这两天新收的样本，9个

显示全部楼层 · 发表于 2008-5-29 12:00:03

过卡巴，昨天的病毒库...

（抱歉，搞错了，是已知的，稍后修改一下）

[ 本帖最后由 fengxing 于 2008-5-29 12:05 编辑 ]

显示全部楼层 · 发表于 2008-5-29 12:01:53

Starting the file scan:

Begin scan in 'E:\AV\virus'
E:\AV\virus\24915b67dfe5c4ccc2de1ad0c7fb8a34.bin(Virus.Win32.Virut.n).KAS
   [DETECTION] Contains code of the Windows virus W32/Virut.H
   [NOTE]    The file was deleted!
E:\AV\virus\fd83b004e56552729dfef36ba55ccd25.bin(Virus.Win32.Virut.n).KAS
   [DETECTION] Contains code of the Windows virus W32/Virut.Gen
   [NOTE]    The file was deleted!
E:\AV\virus\6431140aef5f65413de7d198f51806fd.bin(Trojan-PSW.Win32.OnLineGames.ajzv).KAS
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
E:\AV\virus\74fc065c30008609abc21a26be69c1b7.bin(Virus.Win32.Virut.n).KAS
   [DETECTION] Contains code of the Windows virus W32/Virut.Gen
   [NOTE]    The file was deleted!
E:\AV\virus\f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS
   [DETECTION] Is the Trojan horse TR/PSW.Legmir.386
   [NOTE]    The file was deleted!
E:\AV\virus\8f619179330487c2453f06d0f1b59e2f.bin(Trojan.Win32.NoUpdate.b).KAS
   [DETECTION] Is the Trojan horse TR/NoUpdate.B.53
   [NOTE]    The file was deleted!
E:\AV\virus\7d23966e0506b6fb67f4526d8d0a0d87.bin(Trojan-PSW.Win32.Agent.als).KAS
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\virus\eac6cac35e8a88689e2f63b9e9e2e988.bin(Trojan.Win32.Agent.nbl).KAS
   [DETECTION] Is the Trojan horse TR/Agent.nbl
   [NOTE]    The file was deleted!

End of the scan: 2008年5月29日  12:04
Used time: 00:12 min

The scan has been done completely.

   1 Scanning directories
   9 Files were scanned
   8 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   8 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   8 Notes

显示全部楼层 · 发表于 2008-5-29 12:06:49

已删除：病毒 Virus.Win32.Virut.n 文件: D:\病毒樣本\9.rar/24915b67dfe5c4ccc2de1ad0c7fb8a34.bin(Virus.Win32.Virut.n).KAS
已删除：病毒 Virus.Win32.Virut.n 文件: D:\病毒樣本\9.rar/fd83b004e56552729dfef36ba55ccd25.bin(Virus.Win32.Virut.n).KAS
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.ajzv 文件: D:\病毒樣本\9.rar/6431140aef5f65413de7d198f51806fd.bin(Trojan-PSW.Win32.OnLineGames.ajzv).KAS
已删除：木马程序 Trojan.Win32.Crypt.cm 文件: D:\病毒樣本\9.rar/483acfadc353393745143c00035a83b3.bin(Trojan.Win32.Crypt.cm).KAS
已删除：病毒 Virus.Win32.Virut.n 文件: D:\病毒樣本\9.rar/74fc065c30008609abc21a26be69c1b7.bin(Virus.Win32.Virut.n).KAS
已删除：木马程序 Backdoor.Win32.WinterLove.ay 文件: D:\病毒樣本\9.rar/f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS//UPX
已删除：木马程序 Trojan.Win32.NoUpdate.b 文件: D:\病毒樣本\9.rar/8f619179330487c2453f06d0f1b59e2f.bin(Trojan.Win32.NoUpdate.b).KAS//Execryptor//RLPack
已删除：木马程序 Trojan-PSW.Win32.Agent.als 文件: D:\病毒樣本\9.rar/7d23966e0506b6fb67f4526d8d0a0d87.bin(Trojan-PSW.Win32.Agent.als).KAS//PE_Patch//UPack
已删除：木马程序 Trojan.Win32.Agent.nbl 文件: D:\病毒樣本\9.rar/eac6cac35e8a88689e2f63b9e9e2e988.bin(Trojan.Win32.Agent.nbl).KAS
全部消滅

