包里面装包包。

显示全部楼层 · 发表于 2008-2-20 02:09:29

不好意思哈。。。

显示全部楼层 · 发表于 2008-2-20 02:10:46

F:\virus\gather.zip » ZIP » 57296.zip » ZIP » 57296.sys - probably a variant of Win32/Agent trojan
F:\virus\gather.zip » ZIP » PestCaptureSetup.zip » ZIP » PestCaptureSetup.exe - Win32/Adware.SpySheriff application

显示全部楼层 · 发表于 2008-2-20 02:11:13

楼主好勤奋一下子就发了那么多[:27:]
IK
I:\virus\February\20\gather.zip:\npf.zip\npf.sys
I:\virus\February\20\gather.zip:\npf.zip
I:\virus\February\20\gather.zip:\ialmsbw.zip\ialmsbw.sys
I:\virus\February\20\gather.zip:\ialmsbw.zip
I:\virus\February\20\gather.zip:\ialmkchw.zip\ialmkchw.sys
I:\virus\February\20\gather.zip:\ialmkchw.zip
I:\virus\February\20\gather.zip:\hrb.zip\hrb.exe - Signature 'not-a-virus:AdWare.Win32.GogoTools.d' found
I:\virus\February\20\gather.zip:\hrb.zip
I:\virus\February\20\gather.zip:\57296.zip\57296.sys - Signature 'Trojan.Rootkit.GDT' found
I:\virus\February\20\gather.zip:\57296.zip
I:\virus\February\20\gather.zip:\3389.zip\3389.exe - Signature 'Backdoor.TermServ.A' found
I:\virus\February\20\gather.zip:\3389.zip
I:\virus\February\20\gather.zip:\rsm.zip\rsm.exe
I:\virus\February\20\gather.zip:\rsm.zip
I:\virus\February\20\gather.zip:\PestCaptureSetup.zip\PestCaptureSetup.exe - Signature 'Application.Win32.AdWare.SpySheriff' found
I:\virus\February\20\gather.zip:\PestCaptureSetup.zip
I:\virus\February\20\gather.zip:\packet.zip\packet.dll
I:\virus\February\20\gather.zip:\packet.zip
I:\virus\February\20\gather.zip

19 Files scanned
(1 Archiv with 18 files)
4 Signatures found

显示全部楼层 · 发表于 2008-2-20 02:12:40

File ID  Filename  Size (Byte) Result
207448  npf.sys  31.75 KB  KNOWN CLEAN
203231  ialmsbw.sys  109.66 KB  CLEAN
203230  ialmkchw.sys  76.66 KB  CLEAN
3729996  hrb.exe  24 KB  MALWARE    ADSPY/GogoTools.D.2
3729997  57296.sys  14.5 KB  MALWARE TR/Rootkit.GDT
249002  3389.exe  4.75 KB  MALWARE BDS/TermServ3389.A
203232  rsm.exe  61.5 KB  KNOWN CLEAN
3729998  PestCaptureSetup.exe  49.5 KB  MALWARE ADSPY/Spysheriff.JG
206398  packet.dll  80 KB  KNOWN CLEAN

显示全部楼层 · 发表于 2008-2-20 02:13:56

哎。好多文件都是OK的啊。。。

显示全部楼层 · 发表于 2008-2-20 03:31:15

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\gather.zip'
C:\Documents and Settings\Administrator\My Documents\
  gather.zip
[0] Archive type: ZIP
   --> npf.zip
      [1] Archive type: ZIP
      --> npf.sys
   --> ialmsbw.zip
      [1] Archive type: ZIP
      --> ialmsbw.sys
   --> ialmkchw.zip
      [1] Archive type: ZIP
      --> ialmkchw.sys
   --> hrb.zip
      [1] Archive type: ZIP
      --> hrb.exe
         [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/GogoTools.D.2
         [WARNING] Infected files in archives cannot be repaired!
   --> 57296.zip
      [1] Archive type: ZIP
      --> 57296.sys
         [DETECTION] Is the Trojan horse TR/Rootkit.GDT
         [WARNING] Infected files in archives cannot be repaired!
   --> 3389.zip
      [1] Archive type: ZIP
      --> 3389.exe
         [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/TermServ3389.A Backdoor server programs
         [WARNING] Infected files in archives cannot be repaired!
   --> rsm.zip
      [1] Archive type: ZIP
      --> rsm.exe
   --> PestCaptureSetup.zip
      [1] Archive type: ZIP
      --> PestCaptureSetup.exe
         [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Spysheriff.JG
         [WARNING] Infected files in archives cannot be repaired!
   --> packet.zip
      [1] Archive type: ZIP
      --> packet.dll
   [WARNING] The file was ignored!
  gather.zip:Zone.Identifier

