21个

显示全部楼层 · 发表于 2008-3-28 21:47:07

历史有点悠久 4天前的..

显示全部楼层 · 发表于 2008-3-28 21:50:37

Begin scan in 'C:\Documents and Settings\haha\桌面\n.rar'
C:\Documents and Settings\haha\桌面\n.rar
  [0] Archive type: RAR
  --> test.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.jpa.1
  --> tk58.exe
   [DETECTION] Is the Trojan horse TR/BHO.AB.4
  --> top.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.icg
  --> xxz.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.dbm
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wel
  --> acdt-pid67N.exe
   [DETECTION] Is the Trojan horse TR/Drop.Click.JF.7
  --> ad7678.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.agy.8
  --> DirectX.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.bet
  --> down1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> down2.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> down3.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> last.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
  --> logo01.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> ma2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.spw
  --> maind.exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.aij.1
  --> menu.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pusmit.3 Backdoor server programs
  --> rav.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.hxg
  --> RegSerSetup.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    A backup was created as '485ef7ea.qua'  ( QUARANTINE )

End of the scan: 2008年3月28日  21:50
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   23 Files were scanned
   18 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

把今天存货交出来~！

显示全部楼层 · 发表于 2008-3-28 21:51:00

Begin scan in 'C:\Documents and Settings\Administrator\桌面\n.rar'
C:\Documents and Settings\Administrator\桌面\n.rar
  [0] Archive type: RAR
  --> test.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.jpa.1
  --> tk58.exe
   [DETECTION] Is the Trojan horse TR/BHO.AB.4
  --> top.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.icg
  --> xxz.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.dbm
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wel
  --> acdt-pid67N.exe
   [DETECTION] Is the Trojan horse TR/Drop.Click.JF.7
  --> ad7678.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.agy.8
  --> DirectX.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.bet
  --> down1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> down2.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> down3.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> last.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
  --> logo01.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> ma2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.spw
  --> maind.exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.aij.1
  --> menu.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pusmit.3 Backdoor server programs
  --> rav.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.hxg
  --> RegSerSetup.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!

End of the scan: 星期五 2008年3月28日  21:52
Used time: 00:10 min

The scan has been done completely.

   0 Scanning directories
   22 Files were scanned
   18 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-28 21:52:09

C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » test.exe - a variant of Win32/TrojanDownloader.Small.OAL trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » tk58.exe - Win32/Adware.ZQuest application
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » top.exe - Win32/TrojanClicker.Agent.NCS trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » xxz.exe - Win32/AutoRun.JH worm
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » 8.exe - a variant of Win32/PSW.QQPass.NCZ trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » acdt-pid67N.exe » NSIS » func.exe - Win32/TrojanClicker.Small.JF trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » ad7678.exe » NSIS » cpush.dll - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » ad7678.exe » NSIS » Uninst.exe - Win32/Adware.Cinmus application
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » down1.exe - Win32/TrojanDownloader.Small.NZT trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » down2.exe - Win32/TrojanDownloader.Small.NZT trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » down3.exe - Win32/TrojanDownloader.Small.NZT trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » last.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » logo01.exe - probably a variant of Win32/TrojanDownloader.VB.ADG trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » maind.exe - Win32/TrojanDropper.Agent.ATA trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » menu.exe - Win32/Haxdoor trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » rav.exe - Win32/VB.NMG trojan
C:\Documents and Settings\Don johnson\桌面\n.rar » RAR » RegSerSetup.exe - probably a variant of Win32/Adware.MoKeAD application

显示全部楼层 · 发表于 2008-3-28 21:53:57

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Mnless.zbu
病毒： Trojan.BHO.eh
病毒： Trojan.Win32.Undef.clz
病毒： Trojan.PSW.Win32.QQPass.zfd
病毒： Trojan.DL.Win32.Mnless.rq
病毒： Trojan.IMMSG.Win32.TBMSG.yme
病毒： Trojan.DL.VB.ncv
病毒： Trojan.Win32.Agent.zri
病毒： Trojan.Agent.eef
病毒： Backdoor.Haxdoor.vv

