...........

醉一生爱妍

http://download.skype.tom.com/Tom-SkypeSetup.exe	%ProgramFiles%\Skype\~Te3.tmp
http://skype.tom.com/download/install/sobar.exe	%ProgramFiles%\Skype\~Te4.tmp
http://skypetools3.tom.com/download/promote/promote.dll	%System%\promote.dll
http://www.pc112233.cn/soft/my8848.exe	%System%\my8848.exe
http://www.pc112233.cn/soft/yoyo1048.exe	%System%\yoyo1048.exe
http://www.pc112233.cn/soft/e21.exe	%System%\e21.exe
http://www.pc112233.cn/soft/msn.exe	%System%\msn.exe
http://www.pc112233.cn/soft/ggcg.exe	%System%\ggcg.exe
http://www.pc112233.cn/soft/winxp3.exe	%System%\winxp3.exe
http://www.pc112233.cn/soft/winxp4.exe	%System%\winxp4.exe
http://www.PC112233.cn/soft/UUSee_heima_Setup_110253.exe	%System%\UUSee_heima_Setup_110253.exe
http://download.skype.tom.com/Tom-SkypeSetup.exe	%ProgramFiles%\Skype\~Te1.tmp
http://skype.tom.com/download/install/sobar.exe	%ProgramFiles%\Skype\~Te2.tmp

http://soft.c393c.cn/newup3.txt

sbbdms

第1个、第12个20多M

第9个和第10个下不了

第11个5M多

第13个和第2个重复

就剩下7个了……

打包

sbbdms

卡巴杀2个，漏5个

已删除：木马程序 Backdoor.Win32.Rbot.kmp        文件　: D:\软件\其它\v\k\msn.rar/yoyo1048.exe
已删除：木马程序 Trojan-Downloader.Win32.QQHelper.bju        文件　: D:\软件\其它\v\k\msn.rar/e21.exe//data0002//#
已删除：广告程序 not-a-virus:AdWare.Win32.BHO.bgf        文件　: D:\软件\其它\v\k\msn.rar/e21.exe//data0003//data0002

TO KL

Hello,

ggcg.exe_ - Trojan-Clicker.Win32.Agent.ank,
my8848.exe_ - Trojan-Downloader.Win32.Hmir.cvr

These files are already detected. Please update your antivirus bases.

msn.exe_ - not-a-virus:AdWare.Win32.Cinmus.ixg

This file is an Advertizing Tool, it is detected by
extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

promote.dll, sobar.exe_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: msn.rar

已删除：木马程序 Trojan-Downloader.Win32.Hmir.cvr 文件　: D:\软件\其它\v\k\msn.rar/my8848.exe
已删除：广告程序 not-a-virus:AdWare.Win32.Cinmus.ixg 文件　: D:\软件\其它\v\k\msn.rar/msn.exe//stream//data0003//data0003
已删除：广告程序 not-a-virus:AdWare.Win32.Cinmus.ixg 文件　: D:\软件\其它\v\k\msn.rar/msn.exe//stream//data0002//data0004
已删除：木马程序 Trojan-Clicker.Win32.Agent.ank 文件　: D:\软件\其它\v\k\msn.rar/ggcg.exe//FSG

[ 本帖最后由 sbbdms 于 2008-6-8 20:55 编辑 ]

aaad2008

kv杀2个
ggcg.exe 威胁性参考分析图标
msn.exe  adware/cinmus.gen
yoyo1048.exe Backdoor/Rbot.wha

[ 本帖最后由 aaad2008 于 2008-6-8 15:33 编辑 ]

醉一生爱妍

在 C:\Documents and Settings\Administrator\桌面\msn\msn.exe->$TEMP\14_7815.exe->$[34]\$R0 中发现 Adware/Cinmus.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\msn\yoyo1048.exe 中发现 Backdoor/RBot.wha 病毒, 已删除

qigang

原帖由 sbbdms 于 2008-6-8 14:57 发表
第1个、第12个20多M

第9个和第10个下不了

第11个5M多

第13个和第2个重复

就剩下7个了……

打包

281558

281559

281560

Trojan.DL.Win32.Mnless.ahy

AdWare.Win32.Agent.bvk

需要解压后查杀。

电影结束了

算了。。。
呆会看电视时让它慢慢下。。。

bjfhj

2008-6-8 19:26:06        已完成任务                       
2008-6-8 19:26:06        已删除: Backdoor.Win32.Rbot.kmp        C:\Documents and Settings\Administrator\桌面\msn\yoyo1048.exe               
2008-6-8 19:25:59        已检测到: Backdoor.Win32.Rbot.kmp        C:\Documents and Settings\Administrator\桌面\msn\yoyo1048.exe               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003               
2008-6-8 19:25:59        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003/data0003               
2008-6-8 19:25:58        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0002               
2008-6-8 19:25:58        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0002               
2008-6-8 19:25:58        已删除: not-a-virus:AdWare.Win32.BHO.bgf        C:\Documents and Settings\Administrator\桌面\msn\e21.exe               
2008-6-8 19:25:58        已检测到: not-a-virus:AdWare.Win32.BHO.bgf        C:\Documents and Settings\Administrator\桌面\msn\e21.exe/data0003/data0002               
2008-6-8 19:25:57        已检测到: Trojan-Downloader.Win32.QQHelper.bju        C:\Documents and Settings\Administrator\桌面\msn\e21.exe/data0002/#               
2008-6-8 19:25:56        未清除: Backdoor.Win32.Rbot.kmp        C:\Documents and Settings\Administrator\桌面\msn\yoyo1048.exe        已延期       
2008-6-8 19:25:56        已检测到: Backdoor.Win32.Rbot.kmp        C:\Documents and Settings\Administrator\桌面\msn\yoyo1048.exe               
2008-6-8 19:25:56        已检测到: not-a-virus:AdWare.Win32.BHO.bgf        C:\Documents and Settings\Administrator\桌面\msn\e21.exe/data0003/data0002               
2008-6-8 19:25:56        未清除: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003/data0003        已延期       
2008-6-8 19:25:56        未清除: Trojan-Downloader.Win32.QQHelper.bju        C:\Documents and Settings\Administrator\桌面\msn\e21.exe/data0002/#        已延期       
2008-6-8 19:25:56        已检测到: Heur.Trojan.Generic        C:\Documents and Settings\Administrator\桌面\msn\msn.exe/stream/data0003/data0003               
2008-6-8 19:25:56        已检测到: Trojan-Downloader.Win32.QQHelper.bju        C:\Documents and Settings\Administrator\桌面\msn\e21.exe/data0002/#               
2008-6-8 19:25:54        已启动任务

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\msn.part1.rar<RAR>:e21.exe<NSIS>:ad.exe<NSIS>:cpush.dll <- Adware.Bho.Bgf : No action
C:\Documents and Settings\All Users\Documents\Test\msn.part3.rar<RAR>:yoyo1048.exe<NSIS>:43.sys <- Downloader.Agent.Nas : No action



Scanned objects : 18

Infected objects : 2

allinwonderi

[Found downloader]         <W32/Downloader.D.gen!Eldorado (not disinfectable, generic)>        C:\Documents and Settings\All Users\Documents\Test\msn.part2.rar->my8848.exe

---------------------------------------------------------------------
Scan ended:        2008-6-8, 21:08:49
Duration:        0:00:01

Scan result:

Scanned files:                 8
Infected objects:         1
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------