不是用NOD32的不必进来了

Kitman

Begin scan in 'C:\Documents and Settings\Administrator\桌面\12'
C:\Documents and Settings\Administrator\桌面\12\0.exe
      [DETECTION] Is the Trojan horse TR/PSW.VB.RW
      [NOTE]      A backup was created as '48d41a1a.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\1.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '48d41a1b.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\10.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '489d1a1d.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\11.exe
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      A backup was created as '489d1a1e.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\12.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '489d1a1f.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\13.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '489d1a21.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\14.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '489d1a22.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\15.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '489d1a25.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\16.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '489d1a27.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\17.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '489d1a28.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\18.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '489d1a2a.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\19.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '489d1a2b.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      TR/Crypt.XDR.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<NvCplDaemon>=sz:2.exe
      [NOTE]      TR/Crypt.XDR.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<NvMediaCenter>=sz:2.exe
      [NOTE]      A backup was created as '48d41a20.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '495c4501.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\4.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '48d41a22.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\5.exe
      [DETECTION] Is the Trojan horse TR/Agent.7680
      [NOTE]      A backup was created as '495c4503.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\6.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '48d41a21.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\7.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      A backup was created as '495c4502.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\8.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.maj.2
      [NOTE]      A backup was created as '48d41a23.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\12\9.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [NOTE]      A backup was created as '495c4504.qua'  ( QUARANTINE )
      [NOTE]      The file was deleted!


End of the scan: 2008年7月5日  14:51
Used time: 00:09 min

The scan has been done completely.

      1 Scanning directories
     20 Files were scanned
     20 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     20 files were deleted
      0 files were repaired
     20 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
     20 Notes

电影结束了

原帖由 风野胤 于 2008-7-5 14:18 发表

Scan Log
Version of virus signature database: 3244 (20080705)
Date: 2008-7-5  Time: 14:19:57
Scanned disks, folders and files: R:\8.exe;R:\0.exe;R:\1.exe;R:\2.exe;R:\3.exe;R:\4.exe;R:\5 ...

8.exe不会这么简单的...
沙盘限制吧...
运行不出来的...
实机试试就知道
有一行为就是删除其本身....应该还加载了个DLL

aerbeisi

我用NOD32，所以进来看了一下。

原帖由 电影结束了 于 2008-7-5 15:00 发表



8.exe不会这么简单的...
沙盘限制吧...
运行不出来的...
实机试试就知道
有一行为就是删除其本身....应该还加载了个DLL

加载驱动，删除本身，貌似是劫持LSP，其他没发现

Palkia

毒霸MISS 4

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Undef.vx

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.51.52

testhawk

Avast也无视了..

easybeing

过一个星期nod的病毒库啥反应也不会有，呵呵

testhawk

原帖由 easybeing 于 2008-7-5 23:09 发表
过一个星期nod的病毒库啥反应也不会有，呵呵

这可不一定.

风野胤

原帖由 solcroft 于 2008-7-5 14:50 发表
让我想起千XX经典语录里的一句
高危病毒上报马上入库，不入库说明没啥威胁性
呵呵
PS：劝某人分析病毒不要只懂得看沙盘

eset的入库原则摆在那儿了
说不入就不入
你能奈他何？
eset依然不是我家开。。。

S过于热血
咱承认自己冷血

ps 说实话
     8.exe运行过了
     不过呢
     难道你想让一个电脑上全盘exe都只有限制权限的人分析病毒？