一包下载者下载来的

显示全部楼层 · 发表于 2008-1-31 00:12:38

数量不错，比较多

样本：

显示全部楼层 · 发表于 2008-1-31 00:17:48

CAV
I:\virus\test/11/1.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/cq.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/cs.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/dj.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/hx.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/mh.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/my.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/pt.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/qq.exe: Trojan.QQPass-493 FOUND
I:\virus\test/11/tl.exe: PUA.Packed.UPack FOUND
I:\virus\test/11/wd.exe: PUA.Packed.UPack FOUND
I:\virus\test/11/wm.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/xy.exe: PUA.Packed.UPack-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 199109
Engine version: 0.92
Scanned directories: 2
Scanned files: 13
Infected files: 13
Data scanned: 0.29 MB
Time: 7.218 sec (0 m 7 s)

IK
I:\virus\test\11\1.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\test\11\cq.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\cs.exe - Suspect code-parts found (Level: 25)
I:\virus\test\11\dj.exe - Suspect code-parts found (Level: 25)
I:\virus\test\11\hx.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\mh.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\my.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\pt.exe - Signature 'Trojan-PWS.Win32.OnLineGames.pou' found
I:\virus\test\11\qq.exe - Signature 'Trojan-Proxy.Win32.Delf.AN' found
I:\virus\test\11\tl.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\test\11\wd.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\test\11\wm.exe - Suspect code-parts found (Level: 5)
I:\virus\test\11\xy.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
13 Files scanned
(0 Archives with 0 files)
10 Signatures found
3 Suspect code-parts found
Used time: 0:01.218

显示全部楼层 · 发表于 2008-1-31 00:17:54

Starting the file scan:

Begin scan in 'E:\11.rar'
E:\11.rar
  [0] Archive type: RAR
  --> 11\1.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.dyd
  --> 11\cq.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.1
  --> 11\cs.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11828
  --> 11\dj.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pvk.1
  --> 11\hx.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.28
  --> 11\mh.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\my.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\pt.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pou.11
  --> 11\qq.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.26
  --> 11\tl.exe
   [DETECTION] Is the Trojan horse TR/Agent.15072
  --> 11\wd.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.aob
  --> 11\wm.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12219.1
  --> 11\xy.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年1月31日  00:18
Used time: 00:27 min

The scan has been done completely.

   0 Scanning directories
   14 Files were scanned
   13 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-31 00:18:09

10
信息       2008-01-31  00:16:10       您此次查毒共查出10个病毒以及危险代码
信息       2008-01-31  00:16:10       您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件27个
信息       2008-01-31  00:16:10       金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\xy.exe       Win32.Troj.OnlineGamesT.nr.37008       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\wd.exe       Win32.Troj.DownloaderT.m.101715       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\tl.exe       Win32.Troj.DownloaderT.m.101715       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\qq.exe       Win32.Troj.QQThiefT.ty.112755       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\pt.exe       Win32.PSWTroj.OnLineGames.57344       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\my.exe       Win32.Troj.OnlineGamesT.nr.37008       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\mh.exe       Win32.Troj.OnlineGamesT.nr.37008       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\hx.exe       Win32.Troj.OnlineGamesT.nr.37008       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\cq.exe       Win32.Troj.OnlineGamesT.nr.37008       跳过，未处理
病毒       2008-01-31  00:16:10       C:\Documents and Settings\Administrator\桌面\11.rar\11\1.exe       Win32.Troj.MachDogT.hl.98304       跳过，未处理
信息       2008-01-31  00:15:59       金山毒霸主程序启动查毒过程，查毒方式：命令行查毒
信息       2008-01-31  00:15:58       金山毒霸主程序启动

显示全部楼层 · 发表于 2008-1-31 00:23:40

ESET 12
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\1.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\cq.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\cs.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\dj.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\hx.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\mh.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\my.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\pt.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\qq.exe - Win32/PSW.QQPass.NCV trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\tl.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\wm.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\xy.exe - a variant of Win32/PSW.OnLineGames.MUG trojan

显示全部楼层 · 发表于 2008-1-31 00:25:34

13
deleted: Trojan program Trojan-Downloader.Win32.Agent.hrl File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\1.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvm File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\cq.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvk File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\dj.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvn File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\hx.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvm File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\mh.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvm File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\my.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pou File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\pt.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.QQPass.asz File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\qq.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.icj File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\tl.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Delf.aob File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\wd.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvu File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\wm.exe//PE_Patch//UPack//data0000.bin//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nmc File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\xy.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pwl File: C:\Documents and Settings\Owner\×ÀÃæ\11.rar/11\cs.exe//PE_Patch//UPack//data0000.bin//UPack

显示全部楼层 · 发表于 2008-1-31 00:42:41

FS 全杀

显示全部楼层 · 发表于 2008-1-31 07:18:15

费尔卡巴杀13个

显示全部楼层 · 发表于 2008-1-31 08:51:45

扫描统计:
扫描时间: 4秒
扫描选项:
扫描目标: G:\Users\Administrator\Desktop\11.rar
  计数:
扫描的项目总数: 14
- 文件和目录: 14
- 注册表项: 0
- 进程和启动项: 0
- 网络和浏览器项目: 0
- 其他: 0

检测到的安全风险总数: 8
已解决的项目总数: 0
需要注意的项目总数: 8

已解决的风险:

未解决的风险:
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[1.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[cq.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[hx.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[mh.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[my.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

W32.Gammima
病毒 ID: 40890
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[qq.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[wd.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[xy.exe] 位于[g:\users\administrator\desktop\11.rar] - 已感染

显示全部楼层 · 发表于 2008-1-31 09:47:18

嗯，果然对题，数量不错。

就是质量有待进一步提高。

[病毒样本] 一包下载者下载来的

本帖子中包含更多资源

13

本帖子中包含更多资源

浏览过的版块