[病毒样本] X34

显示全部楼层 · 发表于 2008-7-19 20:33:48

某贴下载...~
这家伙少了点...
上次的家伙比这次多得多...~

显示全部楼层 · 发表于 2008-7-19 20:51:15

avast! Home kill 22, 12left

显示全部楼层 · 发表于 2008-7-19 20:53:32

扫描系统区域...
扫描所选择的目录和文件...
对象: 1045.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Win32.Agent.vir (KAV 引擎), Generic.Malware.Sdldspg.A078CC68 (BD 引擎)
对象: data0002
在压缩档案里: F:\virus\vir\virus\ad7731.exe
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.BHO.agy (KAV 引擎)
对象: ad7731.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.BHO.agy (KAV 引擎), Dropped:Adware.Cpush.S (BD 引擎)
对象: (NSIS o) lzma_nsis0000
在压缩档案里: F:\virus\vir\virus\date.exe
Status: 可疑病毒
病毒: Trojan.Cinmus.Z (BD 引擎)
对象: date.exe
路径: F:\virus\vir\virus
Status: 可疑病毒
病毒: Trojan.Cinmus.Z (BD 引擎)
对象: Explorev.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Qhost.LY (BD 引擎)
对象: Explorew.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Dropper.Win32.Flystud.gg (KAV 引擎), MemScan:Trojan.Qhost.LY (BD 引擎)
对象: hmyoebtebi.dll
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Clicker.Win32.Delf.alr (KAV 引擎)
对象: iealore.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.VB.fst (KAV 引擎), Generic.Malware.YBd.DCF04041 (BD 引擎)
对象: IEXPLOER2.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Clicker.Win32.VB.bbu (KAV 引擎)
对象: IEXPLORER.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: MemScan:Trojan.Qhost.LY (BD 引擎)
对象: IEXPLORER1.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Dropper.Win32.Flystud.gg (KAV 引擎), MemScan:Trojan.Qhost.LY (BD 引擎)
对象: IEXPLORER3.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Adload.fu (KAV 引擎), Trojan.Generic.324708 (BD 引擎)
对象: IEXPLORER4.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Spy.Win32.Agent.ccb (KAV 引擎), Trojan.Qhost.LY (BD 引擎)
对象: IEXPLORER5.EXE
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Qhost.LY (BD 引擎)
对象: lljyn080711.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Spy.Win32.Pophot.boe (KAV 引擎), Generic.Malware.Sdldg.8B23BF03 (BD 引擎)
对象: lljyn32.dll
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Spy.Win32.Pophot.bod (KAV 引擎)
对象: stream/data0002 data0003
在压缩档案里: F:\virus\vir\virus\msn001.exe
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.jtg (KAV 引擎)
对象: msn001.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: not-a-virus:AdWare.Win32.Cinmus.jtg (KAV 引擎), DeepScan:Generic.Adw.Cinmus.2.5757C38A (BD 引擎)
对象: new_2571.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Win32.Agent.tcm (KAV 引擎), Trojan.Generic.363213 (BD 引擎)
对象: Qmussi.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Qhost.LY (BD 引擎)
对象: SkypeClient.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Application.Generic.10132 (BD 引擎)
对象: win.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.VB.erq (KAV 引擎), DeepScan:Generic.Malware.dld!!Tk.7B783764 (BD 引擎)
对象: xin01.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: DeepScan:Generic.Malware.YddldTk.37D944E0 (BD 引擎)
对象: zydld32080716.dll
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Autorun.TG (BD 引擎)
对象: zydld32080716jt.dll
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Autorun.TG (BD 引擎)
对象: zydle080716.exe
路径: F:\virus\vir\virus
Status: 已发现病毒
病毒: Trojan.Win32.Agent.vir (KAV 引擎), Generic.Malware.Sdldspg.A078CC68 (BD 引擎)
扫描完成: 2008-7-19 20:52
已检查 34 个文件
已发现 23 个染毒文件
发现 1 个可疑文件

24

显示全部楼层 · 发表于 2008-7-19 20:55:01

[ 本帖最后由 allinwonderi 于 2008-7-19 20:56 编辑 ]

显示全部楼层 · 发表于 2008-7-19 21:02:11

C:\Documents and Settings\Administrator\桌面\virus\1045.exe Trojan.Delf.fek.ilie 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\ad7731.exe Adware.BHO.agy.yufz.arc 广告程序已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\Explorev.exe W32.AutoRun.ain.pcxa 病毒已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\Explorew.exe TrojanDownloader.VB.erq.mpfs 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\ha_80011.exe TrojanDownloader.Gen.rail 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\iealore.exe TrojanDownloader.VB.fst.zszv 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLOER2.EXE TrojanClicker.VB.bbu.jahe 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER.EXE Trojan.Undef.gqw.hvta 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER1.EXE TrojanDownloader.VB.erq.mpfs 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER3.EXE TrojanDownloader.Adload.fu.ieer 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER4.EXE TrojanSpy.Agent.ccb.ekiq 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER5.EXE W32.AutoRun.ain.pcxa 病毒已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER6.EXE TrojanDownloader.Undef.tm.atuy 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\lljyn080711.exe TrojanSpy.Pophot.aew.qyys 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\lljyn32.dll TrojanSpy.Pophot.bod.sjzd.dll 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\msn001.exe Adware.Cinmus.Gen.nfsw.arc 广告程序已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\new_2571.exe Trojan.Cap87215.hbgx 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\Qmussi.exe W32.AutoRun.ain.pcxa 病毒已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\SkypeClient.exe Backdoor.Huigezi.ht.padr 后门已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\win.exe TrojanDownloader.VB.erq.vjcd 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\xin01.exe Trojan.VB.frw.ffsh 木马已删除/隔离
C:\Documents and Settings\Administrator\桌面\virus\zydle080716.exe Trojan.Delf.fek.ilie 木马已删除/隔离

