來個+6

流清泉

http://jin.jin.wmn.cc/jh/jh0828.rar
http://208861.9k9k.cn/123/1.exe
http://gogo1985.host.shangren.net/MM.exe
http://b.99081.com/guaguaxixa/duote/guaguaxixa.exe
http://a.99081.com/wjkbbs/004.rar
http://j.99081.com/myth1991/wy1.0.rar
http://upload.ouliu.net/pics/e77faefd945c06ee56575541844590d1.exe
http://sbwyw.512j.com/jwtwg.rar
http://ying138.512j.com/qq.rar
http://szfile.focus.cn/upload/files/1787/71RqpGM0.rar
http://blogimg.chinaunix.net/blog/upfile2/080123155454.rar
http://qqq61.go.51.net/QQTangwg.exe
http://372300635.512j.com/fcg.rar
http://img.jpg.name/hjdhzhwvvhjjthhvvtrshvwdwwtsdthyvwjt.EXE

[ 本帖最后由 流清泉 于 2008-2-8 16:26 编辑 ]

Graybird

Starting the file scan:

Begin scan in 'E:\jh0828.rar'
E:\jh0828.rar
  [0] Archive type: RAR
  --> jh0828\QQ.asp
      [DETECTION] Is the Trojan horse TR/PSW.ASP.S
  --> jh0828\½ðºüQQ2008´óµÁ[ÊóÄêдººØËê°æ].exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
      [WARNING]   The file was ignored!

Starting the file scan:

Begin scan in 'E:\1.exe'
E:\1.exe
      [DETECTION] Is the Trojan horse TR/Drop.QQHelper.C
      [INFO]      The file was deleted!

Starting the file scan:

Begin scan in 'E:\MM.exe'
E:\MM.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.YQ
      [INFO]      The file was deleted!
Begin scan in 'E:\guaguaxixa.exe'
E:\guaguaxixa.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
Begin scan in 'E:\004.rar'
E:\004.rar
  [0] Archive type: RAR
  --> jpg.exe
      [DETECTION] Contains detection pattern of the SPR/FileBinder.A program
      [INFO]      The file was deleted!
Begin scan in 'E:\wy1.0.rar'
Begin scan in 'E:\e77faefd945c06ee56575541844590d1.exe'
Begin scan in 'E:\jwtwg.rar'
E:\jwtwg.rar
  [0] Archive type: RAR
  --> ¾¢ÎèÍÅÖúÊÖ-ËæÐÄÎè.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
Begin scan in 'E:\qq.rar'
E:\qq.rar
  [0] Archive type: RAR
  --> ×îÐÂË¢QQÒµÎñ¹¤¾ß\×îÐÂË¢QQÒµÎñ¹¤¾ß.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING]   The file was ignored!
Begin scan in 'E:\71RqpGM0.rar'
E:\71RqpGM0.rar
  [0] Archive type: RAR
  --> ÅÜÅÜÃâ·ÑÆƽâÍâ¹Ò.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
Begin scan in 'E:\080123155454.rar'
E:\080123155454.rar
  [0] Archive type: RAR
  --> Íâ¹Ò.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!
Begin scan in 'E:\QQTangwg.exe'
E:\QQTangwg.exe
  [0] Archive type: RAR SFX (self extracting)
  --> m.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.q.1 Backdoor server programs
      [WARNING]   The file was ignored!
Begin scan in 'E:\fcg.rar'
E:\fcg.rar
  [0] Archive type: RAR
  --> fcg.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!
Begin scan in 'E:\jpg.name_059040177055_2007-7-26_3-07-19_1123920_87152.exe'
E:\jpg.name_059040177055_2007-7-26_3-07-19_1123920_87152.exe
  [0] Archive type: ZIP SFX (self extracting)
  --> 18½ûÍøÖ·´óÈ«.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!

e77faefd945c06ee56575541844590d1.exe
The file 'e77faefd945c06ee56575541844590d1.exe' has been determined to be 'MALWARE'. Our analysts named the threat DR/Agent.eyc. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection will be added to our virus definition file (VDF) with one of the next updates.

