今天的收获，ESET挂了5只

solcroft

有耐性和官方纠缠的就去上报吧

[ 本帖最后由 solcroft 于 2008-4-18 02:30 编辑 ]

mofunzone

把antivir挂的也发上来吧，我很有兴趣和官方纠缠
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\wowmf.zip'
C:\Documents and Settings\Administrator\My Documents\
  wowmf.zip
    [0] Archive type: ZIP
      --> wowmf.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Is the Trojan horse TR/PSW.17120.14
              [WARNING]   Infected files in archives cannot be repaired!
    --> csrss.gtr
        [DETECTION] Contains detection pattern of the SPR/Spam.VB.AH.1 program
    --> go.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    --> load.exe
        [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
    --> WebSoftCodecDrivern.exe
      [WARNING]   The file was ignored!
  wowmf.zip:Zone.Identifier


End of the scan: 2008年4月17日  09:58
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      7 Files were scanned
      4 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      2 Warnings
      0 Notes

mofunzone

Filename         Result
rtqmekwg.exe          MALWARE

The file 'rtqmekwg.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Vapsup.dep. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename         Result
WebSoftCodecDrivern.exe          MALWARE

The file 'WebSoftCodecDrivern.exe' has been determined to be 'MALWARE'. Our analysts named the threat DR/Vapsup.ebv. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename         Result
pmsoarbf.dll          MALWARE

The file 'pmsoarbf.dll' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Vapsup.den. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

论坛附件居然可以用迅雷下载。。。

zane_xzz

扫描系统区域...
扫描所选择的目录和文件...
对象: csrss.gtr
路径: C:\Documents and Settings\Administrator\桌面\wowmf
状态: 已发现病毒
  病毒: SpamTool.Win32.VB.ah (AVP引擎)
对象: go.exe
路径: C:\Documents and Settings\Administrator\桌面\wowmf
状态: 已发现病毒
  病毒: Trojan.Win32.Pakes.cqx (AVP引擎)
对象: load.exe
路径: C:\Documents and Settings\Administrator\桌面\wowmf
状态: 已发现病毒
  病毒: Trojan-Spy.Win32.Zbot.ama (AVP引擎)
对象: wowmf.exe
路径: C:\Documents and Settings\Administrator\桌面\wowmf
状态: 已发现病毒
  病毒: Trojan-PSW.Win32.OnLineGames.aabi (AVP引擎)
分析完成: 18.04.2008 08:36
    已扫描 5 个文件
    已发现 4 个感染文件
    发现 0 个可疑文件

aerbeisi

[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        C:\test\wowmf.zip->wowmf.exe->(UPack)
[Found possible virus]         <W32/VB-Wird-based!Maximus (not disinfectable)>        C:\test\wowmf.zip->csrss.gtr

挪威的冬天

信息        2008-04-18  12:04:03        您此次查毒清除了1个病毒                       
信息        2008-04-18  12:04:03        您此次查毒共查出1个病毒以及危险代码                       
信息        2008-04-18  12:04:03        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件8个                       
信息        2008-04-18  12:04:03        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-04-18  12:04:03        D:\Desktop\wowmf.zip\wowmf.exe        Win32.Troj.KillAV.c.102587        清除成功

无尽藏海

额……

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\wowmf.zip<ZIP>:wowmf.exe<UPack>:wowmf.exe <- Trojan.Psw.Onlinegames.Aabi : No action
C:\Documents and Settings\All Users\Documents\Test\wowmf.zip<ZIP>:wowmf.exe<UPack>:wowmf.exe<DLLRES>:WODLL0.exe<UPX>:WODLL0.exe <- Trojan.Psw.Wow.Asw : No action
C:\Documents and Settings\All Users\Documents\Test\wowmf.zip<ZIP>:load.exe <- Trojan.Spy.Zbot.Ama : No action
C:\Documents and Settings\All Users\Documents\Test\wowmf.zip<ZIP>:WebSoftCodecDrivern.exe<NSIS>:eqnr.exe <- Adware.Vapsup.Dsx : No action



Scanned objects : 19

Infected objects : 4

Palkia

在 C:\Documents and Settings\Administrator\桌面\wowmf.zip->wowmf.exe 中发现 Trojan/PSW.OnlineGames.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\wowmf.zip->go.exe 中发现 Trojan/PSW.OnLineGames.absb 病毒, 已删除