再来几个，都是这两天抓的...

显示全部楼层 · 发表于 2008-4-9 13:52:45

依然是md5命名.

显示全部楼层 · 发表于 2008-4-9 13:53:23

木马名称:Trojan-Downloader.Win32.Agent.qxs

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\8A7EFA3D3EE625303D9B9248D34A32E6.BIN
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2008-4-9 13:54:40

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\maybe malware1.rar'
E:\新建文件夹 (2)\maybe malware1.rar
  [0] Archive type: RAR
  --> 05daa66b0e738c0681ff03242764156b.bin
   [DETECTION] Is the Trojan horse TR/Agent.18944.C.2
  --> 8a7efa3d3ee625303d9b9248d34a32e6.bin
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> fafd2b72c0d76db840ec96349c6542e9.bin
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> fb032e11c1f3f667d2652cb7a8141b1a.bin
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> ebca6e9dd510a5ecbd28ed28ffa79681.bin
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> fbc67854c295f02b5b86db7d73226486.bin
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-4-9 14:02:46

检测到：病毒 Heur.Trojan.Generic (修改) 文件: F:\Download\maybe malware1.rar/8a7efa3d3ee625303d9b9248d34a32e6.bin

显示全部楼层 · 发表于 2008-4-9 14:13:52

C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>05daa66b0e738c0681ff03242764156b.bin Heuri.Possible/Packed 启发式扫描还未处理
C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>fadb70e7be825fa8d2d7be62ede74aa4.bin Packed.FSG.a 带壳程序还未处理
C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>fafd2b72c0d76db840ec96349c6542e9.bin Heuri.Possible/Packed 启发式扫描还未处理
C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>fb032e11c1f3f667d2652cb7a8141b1a.bin Trojan.Clicker.PopHot.dse.qocs 木马还未处理
C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>efbf1981169d19028f7c4d798a8d7cf9.bin Packed.FSG.a 带壳程序还未处理
C:\Documents and Settings\Administrator\桌面\maybe malware1.rar>>fbc67854c295f02b5b86db7d73226486.bin Trojan.Qcjasf.dxvo 木马还未处理

显示全部楼层 · 发表于 2008-4-9 14:14:19

[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\test\maybe malware1.rar->05daa66b0e738c0681ff03242764156b.bin
[Found possible security risk] <W32/Heuristic-162!Eldorado (not disinfectable)> C:\test\maybe malware1.rar->8a7efa3d3ee625303d9b9248d34a32e6.bin->(PE_Patch)->(Aspack)->(Aspack)
[Found possible security risk] <W32/Heuristic-CSU!Eldorado (damaged, not disinfectable)> C:\test\maybe malware1.rar->fb032e11c1f3f667d2652cb7a8141b1a.bin
[Found downloader] <W32/Downloader.A.gen!Eldorado (not disinfectable, generic)> C:\test\maybe malware1.rar->ebca6e9dd510a5ecbd28ed28ffa79681.bin
[Found virus] <W32/Dropper.gen6 (not disinfectable)> C:\test\maybe malware1.rar->fbc67854c295f02b5b86db7d73226486.bin

显示全部楼层 · 发表于 2008-4-9 14:57:34

TO KL

显示全部楼层 · 发表于 2008-4-9 15:20:24

信息 2008-04-09  15:19:49 您此次查毒清除了4个病毒
信息 2008-04-09  15:19:49 您此次查毒共查出4个病毒以及危险代码
信息 2008-04-09  15:19:49 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件17个
信息 2008-04-09  15:19:49 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-04-09  15:19:49 D:\Desktop\maybe malware1.rar\ebca6e9dd510a5ecbd28ed28ffa79681.bin Win32.Troj.HmirT.yy.172032 清除成功
病毒 2008-04-09  15:19:49 D:\Desktop\maybe malware1.rar\8a7efa3d3ee625303d9b9248d34a32e6.bin Win32.Troj.DoS.372736 清除成功
病毒 2008-04-09  15:19:48 D:\Desktop\maybe malware1.rar\6f2fba2a7875ccc98814e09f34bec792.bin Win32.Troj.DownLoaderT.cx.61440 清除成功
病毒 2008-04-09  15:19:48 D:\Desktop\maybe malware1.rar\05daa66b0e738c0681ff03242764156b.bin Win32.Troj.Agent.69632 清除成功

显示全部楼层 · 发表于 2008-4-9 15:39:37

E:\病毒\maybe malware1.rar » RAR » 05daa66b0e738c0681ff03242764156b.bin - a variant of Win32/Agent.NHX trojan
E:\病毒\maybe malware1.rar » RAR » 6f2fba2a7875ccc98814e09f34bec792.bin - a variant of Win32/TrojanDownloader.VB.CEJ trojan
E:\病毒\maybe malware1.rar » RAR » 8a7efa3d3ee625303d9b9248d34a32e6.bin - probably a variant of Win32/DoS.Sypak trojan
E:\病毒\maybe malware1.rar » RAR » fadb70e7be825fa8d2d7be62ede74aa4.bin » FSG v2.0 - unpack error
E:\病毒\maybe malware1.rar » RAR » fafd2b72c0d76db840ec96349c6542e9.bin - probably unknown NewHeur_PE virus
E:\病毒\maybe malware1.rar » RAR » efbf1981169d19028f7c4d798a8d7cf9.bin » FSG v2.0 - unpack error
E:\病毒\maybe malware1.rar » RAR » ebca6e9dd510a5ecbd28ed28ffa79681.bin - a variant of Win32/TrojanDownloader.Agent.NVK trojan

[ 本帖最后由曲中求于 2008-4-9 15:41 编辑 ]

显示全部楼层 · 发表于 2008-4-9 16:37:26

我和楼上的一样5/12
C:\Documents and Settings\Owner\桌面\maybe malware1.rar > RAR > 05daa66b0e738c0681ff03242764156b.bin - Win32/Agent.NHX 特洛伊木马的变种
C:\Documents and Settings\Owner\桌面\maybe malware1.rar > RAR > 6f2fba2a7875ccc98814e09f34bec792.bin - Win32/TrojanDownloader.VB.CEJ 特洛伊木马的变种
C:\Documents and Settings\桌面\maybe malware1.rar > RAR > 8a7efa3d3ee625303d9b9248d34a32e6.bin - 可能是 Win32/DoS.Sypak 特洛伊木马的变种
C:\Documents and Settings\桌面\maybe malware1.rar > RAR > fadb70e7be825fa8d2d7be62ede74aa4.bin > FSG v2.0 - 解压错误
C:\Documents and Settings\桌面\maybe malware1.rar > RAR > fafd2b72c0d76db840ec96349c6542e9.bin - 未查明的 NewHeur_PE 病毒
C:\Documents and Settings\桌面\maybe malware1.rar > RAR > efbf1981169d19028f7c4d798a8d7cf9.bin > FSG v2.0 - 解压错误
C:\Documents and Settings\桌面\maybe malware1.rar > RAR > ebca6e9dd510a5ecbd28ed28ffa79681.bin - Win32/TrojanDownloader.Agent.NVK 特洛伊木马的变种

[病毒样本] 再来几个，都是这两天抓的...

本帖子中包含更多资源

本帖子中包含更多资源