显示全部楼层 · 发表于 2008-7-19 21:04:09

已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.vir 檔案: C:\Documents and Settings\kato9096\桌面\virus\1045.exe//PE_Patch//UPack
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.BHO.agy 檔案: C:\Documents and Settings\kato9096\桌面\virus\ad7731.exe//data0002
已刪除: 特洛伊木馬程式 Trojan-Dropper.Win32.Flystud.gg 檔案: C:\Documents and Settings\kato9096\桌面\virus\Explorew.exe
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Delf.alr 檔案: C:\Documents and Settings\kato9096\桌面\virus\hmyoebtebi.dll
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.fst 檔案: C:\Documents and Settings\kato9096\桌面\virus\iealore.exe
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.VB.bbu 檔案: C:\Documents and Settings\kato9096\桌面\virus\IEXPLOER2.EXE//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-Dropper.Win32.Flystud.gg 檔案: C:\Documents and Settings\kato9096\桌面\virus\IEXPLORER1.EXE
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Adload.fu 檔案: C:\Documents and Settings\kato9096\桌面\virus\IEXPLORER3.EXE//FSG
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Agent.ccb 檔案: C:\Documents and Settings\kato9096\桌面\virus\IEXPLORER4.EXE//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Pophot.boe 檔案: C:\Documents and Settings\kato9096\桌面\virus\lljyn080711.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Pophot.bod 檔案: C:\Documents and Settings\kato9096\桌面\virus\lljyn32.dll
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Cinmus.jtg 檔案: C:\Documents and Settings\kato9096\桌面\virus\msn001.exe//stream//data0002//data0003
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.tcm 檔案: C:\Documents and Settings\kato9096\桌面\virus\new_2571.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.erq 檔案: C:\Documents and Settings\kato9096\桌面\virus\win.exe//FSG
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.vir 檔案: C:\Documents and Settings\kato9096\桌面\virus\zydle080716.exe//PE_Patch//UPack

15,有19个不报,已上报.

显示全部楼层 · 发表于 2008-7-19 21:23:25

无法识别的..再次上传卡巴分析.~!

显示全部楼层 · 发表于 2008-7-19 21:44:32

显示全部楼层 · 发表于 2008-7-19 21:47:23

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\virus'
C:\Documents and Settings\Administrator\桌面\virus\1045.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\acpidisk.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\ad7731.exe
[DETECTION] Contains recognition pattern of the DR/BHO.agy.13 dropper
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\dosss11.dll
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\Explorev.exe
[DETECTION] Is the TR/Qhost.LY.134 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\Explorew.exe
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\ha_80011.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\hmyoebtebi.dll
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\iealore.exe
[DETECTION] Is the TR/Agent.14089 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLOER2.EXE
[DETECTION] Is the TR/Click.VB.bbu Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER.EXE
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER1.EXE
   [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER3.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER4.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER5.EXE
[DETECTION] Is the TR/Qhost.LY.134 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\IEXPLORER6.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\lljyn080711.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\lljyn32.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\msn001.exe
[DETECTION] Contains recognition pattern of the DR/BHO.ert.226829 dropper
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\new_2571.exe
[DETECTION] Is the TR/Agent.tcm Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\pctools_2008719_7801.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\promote.dll
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The detection was classified as suspicious.
[NOTE]    The file was moved to '48f0f0c0.qua'!
C:\Documents and Settings\Administrator\桌面\virus\Qmussi.exe
[DETECTION] Is the TR/Qhost.LY.133 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\SkypeClient.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\win.exe
   [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\xin01.exe
   [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\zydld32080716.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\zydld32080716jt.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\zydle080716.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!

End of the scan: 星期六 2008年7月19日  21:46
Used time: 00:18 Minute(s)

The scan has been done completely.

   1 Scanning directories
   34 Files were scanned
   27 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   28 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   0 Archives were scanned
   0 Warnings
   29 Notes

显示全部楼层 · 发表于 2008-7-19 23:09:17

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.MyDown.ae
病毒： Trojan.Clicker.Win32.PopHot.ebi
病毒： Trojan.Win32.Delf.fek
病毒： Trojan.DL.Win32.Undef.tm
病毒： Trojan.Win32.Undef.gqw
病毒： Trojan.Win32.VB.frw
病毒： Suspicious.Trojan.Win32.VBDownLoader.a

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.53.52

[病毒样本] X34

本帖子中包含更多资源

Norman Virus Control 5.99

本帖子中包含更多资源

22

回复 1楼电影结束了的帖子

本帖子中包含更多资源

59/12

[病毒样本] X34

本帖子中包含更多资源

Norman Virus Control 5.99

本帖子中包含更多资源

22

回复 1楼 电影结束了 的帖子

本帖子中包含更多资源

59/12

回复 1楼电影结束了的帖子