一包可疑文件

显示全部楼层 · 发表于 2008-8-1 09:52:13

E:\virus\vir\s.rar>>47281.sys       Rootkit.Agent.bwz.plah          木马
E:\virus\vir\s.rar>>czqwuul.sys    Trojan.Small.bpd.wvnh          木马
E:\virus\vir\s.rar>>ma.ex          TrojanDownloader.Mnless.zp.bkju  木马
E:\virus\vir\s.rar>>msplay.ex       TrojanDownloader.Pxfjlu.feol    木马
E:\virus\vir\s.rar>>pctools.dll    Adware.Cinmus.kgp.wlmo.dll    广告程序
E:\virus\vir\s.rar>>wuauclt.ex       Trojan.Cap873011.ltzi          木马

传说中的更新速度。。。

显示全部楼层 · 发表于 2008-8-1 09:59:39

s.rar New Malware.dw (特洛伊)

显示全部楼层 · 发表于 2008-8-1 10:09:03

Scan Log
Version of virus signature database: 3316 (20080731)
Date: 2008-8-1 Time: 10:09:02
Scanned disks, folders and files: G:\v\s.rar
G:\v\s.rar » RAR » msplay.ex - probably unknown NewHeur_PE virus [7]
G:\v\s.rar » RAR » pctools.dll - Win32/Adware.Cinmus application
G:\v\s.rar » RAR » TcpIpDog0.dll - is OK
G:\v\s.rar » RAR » wuauclt.ex - is OK
G:\v\s.rar » RAR » 47281.sys - is OK
G:\v\s.rar » RAR » czqwuul.sys - is OK
G:\v\s.rar » RAR » ma.ex - is OK
G:\v\s.rar:Zone.Identifier - is OK
Number of scanned objects: 8
Number of threats found: 2
Number of cleaned objects: 0
Time of completion: 10:09:02 Total scanning time: 0 sec (00:00:00)

Notes:
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2008-8-1 10:09:34

2008-8-1 10:09:20 Real-time file system protection file G:\V\MSPLAY.EX probably unknown NewHeur_PE virus deleted NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Micropoint\MPSVC2.exe.
2008-8-1 10:09:20 Real-time file system protection file G:\V\PCTOOLS.DLL Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Micropoint\MPSVC2.exe.
2008-8-1 10:09:20 Real-time file system protection file G:\v\pctools.dll Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-8-1 10:09:19 Real-time file system protection file G:\v\msplay.ex probably unknown NewHeur_PE virus cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-8-1 10:13:50

2008-8-1 10:12:56 Kernel File  'G:\v\TcpIpDog0.dll' was sent to ESET for analysis.
2008-8-1 10:11:01 Kernel File  'G:\v\ma.exe' was sent to ESET for analysis.
2008-8-1 10:10:37 Kernel File  'G:\v\czqwuul.sys' was sent to ESET for analysis.
2008-8-1 10:10:17 Kernel File  'G:\v\47281.sys' was sent to ESET for analysis.

显示全部楼层 · 发表于 2008-8-1 10:30:38

卡巴斯基8.0直接KILL了URL。。

显示全部楼层 · 发表于 2008-8-1 10:31:19

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\s 上的扫描。
================
'SL.Trojan.28364' 在 'wuauclt.ex' 中被检测到。
================
扫描文件数： 7
本次扫描发现了 1 个已知威胁，请及时处理。
实际文件数： 7
扫描时间： 0-00-00 00:00:01:0265
威胁比率： 14.29%

显示全部楼层 · 发表于 2008-8-1 13:51:35

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Sincerely yours,
Andrey Bezborodov,
Virus Analyst.
_____________________
Kaspersky Lab Ltd
Moscow, Russia
Tel/Fax : +7 (095) 797-8700
E-mail : newvirus@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com

显示全部楼层 · 发表于 2008-8-1 13:52:38

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.ghg 檔案: C:\Documents and Settings\kato9096\桌面\s.rar/msplay.ex
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Cinmus.nwm 檔案: C:\Documents and Settings\kato9096\桌面\s.rar/pctools.dll
已刪除: 病毒 Worm.Win32.AutoRun.lkq 檔案: C:\Documents and Settings\kato9096\桌面\s.rar/wuauclt.ex
已刪除: 特洛伊木馬程式 Rootkit.Win32.Agent.bwz 檔案: C:\Documents and Settings\kato9096\桌面\s.rar/47281.sys
已刪除: 特洛伊木馬程式 Trojan.Win32.Small.bpd 檔案: C:\Documents and Settings\kato9096\桌面\s.rar/czqwuul.sys

还有2个不报,不报的不是毒

显示全部楼层 · 发表于 2008-8-1 13:54:39

avast 2

[病毒样本] 一包可疑文件

监控有杀了两个