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.37.42

显示全部楼层 · 发表于 2008-3-28 21:57:31

18 to kl

detected: Trojan program Trojan-Downloader.Win32.Agent.jpa File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/test.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan.Win32.BHO.ab File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/tk58.exe
detected: Trojan program Trojan.Win32.Agent.gkk File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/top.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.AutoRun.dbm File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/xxz.exe//FSG
detected: Trojan program Trojan-PSW.Win32.OnLineGames.wel File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/8.exe//UPX
detected: Trojan program Trojan-Clicker.Win32.Small.jf File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/acdt-pid67N.exe//data0004
detected: adware not-a-virus:AdWare.Win32.BHO.agy File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/ad7678.exe//data0002
detected: Trojan program Trojan-PSW.Win32.Delf.bet File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/DirectX.exe//UPack
detected: Trojan program Trojan-Downloader.Win32.Small.ins File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/down1.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Small.ins File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/down2.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Small.ins File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/down3.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Flux.ex File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/last.exe//PE_Patch//UPack
detected: Trojan program Trojan-Downloader.Win32.VB.akr File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/logo01.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.spw File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/ma2.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.ata File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/maind.exe//PE_Patch.UPX//UPX
detected: Trojan program Backdoor.Win32.Haxdoor.hm File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/menu.exe//FSG
detected: Trojan program Trojan-Dropper.Win32.Agent.hxg File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/rav.exe//FSG
detected: adware not-a-virus:AdWare.Win32.AdMoke.aca File: C:\Documents and Settings\Owner\×ÀÃæ\n.rar/RegSerSetup.exe//ASPack

显示全部楼层 · 发表于 2008-3-28 22:01:59

16.

Sign of "Win32:Agent-PQC [Trj]" has been found in "F:\n\test.exe\[PECompact]" file.
Sign of "Win32:Small-AHY [Trj]" has been found in "F:\n\tk58.exe" file.
Sign of "Win32:Agent-RYW [Trj]" has been found in "F:\n\top.exe\[UPX]" file.
Sign of "Win32:OnLineGames-BSI [Trj]" has been found in "F:\n\8.exe\[UPX]" file.
Sign of "Win32:Trojan-gen {Other}" has been found in "F:\n\acdt-pid67N.exe" file.
Sign of "Win32:Small-JLI [Trj]" has been found in "F:\n\down1.exe" file.
Sign of "Win32:Small-JLI [Trj]" has been found in "F:\n\down2.exe" file.
Sign of "Win32:Small-JLI [Trj]" has been found in "F:\n\down3.exe" file.
Sign of "Win32:AutoRun-IC" has been found in "F:\n\last.exe\[Upack]" file.
Sign of "Win32:Zhelatin-UI [Wrm]" has been found in "F:\n\logo01.exe" file.
Sign of "Win32:Gamania-EB [Trj]" has been found in "F:\n\ma2.exe" file.
Sign of "Win32:Trojan-gen {UPX}" has been found in "F:\n\maind.exe" file.
Sign of "Win32:Trojan-gen {Other}" has been found in "F:\n\menu.exe" file.
Sign of "Win32:Agent-PGD [Trj]" has been found in "F:\n\rav.exe\[FSG]" file.
Sign of "Win32:Agent-OQV [Trj]" has been found in "F:\n\RegSerSetup.exe\[ASPack]" file.
Sign of "Win32:BHO-GG [Adw]" has been found in "F:\n\ad7678.exe\$COMMONFILES\CPUSH\cpush.dll" file.

显示全部楼层 · 发表于 2008-3-28 22:04:20

FP15个，已上报漏的
-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2008-3-28, 4:46

