[病毒样本] 10x

显示全部楼层 · 发表于 2008-6-2 18:30:57

avast! x6

* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, June 02, 2008
* VPS: 080601-0, 06/01/2008
*
C:\Documents and Settings\Limited User\Desktop\1\1 [L] Win32:Tiny-QP [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\1\2 [L] Win32:Tibser (0)
C:\Documents and Settings\Limited User\Desktop\1\3 [L] Win32:Tibser (0)
C:\Documents and Settings\Limited User\Desktop\1\5 [L] Win32:Tibs-DXY [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\1\7 [L] Win32:Rootkit-gen [Rtk] (0)
C:\Documents and Settings\Limited User\Desktop\1\9 [L] Win32:Tibser (0)
Infected files: 6
Total files: 11
Total folders: 1
Total size: 236.1 KB
*
* Task stopped: Monday, June 02, 2008
* Run-time was 2 second(s)

显示全部楼层 · 发表于 2008-6-2 18:35:33

D:\firefox download\1.zip > ZIP > 1 - Win32/TrojanDownloader.Tiny.NDI 特洛伊木马
D:\firefox download\1.zip > ZIP > 2 - 正常
D:\firefox download\1.zip > ZIP > 3 - 正常
D:\firefox download\1.zip > ZIP > 4 - 未查明的 NewHeur_PE 病毒
D:\firefox download\1.zip > ZIP > 5 - Win32/TrojanProxy.Agent.NDW 特洛伊木马
D:\firefox download\1.zip > ZIP > 6 - 正常
D:\firefox download\1.zip > ZIP > 7 - Win32/TrojanClicker.Agent.NDI 特洛伊木马
D:\firefox download\1.zip > ZIP > 8 - 可能是 Win32/TrojanDownloader.Small.IAW 特洛伊木马的变种
D:\firefox download\1.zip > ZIP > 9 - 正常
D:\firefox download\1.zip > ZIP > 10 - 正常

显示全部楼层 · 发表于 2008-6-2 18:40:48

C:\Documents and Settings\Administrator\桌面\1.zip>>7       Heuri.Suspicious.ERNM       启发式扫描       还未处理
C:\Documents and Settings\Administrator\桌面\1.zip>>8       Trojan.Ddqwdk.tbmc       木马       还未处理

2                7.04/7.04KB       100.00% 在线扫描    它是一个“蠕虫病毒”2008-6-2 18:41:36 2008-6-2 18:41:44
5                49.72/49.72KB    100.00% 在线扫描    它是一个“木马” 2008-6-2 18:41:46 2008-6-2 18:42:09
10                9.56/9.56KB       100.00% 在线扫描    它是一个“蠕虫病毒”2008-6-2 18:41:55 2008-6-2 18:43:18
3                7.95/7.95KB       100.00% 在线扫描    它是一个“有害程序”2008-6-2 18:41:39 2008-6-2 18:41:53
1                1.39/1.39KB       100.00% 在线扫描    它是一个“木马” 2008-6-2 18:41:32 2008-6-2 18:41:33
4                53.39/53.39KB    100.00% 在线扫描    它是一个“间谍程序”2008-6-2 18:41:43 2008-6-2 18:42:09
6                4.11/4.11KB       100.00% 在线扫描    它是一个“蠕虫病毒”2008-6-2 18:41:49 2008-6-2 18:45:16
9                5.50/5.50KB       100.00% 在线扫描    它是一个“蠕虫病毒”2008-6-2 18:41:52 2008-6-2 18:44:20

[ 本帖最后由 tvuser2007 于 2008-6-2 18:45 编辑 ]

显示全部楼层 · 发表于 2008-6-2 18:50:25

dr web 4/10
1;C:\Documents and Settings\sky\桌面\1;Trojan.DownLoader.59067;;
5;C:\Documents and Settings\sky\桌面\1;Trojan.Spambot.2566;;
7;C:\Documents and Settings\sky\桌面\1;Trojan.Packed.485;;
8;C:\Documents and Settings\sky\桌面\1;Trojan.DownLoader.62561;;

