6个

显示全部楼层 · 发表于 2008-6-8 09:51:09

Begin scan in 'C:\Documents and Settings\Administrator\桌面\1.rar'
C:\Documents and Settings\Administrator\桌面\1.rar
  [0] Archive type: RAR
  --> 3.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.VB.epp.2
  --> 4.exe
   [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/AdSpy.Gen
--> 4.exe
   [1] Archive type: RAR SFX (self extracting)
   --> whAgent.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Webhancer.O
   --> whInstaller.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/AdSpy.Gen
   --> webhdll.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Webhancer.390.22
   --> whiehlpr.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Webhancer.2
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [NOTE]    A backup was created as '48bd3b26.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

25039697

2.exe

72.01 KB

UNDER ANALYSIS

[ 本帖最后由 Kitman 于 2008-6-8 09:52 编辑 ]

显示全部楼层 · 发表于 2008-6-8 09:55:14

G:\Security\Scan\1\2.exe infected: Trojan.Crypt.EA
G:\Security\Scan\1\3.exe infected: Dropped:Trojan.Downloader.VB.VPG
G:\Security\Scan\1\4.exe=>(RAR Sfx o)=>whAgent.exe infected: Spyware.464
G:\Security\Scan\1\4.exe=>(RAR Sfx o)=>whInstaller.exe infected: Adware.Webhancer.BI
G:\Security\Scan\1\4.exe=>(RAR Sfx o)=>webhdll.dll infected: Adware.Webhancer.BI
G:\Security\Scan\1\4.exe=>(RAR Sfx o)=>whiehlpr.dll infected: Dialer.Generic.10254
G:\Security\Scan\1\5.exe suspected: BehavesLike:Trojan.Downloader

显示全部楼层 · 发表于 2008-6-8 09:57:19

快速扫描: 于 2008-6-8 9:55:49 完成 (事件: 24, 对象: 28, 时间: 00:00:25)
                                                2008-6-8 9:55:49 已完成任务
                     2008-6-8 9:55:48 已删除: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe
                                                                           2008-6-8 9:55:48 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/whiehlpr.dll
                                                                                       2008-6-8 9:55:48 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/webhdll.dll
                                                                                       2008-6-8 9:55:48 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/whInstaller.exe
                                                                                          2008-6-8 9:55:44 已检测到: not-a-virus:AdWare.Win32.WebHancer.423 F:\1.rar/4.exe/whAgent.exe
                                                                                       2008-6-8 9:55:44 已删除: Trojan.Win32.AutoRun.d F:\1.rar/6.exe
                                                         2008-6-8 9:55:39 已检测到: Trojan.Win32.AutoRun.d F:\1.rar/6.exe
                                                         2008-6-8 9:55:39 已删除: Trojan-Downloader.Win32.VB.epp F:\1.rar/3.exe
                                                                  2008-6-8 9:55:36 已检测到: Trojan-Downloader.Win32.VB.epp F:\1.rar/3.exe/data0006
                                                                           2008-6-8 9:55:36 已删除: Trojan.Win32.DNSChanger.ebg F:\1.rar/2.exe
                                                               2008-6-8 9:55:25 已检测到: Trojan.Win32.DNSChanger.ebg F:\1.rar/2.exe
                                                               2008-6-8 9:55:25 未清除: Trojan.Win32.AutoRun.d F:\1.rar/6.exe 已延期
                                                         2008-6-8 9:55:25 已检测到: Trojan.Win32.AutoRun.d F:\1.rar/6.exe
                                                         2008-6-8 9:55:25 未清除: Trojan.Win32.DNSChanger.ebg F:\1.rar/2.exe 已延期
                                                               2008-6-8 9:55:25 已检测到: Trojan.Win32.DNSChanger.ebg F:\1.rar/2.exe
                                                               2008-6-8 9:55:25 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/whiehlpr.dll
                                                                                       2008-6-8 9:55:25 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/webhdll.dll
                                                                                       2008-6-8 9:55:25 已检测到: not-a-virus:AdWare.Win32.WebHancer.390 F:\1.rar/4.exe/whInstaller.exe
                                                                                          2008-6-8 9:55:25 未清除: not-a-virus:AdWare.Win32.WebHancer.423 F:\1.rar/4.exe/whAgent.exe 已延期
                                                                                       2008-6-8 9:55:25 已检测到: not-a-virus:AdWare.Win32.WebHancer.423 F:\1.rar/4.exe/whAgent.exe
                                                                                       2008-6-8 9:55:25 未清除: Trojan-Downloader.Win32.VB.epp F:\1.rar/3.exe/data0006 已延期
                                                                           2008-6-8 9:55:25 已检测到: Trojan-Downloader.Win32.VB.epp F:\1.rar/3.exe/data0006
                                                                           2008-6-8 9:55:24 已启动任务

