肯定要牺牲一部分查杀率

全金
好久以前看的了
不知道全金4什么时候出
回复

举报

mofunzone
发表于 2008-1-20 13:31:33 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\virus'
C:\Documents and Settings\Administrator\My Documents\virus\
  0.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Small.hsh.2
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  1.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  10.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  10[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.boy.22
      [INFO]      The file was deleted!
  11.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  11[1].exe
  12.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  12[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47eddccc.qua'!
  13.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  13[1].exe
  14.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  14[1].exe
  15.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.147
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  15[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47eddccf.qua'!
  16.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  16[1].exe
  17.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  17[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47eddcd2.qua'!
  18.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  18[1].exe
  19.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  19[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47eddcd4.qua'!
  1[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47c3dcf6.qua'!
  2.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
        --> Object
  20.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  20[1].exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '47eddccb.qua'!
  21.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  21[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '464e6c4d.qua'!
  2[1].exe
  3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omo.7
      [INFO]      The file was deleted!
  3[1].exe
  4.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxd
            [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  4[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The fund was classified as suspicious.
      [INFO]      The file was moved to '46606c77.qua'!
  5.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  5[1].exe
  6.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  6[1].exe
  7.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  7[1].exe
  8.exe
    [0] Archive type: Runtime Packed
      --> Object
        [1] Archive type: RSRC
        --> Object
      [INFO]      The file was deleted!
  8[1].exe
  down[1].exe
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  test[1].htm
  usb32k.sys
    [0] Archive type: Runtime Packed
    --> Object
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!
  wxptdi.sys
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
      [INFO]      The file was deleted!


End of the scan: 2008年1月19日  21:31
Used time: 00:06 min

The scan has been done completely.

      1 Scanning directories
     45 Files were scanned
     21 viruses and/or unwanted programs were found
     11 Files were classified as suspicious:
     24 files were deleted
      0 files were repaired
      8 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     24 Files not concerned
     20 Archives were scanned
     10 Warnings
      0 Notes
回复

举报

wangjay1980
发表于 2008-1-20 14:04:31 | 显示全部楼层
Hello,

11[1].exek - Trojan-Downloader.Win32.ConHook.jh,
13[1].exek - Trojan-Downloader.Win32.Zlob.gef,
16[1].exek - Trojan-Downloader.Win32.Zlob.geg,
17[1].exek, 21[1].exek, 4[1].exek - Trojan.Win32.Pakes.bzp,
18[1].exek - Trojan-Downloader.Win32.Zlob.geh,
5[1].exek - Trojan-Downloader.Win32.Zlob.gei,
6[1].exek - Trojan-Downloader.Win32.Zlob.gej,
7[1].exek - Trojan-Downloader.Win32.ConHook.ji,
8[1].exek - Trojan-Downloader.Win32.Zlob.gek

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

12[1].exek, 15[1].exek, 19[1].exek, 1[1].exek, 20[1].exek, 2[1].exek, 3[1].exek

These files are corrupted.

test[1].htmk

No malicious code was found in this file.

Please quote all when answering.
回复

举报

spaceplane
发表于 2008-1-20 14:15:26 | 显示全部楼层
avast只查出18个

大蜘蛛怎么才查出3个。。。。

原帖由 风野胤 于 2008-1-20 13:30 发表
不知道全金4什么时候出

战女神ZERO不是要出了,急什么

[ 本帖最后由 spaceplane 于 2008-1-20 14:19 编辑 ]
回复

举报

ballakay
发表于 2008-1-20 14:58:34 | 显示全部楼层
Scanning Report
20 January 2008 14:57:50 - 14:57:55
Computer name: PUMA-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\Desktop.rar


--------------------------------------------------------------------------------

Result: 23 malware found
Trojan.Win32.Vaklik.eg (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\1.exe
Trojan-PSW.Win32.OnLineGames.owf (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\2.exe
Trojan-PSW.Win32.OnLineGames.omo (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\3.exe
Trojan-PSW.Win32.OnLineGames.orb (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\4.exe
Trojan-PSW.Win32.OnLineGames.olj (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\5.exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\7.exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\14[1].exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\16.exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\18.exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part3.rar\14.exe
Trojan-PSW.Win32.OnLineGames.ooy (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\6.exe
Trojan-PSW.Win32.OnLineGames.nis (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\8.exe
Trojan-PSW.Win32.Lmir.boy (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\10.exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\10[1].exe
Trojan-PSW.Win32.OnLineGames.onw (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\11.exe
Trojan-PSW.Win32.OnLineGames.okn (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part2.rar\12.exe
Trojan-PSW.Win32.OnLineGames.odi (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\15.exe
Trojan-PSW.Win32.OnLineGames.omm (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\19.exe
Trojan.Win32.Vaklik.eb (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\20.exe
Worm.Win32.Downloader.dq (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\down[1].exe
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\usb32k.sys
Worm.Win32.Downloader.dn (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part1.rar\wxptdi.sys
Trojan-PSW.Win32.OnLineGames.oml (virus)
C:\Users\Administrator\Desktop\Desktop.rar\virus.part3.rar\13.exe




--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 47
Not scanned: 0
Result:
Viruses: 23
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-01-19_02
Spyware: 2008-01-19_01
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-01-19
F-Secure Libra: 2.04.01, 2008-01-18
F-Secure Orion: 1.02.37, 2008-01-19
F-Secure Draco: 1.00.35, 2007-11-28
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Delete infected files
Spyware: Delete infected files
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-6 06:41 , Processed in 0.092270 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表