End of the scan: 2008年2月20日  11:30
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   20 Files were scanned
   4 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   16 Files not concerned
   10 Archives were scanned
   5 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-20 07:49:42

扫描统计:
扫描时间: 3秒
扫描选项:
扫描目标: G:\Users\Administrator\Desktop\gather.zip
  计数:
扫描的项目总数: 19
- 文件和目录: 19
- 注册表项: 0
- 进程和启动项: 0
- 网络和浏览器项目: 0
- 其他: 0

检测到的安全风险总数: 4
已解决的项目总数: 4
需要注意的项目总数: 0

已解决的风险:
Adware.GoGoTools
病毒 ID: 4294906486
类型: 已压缩
风险: 高 (中隐蔽性，高清除可能，低性能，高隐私)
类别: 广告软件
状态: 完全解决
-----------
1 文件
[hrb.exe] 位于[hrb.zip] 位于[g:\users\administrator\desktop\gather.zip] - 已删除

Trojan Horse
病毒 ID: 25464
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 文件
[57296.sys] 位于[57296.zip] 位于[g:\users\administrator\desktop\gather.zip] - 已删除

Hacktool
病毒 ID: 20685
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 文件
[3389.exe] 位于[3389.zip] 位于[g:\users\administrator\desktop\gather.zip] - 已删除

SpySheriff
病毒 ID: 4294906933
类型: 已压缩
风险: 中 (低隐蔽性，中清除可能，中性能，低隐私)
类别: 误导应用程序
状态: 完全解决
-----------
1 文件
[pestcapturesetup.exe] 位于[pestcapturesetup.zip] 位于[g:\users\administrator\desktop\gather.zip] - 已删除

未解决的风险:

显示全部楼层 · 发表于 2008-2-20 09:10:17

红伞报4个，不知道报完没有。

显示全部楼层 · 发表于 2008-2-20 10:29:47

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ 创建时间: 10:35:09 2008-2-20

+ 扫描结果:

C:\Documents and Settings\zh\桌面\57296.zip/57296.sys -> Adware.Cdn : 已清除.
C:\Documents and Settings\zh\桌面\hrb.zip/hrb.exe -> Adware.GogoTools : 已清除.
C:\Documents and Settings\zh\桌面\PestCaptureSetup.zip/PestCaptureSetup.exe -> Adware.SpySheriff : 已清除.
C:\Documents and Settings\zh\桌面\3389.zip/3389.exe -> Backdoor.TermServ.a : 已清除.

::报告结束
瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： RootKit.CnsProt.a
病毒： Backdoor.Win32.Mnless.c
病毒： Trojan.Spy.Agent.dbg

用户来源：互联网

软件版本：20.32.12

显示全部楼层 · 发表于 2008-2-20 10:34:43

D:\download\gather.zip>>hrb.zip>>hrb.exe Adware.GogoTools.d.pjln 广告程序还未处理
D:\download\gather.zip>>57296.zip>>57296.sys Rootkit.CnsProt.a.bgb 木马还未处理
D:\download\gather.zip>>3389.zip>>3389.exe Hacktool.tbqa 黑客工具还未处理
D:\download\gather.zip>>PestCaptureSetup.zip>>PestCaptureSetup.exe SpySheriff.dax 黑客工具还未处理

[病毒样本] 包里面装包包。

本帖子中包含更多资源

浏览过的版块