8x again

qianwenxiang

凝逸反毒

在飘过吧
              [凝逸反毒] (http://hi.baidu.com/503165656)
       [凝逸反毒.扫描病毒引擎3.4-日志]       20080316_182031
----------
报告 | virus [514>20080223_ny0037.axx] | f:\080315\ads\ad_2517.exe
报告 | Trojan.PSW.GamePass [234>20070801_ny0002.axx] | f:\080315\ads\hoopchina-toolbar.exe
报告 | virus [515>20080223_ny0037.axx] | f:\080315\ads\$TEMP\insshell.exe
报告 | virus [3612>20080302_ny0801.axx] | f:\080315\ads\$TEMP\$TEMP\136.exe
报告 | virus [473>20070819_ny0008.axx] | f:\080315\ads\$PLUGINSDIR\system.dll

扫描完成|病毒:6|感染:0|未知:12|正常:0|文件:45|耗时:0.87分

[ 本帖最后由 凝逸反毒 于 2008-3-16 18:21 编辑 ]

Joker

7
C:\Documents and Settings\Administrator\桌面\ads.rar>>ad.exe        Heuri.Possible/Packed        启发式扫描        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>ad_2517.exe        Adware.Boran.dq.dhra.arc        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>card.exe>>explorer.exe        Backdoor.IRC.Amst.a        木马        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>dodolook591.exe        Adware.Cinmus.ckl.qecf.arc        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>dodolook637.exe        Adware.Clicker.hdo.aiiz.arc        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>ee23.dll        TrojanDownloader.Agent.yip.zmto.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\ads.rar>>HoopChina-Toolbar.exe        Adware.Alexa.c.ins        广告程序        还未处理

The EQs

C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » dodolook591.exe » NSIS » 136.exe » NSIS » DoSSSetup.dll - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » dodolook591.exe » NSIS » 136.exe » NSIS » acpidisk.sys - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » ad_2517.exe » NSIS » InsShell.exe - Win32/Adware.Boran application
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » HoopChina-Toolbar.exe » NSIS » AlxRes.dll - Win32/Adware.Alexa application
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » HoopChina-Toolbar.exe » NSIS » AlxTB1.dll - Win32/Adware.Alexa application
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » card.exe » RAR » nicks.txt - IRC/Cloner.AX trojan
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » card.exe » RAR » script.ini - IRC/Cloner.AX trojan
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » card.exe » RAR » sup.bat - IRC/Zapchast.H trojan
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » card.exe » RAR » sup.reg - IRC/Cloner.BL trojan
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » card.exe » RAR » mirc.ini - IRC/Zapchast trojan

无尽藏海

Begin scan in 'E:\VIRUS\ads2.rar'
E:\VIRUS\ads2.rar
  [0] Archive type: RAR
  --> dodolook637.exe
      [DETECTION] Contains detection pattern of the dropper DR/Cinmus.cnk
  --> dodolook591.exe
      [DETECTION] Contains detection pattern of the dropper DR/Cinmus.ckl
  --> ee23.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> ad_2517.exe
      [DETECTION] Contains detection pattern of the dropper DR/Boran.DQ
  --> HoopChina-Toolbar.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Alexa.A
  --> ad.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> card.exe
      [DETECTION] Is the Trojan horse TR/Drop.Zapchas.F.2
      [1] Archive type: RAR SFX (self extracting)
      --> nicks.txt
          [DETECTION] Is the Trojan horse TR/IRC.Flood.EV
      [WARNING]   The file was ignored!


End of the scan: 2008年3月16日  18:24
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
     21 Files were scanned
      7 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     14 Files not concerned
      2 Archives were scanned
      1 Warnings
      0 Notes

Joker

原帖由 EQ2 于 2008-3-16 18:21 发表
C:\Documents and Settings\Don johnson\桌面\ads.rar » RAR » dodolook591.exe » NSIS » 136.exe » NSIS » DoSSSetup.dll - Win32/Adware.Cinmus application
C:\Documents and Set ...

