bluedit 20

显示全部楼层 · 发表于 2008-4-5 20:39:47

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dsj 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/xia5.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dqk 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/xia7.exe
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Pamere.de 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/080326.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dpb 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/xia8.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dqp 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/xia9.exe
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Pamere.df 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/080325.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dkz 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/xia10.exe
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Pamere.dc 檔案: C:\Documents and Settings\kato9096\桌面\229659.rar/080324.exe

8，上报不报

显示全部楼层 · 发表于 2008-4-5 20:47:39

2008/4/5 20:47:28 Real-time file system protection file G:\v\080404.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:25 Real-time file system protection file G:\v\080324.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:23 Real-time file system protection file G:\v\xia10.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:21 Real-time file system protection file G:\v\080325.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:18 Real-time file system protection file G:\v\xia9.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:16 Real-time file system protection file G:\v\xia8.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:14 Real-time file system protection file G:\v\080326.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:11 Real-time file system protection file G:\v\080327.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:09 Real-time file system protection file G:\v\xia7.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:07 Real-time file system protection file G:\v\080329.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:05 Real-time file system protection file G:\v\xia6.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:02 Real-time file system protection file G:\v\080330.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:47:00 Real-time file system protection file G:\v\xia5.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:57 Real-time file system protection file G:\v\080331.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:55 Real-time file system protection file G:\v\xia4.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:53 Real-time file system protection file G:\v\080402.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:44 Real-time file system protection file G:\v\xia3.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:38 Real-time file system protection file G:\v\xiA2.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:34 Real-time file system protection file G:\v\080403.exe a variant of Win32/TrojanClicker.VB.NCJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.
2008/4/5 20:46:27 Real-time file system protection file G:\v\xia.exe a variant of Win32/TrojanDownloader.VB.AHQ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-4-5 20:59:56

nod这次表现还不错

显示全部楼层 · 发表于 2008-4-5 21:07:26

D:\download\be.rar>>xia.exe PWSteal.Bluedit.ozpt 木马还未处理
D:\download\be.rar>>080403.exe AdClicker.FO.cuew 广告程序还未处理
D:\download\be.rar>>xiA2.exe PWSteal.Bluedit.rhkl 木马还未处理
D:\download\be.rar>>xia3.exe PWSteal.Bluedit.lfsm 木马还未处理
D:\download\be.rar>>080402.exe AdClicker.FO.dwei 广告程序还未处理
D:\download\be.rar>>xia4.exe PWSteal.Bluedit.ecqw 木马还未处理
D:\download\be.rar>>080331.exe AdClicker.FO.lctf 广告程序还未处理
D:\download\be.rar>>xia5.exe TrojanDownloader.VB.dsj.ozab 木马还未处理
D:\download\be.rar>>080330.exe AdClicker.FO.omjk 广告程序还未处理
D:\download\be.rar>>xia6.exe PWSteal.Bluedit.kpzc 木马还未处理
D:\download\be.rar>>080329.exe AdClicker.FO.fajo 广告程序还未处理
D:\download\be.rar>>xia7.exe TrojanDownloader.VB.dqk.lrbm 木马还未处理
D:\download\be.rar>>080327.exe AdClicker.FO.gckj 广告程序还未处理
D:\download\be.rar>>080326.exe AdClicker.FO.ccca 广告程序还未处理
D:\download\be.rar>>xia8.exe TrojanDownloader.VB.dpb.agyu 木马还未处理
D:\download\be.rar>>xia9.exe TrojanDownloader.VB.dqp.caeb 木马还未处理
D:\download\be.rar>>080325.exe AdClicker.FO.fkpz 广告程序还未处理
D:\download\be.rar>>xia10.exe TrojanDownloader.VB.dkz.tege 木马还未处理
D:\download\be.rar>>080324.exe TrojanClicker.Pamere.dc.czej 木马还未处理
D:\download\be.rar>>080404.exe AdClicker.FO.suqw 广告程序还未处理

20点病毒库全认识了

显示全部楼层 · 发表于 2008-4-5 21:17:54

驱逐舰

显示全部楼层 · 发表于 2008-4-5 21:17:56

[Found downloader] <W32/Downldr2.BLKK (exact, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\be.rar->xia10.exe

---------------------------------------------------------------------
Scan ended: 2008-4-5, 21:17:45
Duration: 0:00:01

Scan result:

Scanned files:    6
Infected objects:    1
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-4-5 21:18:19

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080403.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080402.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080331.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080330.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080329.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080327.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080326.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080325.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080324.exe <- Trojan.Clicker.Vb.qs : No action
C:\Documents and Settings\All Users\Documents\Test\be.rar<RAR>:080404.exe <- Trojan.Clicker.Vb.qs : No action

Scanned objects : 21

Infected objects : 10

显示全部楼层 · 发表于 2008-4-5 21:26:25

Hello,

080327.exe_, 080329.exe_, 080330.exe_, 080331.exe_, 080402.exe_ - Trojan-Clicker.Win32.Pamere.dh,
080403.exe_, 080404.exe_ - Trojan-Clicker.Win32.Pamere.di,
xia.exe_ - Trojan-Downloader.Win32.VB.dst,
xiA2.exe_, xia3.exe_, xia6.exe_ - Trojan-Downloader.Win32.VB.dsu,
xia4.exe_ - Trojan-Downloader.Win32.VB.dsv

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

--
Best regards, Yury Nesmachny
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-4-5 21:45:16

--> xia.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xiA2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xia3.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xia4.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xia5.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xia6.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> xia7.exe
   [DETECTION] Is the Trojan horse TR/Dldr.VB.dqk
  --> 080326.exe
   [DETECTION] Is the Trojan horse TR/Click.Pamere.DE
  --> xia8.exe
   [DETECTION] Is the Trojan horse TR/Dldr.VB.dpb
  --> xia9.exe
   [DETECTION] Is the Trojan horse TR/Dldr.VB.VLG.55
  --> 080325.exe
   [DETECTION] Is the Trojan horse TR/Click.Pamere.DF
  --> xia10.exe
   [DETECTION] Is the Trojan horse TR/Dldr.VB.dkz
  --> 080324.exe
   [DETECTION] Is the Trojan horse TR/Click.Pamere.DC
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-4-5 21:50:16

Hello,

080327.exe_, 080329.exe_, 080330.exe_, 080331.exe_, 080402.exe_ - Trojan-Clicker.Win32.Pamere.dh,
080403.exe_, 080404.exe_ - Trojan-Clicker.Win32.Pamere.di,
change.scr_ - Trojan.Win32.KillFiles.pq,
mm.exe_ - Trojan-PSW.Win32.OnLineGames.zhz,
uu.exe_ - Trojan-PSW.Win32.OnLineGames.ziw,
xia.exe_ - Trojan-Downloader.Win32.VB.dst,
xiA2.exe_, xia3.exe_, xia6.exe_ - Trojan-Downloader.Win32.VB.dsu,
xia4.exe_ - Trojan-Downloader.Win32.VB.dsv,
zz.exe_ - Trojan-PSW.Win32.OnLineGames.ziv

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

[病毒样本] bluedit 20

本帖子中包含更多资源