[病毒样本] 72*

显示全部楼层 · 发表于 2008-6-24 09:02:42

某贴挖
c0=http://111.1212l112.net/cao/aa1.exe
c1=http://111.1212l112.net/cao/aa2.exe
c2=http://111.1212l112.net/cao/aa3.exe
c3=http://111.1212l112.net/cao/aa4.exe
c4=http://111.1212l112.net/cao/aa5.exe
c5=http://111.1212l112.net/cao/aa6.exe
c6=http://222.1212l112.net/cao/aa7.exe
c7=http://222.1212l112.net/cao/aa8.exe
c8=http://222.1212l112.net/cao/aa9.exe
c9=http://222.1212l112.net/cao/aa10.exe
c10=http://222.1212l112.net/cao/aa11.exe
c11=http://222.1212l112.net/cao/aa12.exe
c12=http://444.1212l112.net/cao/aa13.exe
c13=http://444.1212l112.net/cao/aa14.exe
c14=http://444.1212l112.net/cao/aa15.exe
c15=http://444.1212l112.net/cao/aa16.exe
c16=http://444.1212l112.net/cao/aa17.exe
c17=http://444.1212l112.net/cao/aa18.exe
c18=http://555.1212l112.net/cao/aa19.exe
c19=http://555.1212l112.net/cao/aa20.exe
c20=http://555.1212l112.net/cao/aa21.exe
c21=http://555.1212l112.net/cao/aa22.exe
c22=http://555.1212l112.net/cao/aa23.exe
c23=http://555.1212l112.net/cao/aa24.exe
c24=http://111.1212l112.net/cao/aa25.exe
c25=http://222.1212l112.net/cao/aa26.exe
c26=http://444.1212l112.net/cao/aa27.exe
c27=http://555.1212l112.net/cao/aa28.exe

显示全部楼层 · 发表于 2008-6-24 09:06:33

MicroVita AntiSpyware
_____________________________________________

         风暴微塔反间谍 T2
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[D:\Virus1\生成物\(null)_5.exe5]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19435  MD5:f966a7d6b54fdae6ee979f6a29648464

[D:\Virus1\生成物\(null)_6.exe6]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19711  MD5:33db5e64e66592ac2155fecf73e92199

[D:\Virus1\生成物\(null)_7.exe7]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19903  MD5:5f7c09a2ad383f82ad7fe35692befda4

[D:\Virus1\生成物\(null)_8.exe8]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:10904  MD5:c4caaab3b3837f03c795596738145f2e

[D:\Virus1\生成物\(null)_9.exe9]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19243  MD5:5a69f789e2692929945abe89f5615381

[D:\Virus1\生成物\(null).exe0]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:23431  MD5:3380cda2c7bd2c799a309972f91bf44b

[D:\Virus1\生成物\(null)_1.exe1]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20059  MD5:455f2d7d18d398a28186bef6a6b94641

[D:\Virus1\生成物\(null)_10.exe10]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19291  MD5:cd6eec9ea848b3e8cd8c11a613f0cacd

[D:\Virus1\生成物\(null)_12.exe12]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20323  MD5:dddd789c085e9bc4a3387c6a1965e4b2

[D:\Virus1\生成物\(null)_13.exe13]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19755  MD5:e76a067a9d79f5588e60f193329adc89

[D:\Virus1\生成物\(null)_14.exe14]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19235  MD5:b481eea76f6ca4aa27817e89d93023b4

[D:\Virus1\生成物\(null)_15.exe15]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19407  MD5:655129864c298c04d7fdb446abbffa04

[D:\Virus1\生成物\(null)_16.exe16]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19843  MD5:d87419a461b3052b6914140231b3fd55

[D:\Virus1\生成物\(null)_17.exe17]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:21255  MD5:fa659abc9a5288e34ce8eca82ca49a09

[D:\Virus1\生成物\(null)_18.exe18]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19643  MD5:ad985ec42e4ca9e0ba95af750956ee89

[D:\Virus1\生成物\(null)_19.exe19]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19735  MD5:aeec6c814d04a9aff2fca8b4d6b39b22

