12个

显示全部楼层 · 发表于 2008-1-25 17:59:20

all from http://polanddreams.com/check/tpktskr2.php

显示全部楼层 · 发表于 2008-1-25 18:00:48

Starting the file scan:

Begin scan in 'E:\0125.rar'
E:\0125.rar
  [0] Archive type: RAR
  --> new.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> krab.exe
   [DETECTION] Is the Trojan horse TR/Agent.7680.95
  --> sol.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.MH
  --> hqcodecvip1176.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen
  --> u_f1_v34_72_u.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ldig006.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> severa.exe
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.ow
  --> d.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1011.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> win32.exe
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.x
  --> 0901.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年1月25日  18:01
Used time: 00:19 min

The scan has been done completely.

   0 Scanning directories
   13 Files were scanned
   12 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-25 18:01:28

Scan Log
Version of virus signature database: 2821 (20080124)
Date: 2008-1-25 Time: 18:01:37
Scanned disks, folders and files: G:\v\0125.rar
G:\v\0125.rar:Zone.Identifier - is OK
Number of scanned objects: 25
Number of threats found: 7
Time of completion: 18:01:38 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2008-1-25 18:03:11

hqcodecvip1176.exe

2008-1-25 18:03:04 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temp\freebsd.exe Win32/TrojanDownloader.Zlob.BOA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\hqcodecvip1176.exe.
2008-1-25 18:03:03 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temp\calc.exe Win32/TrojanDownloader.Zlob.BOA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\hqcodecvip1176.exe.
2008-1-25 18:03:02 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temp\notepad.exe Win32/TrojanDownloader.Zlob.BOA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\hqcodecvip1176.exe.

显示全部楼层 · 发表于 2008-1-25 18:05:37

new.exe
死的
d.exe
运行后自己都退出了

显示全部楼层 · 发表于 2008-1-25 18:05:46

江民杀5个

显示全部楼层 · 发表于 2008-1-25 19:27:24

费尔4个

显示全部楼层 · 发表于 2008-1-25 19:35:26

已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.dvh 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/new.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.cib 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/krab.exe//PE_Patch.UPX
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Graball.i 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/sol.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.DNSChanger.arn 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/hqcodecvip1176.exe//data0001
已刪除: 特洛伊木馬程式 Trojan-Proxy.Win32.Saturn.af 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/u_f1_v34_72_u.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.hko 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/ldig006.exe//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.bkw 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/severa.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.DNSChanger.aum 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/1011.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Tibs.uk 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/win32.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pgn 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/1.exe
已刪除: 特洛伊木馬程式 Trojan-Proxy.Win32.Xorpix.cs 檔案: C:\Documents and Settings\kato9096\桌面\193590.rar/0901.exe

11个,上报一个...
第十二个:
http://virscan.org/report/0465b5ba276c69b4609951f06dfd09a7.html

Hello,

d.exe_ - Trojan-Spy.Win32.Banker.hta

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-1-25 21:28 编辑 ]

显示全部楼层 · 发表于 2008-1-25 19:35:55

-------------------------------------------------------------------------------
I:\virus\test/0901.exe: PUA.Packed.UPack FOUND
I:\virus\test/hqcodecvip1176.exe: Trojan.DNSChanger-2168 FOUND
I:\virus\test/krab.exe: Trojan.Downloader-18008 FOUND
I:\virus\test/ldig006.exe: Trojan.Downloader-20226 FOUND
I:\virus\test/severa.exe: Trojan.Dropper-3840 FOUND
I:\virus\test/u_f1_v34_72_u.exe: Broken.Executable FOUND
----------- SCAN SUMMARY -----------
Known viruses: 195751
Engine version: 0.92
Scanned directories: 1
Scanned files: 12
Infected files: 6
Data scanned: 0.86 MB
Time: 7.593 sec (0 m 7 s)

I:\virus\test\0901.exe
I:\virus\test\1.exe - Signature 'Trojan-PWS.Win32.OnLineGames.pgn' found
I:\virus\test\1011.exe - Signature 'Trojan.DNSChanger.BX' found
I:\virus\test\d.exe - Signature 'Trojan-Spy.Finanz.J' found
I:\virus\test\hqcodecvip1176.exe
I:\virus\test\krab.exe - Signature 'Trojan-Downloader.Win32.Small.cib' found
I:\virus\test\ldig006.exe - Signature 'Trojan-Downloader.Win32.Small.ddx' found
I:\virus\test\new.exe - Suspect code-parts found (Level: 40)
I:\virus\test\severa.exe - Signature 'Trojan.Peed.ITU' found
I:\virus\test\sol.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\test\u_f1_v34_72_u.exe - Signature 'Virus.Win32.Nulprot.B' found
I:\virus\test\win32.exe
12 Files scanned
(0 Archives with 0 files)
8 Signatures found
1 Suspect code-part found
Used time: 0:01.359

显示全部楼层 · 发表于 2008-1-25 19:49:56

已删除：木马程序 Trojan.Win32.Agent.dvh 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/new.exe
已删除：木马程序 Trojan-Downloader.Win32.Small.cib 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/krab.exe//PE_Patch.UPX
已删除：木马程序 Trojan-Spy.Win32.Graball.i 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/sol.exe
已删除：木马程序 Trojan.Win32.DNSChanger.arn 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/hqcodecvip1176.exe//data0001
已删除：木马程序 Trojan-Proxy.Win32.Saturn.af 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/u_f1_v34_72_u.exe
已删除：木马程序 Trojan-Downloader.Win32.Small.hko 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/ldig006.exe//PE_Patch.PECompact//PecBundle//PECompact
已删除：木马程序 Trojan-Downloader.Win32.Tibs.ul 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/severa.exe
已删除：木马程序 Trojan.Win32.DNSChanger.aum 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/1011.exe
已删除：木马程序 Trojan-Downloader.Win32.Tibs.uk 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/win32.exe
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.pgn 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/1.exe
已删除：木马程序 Trojan-Proxy.Win32.Xorpix.cs 文件　: C:\Documents and Settings\Administrator\桌面\0125.rar/0901.exe

[病毒样本] 12个

本帖子中包含更多资源

12

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块