显示全部楼层 · 发表于 2008-5-29 12:07:49

信息 2008-05-29  12:07:01 您此次查毒有3次操作失败
信息 2008-05-29  12:07:01 您此次查毒清除了5个病毒
信息 2008-05-29  12:07:01 您此次查毒共查出8个病毒以及危险代码
信息 2008-05-29  12:07:01 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件10个
信息 2008-05-29  12:07:01 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\eac6cac35e8a88689e2f63b9e9e2e988.bin(Trojan.Win32.Agent.nbl).KAS Win32.Troj.Agent.20480 清除成功
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\7d23966e0506b6fb67f4526d8d0a0d87.bin(Trojan-PSW.Win32.Agent.als).KAS Win32.PSWTroj.Agent.1000 清除成功
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\8f619179330487c2453f06d0f1b59e2f.bin(Trojan.Win32.NoUpdate.b).KAS Win32.Troj.NoUpdate.b.19106 清除成功
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS Win32.Hack.DongRi.u.18944 清除成功
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\74fc065c30008609abc21a26be69c1b7.bin(Virus.Win32.Virut.n).KAS Win32.Virut.F.58880 操作失败
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\483acfadc353393745143c00035a83b3.bin(Trojan.Win32.Crypt.cm).KAS Worm.IRCBot.b.22016 清除成功
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\fd83b004e56552729dfef36ba55ccd25.bin(Virus.Win32.Virut.n).KAS Win32.Virut.F.58880 操作失败
病毒 2008-05-29  12:07:01 D:\Desktop\9.rar\24915b67dfe5c4ccc2de1ad0c7fb8a34.bin(Virus.Win32.Virut.n).KAS Win32.Virut.F.58880 操作失败

显示全部楼层 · 发表于 2008-5-29 12:29:34

这是新的样本

显示全部楼层 · 发表于 2008-5-29 12:30:32

金山毒霸 0

显示全部楼层 · 发表于 2008-5-29 12:33:03

25031365  0bdb6905db257b211...f2.bin  145.53 KB  UNDER ANALYSIS
25031366  0c65433d9d8ba746c...76.bin  194.57 KB  UNDER ANALYSIS
25031367  0cbcdb53e8d05c66a...91.bin  136 KB  UNDER ANALYSIS
25031368  ffab930ab1267c8a5...ca.bin  47 KB  UNDER ANALYSIS
683837  0cefca04e90f3b235...23.bin  80.5 KB  KNOWN CLEAN
684046  00cf6e4e41efa5036...aa.bin  137.5 KB  KNOWN CLEAN
114365  0b6d24f38ca4e320f...7d.bin  24 KB  KNOWN CLEAN
683189  0bee99af470bdd66d...3b.bin  161.5 KB  KNOWN CLEAN
76253  0c099ff4618554a6f...02.bin  252 KB  KNOWN CLEAN

显示全部楼层 · 发表于 2008-5-29 12:33:43

483acfadc35339374...m).KAS UNDER ANALYSIS

显示全部楼层 · 发表于 2008-5-29 13:32:21

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\9.rar<RAR>:24915b67dfe5c4ccc2de1ad0c7fb8a34.bin(Virus.Win32.Virut.n).KAS <- W32.Virut.E : No action
C:\Documents and Settings\All Users\Documents\Test\9.rar<RAR>:fd83b004e56552729dfef36ba55ccd25.bin(Virus.Win32.Virut.n).KAS <- W32.Virut.E : No action
C:\Documents and Settings\All Users\Documents\Test\9.rar<RAR>:6431140aef5f65413de7d198f51806fd.bin(Trojan-PSW.Win32.OnLineGames.ajzv).KAS <- Worm.Keco.J : No action
C:\Documents and Settings\All Users\Documents\Test\9.rar<RAR>:74fc065c30008609abc21a26be69c1b7.bin(Virus.Win32.Virut.n).KAS <- W32.Tuvir.A : No action
C:\Documents and Settings\All Users\Documents\Test\9.rar<RAR>:f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS<UPX>:f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS <- Trojan.Winterlove.Ay : No action

Scanned objects : 14

Infected objects : 5

显示全部楼层 · 发表于 2008-5-29 13:32:57

[Found virus] <W32/Virut.8639 (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->24915b67dfe5c4ccc2de1ad0c7fb8a34.bin(Virus.Win32.Virut.n).KAS
[Found virus] <W32/Virut.9264 (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->fd83b004e56552729dfef36ba55ccd25.bin(Virus.Win32.Virut.n).KAS
[Found virus] <W32/Virut.9264 (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->74fc065c30008609abc21a26be69c1b7.bin(Virus.Win32.Virut.n).KAS
[Found backdoor] <W32/Backdoor.QFL (exact, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->f24f42a00e39fdb30f42d13f20da2934.bin(Backdoor.Win32.WinterLove.ay).KAS->(UPX)
[Found possible security risk] <W32/Heuristic-210!Eldorado (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->8f619179330487c2453f06d0f1b59e2f.bin(Trojan.Win32.NoUpdate.b).KAS->(EXECryptor)->(RLPack)->(EXECryptor)
[Found possible security risk] <W32/Heuristic-KPP!Eldorado (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\9.rar->7d23966e0506b6fb67f4526d8d0a0d87.bin(Trojan-PSW.Win32.Agent.als).KAS->(embedded)->(UPX)

---------------------------------------------------------------------
Scan ended: 2008-5-29, 13:32:28
Duration: 0:00:03

Scan result:

Scanned files:    6
Infected objects:    6
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

[病毒样本] 这两天新收的样本，9个

本帖子中包含更多资源

8

这是新的样本

本帖子中包含更多资源

回复 5楼 fengxing 的帖子

回复 5楼 fengxing 的帖子

ArcaVir2008

F-Prot 4.4.4