这个有问题么？

显示全部楼层 · 发表于 2008-4-12 02:03:04

[ 本帖最后由 lanvin 于 2008-4-12 02:04 编辑 ]

显示全部楼层 · 发表于 2008-4-12 02:28:18

xx.rar (19.54 KB, 下载次数: 65)

显示全部楼层 · 发表于 2008-4-12 03:00:43

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\xx_unpacked.rar'
C:\Documents and Settings\Administrator\My Documents\
  xx_unpacked.rar
[0] Archive type: RAR
--> xx_unpacked.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\real[1].rar'
C:\Documents and Settings\Administrator\My Documents\
  real[1].rar
[0] Archive type: RAR
--> real[1].htm
      [DETECTION] Contains detection pattern of the Java script virus JS/Agent.ES
   [NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\xx.rar'
C:\Documents and Settings\Administrator\My Documents\
  xx.rar
[0] Archive type: RAR
   --> xx.exe
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
         [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!

End of the scan: 2008年4月11日  12:00
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   6 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   3 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   3 Archives were scanned
   1 Warnings
   3 Notes

显示全部楼层 · 发表于 2008-4-12 08:08:16

D:\Documents and Settings\EKINCHENG\桌面\xx_unpacked.rar » RAR » xx_unpacked.exe - Win32/Anilogo.NAD worm
D:\Documents and Settings\EKINCHENG\桌面\xx.rar » RAR » xx.exe - Win32/Anilogo.NAD worm

显示全部楼层 · 发表于 2008-4-12 08:38:39

这个病毒反汇编全是JMP。。。

还是个即时通讯软件的盗号木马

[ 本帖最后由 saber123 于 2008-4-12 08:42 编辑 ]

显示全部楼层 · 发表于 2008-4-12 09:42:15

显示全部楼层 · 发表于 2008-4-12 11:29:30

扫描系统区域...
扫描所选择的目录和文件...
对象: xx_unpacked.exe
在压缩档案里: E:\virus\xx_unpacked.rar
Status: 已发现病毒
病毒: Generic.Malware.SP!BdldPk!g.86C27D75 (BD 引擎)
对象: xx_unpacked.rar
路径: E:\virus
Status: 已发现病毒
病毒: Generic.Malware.SP!BdldPk!g.86C27D75 (BD 引擎)
对象: real[1].htm
在压缩档案里: E:\virus\real[1].rar
Status: 已发现病毒
病毒: Trojan.Downloader.JS.Agent.OL (BD 引擎)
对象: real[1].rar
路径: E:\virus
Status: 已发现病毒
病毒: Trojan.Downloader.JS.Agent.OL (BD 引擎)
对象: xx.exe
在压缩档案里: E:\virus\xx.rar
Status: 已发现病毒
病毒: Generic.Malware.SP!BdldPk!g.5AC146DC (BD 引擎)
对象: xx.rar
路径: E:\virus
Status: 已发现病毒
病毒: Generic.Malware.SP!BdldPk!g.5AC146DC (BD 引擎)
扫描完成: 2008-4-12 11:30
已检查 3 个文件
已发现 3 个染毒文件

显示全部楼层 · 发表于 2008-4-12 12:26:22

信息 2008-04-12  12:25:41 您此次查毒清除了2个病毒
信息 2008-04-12  12:25:41 您此次查毒共查出2个病毒以及危险代码
信息 2008-04-12  12:25:41 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件7个
信息 2008-04-12  12:25:41 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-04-12  12:25:41 D:\Desktop\xx_unpacked.rar\xx_unpacked.exe Worm.Anilogo.155648 清除成功
病毒 2008-04-12  12:25:41 D:\Desktop\xx.rar\xx.exe Worm.Anilogo.155648 清除成功

[已鉴定] 这个有问题么？