update x3

显示全部楼层 · 发表于 2008-5-1 23:38:13

疏忽大意了-。-

失误-。-下次运行就知道了。。。

显示全部楼层 · 发表于 2008-5-1 23:50:39

update.rar\999.jpg;C:\Documents and Settings\Administrator\桌面\update.rar;Win32.HLLW.Autoruner.1858;;
banner.gif\data002;C:\Documents and Settings\Administrator\桌面\update.rar\banner.gif;BackDoor.Pigeon.11870;;
banner.gif;C:\Documents and Settings\Administrator\桌面\update.rar;发现压缩文件中有被感染的对象;;
update.rar;C:\Documents and Settings\Administrator\桌面;发现压缩文件中有被感染的对象;;

显示全部楼层 · 发表于 2008-5-2 11:42:43

[扫描路径] C:\Documents and Settings\zh\桌面\999.jpg
>C:\Documents and Settings\zh\桌面\999.jpg 已被病毒感染： Win32.HLLW.Autoruner.1858

[扫描路径] C:\Documents and Settings\zh\桌面\banner.gif
>C:\Documents and Settings\zh\桌面\banner.gif\data001 - 确定
>>>>>C:\Documents and Settings\zh\桌面\banner.gif\data002 已被病毒感染： BackDoor.Pigeon.11870
>C:\Documents and Settings\zh\桌面\banner.gif\data003 - 确定
C:\Documents and Settings\zh\桌面\banner.gif - 发现压缩文件中有被感染的对象

[扫描路径] C:\Documents and Settings\zh\桌面\button.gif
>C:\Documents and Settings\zh\桌面\button.gif - 确定

-----------------------------------------------------------------------------
扫描统计
-----------------------------------------------------------------------------
已扫描对象: 7
发现受感染对象: 2

显示全部楼层 · 发表于 2008-5-2 11:46:43

挫..

Sign of "Win32:AutoRun-ACK [Wrm]" has been found in "F:\update.rar\999.jpg\[Upack]" file.

显示全部楼层 · 发表于 2008-5-2 11:56:01

[Found possible security risk] <W32/Heuristic-210!Eldorado (damaged, not disinfectable)> C:\test\update.rar->999.jpg->(UPack)
[Found backdoor] <W32/Hupigon.G.gen!Eldorado (not disinfectable, generic)> C:\test\update.rar->button.gif

显示全部楼层 · 发表于 2008-5-2 12:21:12

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.KAFAN\桌面\BUTTON.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\REMOTECOMPUTER.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.KAFAN\桌面\BANNER.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\WS安全盾\SLDUPDATE.EXE
2) C:\PROGRAM FILES\WS安全盾\SPFSTCHK.EXE
3) C:\WINDOWS\A3GUARD.EXE
是否删除木马程序及其衍生物?
这东西还扫描类，晕死

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.KAFAN\桌面\999.EXE
木马程序生成以下文件:
1) C:\WINDOWS\FONTS\8CF6CAA1F8081B4762B3EBB397CC518C\SYSTEM\SVCHOST.EXE
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-5-2 12:25:05

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\update.rar'
C:\Documents and Settings\Administrator\My Documents\
  update.rar
[0] Archive type: RAR
   --> 999.jpg
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
         [WARNING] Infected files in archives cannot be repaired!
   --> banner.gif
      [1] Archive type: RSRC
      --> Object
      --> Object
      --> Object
--> button.gif
      [DETECTION] Contains suspicious code HEUR/Crypted.E
   [WARNING] The file was ignored!
  update.rar:Zone.Identifier

End of the scan: 2008年5月1日  21:24
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   5 Files were scanned
   2 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   2 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-5-2 13:10:38

红伞监控杀掉jpg,扫描杀掉两个gif

显示全部楼层 · 发表于 2008-5-2 13:15:24

button.gif是改了后缀的exe还是包含exe的gif呢？

显示全部楼层 · 发表于 2008-5-2 19:18:26

rising20.42.40未杀！

[病毒样本] update x3

回复 8楼 jimmyleo 的帖子

本帖子中包含更多资源

11/0