其实只杀了4个~

曲中求

扫描开始时间: 2008-3-16 19:00:39
扫描日志
NOD32 版本 2949 (20080315) NT
命令行: D:\ads.rar

日期: 2008年3月16日  时间: 19:00:40
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: D:\ads.rar
D:\ads.rar ?RAR ?dodolook591.exe ?NSIS ?136.exe ?NSIS ?DoSSSetup.dll<病毒 - Win32/Adware.Cinmus 应用程序>
D:\ads.rar ?RAR ?dodolook591.exe ?NSIS ?136.exe ?NSIS ?acpidisk.sys<病毒 - Win32/Adware.Cinmus 应用程序>
D:\ads.rar ?RAR ?ad_2517.exe ?NSIS ?InsShell.exe<病毒 - Win32/Adware.Boran 应用程序>
D:\ads.rar ?RAR ?HoopChina-Toolbar.exe ?NSIS ?AlxRes.dll<病毒 - Win32/Adware.Alexa 应用程序>
D:\ads.rar ?RAR ?HoopChina-Toolbar.exe ?NSIS ?AlxTB1.dll<病毒 - Win32/Adware.Alexa 应用程序>
D:\ads.rar ?RAR ?card.exe ?RAR ?nicks.txt<病毒 - IRC/Cloner.AX 木马>
D:\ads.rar ?RAR ?card.exe ?RAR ?script.ini<病毒 - IRC/Cloner.AX 木马>
D:\ads.rar ?RAR ?card.exe ?RAR ?sup.bat<病毒 - IRC/Zapchast.H 木马>
D:\ads.rar ?RAR ?card.exe ?RAR ?sup.reg<病毒 - IRC/Cloner.BL 木马>
D:\ads.rar ?RAR ?card.exe ?RAR ?mirc.ini<病毒 - IRC/Zapchast 木马>
已扫描文件数量: 50
已发现病毒数量: 10
完成时间: 19:01:00 总共扫描时间: 20 秒 (00:00:20)

wangfeng66

D:\ads.rar\ad_2517.exe\data002\data001 - is an AdWare program Adware.Borlander
D:\ads.rar\ad_2517.exe\data002\data002 - is an AdWare program Adware.Borlander
D:\ads.rar\ad_2517.exe\data002\data003 - is an AdWare program Adware.Borlander
D:\ads.rar\ad_2517.exe\data002\data004 - is an AdWare program Adware.Borlander
D:\ads.rar\ad_2517.exe\data002\data005 - is an AdWare program Adware.Borlander
D:\ads.rar\ad.exe - infected with Trojan.PWS.Gamania.7927
D:\ads.rar\card.exe\sup.reg - infected with IRC.Flood
D:\ads.rar\card.exe\explorer.exe - is a RiskWare program Program.mIRC.603

Archive contains 8 infected items

DRWEB  4.44   杀3个

挪威的冬天

信息        2008-03-16  19:11:16        您此次查毒共查出2个病毒以及危险代码                       
信息        2008-03-16  19:11:16        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件27个                       
信息        2008-03-16  19:11:16        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
风险程序        2008-03-16  19:11:16        D:\Desktop\ads.rar\HoopChina-Toolbar.exe        Win32.Adware.AlexaBar.b.410136        跳过，未处理       
病毒        2008-03-16  19:11:16        D:\Desktop\ads.rar\ad.exe        Win32.Hack.NSAnti.ge        跳过，未处理

冷冷

IK
I:\virus\March\16\ads.rar:\dodolook637.exe
I:\virus\March\16\ads.rar:\dodolook591.exe
I:\virus\March\16\ads.rar:\ee23.dll - Suspect code-parts found (Level: 155)
I:\virus\March\16\ads.rar:\ad_2517.exe - Signature 'not-a-virus:AdWare.Win32.Boran.dq' found
I:\virus\March\16\ads.rar:\HoopChina-Toolbar.exe - Signature 'not-a-virus:AdWare.Win32.AlexaBar.a' found
I:\virus\March\16\ads.rar:\ad.exe - Suspect code-parts found (Level: 125)
I:\virus\March\16\ads.rar:\Setup.exe - Suspect code-parts found (Level: 20)
I:\virus\March\16\ads.rar:\card.exe
I:\virus\March\16\ads.rar

        9 Files scanned
          (1 Archiv with 8 files)
        2 Signatures found
        3 Suspect code-parts found
        Used time: 0:01.000