8 可能有误报

显示全部楼层 · 发表于 2008-4-10 20:49:21

arca micro scan的启发开到最大的结果..排除几个明显误报的..剩下来的传上来（里面那两个exe也可能是误报）..

ArcaMicroScan - Scanning report [2008.04.10 20:25:26]
Base date : 2008.04.09 17:38:18

[Scanning : C:\WINDOWS]

C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard.resources\2.0.2589.34698_nl_90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.resources.DLL <- Adware.Ttc.C : No action
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard.resources\2.0.2589.34789_ja_90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.resources.DLL <- Adware.Ttc.C : No action
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard.resources\2.0.2589.34748_de_90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.resources.DLL <- Adware.Ttc.C : No action
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL <- Adware.Ttc.C : No action
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard.resources\2.0.2589.34821_el_90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.resources.DLL <- Adware.Ttc.C : No action
C:\WINDOWS\system32\drivers\v3engine.sys <- Heur.RoundKick : No action
C:\WINDOWS\system32\zsfiles\00008.rps<GZIP>:EmbGZIP <- Trojan.Psw.Onlinegames.Jct : No action
C:\WINDOWS\system32\zsfiles\00008.rps<GZIP>:EmbGZIP<UPack>:EmbGZIP <- Trojan.Psw.Onlinegames.Jct : No action
C:\WINDOWS\Temp\thupdate.exe <- Trojan.Downloader.Nsis.Agent.Y : No action
C:\WINDOWS\Temp\Vscan.exe<NSIS>:file1 <- Trojan.Downloader.Nsis.Agent.Y : No action

Scanned objects : 39543
Infected objects : 10

显示全部楼层 · 发表于 2008-4-10 20:50:40

版主也用了啊，呵呵。

[Found Trojan]    <W32/Trojan.CCJM (exact, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\WINDOWS.rar->00008.rps->(packed)->(embedded)->(embedded)

---------------------------------------------------------------------
Scan ended: 2008-4-10, 20:51:22
Duration: 0:00:03

Scan result:

Scanned files:       6
Infected objects:    1
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-4-10 20:51:18

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\WINDOWS.rar'
C:\Documents and Settings\Administrator\桌面\WINDOWS.rar
  [0] Archive type: RAR
--> 00008.rps
   [1] Archive type: GZ
   --> unkwn
      [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.YMX
--> 00009.rps
   [1] Archive type: GZ
   --> unkwn
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/ZSearch.G
   [INFO]    The file was deleted!

End of the scan: 星期四 2008年4月10日  20:51
Used time: 00:07 min

The scan has been done completely.

   0 Scanning directories
   13 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   11 Files not concerned
   4 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-4-10 20:51:21

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\WINDOWS.rar'
E:\新建文件夹 (2)\WINDOWS.rar
  [0] Archive type: RAR
--> 00008.rps
   [1] Archive type: GZ
   --> unkwn
      [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.YMX
--> 00009.rps
   [1] Archive type: GZ
   --> unkwn
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/ZSearch.G
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-4-10 20:53:04

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Mnless.zvz

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.39.31

显示全部楼层 · 发表于 2008-4-10 20:54:22

hoho 免费的东东偶喜欢~

显示全部楼层 · 发表于 2008-4-10 20:56:23

不是可能，是肯定。TO KL

显示全部楼层 · 发表于 2008-4-10 21:31:58

07感觉比06的启发有了些变化。貌似没有了Heur.Win32。上报反应很快的说。但没有回复。

显示全部楼层 · 发表于 2008-4-10 21:38:09

下了试试！！！！！！！！！！！！！！！

显示全部楼层 · 发表于 2008-4-10 22:10:49

Hello,

00001.rps, 00005.rps, 00007.rps, 00009.rps, 00010.rps, thupdate.exe_, Vscan.exe_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: WINDOWS.rar

[病毒样本] 8 可能有误报

本帖子中包含更多资源

回复 1楼 qianwenxiang 的帖子

28/1

本帖子中包含更多资源

回复 6楼 qianwenxiang 的帖子