[D:\Virus1\生成物\(null)_2.exe2]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20275  MD5:d23961e939cd1b8f1f2e785ee73bf2bf

[D:\Virus1\生成物\(null)_20.exe20]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:18843  MD5:deb931ba8c878a97f2d4c5adecd2c2e3

[D:\Virus1\生成物\(null)_21.exe21]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:28096  MD5:2829bca0a356654aadf37e176065a433

[D:\Virus1\生成物\(null)_22.exe22]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19431  MD5:be017e59f60f2178bc8d508112dad567

[D:\Virus1\生成物\(null)_23.exe23]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:20207  MD5:dee92c423681b6584a1cefa805b424a6

[D:\Virus1\生成物\(null)_25.exe25]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19615  MD5:f4d90e0fdc13a1adbd003422bae0d3bf

[D:\Virus1\生成物\(null)_3.exe3]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:22479  MD5:9e01550493538bf2dab9565312cdc717

[D:\Virus1\生成物\afdx10.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19291  MD5:cd6eec9ea848b3e8cd8c11a613f0cacd

[D:\Virus1\生成物\aukr16.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19843  MD5:d87419a461b3052b6914140231b3fd55

[D:\Virus1\生成物\bwsp17.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:21255  MD5:fa659abc9a5288e34ce8eca82ca49a09

[D:\Virus1\生成物\dzqp9.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19243  MD5:5a69f789e2692929945abe89f5615381

[D:\Virus1\生成物\eksq5.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19435  MD5:f966a7d6b54fdae6ee979f6a29648464

[D:\Virus1\生成物\emob1.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20059  MD5:455f2d7d18d398a28186bef6a6b94641

[D:\Virus1\生成物\ftoz12.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20323  MD5:dddd789c085e9bc4a3387c6a1965e4b2

[D:\Virus1\生成物\gvfw13.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19755  MD5:e76a067a9d79f5588e60f193329adc89

[D:\Virus1\生成物\iihu20.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:18843  MD5:deb931ba8c878a97f2d4c5adecd2c2e3

[D:\Virus1\生成物\irck6.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19711  MD5:33db5e64e66592ac2155fecf73e92199

[D:\Virus1\生成物\mymc15.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:19407  MD5:655129864c298c04d7fdb446abbffa04

[D:\Virus1\生成物\nzqw0.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:23431  MD5:3380cda2c7bd2c799a309972f91bf44b

[D:\Virus1\生成物\plet3.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:22479  MD5:9e01550493538bf2dab9565312cdc717

[D:\Virus1\生成物\qpsl2.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:20275  MD5:d23961e939cd1b8f1f2e785ee73bf2bf

[D:\Virus1\生成物\rwdi7.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19903  MD5:5f7c09a2ad383f82ad7fe35692befda4

[D:\Virus1\生成物\sude21.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:28096  MD5:2829bca0a356654aadf37e176065a433

[D:\Virus1\生成物\uvyt23.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:20207  MD5:dee92c423681b6584a1cefa805b424a6

[D:\Virus1\生成物\vjnq22.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19431  MD5:be017e59f60f2178bc8d508112dad567

[D:\Virus1\生成物\xgvw25.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19615  MD5:f4d90e0fdc13a1adbd003422bae0d3bf

[D:\Virus1\生成物\ymdj18.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:19643  MD5:ad985ec42e4ca9e0ba95af750956ee89

[D:\Virus1\生成物\cdwqfs.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:229376  MD5:1e7a6264fc6282c372b2bd6aa2099e20

[D:\Virus1\生成物\cedafb.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:229376  MD5:37eb8adfc9ea0e2cf303b11aab761132

[D:\Virus1\生成物\ddserh.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:268800  MD5:35b02b614a0d5247b82f7994c13d0b07

[D:\Virus1\生成物\fmcvxy.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:232960  MD5:0c390bd034947c18955859b52ced6349

[D:\Virus1\生成物\hhrdxd.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:240128  MD5:e1ce3e1093d8ea980d8d7a9a62132bf4

