第一包24个

显示全部楼层 · 发表于 2008-1-26 15:20:59

from
194.54.90.246/kkq2.gif
204.2.183.2/phuong-hong/task.rar
205.177.122.104/udefender_os1zn2mO7Z.exe
219.148.34.10/sss.exe
58.225.75.168/PUB/TPZO/Install/nwubrInsxF.EXE
等等

显示全部楼层 · 发表于 2008-1-26 15:22:27

信息 2008-01-26  15:22:05 您此次查毒共查出23个病毒以及危险代码
信息 2008-01-26  15:22:05 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件45个
信息 2008-01-26  15:22:05 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
风险程序 2008-01-26  15:22:05 C:\Users\挪威的冬天\Desktop\Malware1.rar\wincup.cab\wincup.exe Win32.Adware.Boran.p.69120 跳过，未处理
风险程序 2008-01-26  15:22:05 C:\Users\挪威的冬天\Desktop\Malware1.rar\diybar2.cab\diybar2.dll Win32.Adware.Diybar.b.540672 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\16.exe Win32.Troj.OnlineGamesT.nr.37008 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\15.exe Win32.Troj.OnlineGamesT.nr.37008 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\11.7012554.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\11.6853994.exe Win32.Troj.OnLineGamesT.gr.2637 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\11.2236246.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\11.1437953.exe Win32.Troj.OnLineGamesT.gr.2637 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\11.248562.exe Win32.Troj.OnLineGamesT.gr.2637 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\8.9635147.exe Win32.Troj.OnlineGames.lq.135168 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\8.5582588.exe Win32.Troj.OnlineGames.aw.139264 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\8.4764441.exe Win32.Troj.OnlineGamesT.zy.90112 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\8.1174411.exe Win32.Troj.OnLineGamesT.gr.2637 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\6.1559359.exe Win32.Troj.LmirT.by.9900 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\19.262645E-02.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1.8886942.exe Win32.Troj.OnlineGamesT.nr.37008 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1.8259836.exe Win32.Troj.LmirT.by.9900 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1.7680584.exe Win32.PSWTroj.GamesOnline.jp.61440 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1.3912404.exe Win32.Troj.Downloader.ss.77824 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1.3075221.exe Win32.Troj.OnlineGamesT.nr.37008 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\2.exe Win32.Hack.Small.tf.115002 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\mun1_26_11_070.exe Win32.Hack.Agent.229376 跳过，未处理
病毒 2008-01-26  15:22:04 C:\Users\挪威的冬天\Desktop\Malware1.rar\1710.rar\我的照片.Exe Win32.PSWTroj.Delf.90192 跳过，未处理

显示全部楼层 · 发表于 2008-1-26 15:22:46

Starting the file scan:

Begin scan in 'E:\Malware1.rar'
E:\Malware1.rar
  [0] Archive type: RAR
--> 1710.rar
   [1] Archive type: RAR
   --> ÎÒµÄÕÕÆ¬.Exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
--> diybar2.cab
   [1] Archive type: CAB (Microsoft)
   --> diybar2.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Bar.Diybar.B
--> wincup.cab
   [1] Archive type: CAB (Microsoft)
   --> wincup.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Boran.P
  --> mun1_26_11_070.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 43.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
  --> 2.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.TF.1 Backdoor server programs
  --> 1.3075221.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 1.3912404.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oyd
  --> 1.7680584.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.x
  --> 1.8259836.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 1.8886942.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oqq.2
  --> 19.262645E-02.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.42528
  --> 6.1559359.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 8.1174411.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji.1
  --> 8.4764441.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.28619
  --> 8.5582588.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 8.9635147.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 11.248562.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.158
  --> 11.1437953.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.3
  --> 11.2236246.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 11.6853994.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.OBN.4
  --> 11.7012554.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年1月26日  15:23
Used time: 00:13 min

The scan has been done completely.

   0 Scanning directories
   31 Files were scanned
   24 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   4 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-26 15:22:49

detected: virus Heur.Downloader (modification) File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1710.rar/ÎÒµÄÕÕÆ¬.Exe
deleted: adware not-a-virus:AdWare.Win32.Diybar.b File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/diybar2.cab/diybar2.dll
deleted: adware not-a-virus:AdWare.Win32.Boran.p File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/wincup.cab/wincup.exe
deleted: Trojan program Backdoor.Win32.Agent.dbo File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/mun1_26_11_070.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.gbh File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/43.exe//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Backdoor.Win32.Small.tf File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/2.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pbp File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1.3075221.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pcn File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1.3912404.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pgn File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1.7680584.exe
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1.8259836.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nmc File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/1.8886942.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.odx File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/19.262645E-02.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/6.1559359.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.isb File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/8.1174411.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mmy File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/8.4764441.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nbk File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/8.5582588.exe//NSPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.lqb File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/8.9635147.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.isb File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/11.248562.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.isb File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/11.1437953.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mht File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/11.2236246.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.isb File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/11.6853994.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nbl File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/11.7012554.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pjj File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/15.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pbp File: C:\Documents and Settings\Administrator\×ÀÃæ\Malware1.rar/16.exe//PE_Patch//UPack

