7个

显示全部楼层 · 发表于 2008-5-3 21:23:57

已上报到卡巴

Hello,

CTHELPER.exe_,
MsnPlatform.bin - Trojan-Clicker.Win32.Flyst.ad,

VStart.bin - Trojan-Clicker.Win32.Flyst.ae,

WINSvr64.dll - Trojan-Downloader.Win32.Agent.obt

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

GVOnline32.bin,
krnln.fnr,
NSService.fne,
smss.exe_,
tppoll.exe_

No malicious code were found in these files.

kavsvchost.exe_,
msnlive.exe_ - Trojan-Downloader.Win32.Agent.oad,

xia4.exe_ - Trojan-PSW.Win32.OnLineGames.acyk

These files are already detected. Please update your antivirus bases.

xia16.exe_,
xia23.exe_,
xia24.exe_,
xia25.exe_,
xia27.exe_,
xia7.exe_

These files are corrupted.

Please quote all when answering.

--
Best regards, Mikhail Bulgakov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-5-4 19:26 编辑 ]

显示全部楼层 · 发表于 2008-5-3 21:28:56

显示全部楼层 · 发表于 2008-5-3 21:32:00

什么是Resident Shield???

显示全部楼层 · 发表于 2008-5-3 21:32:57

000031DC 004031DC 0 \debug.txt
000031F0 004031F0 0 :\Program Files\Common Files\Microsoft\khalshared\webinstall.bin
00003231 00403231 0 :\Program Files\Common Files\Microsoft
00003258 00403258 0 :\Program Files\Common Files\Microsoft\khalshared
0000328A 0040328A 0 :\Program Files\Common Files\Microsoft\khalshared\krnln.fnr
000032C6 004032C6 0 \krnln.fnr
000032D1 004032D1 0 E_4\krnln.fnr
000032DF 004032DF 0 ku/krnln.zip
000032EC 004032EC 0 :\Program Files\Common Files\Microsoft\khalshared\com.run
00003326 00403326 0 \com.run
0000332F 0040332F 0 E_4\com.run
0000333B 0040333B 0 ku/com.zip
00003346 00403346 0 :\Program Files\Common Files\Microsoft\khalshared\BmpOperate.fne
00003387 00403387 0 \BmpOperate.fne
00003397 00403397 0 E_4\BmpOperate.fne
000033AA 004033AA 0 ku/BmpOperate.zip

00003327 00403327    0 F\debug.shutdown
00003339 00403339    0 Dell 2208WAP
00003351 00403351    0 http://down.alibaba99.com/
0000336C 0040336C    0 http://down2.alibaba99.com/
00003388 00403388    0 http://down3.alibaba99.com/
000033A4 004033A4    0 http://down4.alibaba99.com/
000033D3 004033D3    0 \debug-starttime.txt
000033F1 004033F1    0 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
0000342D 0040342D    0 :\PROGRA~1\COMMON~1\Microsoft\CTHELPER.EXE
00003458 00403458    0 Explorer.exe
00003466 00403466    0 :\Program Files\Common Files\Microsoft\CTHELPER.EXE
0000349A 0040349A    0 \debug.txt
000034AF 004034AF    0 :\Program Files\Common Files\Ravstub.exe
000034D8 004034D8    0 System.asp
000034EB 004034EB    0 Start
000034FB 004034FB    0 :\Program Files\Common Files
00003518 00403518    0 x0606/oRun.exe
00003527 00403527    0 CTHELPER.EXE

显示全部楼层 · 发表于 2008-5-3 21:33:50

Complete scanning result of "7.rar", processed in VirusTotal at 05/03/2008 15:32:37 (CET).

[ file data ]
* name..: 7.rar
* size..: 612102
* md5...: cedde5153cc9f86d8b1b989ee86d2828
* sha1..: 7558bf120723dcbced33547379974b129e0f8e2d
* peid..: -

