19 x

qianwenxiang

某些网站挖到的..

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Mnless.zan
病毒： Worm.Mail.Win32.Zhelatin.wqu
病毒： Worm.Mail.Win32.Zhelatin.wra
病毒： Dropper.FunWeb           
病毒： Worm.Win32.Autorun.jty   
病毒： Trojan.Dialer.aoi        

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.35.32

1688388728

反病毒专家 AntiVirusKit 2007 扫描病毒日志记录
版本
双引擎反病毒签名 3/13/2008
开始时间: 3/13/2008 19:59
引擎: KAV 引擎 (AVK 18.3073), AVST 引擎 (AVKB 18.166)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: cprdshtvt.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Win32:Tiny-II [Trj] (AVST 引擎)
对象: ddos.txt
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Locksky.bq (KAV 引擎)
对象: down.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan-PSW.Win32.OnLineGames.sea (KAV 引擎), Win32:Delf-IOR [Trj] (AVST 引擎)
对象: e-card on 66.56.162.236.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎)
对象: e-card on 68.206.149.183.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎), Win32:Zhelatin-CIT [Wrm] (AVST 引擎)
对象: ecard on 66.56.162.236.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎)
对象: ecard on 68.206.149.183.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎), Win32:Zhelatin-CIT [Wrm] (AVST 引擎)
对象: eixnlapsu.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan-Dropper.Win32.Small.bgl (KAV 引擎)
对象: lsegihwln.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan-Downloader.Win32.Small.sun (KAV 引擎)
对象: f3Setup1.exe
        在压缩档案里: D:\样本\pack\MyWebSearchInitialSetup1.0.0.8-2.cab
狀態: 已发现病毒
        病毒: not-a-virus:AdTool.Win32.MyWebSearch.a (KAV 引擎)
对象: MyWebSearchInitialSetup1.0.0.8-2.cab
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: not-a-virus:AdTool.Win32.MyWebSearch.a (KAV 引擎)
对象: ok.hlp
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan.Win32.KillAV.pf (KAV 引擎), Win32:Gaobot-2437 [Trj] (AVST 引擎)
对象: phoneaccess.dll
        在压缩档案里: D:\样本\pack\phoneaccess.cab
狀態: 已发现病毒
        病毒: Trojan.Win32.Dialer.oj (KAV 引擎), Win32:Dialer-766 [Trj] (AVST 引擎)
对象: phoneaccess.cab
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan.Win32.Dialer.oj (KAV 引擎), Win32:Dialer-766 [Trj] (2x) (AVST 引擎)
对象: postcard on 66.56.162.236.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎), Win32:Zhelatin-CIT [Wrm] (AVST 引擎)
对象: postcard on 68.206.149.183.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Email-Worm.Win32.Zhelatin.vg (KAV 引擎), Win32:Zhelatin-CIT [Wrm] (AVST 引擎)
对象: powerscan.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: not-a-virus:AdWare.Win32.PowerScan.c (KAV 引擎), Win32:Spyware-gen [Trj] (AVST 引擎)
对象: rvljyazbq.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: not-a-virus:AdWare.Win32.Virtumonde.gen (KAV 引擎)
对象: xx.exe
        路径: D:\样本\pack
狀態: 病毒文件已删除
        病毒: Trojan-PSW.Win32.OnLineGames.sea (KAV 引擎), Win32:Delf-IOR [Trj] (AVST 引擎)
扫描完成: 3/13/2008 19:59
    已检查 19 个文件
    已发现 17 个染毒文件

wangjay1980

17 TO KL
detected: Trojan program Trojan-PSW.Win32.OnLineGames.sea        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/down.exe//PE_Patch//UPack
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/ecard on 66.56.162.236.exe
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/ecard on 68.206.149.183.exe
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/e-card on 66.56.162.236.exe
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/e-card on 68.206.149.183.exe
detected: riskware not-a-virus:AdTool.Win32.MyWebSearch.a        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/MyWebSearchInitialSetup1.0.0.8-2.cab/f3Setup1.exe
detected: Trojan program Trojan.Win32.KillAV.pf        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/ok.hlp//PE_Patch//UPack
detected: Trojan program Trojan.Win32.Dialer.oj        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/phoneaccess.cab/phoneaccess.dll
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/postcard on 66.56.162.236.exe
detected: virus Email-Worm.Win32.Zhelatin.vg        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/postcard on 68.206.149.183.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.sea        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/xx.exe//PE_Patch//UPack
detected: Trojan program Trojan-Dropper.Win32.Small.bgl        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/eixnlapsu.exe
detected: Trojan program Trojan-Downloader.Win32.Small.sun        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/lsegihwln.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.gen        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/rvljyazbq.exe
detected: virus Heur.Backdoor.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/zgshj.exe
detected: virus Email-Worm.Win32.Locksky.bq        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/ddos.txt
detected: adware not-a-virus:AdWare.Win32.PowerScan.c        File: C:\Documents and Settings\Owner\×ÀÃæ\pack.rar/powerscan.exe//UPX