全灭

显示全部楼层 · 发表于 2008-1-26 15:23:29

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\Malware1.rar'
C:\Documents and Settings\Administrator\桌面\Malware1.rar
  [0] Archive type: RAR
--> 1710.rar
   [1] Archive type: RAR
   --> ÎÒµÄÕÕÆ¬.Exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
--> diybar2.cab
   [1] Archive type: CAB (Microsoft)
   --> diybar2.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Bar.Diybar.B
--> wincup.cab
   [1] Archive type: CAB (Microsoft)
   --> wincup.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Boran.P
  --> mun1_26_11_070.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 43.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
  --> 2.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.TF.1 Backdoor server programs
  --> 1.3075221.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 1.3912404.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oyd
  --> 1.7680584.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.x
  --> 1.8259836.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 1.8886942.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oqq.2
  --> 19.262645E-02.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.42528
  --> 6.1559359.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 8.1174411.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji.1
  --> 8.4764441.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.28619
  --> 8.5582588.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 8.9635147.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 11.248562.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.158
  --> 11.1437953.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.3
  --> 11.2236246.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 11.6853994.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.OBN.4
  --> 11.7012554.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!

End of the scan: 2008年1月26日  15:22
Used time: 00:15 min

The scan has been done completely.

   0 Scanning directories
   32 Files were scanned
   24 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   8 Files not concerned
   4 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-26 15:48:22

江民报22个

显示全部楼层 · 发表于 2008-1-26 15:52:08

AVAST 20个
大蜘蛛 19个

显示全部楼层 · 发表于 2008-1-26 16:04:18

AVAST 14 ...

ps .对alwil无语 . 这两天每次更新都只更新了一条特征 .

显示全部楼层 · 发表于 2008-1-26 16:04:53

原帖由 spaceplane 于 2008-1-26 15:52 发表
AVAST 20个

? 楼了 10 个 ..

显示全部楼层 · 发表于 2008-1-26 16:11:12

D:\download\Malware1.rar>>diybar2.cab>>diybar2.dll Adware.Diybar.b.vk.dll 广告程序还未处理
D:\download\Malware1.rar>>wincup.cab>>wincup.exe Adware.Boran.p.hdp 广告程序还未处理
D:\download\Malware1.rar>>mun1_26_11_070.exe Backdoor.Agent.dbo.cgex 后门还未处理
D:\download\Malware1.rar>>43.exe TrojanDownloader.Agent.gbh.zemh 木马还未处理
D:\download\Malware1.rar>>1.3075221.exe TrojanPSW.OnLineGames.pbp.zipb 木马还未处理
D:\download\Malware1.rar>>1.3912404.exe W32.Viking.k 病毒还未处理
D:\download\Malware1.rar>>1.7680584.exe TrojanPSW.XYOnline.aao.etad 木马还未处理
D:\download\Malware1.rar>>1.8259836.exe PWSteal.Lemir.boy.pjkg 木马还未处理
D:\download\Malware1.rar>>1.8886942.exe TrojanPSW.OnLineGames.nmc.pejv 木马还未处理
D:\download\Malware1.rar>>19.262645E-02.exe TrojanPSW.OnLineGames.odx.lhap 木马还未处理
D:\download\Malware1.rar>>6.1559359.exe PWSteal.Lemir.boy.pjkg 木马还未处理
D:\download\Malware1.rar>>8.1174411.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
D:\download\Malware1.rar>>8.4764441.exe TrojanPSW.OnLineGames.jhe.ihnb 木马还未处理
D:\download\Malware1.rar>>8.5582588.exe TrojanDropper.Agent.fth.ivmj 木马还未处理
D:\download\Malware1.rar>>8.9635147.exe TrojanPSW.GameOL.gng.dqvs 木马还未处理
D:\download\Malware1.rar>>11.248562.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
D:\download\Malware1.rar>>11.1437953.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
D:\download\Malware1.rar>>11.2236246.exe TrojanPSW.GameOL.GEN.acib 木马还未处理
D:\download\Malware1.rar>>11.6853994.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
D:\download\Malware1.rar>>11.7012554.exe TrojanPSW.OnLineGames.lhc.wklh 木马还未处理
D:\download\Malware1.rar>>15.exe TrojanPSW.OnLineGames.pjj.leeh 木马还未处理
D:\download\Malware1.rar>>16.exe Heuri.Suspicious.ERNM 启发式扫描还未处理

[病毒样本] 第一包24个

本帖子中包含更多资源

24

浏览过的版块