TIS2008 9/10 趋势不错么
"18:49" "手动扫描" "文件" "TROJ_TIBS.ZV" "C:\Documents and Settings\sky\桌面\1\1" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRP.GEN" "C:\Documents and Settings\sky\桌面\1\10" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRP.GEN" "C:\Documents and Settings\sky\桌面\1\2" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRP.GEN" "C:\Documents and Settings\sky\桌面\1\3" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRYPT.GEN" "C:\Documents and Settings\sky\桌面\1\4" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_ZHELATIN.VM" "C:\Documents and Settings\sky\桌面\1\5" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRP.GEN" "C:\Documents and Settings\sky\桌面\1\6" "隔离成功" ""
"18:49" "手动扫描" "文件" "TROJ_UPOLYX.CG" "C:\Documents and Settings\sky\桌面\1\8" "隔离成功" ""
"18:49" "手动扫描" "文件" "WORM_NUCRP.GEN" "C:\Documents and Settings\sky\桌面\1\9" "隔离成功" ""

[ 本帖最后由 feihongtian 于 2008-6-2 19:02 编辑 ]

显示全部楼层 · 发表于 2008-6-2 18:59:05

原帖由 傻猪猪米走鸡 于 2008-6-2 18:35 发表
D:\firefox download\1.zip > ZIP > 1 - Win32/TrojanDownloader.Tiny.NDI 特洛伊木马
D:\firefox download\1.zip > ZIP > 2 - 正常
D:\firefox download\1.zip > ZIP > 3 - 正常
D:\firefox download\1.zip > ZI ...

网络启发全灭
5张图
懒得贴
不信的人可以去试
以上

显示全部楼层 · 发表于 2008-6-2 19:07:26

egin scan in 'C:\Documents and Settings\Administrator\桌面\1.zip'
C:\Documents and Settings\Administrator\桌面\1.zip
  [0] Archive type: ZIP
  --> 1
   [DETECTION] Is the Trojan horse TR/Dldr.Tibs.WW
  --> 2
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> 3
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 4
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 5
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> 6
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 7
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> 8
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> 9
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
  --> 10
   [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen
   [NOTE]    The file was successfully wiped!
   [NOTE]    The file was deleted!

End of the scan: 2008年6月2日  19:06
Used time: 00:16 min

The scan has been done completely.

   0 Scanning directories
   11 Files were scanned
   10 viruses and/or unwanted programs were found

显示全部楼层 · 发表于 2008-6-2 19:13:49

D:\病毒测试\临时解压\1.zip:\1 - 特征码 'Trojan-Downloader.Win32.Tibs.ww' 被发现
D:\病毒测试\临时解压\1.zip:\2
D:\病毒测试\临时解压\1.zip:\3
D:\病毒测试\临时解压\1.zip:\4
D:\病毒测试\临时解压\1.zip:\5 - 特征码 'Virus.Win32.Tibs.DXY' 被发现
D:\病毒测试\临时解压\1.zip:\6 - 可疑代码段被发现 (Level: 50)
D:\病毒测试\临时解压\1.zip:\7 - 特征码 'Packer.Krunchy.B' 被发现
D:\病毒测试\临时解压\1.zip:\8 - 特征码 'Trojan.Retapu.D' 被发现
D:\病毒测试\临时解压\1.zip:\9
D:\病毒测试\临时解压\1.zip:\10
D:\病毒测试\临时解压\1.zip

11 文件被扫描
(1 压缩档 10 文件)
4 特征码被侦测
1 可疑代码段被发现
耗时: 0:02.364

显示全部楼层 · 发表于 2008-6-2 19:57:25

3个。。。

显示全部楼层 · 发表于 2008-6-2 20:06:51

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:1 <- Downloader.Tibs.Ww : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:3 <- Heur.W32 : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:5 <- Downloader.Tibs.Ym : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:6 <- Heur.W32 : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:7 <- Trojan.Small.Ayd : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:8 <- W32.Junkcomp : No action

Scanned objects : 11

Infected objects : 6

显示全部楼层 · 发表于 2008-6-2 20:07:14

[Found downloader] <W32/Downldr2.BIHP (exact, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\1.zip->1
[Found possible virus] <W32/STZ_like!Generic (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\1.zip->2
[Found security risk] <W32/Tibs.V.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->4
[Found downloader] <W32/Downldr2.BUOS (exact, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\1.zip->5
[Found possible virus] <W32/new-malware!Maximus (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\1.zip->6

---------------------------------------------------------------------
Scan ended: 2008-6-2, 20:07:03
Duration: 0:00:02

Scan result:

Scanned files:    6
Infected objects:    5
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

[病毒样本] 10x

本帖子中包含更多资源

5

全灭

本帖子中包含更多资源

ArcaVir2008

F-Prot 4.4.4