Scan name: virus scan
Path to scan: C:\virus\|

Thorough scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2008-3-28, 22:03:18
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Clean] C:\virus\n.rar->RegSrv32_1.exe->(PecBundle)->(PECompact)
[Clean] C:\virus\n.rar->RegSrv32_2.exe->(PecBundle)->(PECompact)
[Found downloader] <W32/Downldr2.BENV (exact, not disinfectable)> C:\virus\n.rar->test.exe
[Found Trojan] <W32/Trojan.AEMD (exact, not disinfectable)> C:\virus\n.rar->tk58.exe
[Clean] C:\virus\n.rar->top.exe->(UPX)
[Clean] C:\virus\n.rar->top.exe
[Clean] C:\virus\n.rar->xxz.exe->(FSG)
[Found downloader] <W32/Downloader.H.gen!Eldorado (not disinfectable, generic)> C:\virus\n.rar->updateC.ocx
[Found security risk] <W32/AutoRun.D.gen!Eldorado (not disinfectable, generic)> C:\virus\n.rar->8.exe->(UPX)
[Found security risk] <W32/Malware!0c22 (exact, not disinfectable)> C:\virus\n.rar->acdt-pid67N.exe
[Clean] C:\virus\n.rar->ad7678.exe
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\virus\n.rar->DirectX.exe->(UPack)
[Found downloader] <W32/Downldr2.AYKU (exact, not disinfectable)> C:\virus\n.rar->down1.exe->(UPX)
[Found downloader] <W32/Downldr2.AYKU (exact, not disinfectable)> C:\virus\n.rar->down2.exe->(UPX)
[Found downloader] <W32/Downldr2.AYKU (exact, not disinfectable)> C:\virus\n.rar->down3.exe->(UPX)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\virus\n.rar->last.exe->(UPack)
[Found possible virus] <W32/CodeCru-based!Maximus (not disinfectable)> C:\virus\n.rar->logo01.exe
[Found security risk] <W32/Agent.J.gen!Eldorado (not disinfectable, generic)> C:\virus\n.rar->ma2.exe
[Found security risk] <W32/Dropper.BME (exact, not disinfectable)> C:\virus\n.rar->maind.exe
[Found backdoor] <W32/Haxdoor.JP@bd (exact, damaged, not disinfectable)> C:\virus\n.rar->menu.exe
[Clean] C:\virus\n.rar->rav.exe->(FSG)
[Found adware] <W32/Admoke.D.gen!Eldorado (not disinfectable, generic)> C:\virus\n.rar->RegSerSetup.exe->(Aspack)
[Contains infected objects] C:\virus\n.rar
[Quarantined] C:\virus\n.rar->RegSerSetup.exe->(Aspack)

---------------------------------------------------------------------
Scan ended: 2008-3-28, 22:03:22
Duration: 0:00:04

Scan result:

Scanned files:    6
Infected objects:    15
Disinfected objects:    0
Quarantined files:    1
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-3-28 22:08:36

今天的存货只剩一堆体积巨大的流氓软件了

显示全部楼层 · 发表于 2008-3-28 23:06:54

江民杀毒软件报告文件
北京江民新科技术有限公司
扫描引擎 11.00.703
病毒库日期 2008-03-28
更新日期 2008-03-28
扫描目标 C:\Documents and Settings\Administrator\桌面\n.rar
开始时间 2008-03-28 23:05:13
在 C:\Documents and Settings\Administrator\桌面\n.rar->test.exe 中发现 TrojanDownloader.Agent.adup 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->tk58.exe 中发现 TrojanClicker.BHO.bv 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->top.exe 中发现 Trojan/Agent.amon 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->8.exe 中发现 Trojan/PSW.OnLineGames.yoz 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->down1.exe 中发现 TrojanDownloader.Small.aaoo 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->down2.exe 中发现 TrojanDownloader.Small.aaoo 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->down3.exe 中发现 TrojanDownloader.Small.aaoo 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->last.exe 中发现 TrojanDownloader.Flux.ax 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->logo01.exe 中发现 TrojanDownloader.VB.dyx 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->ma2.exe 中发现 Trojan/PSW.OnLineGames.svl 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\n.rar->rav.exe 中发现 Trojan/PSW.OnLineGames.woj 病毒, 已删除
正常结束。
扫描结果:
               文件数 :648                               病毒体 :11
               删除 :11                                  解毒 :0
扫描速度(千字节/秒) :8754                            扫描时间 :00:00:19
扫描文件速度(个/秒) :34

[病毒样本] 21个

本帖子中包含更多资源

17，其余的TO EVL

50/14

回复 2楼 hahacomcn 的帖子