QQTangwg.exe
The file 'QQTangwg.exe' has been determined to be 'MALWARE'. Our analysts named the threat DR/PcClient.Q. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection will be added to our virus definition file (VDF) with one of the next updates.

qq.rar
The file 'fucker.EXE' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

wy1.0.rar
The file 'GuaQQ.exe' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

jpg.name_059040177055_2007-7-26_3-07-19_1123920_87152.exe
The file 'jpg.name_059040177055_2007-7-26_3-07-19_1123920_87152.exe' has been determined to be 'MALWARE'. Our analysts named the threat DR/Hupigon.exb. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 Graybird 于 2008-2-8 21:57 编辑 ]

wangjay1980

发过

wolffshen

FS 杀
结果: 找到 1 恶意软件
Trojan-Downloader.Win32.Delf.enh (病毒)
D:\Virus\Test\d\金狐QQ2008大盗[鼠年新春贺岁版].exe 操作: 删除

冷冷

IK
I:\virus\test\1.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\test\jh0828.rar:\jh0828\QQ.asp
I:\virus\test\jh0828.rar:\jh0828\金狐QQ2008大盗[鼠年新春贺岁版--去除后门收信免杀加强版]说明.txt
I:\virus\test\jh0828.rar:\jh0828\金狐QQ2008大盗[鼠年新春贺岁版].exe - Signature 'Backdoor.Win32.GrayBird.lc' found
I:\virus\test\jh0828.rar:\jh0828\金狐QQ联盟.url
I:\virus\test\jh0828.rar
6 Files scanned
   (1 Archiv with 4 files)
2 Signatures found
0 Suspect code-parts found
Used time: 0:00.171

[ 本帖最后由 冷_冷 于 2008-2-8 14:19 编辑 ]

hj5abc

AVAST 12  

Win32:QQPass-OQ [Trj]
Win32:Agent-JOJ [Trj]
Win32:Nilage-AI [Trj]
Win32:Delf-BLM [Trj]
Win32:Getos [Trj]
Win32:Hupigon-FB [Trj]
Win32:RPoly [Cryp]
Win32:QQPass-OQ [Trj]
Win32:Hupigon-DKF [Trj]
Win32:PcClient-CY [Trj]
Win32:Hupigon-DKZ [Trj]
Win32:Hupigon-DUB [Trj]


[ 本帖最后由 hj5abc 于 2008-2-8 16:45 编辑 ]

挪威的冬天

病毒        2008-02-08  13:17:47        病毒在文件C:\Users\挪威的冬天\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IT07D11\1[1].exe中        Win32.PSWTroj.Agent.mh.114688        处理成功（操作：删除）       

信息        2008-02-08  13:18:02        您此次查毒共查出1个病毒以及危险代码                       
信息        2008-02-08  13:18:02        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件8个                       
信息        2008-02-08  13:18:02        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-02-08  13:18:02        C:\Users\挪威的冬天\Desktop\jh0828.rar\jh0828\金狐QQ2008大盗[鼠年新春贺岁版].exe        Win32.Packed.MaskPE        跳过，未处理

无尽藏海

F:\virus\1.exe - probably a variant of Win32/AutoRun.FS worm


2008-2-8 13:34:50        Kernel        File  'F:\virus\jh0828.rar' was sent to ESET for analysis.

leonfg

Virus check with G DATA AntiVirus
Version 18.2.7318.595
Virus signature dated 2/8/2008
Start time: 2/8/2008 14:35
Engine(s): Engine A (AVK 18.2696), Engine B (AVKB 18.127)
Heuristics: On
Archive: On
System areas: On

Check system areas...
Check the following directories and files:
  C:\Documents and Settings\GUNDAM\桌面\新建文件夹\

Object: 1.exe
        Path: C:\Documents and Settings\GUNDAM\桌面\新建文件夹
        Status: Virus detected
        Virus: Trojan-PSW.Win32.Agent.mh (Engine A)
Object: jh0828/金狐QQ2008大盗[鼠年新春贺岁版].exe data0001.bin
        In archive: C:\Documents and Settings\GUNDAM\桌面\新建文件夹\jh0828.rar
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Delf.enh (Engine A)
Object: jh0828.rar
        Path: C:\Documents and Settings\GUNDAM\桌面\新建文件夹
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Delf.enh (Engine A)

Analysis performed in full: 2/8/2008 14:35
    2 files checked
    2 infected files detected
    0 suspicious files found

qigang

http://jin.jin.wmn.cc/jh/jh0828.rar