[D:\Virus1\生成物\jfrwdh.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:225792  MD5:bf50e399a4f90e1429e58e519cf92ef6

[D:\Virus1\生成物\jggtsr.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:225792  MD5:d49c8919665acfa56ed351b18bcbcfe6

[D:\Virus1\生成物\jhfrxz.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:222208  MD5:05212d04857b97240c4d9571f8633dec

[D:\Virus1\生成物\mfdesy.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:232960  MD5:78cb39fe10ef024b2cbf1aa08830f0ba

[D:\Virus1\生成物\mtewdh.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:283136  MD5:551bae8e5a43abb5518ad1ab45c15927

[D:\Virus1\生成物\pedadt.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:229376  MD5:5729a479706a50793799aaeefb31383a

[D:\Virus1\生成物\rfdswc.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:258048  MD5:1d033539aa5d64d0fab9bed76bebaf87

[D:\Virus1\生成物\sgrefg.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:218624  MD5:731e47268a54bfcefad0ce23a32c2264

[D:\Virus1\生成物\tdffdl.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:225792  MD5:7f12ccbd7b687b0fe1f2776b0a785cb7

[D:\Virus1\生成物\tdggrz.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:218624  MD5:e7a1ae7b4a8177649132e9eef82124d4

[D:\Virus1\生成物\wklsdd.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:236544  MD5:2ab7566a59391b831d4658cdaf2d2958

[D:\Virus1\生成物\wrqszl.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:232960  MD5:15746dfe67ea5959c3e2e4d97d9b7d1c

[D:\Virus1\生成物\wyhesm.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:229376  MD5:bb91e9683ce2f8c366f7e5233c5ce581

[D:\Virus1\生成物\wyrsdj.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:229376  MD5:51f8ff54616193c8eb3d50e79d455230

[D:\Virus1\生成物\zefdst.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:232960  MD5:10f4859e919a03e6ec05d6769562dbb1

[D:\Virus1\生成物\zgrjdx.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:222208  MD5:0b2eb9d17b344b209095b0c1df078c07

文件数:70 病毒数:64  比重:0.9142857142857
OK  扫描完毕！
  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

[ 本帖最后由 FBAV 于 2008-6-24 09:08 编辑 ]

显示全部楼层 · 发表于 2008-6-24 09:26:29

Begin scan in 'C:\Documents and Settings\haha\桌面\��.rar'
C:\Documents and Settings\haha\桌面\��.rar
  [0] Archive type: RAR
--> (null)_5.exe5
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_6.exe6
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_7.exe7
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_8.exe8
      [DETECTION] Is the Trojan horse TR/PSW.OnLi.aoiq.75
--> (null)_9.exe9
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null).exe0
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_1.exe1
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_10.exe10
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_12.exe12
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_13.exe13
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_14.exe14
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> (null)_15.exe15
   [DETECTION] Contains detection pattern of the Windows virus W32/Hllp.Alcaul.e
--> (null)_16.exe16
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_17.exe17
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_18.exe18
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_19.exe19
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_2.exe2
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_20.exe20
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_21.exe21
      [DETECTION] Is the Trojan horse TR/Agent.qsa
--> (null)_22.exe22
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_23.exe23
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_25.exe25
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> (null)_3.exe3
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '485e4d29.qua'  ( QUARANTINE )

End of the scan: 2008年6月24日  09:26
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   27 Files were scanned
   26 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-6-24 09:27:42

