某下载者下载的25个

显示全部楼层 · 发表于 2008-3-2 20:15:59

BTEA6

Begin scan in 'C:\Documents and Settings\haha\桌面\0302.rar'
C:\Documents and Settings\haha\桌面\0302.rar
  [0] Archive type: RAR
  --> my_70229.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
  --> suad.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.ied
  --> tool.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wr-1-565.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qommkhh.dll
   [DETECTION] Is the Trojan horse TR/Vundo.Gen
  --> mrofinu403.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> mrofinu565.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> dodolook_7446.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> cdcd.sys
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
--> tempaq
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> vd4c5n.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> cpush.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.258560
  --> symavc32.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 0034.exe
   [DETECTION] Contains detection pattern of the dropper DR/Virtumonde.280883
  --> ad.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.ied
  --> ad7291.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.aai.15
  --> adv579.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.itf
  --> dodolook446.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.itg
  --> Feb2008.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.20480
  --> is150018.exe
   [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Virtumonde.52224
  --> key.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.38796
   [INFO]    A backup was created as '47fa9aae.qua'  ( QUARANTINE )

End of the scan: 2008年3月2日  20:15
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   26 Files were scanned
   21 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-2 20:31:47

关于AVK防病毒软件的病毒扫描
版本 17.0.6282
从病毒数据库签名 01.03.2008
开始时间: 02.03.2008 20:26
引擎: Avast/BD引擎 (AVKB 18.152)
启发: 打开
压缩文件: 打开
系统区域: 关闭

扫描所选择的目录和文件...
对象: suad.exe
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Small-HIU [Trj] (Avast/BD引擎)
对象: tool.exe\[UPX]
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Small-JMH [Trj] (Avast/BD引擎)
对象: wr-1-565.exe\[UPX]
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Small-JMH [Trj] (Avast/BD引擎)
对象: mrofinu403.exe\[UPX]
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Agent-RUQ [Trj] (Avast/BD引擎)
对象: mrofinu565.exe\[UPX]
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Agent-RUQ [Trj] (Avast/BD引擎)
对象: cdcd.sys
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Nulprot-B [Trj] (Avast/BD引擎)
对象: vd4c5n.dll
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Agent-JZN [Trj] (Avast/BD引擎)
对象: cpush.dll
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:BHO-GG [Adw] (Avast/BD引擎)
对象: symavc32.sys
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Srizbi [Trj] (Avast/BD引擎)
对象: 0034.exe
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Trojan-gen {Other} (Avast/BD引擎)
对象: 1.EXE
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Pakes-AJN [Trj] (Avast/BD引擎)
对象: ad.exe
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Trojan-gen {Other} (Avast/BD引擎)
对象: DelMI2345.exe
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Adware-gen [Adw] (Avast/BD引擎)
对象: key.exe
  在压缩档案里: D:\病毒测试\未解压样本\0302.rar
状态: 已发现病毒
  病毒: Win32:Trojan-gen {Other} (Avast/BD引擎)
avast!14

显示全部楼层 · 发表于 2008-3-2 20:39:01

nod32^32

显示全部楼层 · 发表于 2008-3-3 03:39:46

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\0302'
C:\Documents and Settings\Administrator\My Documents\0302\
  0.EXE
   [DETECTION] Is the Trojan horse TR/Spy.Agent.ble
   [INFO]    The file was deleted!
  0034.exe
   [DETECTION] Contains detection pattern of the dropper DR/Virtumonde.280883
   [INFO]    The file was deleted!
  1.EXE
  ad.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.ied
   [INFO]    The file was deleted!
  ad7291.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.aai.15
   [INFO]    The file was deleted!
  adv579.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.itf
   [INFO]    The file was deleted!
  CcEvtSvc.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.ble
   [INFO]    The file was deleted!
  cdcd.sys
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [INFO]    The file was deleted!
  cpush.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.258560
   [INFO]    The file was deleted!
  DelMI2345.exe
  dodolook446.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.itg
   [INFO]    The file was deleted!
  dodolook_7446.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was deleted!
  Feb2008.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.20480
   [INFO]    The file was deleted!
  is150018.exe
   [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Virtumonde.52224
   [INFO]    The file was deleted!
  key.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.38796
   [INFO]    The file was deleted!
  mrofinu403.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
  mrofinu565.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
  my_70229.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [INFO]    The file was deleted!
  qommkhh.dll
   [DETECTION] Is the Trojan horse TR/Vundo.Gen
   [INFO]    The file was deleted!
  suad.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.ied
   [INFO]    The file was deleted!
  symavc32.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!
  tempaq
[0] Archive type: Runtime Packed
--> Object
   [INFO]    The file was deleted!
  tool.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!
  vd4c5n.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!
  wr-1-565.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年3月2日  11:39
Used time: 00:04 min

The scan has been done completely.

   1 Scanning directories
   25 Files were scanned
   23 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   23 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-3 18:22:33

AVK杀完还有几个搞不定

显示全部楼层 · 发表于 2008-3-4 13:47:01

Hello,

001B7B01.exed, 2.exed, rising.ini

No malicious code were found in these files.

1.exed, pagefile.pifd - Virus.Win32.Xorer.ek,
1.exed2 - Trojan-Proxy.Win32.Small.kl

These files are already detected. Please update your antivirus bases.