testhawk

pack.rar
  [0] Archive type: RAR
  --> down.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> ecard on 66.56.162.236.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
  --> ecard on 68.206.149.183.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
  --> e-card on 66.56.162.236.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
  --> e-card on 68.206.149.183.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
    --> MyWebSearchInitialSetup1.0.0.8-2.cab
      [1] Archive type: CAB (Microsoft)
      --> f3Setup1.exe
          [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/FunWeb.A
  --> ok.hlp
      [DETECTION] Is the Trojan horse TR/Killav.PF
    --> phoneaccess.cab
      [1] Archive type: CAB (Microsoft)
      --> phoneaccess.dll
          [DETECTION] Is the Trojan horse TR/Dialer.OJ
  --> postcard on 66.56.162.236.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
  --> postcard on 68.206.149.183.exe
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.pc
  --> xx.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> eixnlapsu.exe
      [DETECTION] Is the Trojan horse TR/Obfuscated.QS
  --> cprdshtvt.exe
      [DETECTION] Is the Trojan horse TR/Tiny.705
  --> lsegihwln.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Small.sun
  --> rvljyazbq.exe
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
  --> zgshj.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> ddos.txt
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> powerscan.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/PowerScan.C.1
      [INFO]      The file was moved to '483c1816.qua'!


End of the scan: 2008年3月13日  20:01
Used time: 00:03 min

The scan has been done completely.

      0 Scanning directories
     23 Files were scanned
     18 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      3 Archives were scanned
      0 Warnings
      0 Notes

loook

扫描报告
2008年3月13日 20:06:06 - 20:06:18
计算机名称: JUJUMAO
扫描类型: 扫描指定目标
目标: F:\TDDownload\pack.rar


--------------------------------------------------------------------------------

结果: 发现15个恶意软件
Trojan-PSW.Win32.OnLineGames.sea (病毒)
F:\TDDownload\pack.rar\down.exe
F:\TDDownload\pack.rar\xx.exe
Email-Worm.Win32.Zhelatin.vg (病毒)
F:\TDDownload\pack.rar\ecard on 66.56.162.236.exe
F:\TDDownload\pack.rar\ecard on 68.206.149.183.exe
F:\TDDownload\pack.rar\e-card on 66.56.162.236.exe
F:\TDDownload\pack.rar\e-card on 68.206.149.183.exe
F:\TDDownload\pack.rar\postcard on 66.56.162.236.exe
F:\TDDownload\pack.rar\postcard on 68.206.149.183.exe
Trojan.Win32.KillAV.pf (病毒)
F:\TDDownload\pack.rar\ok.hlp
Trojan.Win32.Dialer.oj (病毒)
F:\TDDownload\pack.rar\phoneaccess.cab\phoneaccess.dll
Trojan-Dropper.Win32.Small.bgl (病毒)
F:\TDDownload\pack.rar\eixnlapsu.exe
Trojan-Downloader.Win32.Small.sun (病毒)
F:\TDDownload\pack.rar\lsegihwln.exe
AdWare.Win32.Virtumonde.gen (adware)
F:\TDDownload\pack.rar\rvljyazbq.exe
Email-Worm.Win32.Locksky.bq (病毒)
F:\TDDownload\pack.rar\ddos.txt
AdWare.Win32.PowerScan.c (adware)
F:\TDDownload\pack.rar\powerscan.exe



--------------------------------------------------------------------------------

发现危险软件
AdTool.Win32.MyWebSearch.a (riskware)
F:\TDDownload\pack.rar\MyWebSearchInitialSetup1.0.0.8-2.cab\f3Setup1.exe