Begin scan in 'C:\Documents and Settings\haha\桌面\virus'
C:\Documents and Settings\haha\桌面\virus\afdx10.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c44dd8.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\aukr16.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48cb4de7.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\bwsp17.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d34de9.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\cdwqfs.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.asfi.2
   [NOTE]    A backup was created as '48d74dd6.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\cedafb.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.asby.6
   [NOTE]    A backup was created as '48c44dd7.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\cliconfgzx.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLi.aoiq.75
   [NOTE]    A backup was created as '48c94dde.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\d32dx9.sys
   [DETECTION] Is the Trojan horse TR/Spy.KeySpy.U
   [NOTE]    A backup was created as '48924da5.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\ddserh.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48d34dd7.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\dzqp9.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d14ded.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\eksq5.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d34dde.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\emob1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48cf4de0.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\fmcvxy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.asak
   [NOTE]    A backup was created as '48c34de0.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\ftoz12.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48cf4de7.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\gvfw13.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c64dea.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\hhrdxd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48d24ddc.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\iihu20.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c84ddd.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\irck6.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c34de6.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\jcfd11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '48c64dd7.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\jfrwdh.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aqcg.9
   [NOTE]    A backup was created as '48d24dda.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\jggtsr.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.275
   [NOTE]    A backup was created as '48c74ddb.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\jhfrxz.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.252
   [NOTE]    A backup was created as '48c64ddc.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\kogq4.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '48c74de3.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\mfdesy.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.262
   [NOTE]    A backup was created as '48c44dda.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\mtewdh.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48c54de8.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\mymc15.exe
   [DETECTION] Contains detection pattern of the Windows virus W32/Hllp.Alcaul.e
   [NOTE]    A backup was created as '48cd4ded.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\nqka24.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '48cb4de5.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\nzqw0.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d14dee.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\pedadt.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48c44dd9.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\plet3.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c54de1.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\qpsl2.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d34de5.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\rfdswc.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48c44ddb.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\rwdi7.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c44dec.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\sgrefg.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.asei.5
   [NOTE]    A backup was created as '4e50fe4d.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\sude21.exe
   [DETECTION] Is the Trojan horse TR/Agent.qsa
   [NOTE]    A backup was created as '48c44dea.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\tdffdl.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48c64dd9.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\tdggrz.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.279
   [NOTE]    A backup was created as '48c74dd9.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\uvyt23.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d94deb.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\vjnq22.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48ce4ddf.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\wklsdd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48cc4de0.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\wrqszl.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48d14de8.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\wyhesm.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.271
   [NOTE]    A backup was created as '48c84def.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\wyrsdj.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48d24def.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\xgvw25.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48d64ddd.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\ymdj18.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48c44de3.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\zefdst.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48c64ddb.qua'  ( QUARANTINE )
C:\Documents and Settings\haha\桌面\virus\zgrjdx.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48d24ddd.qua'  ( QUARANTINE )

End of the scan: 2008年6月24日  09:27
Used time: 00:06 min

The scan has been done completely.

   1 Scanning directories
   46 Files were scanned
   40 viruses and/or unwanted programs were found
   6 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   46 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   0 Archives were scanned
   0 Warnings
   46 Notes

显示全部楼层 · 发表于 2008-6-24 09:40:29

vba32 =16+11

G:\Security\Scan\下载物\(null)_11.exe11 : infected Trojan-PSW.Win32.OnLineGames.arze
G:\Security\Scan\下载物\(null)_15.exe15 : infected Trojan-PSW.Win32.OnLineGames.aqjy
G:\Security\Scan\下载物\(null)_21.exe21 : infected Trojan.Win32.Agent.rzv
G:\Security\Scan\下载物\(null)_24.exe24 : infected Trojan.Win32.Agent.hnd
G:\Security\Scan\下载物\(null)_6.exe6 : infected Trojan-PSW.Win32.OnLineGames.arza
G:\Security\Scan\下载物\(null)_8.exe8 : infected Trojan-PSW.Win32.OnLineGames.asdh
G:\Security\Scan\生成物\cdwqfs.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\cedafb.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\cliconfgzx.dll : infected Trojan.PWS.Wsgame.5940
G:\Security\Scan\生成物\d32dx9.sys : infected Trojan-Spy.Win32.KeySpy.u
G:\Security\Scan\生成物\ddserh.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\fmcvxy.dll : infected Trojan-PSW.Win32.OnLineGames.asak
G:\Security\Scan\生成物\hhrdxd.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\irck6.exe : infected Trojan-PSW.Win32.OnLineGames.arza
G:\Security\Scan\生成物\jcfd11.exe : infected Trojan-PSW.Win32.OnLineGames.arze
G:\Security\Scan\生成物\jfrwdh.dll : infected Trojan-PSW.Win32.OnLineGames.aqcg
G:\Security\Scan\生成物\jggtsr.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\mymc15.exe : infected Trojan-PSW.Win32.OnLineGames.aqjy
G:\Security\Scan\生成物\nqka24.exe : infected Trojan.Win32.Agent.hnd
G:\Security\Scan\生成物\rfdswc.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\sgrefg.dll : infected Trojan-PSW.Win32.OnLineGames.asei
G:\Security\Scan\生成物\sude21.exe : infected Trojan.Win32.Agent.rzv
G:\Security\Scan\生成物\wklsdd.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\wrqszl.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\wyhesm.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\wyrsdj.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
G:\Security\Scan\生成物\zefdst.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)

