一个da！da！da！的毒网啊

gaojun7206

Virus: Trojan.Downloader.JS.Agent.OL

深红的雪

更新过了，文件大小也不一样

http://d.158dm.com/a0.exe
http://c.158dm.com/okok.exe
http://c.158dm.com/arps.exe

ARP
<script language=javascript src=http://a.wacsy.com/one/arp.js></script>
又挂了个hxxp://b.158dm.com/one/ok.js，恶性循环

[ 本帖最后由 rappar 于 2008-3-26 13:12 编辑 ]

aerbeisi

[Found possible security risk]         <W32/Heuristic-224!Eldorado (not disinfectable)>        c:\test\a0.exe->(NSPack)->(PE_Patch)
[Quarantined]        c:\test\a0.exe->(NSPack)->(PE_Patch)
[Found Trojan]         <W32/Trojan.ACBS (exact)>        c:\test\arps.exe->(UPX)
[Quarantined]        c:\test\arps.exe->(UPX)

挪威的冬天

okok 下不了

病毒        2008-03-26  13:09:55        病毒在文件D:\Desktop\a0.exe.download中        Win32.Troj.Agent.227840        处理成功（操作：删除）       
病毒        2008-03-26  13:09:15        病毒在文件D:\Desktop\arps.exe.download中        Win32.Troj.QQPassT.a.89088        处理成功（操作：删除）

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\3.rar'
C:\Documents and Settings\Administrator\My Documents\
  3.rar
    [0] Archive type: RAR
      --> a0.exe
        [1] Archive type: Runtime Packed
        --> Object
      --> arps.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Is the Trojan horse TR/PSW.Steal.26025
              [WARNING]   Infected files in archives cannot be repaired!
    --> okok.exe
        [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!


End of the scan: 2008年3月25日  22:23
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      4 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      1 Warnings
      1 Notes

冷冷

只有arps是新的！

tanlimo

ess扫描日志
病毒库版本: 2973 (20080326)
日期: 2008-3-26  时间: 15:12:24
已扫描的磁盘、文件夹和文件: D:\Documents and Settings\ess\桌面\3.rar
D:\Documents and Settings\ess\桌面\3.rar > RAR > a0.exe - Win32/Agent.NOS 特洛伊木马
D:\Documents and Settings\ess\桌面\3.rar > RAR > arps.exe - 可能是 Win32/PSW.Delf.NHI 特洛伊木马 的变种
D:\Documents and Settings\ess\桌面\3.rar > RAR > okok.exe - Win32/HackTool.Xarp 特洛伊木马 的变种
已扫描的对象数: 3
发现的威胁数: 3
完成时间: 15:12:25  总扫描时间: 1 秒 (00:00:01)

qigang

不新，老毒网了，解过了的。

qigang

原帖由 rappar 于 2008-3-26 12:57 发表
更新过了，文件大小也不一样

http://d.158dm.com/a0.exe
http://c.158dm.com/okok.exe
http://c.158dm.com/arps.exe

ARP

又挂了个hxxp://b.158dm.com/one/ok.js，恶性循环

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.QQPass.rrp   
病毒： Hack.Win32.Xarp.f        

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.37.22

kkgh

进去后诺顿杀