显示全部楼层 · 发表于 2008-6-8 10:03:22

红伞P版删除8个

显示全部楼层 · 发表于 2008-6-8 10:45:08

E:\virus\1.rar > RAR > 3.exe > NSIS > vntiho061083.exe - Win32/TrojanDownloader.VB.AWJ 特洛伊木马
E:\virus\1.rar > RAR > 4.exe > RAR > whAgent.exe - 可能是 Win32/Adware.Webhancer.A 应用程序的变种
E:\virus\1.rar > RAR > 4.exe > RAR > whInstaller.exe - Win32/Adware.Webhancer.390 应用程序
E:\virus\1.rar > RAR > 4.exe > RAR > webhdll.dll - Win32/Adware.Webhancer.390 应用程序
E:\virus\1.rar > RAR > 4.exe > RAR > whiehlpr.dll - Win32/Adware.Webhancer 应用程序
E:\virus\1.rar > RAR > 2.exe - Win32/TrojanDownloader.Agent.NZJ 特洛伊木马

显示全部楼层 · 发表于 2008-6-8 12:56:17

扫描开始于2008年6月8日 12:56:57
G:\v\新建文件夹\6.exe,查到病毒: Suspicious, 操作: <无>
G:\v\新建文件夹\4.exe,查到病毒: Adware/WebHancer, 操作: 删除/隔离
G:\v\新建文件夹\3.exe,查到病毒: W32/VB.DHT!tr.dldr, 操作: 删除/隔离
G:\v\新建文件夹\2.exe,查到病毒: Suspicious, 操作: <无>
G:\v\新建文件夹\1.exe,查到病毒: Suspicious, 操作: <无>
扫描结束于2008年6月8日 12:57:00
总共扫描了6个文件, 其中感染病毒文件为5个. 总共扫描了0个引导区, 感染的引导区为0个.

显示全部楼层 · 发表于 2008-6-8 13:00:14

卡巴 7.0.1.325 4个

剩下2个上报

已删除: 木马程序 Trojan-Downloader.Win32.VB.epp 文件: F:\病毒样本\1.rar/3.exe//data0006
已删除: 广告程序 not-a-virus:AdWare.Win32.WebHancer.423 文件: F:\病毒样本\1.rar/4.exe/whAgent.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.WebHancer.390 文件: F:\病毒样本\1.rar/4.exe/whInstaller.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.WebHancer.390 文件: F:\病毒样本\1.rar/4.exe/webhdll.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.WebHancer.390 文件: F:\病毒样本\1.rar/4.exe/whiehlpr.dll
已删除: 木马程序 Trojan.Win32.DNSChanger.ebg 文件: F:\病毒样本\1.rar/2.exe
已删除: 木马程序 Trojan.Win32.AutoRun.d 文件: F:\病毒样本\1.rar/6.exe

显示全部楼层 · 发表于 2008-6-8 13:07:41

2.

2008-6-8 13:01:17 solo 1100 Sign of "Win32:Dropper-ANW [Trj]" has been found in "F:\1\1.exe" file.

2008-6-8 13:01:37 solo 684 Sign of "Win32:Neptunia-YO [Trj]" has been found in "F:\1\4.exe\whAgent.exe" file.
2008-6-8 13:01:42 solo 684 Sign of "Win32:Spyware-gen [Trj]" has been found in "F:\1\4.exe\whInstaller.exe" file.
2008-6-8 13:01:44 solo 684 Sign of "Win32:Spyware-gen [Trj]" has been found in "F:\1\4.exe\webhdll.dll" file.
2008-6-8 13:01:46 solo 684 Sign of "Win32:Dialer-567 [Trj]" has been found in "F:\1\4.exe\whiehlpr.dll" file.

显示全部楼层 · 发表于 2008-6-8 14:15:44

Scan Started Sun Jun 08 14:13:55 2008
-------------------------------------------------------------------------------

C:\Documents and Settings\XSJ\桌面\1.rar: Adware.Webhancer-10 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 258414
Engine version: 0.93
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 1.43 MB
Time: 9.703 sec (0 m 9 s)

[病毒样本] 6个

本帖子中包含更多资源

怎么是8个

浏览过的版块