来个＋个地址

显示全部楼层 · 发表于 2008-1-30 19:20:13

来个
http://qqck.512j.com/QQck.zip
里面好像是鸽子吧
http://www.fs2you.com/zh-cn/files/a93767ae-cf13-11dc-890e-00142218fc6e/

[ 本帖最后由流清泉于 2008-1-30 21:34 编辑 ]

显示全部楼层 · 发表于 2008-1-30 19:31:04

rising20.29.22不杀！

显示全部楼层 · 发表于 2008-1-30 19:37:53

Begin scan in 'C:\Documents and Settings\Administrator\桌面\QQck.zip'
C:\Documents and Settings\Administrator\桌面\QQck.zip
  [0] Archive type: ZIP
  --> QQÁÄÌì¼ÍÂ¼²ì¿´Æ÷.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

End of the scan: 2008年1月30日  19:37
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   2 Files were scanned
   0 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-30 19:43:02

发现可疑程序
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPARATION.TMP
可疑程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORITES\NETSERVICE.EXE
是否阻止该进程继续运行?

删除确认
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPARATION.TMP
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORITES\NETSERVICE.EXE
是否删除病毒程序及其衍生物?

这种微点还是会管的

显示全部楼层 · 发表于 2008-1-30 19:44:07

Begin scan in 'C:\Documents and Settings\Administrator\桌面\QQck.zip'
C:\Documents and Settings\Administrator\桌面\QQck.zip
  [0] Archive type: ZIP
  --> QQÁÄÌì¼ÍÂ¼²ì¿´Æ÷.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

红伞启发

显示全部楼层 · 发表于 2008-1-30 19:53:03

TEMP\TEMPARATION.TMP被FS系统控制抑制

显示全部楼层 · 发表于 2008-1-30 19:54:04

希望楼主一次性贴完
不要等会又加新的来哦！！
先占个位置！

-------------------------------
I:\virus\test\QQ聊天纪录察看器.exe - Signature 'Backdoor.Pcclient.SYX' found
1 File scanned
(0 Archives with 0 files)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.094
--------------------------------

[ 本帖最后由冷_冷于 2008-1-30 20:05 编辑 ]

显示全部楼层 · 发表于 2008-1-30 20:49:51

费尔卡巴过

显示全部楼层 · 发表于 2008-1-30 22:30:18

The file 'QQ##############.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Agent.xca. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

显示全部楼层 · 发表于 2008-1-30 22:49:17

nod不报

[已鉴定] 来个＋个地址

QQ聊天纪录察看器