显示全部楼层 · 发表于 2008-6-24 09:46:03

显示全部楼层 · 发表于 2008-6-24 10:23:29

Hello.
New malicious software was found in the attached files.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: virus.zip

> password:virus

显示全部楼层 · 发表于 2008-6-24 10:41:07

生成物 45
D:\virus\afdx10.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\aukr16.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\bwsp17.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\cdwqfs.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\cedafb.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\cliconfgzx.dll - 特征码 'Virus.Win32.Nilage.NP' 被发现
D:\virus\d32dx9.sys - 特征码 'Trojan-Spy.Keyspy.U' 被发现
D:\virus\ddserh.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\dzqp9.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\eksq5.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\emob1.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\fmcvxy.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\ftoz12.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\gvfw13.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\hhrdxd.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\iihu20.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\irck6.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\jcfd11.exe
D:\virus\jfrwdh.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\jggtsr.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\jhfrxz.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\kogq4.exe - 特征码 'Trojan-PWS.OnlineGames.ZAY' 被发现
D:\virus\mfdesy.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\mtewdh.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\mymc15.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\nqka24.exe - 特征码 'Trojan-PWS.OnlineGames.ZAY' 被发现
D:\virus\nzqw0.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\pedadt.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\plet3.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\qpsl2.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\rfdswc.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\rwdi7.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\sgrefg.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\sude21.exe - 特征码 'Virus.Win32.Agent.XSQ' 被发现
D:\virus\tdffdl.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\tdggrz.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\uvyt23.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\vjnq22.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\wklsdd.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\wrqszl.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\wyhesm.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\wyrsdj.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\xgvw25.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\ymdj18.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\zefdst.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现
D:\virus\zgrjdx.dll - 特征码 'Trojan.Win32.Tilcun.B' 被发现

46 文件被扫描
(0 压缩档 0 文件)
45 特征码被侦测
0 可疑代码段被发现
耗时: 0:02.641

显示全部楼层 · 发表于 2008-6-24 10:43:51

下载物 25
D:\virus\(null)_5.exe5 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_6.exe6 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_7.exe7 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_8.exe8 - 可疑代码段被发现 (Level: 75)
D:\virus\(null)_9.exe9 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null).exe0 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_1.exe1 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_10.exe10 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_11.exe11
D:\virus\(null)_12.exe12 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_13.exe13 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_14.exe14 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_15.exe15 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_16.exe16 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_17.exe17 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_18.exe18 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_19.exe19 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_2.exe2 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_20.exe20 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_21.exe21 - 特征码 'Virus.Win32.Agent.XSQ' 被发现
D:\virus\(null)_22.exe22 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_23.exe23 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_24.exe24 - 特征码 'Trojan-PWS.OnlineGames.ZAY' 被发现
D:\virus\(null)_25.exe25 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_3.exe3 - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
D:\virus\(null)_4.exe4 - 特征码 'Trojan-PWS.OnlineGames.ZAY' 被发现

26 文件被扫描
(0 压缩档 0 文件)
24 特征码被侦测
1 可疑代码段被发现
耗时: 0:06.515

显示全部楼层 · 发表于 2008-6-24 10:44:23

IKARUS合计45+25=70

[病毒样本] 72*

本帖子中包含更多资源

mcafee8.7