[ scan result ]
AhnLab-V3 2008.5.3.0/20080502 found nothing
AntiVir 7.8.0.11/20080502 found [TR/Crypt.CFI.Gen]
Authentium 4.93.8/20080502 found nothing
Avast 4.8.1169.0/20080503 found nothing
AVG 7.5.0.516/20080503 found [Agent.SKW]
BitDefender 7.2/20080503 found nothing
CAT-QuickHeal 9.50/20080502 found [Win32.Packed.Klone.ap03]
ClamAV 0.92.1/20080503 found nothing
DrWeb 4.44.0.09170/20080503 found nothing
eSafe 7.0.15.0/20080428 found [suspicious Trojan/Worm]
eTrust-Vet 31.3.5755/20080503 found nothing
Ewido 4.0/20080503 found nothing
F-Prot 4.4.2.54/20080502 found nothing
F-Secure 6.70.13260.0/20080503 found nothing
Fortinet 3.14.0.0/20080503 found nothing
Ikarus T3.1.1.26/20080503 found [Packed.Win32.Klone.af]
Kaspersky 7.0.0.125/20080503 found nothing
McAfee 5287/20080502 found [New Malware.u]
Microsoft 1.3408/20080422 found nothing
NOD32v2 3072/20080503 found nothing
Norman 5.80.02/20080502 found nothing
Panda 9.0.0.4/20080503 found nothing
Prevx1 V2/20080503 found [Malicious Software]
Rising 20.42.22.00/20080430 found nothing
Sophos 4.29.0/20080503 found [Mal/Packer]
Sunbelt 3.0.1097.0/20080503 found nothing
TheHacker 6.2.92.299/20080503 found [W32/Behav-Heuristic-067]
VBA32 3.12.6.5/20080502 found nothing
VirusBuster 4.3.26:9/20080502 found [Packed/NSPack]
Webwasher-Gateway 6.6.2/20080503 found [Trojan.Crypt.CFI.Gen]

[ notes ]
packers: UPX
packers: NSPack, PE_Patch, UPX, PecBundle, PECompact
packers: NSPack, PE_Patch.UPX, UPX, PE_Patch.PECompact, PecBundle, PECompact, NSPack, NSPack, NSPack, NSPack
Prevx info: http://info.prevx.com/aboutprogr ... 0581D48D900C29EF7BF

__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Do not reply to this message. It has been generated by an automatic address that will not handle any reply. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

显示全部楼层 · 发表于 2008-5-3 21:34:11

<html>
<head>
<TITLE>域名纠错系统</TITLE>
</head>
<body leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0">

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<iframe name=_parent border=0 src=issueunziped/baidu080421nf/index.jsp?sf=&UserUrl=down.alibaba99.com%5Cdebug-starttime.txt frameSpacing=0
marginHeight=0 frameBorder=0 noResize width=100% scrolling=no
height=1600 vspale=0>
</iframe>
<iframe
src="counter/counter.jsp?pc=10082&dn=down.alibaba99.com%5Cdebug-starttime.txt&ip=122.0.252.98"
width="0" height="0">
</iframe>
</td>
</tr>
</table>

</body>
</html>

显示全部楼层 · 发表于 2008-5-3 21:36:01

原帖由 kato9096 于 2008-5-3 21:32 发表
什么是Resident Shield???

监控

显示全部楼层 · 发表于 2008-5-3 23:26:46

Begin scan in 'E:\VIRUS\7(5.3).RAR'
E:\VIRUS\7(5.3).RAR
  [0] Archive type: RAR
  --> 7\smss.exe2
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 7\CTHELPER.EXE2
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 7\MsnPlatform.bin
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 7\GVOnline32.bin
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 7\VStart.bin
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen

3792756    krnln.fnr    378 KB    FALSE POSITIVE
25009172    NSService.fne    9 KB    UNDER ANALYSIS

显示全部楼层 · 发表于 2008-5-4 19:27:03

Hello,

CTHELPER.exe_,
MsnPlatform.bin - Trojan-Clicker.Win32.Flyst.ad,

VStart.bin - Trojan-Clicker.Win32.Flyst.ae,

WINSvr64.dll - Trojan-Downloader.Win32.Agent.obt

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

GVOnline32.bin,
krnln.fnr,
NSService.fne,
smss.exe_,
tppoll.exe_

No malicious code were found in these files.

kavsvchost.exe_,
msnlive.exe_ - Trojan-Downloader.Win32.Agent.oad,

xia4.exe_ - Trojan-PSW.Win32.OnLineGames.acyk

These files are already detected. Please update your antivirus bases.

xia16.exe_,
xia23.exe_,
xia24.exe_,
xia25.exe_,
xia27.exe_,
xia7.exe_

These files are corrupted.

Please quote all when answering.

--
Best regards, Mikhail Bulgakov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - techni

显示全部楼层 · 发表于 2008-5-4 19:31:41

rising20.42.62未杀！

[病毒样本] 7个

本帖子中包含更多资源

本帖子中包含更多资源

回复 2楼 wangjay1980 的帖子

回复 1楼 kato9096 的帖子

15/0

浏览过的版块