[病毒样本] 9x

显示全部楼层 · 发表于 2008-7-12 18:28:18

Begin scan in 'C:\Documents and Settings\Administrator\桌面\bpk 2'
C:\Documents and Settings\Administrator\桌面\bpk 2\E391CA085A1174C83E52F3B4E0FF7415
   [DETECTION] Is the Trojan horse TR/PSW.QQpass.bmk.1
   [NOTE]    A backup was created as '48b1875a.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\E3BD03B7CE1DA8C0B99EF46A092AE6C0
   [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.XQ
   [NOTE]    A backup was created as '48ba875a.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\E47816A0FDEE5324DC5DE6E48A1F7EE5
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [NOTE]    A backup was created as '48af875b.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\E543953546E348C69B023C83C10EF71E
   [DETECTION] Is the Trojan horse TR/Agent.szy
   [NOTE]    A backup was created as '48ac875c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\E5449436C4141E92FE511483B755A169
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.jqa
   [NOTE]    A backup was created as '49047885.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\E5D27B617A2DA64BE48237E51B5C7784
   [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.LH
   [NOTE]    A backup was created as '48bc875c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\EBF46AD3D230F658E43206764AF885B6
   [DETECTION] Is the Trojan horse TR/Obfuscated.dyu
   [NOTE]    A backup was created as '48be8769.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\bpk 2\EBF5CBE7
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    A backup was created as '491678b2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

End of the scan: 2008年7月12日  18:27
Used time: 00:03 min

The scan has been done completely.

   1 Scanning directories
   9 Files were scanned
   8 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   8 files were deleted
   0 files were repaired
   8 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   8 Notes
The file 'EE11C49B1383879744141B5CC3B4AEB5' has been determined to be 'UNDER ANALYSIS'.

[ 本帖最后由 Kitman 于 2008-7-12 18:29 编辑 ]

显示全部楼层 · 发表于 2008-7-15 18:07:13

显示全部楼层 · 发表于 2008-7-15 18:13:57

病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E5D27B617A2DA64BE48237E51B5C7784 Win32.Troj.Obfuscated.321536 清除成功
病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E5449436C4141E92FE511483B755A169 Win32.TrojDownloader.Delf.71680 清除成功
病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E543953546E348C69B023C83C10EF71E Win32.Troj.Agent.15616 清除成功
病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E47816A0FDEE5324DC5DE6E48A1F7EE5 Win32.Troj.SpyDelf.ak.561152 清除成功
病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E3BD03B7CE1DA8C0B99EF46A092AE6C0 Win32.Troj.Obfuscated.350208 清除成功
病毒 2008-07-15  18:13:09 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E391CA085A1174C83E52F3B4E0FF7415 Win32.PSWTroj.GameOL.112691 清除成功
病毒 2008-07-15  18:13:08 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\EBF5CBE7 Win32.Troj.PopHot.c.121344 清除成功
病毒 2008-07-15  18:13:08 C:\Documents and Settings\Administrator\桌面\bpk 2.rar\EBF46AD3D230F658E43206764AF885B6 Win32.Troj.Obfuscated.392192 清除成功

显示全部楼层 · 发表于 2008-7-15 18:50:05

用G DATA AntiVirus检测病毒
版本 18.5.8071.731
病毒特征库日期 2008/7/15
开始时间： 2008/7/15 18:49
引擎：引擎A (AVK 18.4498), 引擎B (AVKB 18.348)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：

检测执行时间： 2008/7/15 18:49
9个文件已检测
8个受感染文件
0个可疑文件被发现

显示全部楼层 · 发表于 2008-7-15 19:53:09

蜘蛛5个~~

显示全部楼层 · 发表于 2008-7-15 20:03:46

结果: 发现8个恶意软件
Trojan.Win32.Obfuscated.dyu (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\EBF46AD3D230F658E43206764AF885B6

Trojan-Spy.Win32.Pophot.bjj (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\EBF5CBE7

Trojan-PSW.Win32.QQPass.bmk (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E391CA085A1174C83E52F3B4E0FF7415

Trojan.Win32.Obfuscated.gzs (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E3BD03B7CE1DA8C0B99EF46A092AE6C0

Trojan-Spy.Win32.Pophot.bjx (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E47816A0FDEE5324DC5DE6E48A1F7EE5

Trojan.Win32.Agent.szy (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E543953546E348C69B023C83C10EF71E

Trojan-Downloader.Win32.Delf.jqa (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E5449436C4141E92FE511483B755A169

Trojan.Win32.Obfuscated.gys (病毒)

* C:\Documents and Settings\Administrator\桌面\bpk 2.rar\E5D27B617A2DA64BE48237E51B5C7784

显示全部楼层 · 发表于 2008-7-15 21:05:00

[Scanning : C:\Download Files]

C:\Download Files\bpk 2.rar<RAR>:E47816A0FDEE5324DC5DE6E48A1F7EE5<UPack>:E47816A0FDEE5324DC5DE6E48A1F7EE5<DLLRES>:DLL0.exe <- Trojan.Spy.Pophot.Biz : No action

Scanned objects : 13

Infected objects : 1

显示全部楼层 · 发表于 2008-7-15 21:06:36

显示全部楼层 · 发表于 2008-7-15 21:15:55

[Found password stealer] <W32/Pws.AIRX (exact, not disinfectable)> C:\Download Files\bpk 2.rar->E391CA085A1174C83E52F3B4E0FF7415
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\Download Files\bpk 2.rar->E47816A0FDEE5324DC5DE6E48A1F7EE5->(UPack)

---------------------------------------------------------------------
Scan ended: 2008-7-15, 21:15:33
Duration: 0:00:09

Scan result:

Scanned files:    6
Infected objects:    2
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

[病毒样本] 9x

本帖子中包含更多资源

NOD32 2个

8

ArcaVir2008

Norman Virus Control 5.99

本帖子中包含更多资源

F-Prot 4.4.4