--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 23
未扫描: 0
结果:
病毒: 13
间谍软件: 2
可疑对象: 0
危险软件: 1
操作:
已杀毒: 0
已重命名: 0
删除: 0
已隔离: 0
失败: 0
引导区:
已扫描: 0
受感染: 0
可疑对象: 0
已杀毒: 0

挪威的冬天

信息        2008-03-13  20:16:08        您此次查毒清除了5个病毒                       
信息        2008-03-13  20:16:08        您此次查毒共查出7个病毒以及危险代码                       
信息        2008-03-13  20:16:08        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件29个                       
信息        2008-03-13  20:16:08        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-03-13  20:16:08        D:\Desktop\pack.rar\ddos.txt        Win32.Troj.Agent.46592        清除成功       
病毒        2008-03-13  20:16:08        D:\Desktop\pack.rar\cprdshtvt.exe        Win32.Troj.Agent.20480        清除成功       
病毒        2008-03-13  20:16:08        D:\Desktop\pack.rar\xx.exe        Win32.PSWTroj.OnLineGames.90112        清除成功       
病毒        2008-03-13  20:16:08        D:\Desktop\pack.rar\ok.hlp        Win32.Troj.Agent.lu.106496        清除成功       
病毒        2008-03-13  20:16:07        D:\Desktop\pack.rar\down.exe        Win32.PSWTroj.OnLineGames.90112        清除成功

allinwonderi

[Found possible security risk]         <W32/Heuristic-114!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->down.exe->(UPack)
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->ecard on 66.56.162.236.exe
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->ecard on 68.206.149.183.exe
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->e-card on 66.56.162.236.exe
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->e-card on 68.206.149.183.exe
[Found security risk]         <W32/Dialer.BTJ (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->phoneaccess.cab->phoneaccess.dll
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->postcard on 66.56.162.236.exe
[Found virus]         <W32/StormWorm.gen1 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->postcard on 68.206.149.183.exe
[Found possible security risk]         <W32/Heuristic-114!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->xx.exe->(UPack)
[Found security risk]         <W32/Backdoor.BVZK (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->cprdshtvt.exe
[Found backdoor]         <W32/Backdoor2.LGD (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\pack.rar->zgshj.exe


---------------------------------------------------------------------
Scan ended:        2008-3-13, 20:17:49
Duration:        0:00:06

Scan result:

Scanned files:                 6
Infected objects:         11
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:down.exe <- Trojan.Psw.Onlinegames.Sea : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:down.exe<UPack>:down.exe <- Heur.RoundKick : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:MyWebSearchInitialSetup1.0.0.8-2.cab<CAB>:f3Setup1.exe <- Trojan.Dropper.Funweb.A : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:MyWebSearchInitialSetup1.0.0.8-2.cab<CAB>:f3Setup1.exe<DLLRES>:F3EZSETP.DLL0.exe <- Trojan.Downloader.Funweb.A : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:ok.hlp <- Trojan.Killav.Pf : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:phoneaccess.cab<CAB>:phoneaccess.dll <- Dialer.Oj : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:xx.exe <- Trojan.Psw.Onlinegames.Sea : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:xx.exe<UPack>:xx.exe <- Heur.RoundKick : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:rvljyazbq.exe <- Heur.W32 : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:ddos.txt <- Worm.Locksky.Bq : No action
C:\Documents and Settings\All Users\Documents\Test\pack.rar<RAR>:powerscan.exe <- Adware.Powerscan.C : No action



Scanned objects : 33

Infected objects : 11

挪威的冬天

有两个在 cab 里面 补一下

信息        2008-03-13  20:20:56        您此次查毒隔离了2个文件                       
信息        2008-03-13  20:20:56        您此次查毒共查出2个病毒以及危险代码                       
信息        2008-03-13  20:20:56        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件18个                       
信息        2008-03-13  20:20:56        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-03-13  20:20:56        D:\Desktop\pack\phoneaccess.cab\phoneaccess.dll        Win32.Troj.Dialer.oj.65536        隔离成功       
病毒        2008-03-13  20:20:56        D:\Desktop\pack\MyWebSearchInitialSetup1.0.0.8-2.cab\f3Setup1.exe        Win32.Troj.FunWeb.a.38535        隔离成功