入來吃下午茶

显示全部楼层 · 发表于 2008-5-31 16:01:26

Starting the file scan:

Begin scan in 'C:\Documents and Settings\kato9096\桌面\Bi'
C:\Documents and Settings\kato9096\桌面\Bi\6Y5MJ54C7UI1.exe2
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.zac
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\Bi\Bi mat.exe3
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\Bi\tmpA.tmp
   [DETECTION] Is the Trojan horse TR/Agent.qqx.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\Bi\U.exe2
--> Object
   [1] Archive type: OVL
   --> Object
      [2] Archive type: OVL
      --> Object
         [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.PN
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\Bi\WFPN63ERPNSJ.exe2
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.zac
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\Bi\wtfwdsh.exe2
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48a7063e.qua'!

End of the scan: Saturday,31 May 2008  16:01
Used time: 00:06 min

The scan has been done completely.

   1 Scanning directories
   10 Files were scanned
   5 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   5 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   0 Archives were scanned
   0 Warnings
   6 Notes

File ID    Filename    Size (Byte) Result
25033024    ad1322.exe2    127.76 KB    UNDER ANALYSIS
25033025    JR4HXHB3.exe2    60 KB    UNDER ANALYSIS
3981699    reg.exe2    63 KB    KNOWN CLEAN
74902    WindowsLogon.manifest    488 Byte    KNOWN CLEAN

[ 本帖最后由 kato9096 于 2008-5-31 16:02 编辑 ]

显示全部楼层 · 发表于 2008-5-31 16:03:41

已刪除: 病毒 Worm.Win32.AutoIt.ai 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/Bi mat.exe3//PE_Patch.UPX//UPX//script.au3
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.BHO.bgf 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/ad1322.exe2//data0002
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Losabel.nx 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/U.exe2//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.rgw 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/6Y5MJ54C7UI1.exe2
已刪除: 特洛伊木馬程式 Trojan-Dropper.Win32.Agent.sed 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/JR4HXHB3.exe2
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.qqx 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/tmpA.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.rgw 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/WFPN63ERPNSJ.exe2
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.rgr 檔案: C:\Documents and Settings\kato9096\桌面\Bi.rar/wtfwdsh.exe2

8

有2个不报,但相信不是毒,所以不上报.

[ 本帖最后由 kato9096 于 2008-5-31 16:06 编辑 ]

显示全部楼层 · 发表于 2008-5-31 16:12:53

结果: 发现8个恶意软件
Worm.Win32.AutoIt.ai (病毒)
D:\病毒樣本\bi.rar\Bi mat.exe3
AdWare.Win32.BHO.bgf (adware)
D:\病毒樣本\bi.rar\ad1322.exe2
Trojan-Downloader.Win32.Losabel.nx (病毒)
D:\病毒樣本\bi.rar\U.exe2
Trojan-Downloader.Win32.Agent.rgw (病毒)
D:\病毒樣本\bi.rar\6Y5MJ54C7UI1.exe2
D:\病毒樣本\bi.rar\WFPN63ERPNSJ.exe2
Trojan-Dropper.Win32.Agent.sed (病毒)
D:\病毒樣本\bi.rar\JR4HXHB3.exe2
Trojan.Win32.Agent.qqx (病毒)
D:\病毒樣本\bi.rar\tmpA.tmp
Trojan-Downloader.Win32.Agent.rgr (病毒)
D:\病毒樣本\bi.rar\wtfwdsh.exe2
FS8個

显示全部楼层 · 发表于 2008-5-31 17:41:05

jm kill 2

显示全部楼层 · 发表于 2008-5-31 17:42:33

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Worm.Win32.AutoIt.aa
病毒： Dropper.Win32.Agent.gcx
病毒： Trojan.Win32.Undef.hbr

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.46.52

显示全部楼层 · 发表于 2008-5-31 18:05:34

扫描进行于：2008/5/31 18:03:26
扫描日志
NOD32版本 3148 (20080530) NT
命令行： C:\Users\\Desktop\bi.rar

日期： 31.5.2008 时间：18:03:27
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Users\Administrator\Desktop\bi.rar
C:\Users\Administrator\Desktop\bi.rar >>RAR >>Bi mat.exe3 >>AUTOIT >>script.au3 - Win32/Packed.Autoit.Gen 应用程序
C:\Users\Administrator\Desktop\bi.rar >>RAR >>ad1322.exe2 >>NSIS >>cpush.dll - Win32/Adware.Cinmus 应用程序的变种
C:\Users\Administrator\Desktop\bi.rar >>RAR >>ad1322.exe2 >>NSIS >>Uninst.exe - Win32/Adware.Cinmus 应用程序
C:\Users\Administrator\Desktop\bi.rar >>RAR >>tmpA.tmp - Win32/PSW.OnLineGames.NMQ 木马
已扫描的文件数目：14
已发现的病毒数目：4
完成时间： 18:03:29 总扫描时间：2 秒 (00:00:02)

显示全部楼层 · 发表于 2008-5-31 19:58:27

扫描系统区域...
扫描所选择的目录和文件...
对象: Bi mat.exe3
在压缩档案里: F:\bi.rar
Status: 已发现病毒
病毒: Trojan.AutoIt.TQ (BD 引擎)
对象: ad1322.exe2=>(NSIS o) bzip2_solid_nsis0000
在压缩档案里: F:\bi.rar
Status: 已发现病毒
病毒: Adware.CPush.AC (BD 引擎)
对象: ad1322.exe2=>(NSIS o) bzip2_solid_nsis0001
在压缩档案里: F:\bi.rar
Status: 已发现病毒
病毒: Adware.Sogou.Gen (BD 引擎)
对象: U.exe2
在压缩档案里: F:\bi.rar
Status: 已发现病毒
病毒: Generic.Malware.P!BPk!g.D9DFB676 (BD 引擎)
对象: tmpA.tmp
在压缩档案里: F:\bi.rar
Status: 已发现病毒
病毒: Trojan.Generic.285072 (BD 引擎)

显示全部楼层 · 发表于 2008-5-31 20:00:20

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\bi.rar<RAR>:Bi mat.exe3<UPX>:Bi mat.exe3 <- Worm.Sohanad.Nc : No action
C:\Documents and Settings\All Users\Documents\Test\bi.rar<RAR>:ad1322.exe2<NSIS>:cpush.dll <- Adware.Bho.Bgf : No action
C:\Documents and Settings\All Users\Documents\Test\bi.rar<RAR>:U.exe2<UPack>:U.exe2 <- Heur.RoundKick : No action

Scanned objects : 17

Infected objects : 3

显示全部楼层 · 发表于 2008-5-31 20:01:14

[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\bi.rar->U.exe2->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\bi.rar->tmpA.tmp

---------------------------------------------------------------------
Scan ended: 2008-5-31, 20:01:01
Duration: 0:00:05

Scan result:

Scanned files:    6
Infected objects:    2
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

[病毒样本] 入來吃下午茶

本帖子中包含更多资源

13/3

ArcaVir2008

F-Prot 4.4.4

浏览过的版块