1个~

显示全部楼层 · 发表于 2008-2-6 17:09:57

NOD32报启发~

显示全部楼层 · 发表于 2008-2-6 17:11:37

Starting the file scan:

Begin scan in 'E:\schost.rar'
E:\schost.rar
  [0] Archive type: RAR
  --> schost.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2008-2-6 17:21:50

IK
I:\virus\schost.rar:\schost.exe - Signature 'Trojan-PWS.Win32.Agent.BU' found
I:\virus\schost.rar
2 Files scanned
(1 Archiv with 1 file)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.015

显示全部楼层 · 发表于 2008-2-6 18:13:17

Scan Log
Version of virus signature database: 2851 (20080205)
Date: 2008-2-6 Time: 18:14:16
Scanned disks, folders and files: E:\virus\schost.rar
E:\virus\schost.rar » RAR » schost.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
Number of scanned objects: 2
Number of threats found: 1
Time of completion: 18:14:19 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2008-2-6 18:25:17

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Malicious Code

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.30.20

显示全部楼层 · 发表于 2008-2-6 18:30:10

1998-2-6 18:27:41 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\WINDOWS\system32\AUTORUN.INF Prevent creation of autorun.inf files Action blocked :Create
1998-2-6 18:27:41 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:42 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe D:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:43 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe E:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:44 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe F:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:44 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe G:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:45 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe H:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:45 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe I:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:46 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe J:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:46 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe K:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:47 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe N:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:48 Would be blocked by behaviour blocking rule  (rule is currently in warn mode) NT AUTHORITY\SYSTEM svchost.exe C:\WINDOWS\system32\wbem\Logs\wbemess.log Watch system folder Action blocked :Write
1998-2-6 18:27:48 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe O:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:49 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe P:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:49 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe Q:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:50 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe R:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:50 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe S:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:51 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe T:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:51 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe U:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:27:57 Would be blocked by behaviour blocking rule  (rule is currently in warn mode) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\setupapi.log Watch system folder Action blocked :Write
1998-2-6 18:27:58 Would be blocked by behaviour blocking rule  (rule is currently in warn mode) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\system32\help.exe.new Watch system folder Action blocked :Create
1998-2-6 18:27:58 Blocked by behaviour blocking rule NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\system32\help.exe.new Prevent creation of new files in the System32 folder (.exe) Action blocked :Create
1998-2-6 18:27:59 Would be blocked by behaviour blocking rule  (rule is currently in warn mode) NT AUTHORITY\SYSTEM svchost.exe C:\WINDOWS\system32\CatRoot2\edb.chk Watch system folder Action blocked :Write
1998-2-6 18:28:00 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\WINDOWS\system32\AUTORUN.INF Prevent creation of autorun.inf files Action blocked :Create
1998-2-6 18:28:01 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:02 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe D:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:03 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe E:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:03 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe F:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:04 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe G:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:04 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe H:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:05 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe I:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:05 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe J:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:06 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe K:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:06 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe N:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:06 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe O:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:06 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe P:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:07 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe Q:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:07 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe R:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:07 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe S:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:07 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe T:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:08 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe U:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:09 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\WINDOWS\system32\AUTORUN.INF Prevent creation of autorun.inf files Action blocked :Create
1998-2-6 18:28:10 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe C:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:11 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe D:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:12 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe E:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:13 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe F:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:14 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe G:\schost.exe Prevent creation of new files in the system root Action blocked :Create
1998-2-6 18:28:15 Blocked by behaviour blocking rule WHUT-D9193C067E\gho schost.exe H:\schost.exe Prevent creation of new files in the system root Action blocked :Create

显示全部楼层 · 发表于 2008-2-6 20:08:29

金山。。。。过年去了。。。

显示全部楼层 · 发表于 2008-2-6 20:19:20

大蜘蛛过

显示全部楼层 · 发表于 2008-2-6 20:19:57

The file 'schost.exe' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Crypted.

[病毒样本] 1个~

本帖子中包含更多资源

4/1

回复 2楼 Graybird 的帖子

浏览过的版块