DelMI2345.exed - not-a-virus:AdWare.Win32.Cinmus.cgm

This file is an Advertizing Tool, it is detected by
extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

显示全部楼层 · 发表于 2008-3-4 17:11:45

C:\Documents and Settings\Administrator\桌面\0302.rar>>0.EXE TrojanSpy.Agent.ble.dqcn 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>0034.exe TrojanDownloader.Small.ied.niuk.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>1.EXE TrojanDropper.Canppm.eefs 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>ad.exe TrojanDropper.Uwfvtb.bvjj.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>ad7291.exe Adware.BHO.aai.nchi.arc 广告程序还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>adv579.exe TrojanDownloader.Small.itf.mfcw 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>CcEvtSvc.exe TrojanSpy.Agent.ble.dqcn 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>cdcd.sys TrojanProxy.Agent.rz.fqvu 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>cpush.dll AdClicker.BJ.hwpg.dll 广告程序还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>dodolook446.exe TrojanDownloader.Small.itg.wjyu.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>dodolook_7446.exe TrojanDownloader.Small.itg.iika 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>Feb2008.exe TrojanDownloader.Agent.kbd.iesr 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>is150018.exe Adware.Virtumonde.gen.gisz 广告程序还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>key.exe TrojanDropper.Vghuhv.ldvv.arc 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>mrofinu403.exe TrojanDownloader.Mnless.xe.sxct 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>mrofinu565.exe TrojanDownloader.Mnless.xe.sxct 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>my_70229.exe TrojanDownloader.QQHelper.aoe.apoq 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>qommkhh.dll Adware.Virtumonde.gen.bhbh.dll 广告程序还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>suad.exe TrojanDownloader.Small.ied.obgz 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>symavc32.sys Srizbi.sys.ezkm 病毒还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>tempaq Trojan.Cap83123.stjh 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>tool.exe TrojanDownloader.Small.irm.ozit 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>vd4c5n.dll TrojanDownloader.Hmir.ajw.bpaf.dll 木马还未处理
C:\Documents and Settings\Administrator\桌面\0302.rar>>wr-1-565.exe TrojanDownloader.Small.irm.ozit 木马还未处理
费尔 24个

显示全部楼层 · 发表于 2008-3-4 18:35:47

怎么都是些老弱病残的东西,居然特征部分都可以全KILL

时间处理结果木马名称木马进程名木马文件创建者
2008-03-04 18:39:54 处理成功 Trojan-Downloader.Win32.Agent.qar D:\新建文件夹\KEY.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:52 处理成功 AdWare.Win32.Virtumonde.cij D:\新建文件夹\IS150018.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:50 处理成功 Trojan-Downloader.Win32.Delf.ixr D:\新建文件夹\FEB2008.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:48 处理成功 Trojan-Downloader.Win32.Small.mgf D:\新建文件夹\DODOLOOK446.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:46 处理成功 AdWare.Win32.Cinmus.cnk D:\新建文件夹\DELMI2345.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:45 处理成功 Trojan-Downloader.Win32.Small.mgd D:\新建文件夹\ADV579.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:43 处理成功 AdWare.Win32.BHO.aff D:\新建文件夹\AD7291.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:41 处理成功 Trojan-Downloader.Win32.Small.mgx D:\新建文件夹\AD.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:39 处理成功 Trojan-Proxy.Win32.Small.tn D:\新建文件夹\1.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:37 处理成功 Trojan-Downloader.Win32.QQHelper.gea D:\新建文件夹\0034.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:35 处理成功 Trojan-Spy.Win32.Agent.ckx D:\新建文件夹\0.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:33 处理成功 Rootkit.Win32.Agent.rw D:\新建文件夹\SYMAVC32.SYS C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:31 处理成功 AdWare.Win32.BHO.adm D:\新建文件夹\CPUSH.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:29 处理成功 Trojan-Downloader.Win32.Hmir.ayn D:\新建文件夹\VD4C5N.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:27 处理成功 Trojan-Downloader.Win32.Hmir.aym D:\新建文件夹\TEMPAQ C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:25 处理成功 Trojan-Spy.Win32.Agent.ckx D:\新建文件夹\CCEVTSVC.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:23 处理成功 Trojan-Proxy.Win32.Agent.zt D:\新建文件夹\CDCD.SYS C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:21 处理成功 Trojan-Downloader.Win32.Small.mgi D:\新建文件夹\DODOLOOK_7446.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:19 处理成功 Trojan-Downloader.Win32.Agent.pzu D:\新建文件夹\MROFINU565.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:17 处理成功 Trojan-Downloader.Win32.Agent.pzu D:\新建文件夹\MROFINU403.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:15 处理成功 AdWare.Win32.Virtumonde.bzr D:\新建文件夹\QOMMKHH.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:13 处理成功 Trojan-Downloader.Win32.Small.mgh D:\新建文件夹\WR-1-565.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:11 处理成功 Trojan-Downloader.Win32.Small.mgn D:\新建文件夹\TOOL.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:09 处理成功 Trojan-Downloader.Win32.Small.mgm D:\新建文件夹\SUAD.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-04 18:39:06 处理成功 Trojan-Downloader.Win32.QQHelper.gdv D:\新建文件夹\MY_70229.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

[病毒样本] 某下载者下载的25个