[病毒样本] 6

显示全部楼层 · 发表于 2008-8-8 16:18:41

下载地址：

http://1.ads555.com:51/down/456456.exe

http://60.173.12.76/dodo9.htm

http://60.173.12.76/121233pp.htm

http://1.ads555.com/rj/fg1_Setup.exe

自行下载：

http://down6.flashget.com/unmini/fgmun_14756_3.exe

http://dl.ppfilm.cn/iiboo/ppfilm.exe

显示全部楼层 · 发表于 2008-8-8 16:23:34

Begin scan in 'H:\virus'
H:\virus\121233pp.htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was moved to '48cd0103.qua'!
H:\virus\456456.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was moved to '48d20109.qua'!
H:\virus\dodo9.htm
   [DETECTION] Contains HEUR/Crypted.E suspicious code
[NOTE]    The file was moved to '49000146.qua'!

还有一个antivir应该是不能解包.

不过解包后东西antvir也飞了.

fg1_Setup\$SYSDIR.

File ID  Filename Size (Byte) Result
25107775  exit.vbs  269 Byte  CLEAN
25107776  highspeedilab.exe  352 KB  CLEAN
25107777  ilab.dll  228 KB  MALWARE  -- ADSPY/Bho.EB
25107778  Uninstall.vbs  1 KB  CLEAN
25107779  updater.exe  175 KB  CLEAN
25107780  updater.ini  273 Byte  CLEAN

[ 本帖最后由 hj5abc 于 2008-8-8 18:25 编辑 ]

显示全部楼层 · 发表于 2008-8-8 16:24:28

Begin scan in 'C:\Documents and Settings\Nerazzurri\桌面\virus.rar'
C:\Documents and Settings\Nerazzurri\桌面\virus.rar
[0] Archive type: RAR
   --> dodo9.htm
      [DETECTION] Contains HEUR/Crypted.E suspicious code
--> 121233pp.htm
   [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 456456.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-8-8 16:26:19

扫描统计:
扫描时间: 4秒
扫描选项:
扫描目标: F:\VIRUS\virus10.rar
计数:
扫描的项目总数: 5
- 文件和目录: 5
- 注册表项: 0
- 进程和启动项: 0
- 网络和浏览器项目: 0
- 其他: 0

检测到的安全风险总数: 1
已解决的项目总数: 0
需要注意的项目总数: 1

已解决的风险:

未解决的风险:
Trojan.Dropper
病毒 ID: 11027
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[121233pp.htm] 位于[f:\virus\virus10.rar] - 已感染

显示全部楼层 · 发表于 2008-8-8 16:33:31

病毒 2008-08-08 16:32:39 C:\Documents and Settings\Administrator\桌面\virus.rar\456456.exe Win32.Troj.PopHot.c.163840 清除成功

显示全部楼层 · 发表于 2008-8-8 17:12:26

2008/8/8 17:10:25 已清除木马程序 Heur.AntiAV G:\Temp\Virus\virus1.rar
2008/8/8 17:10:25 已隔离木马程序 Heur.AntiAV G:\Temp\Virus\virus1.rar/456456.exe

显示全部楼层 · 发表于 2008-8-8 17:14:54

显示全部楼层 · 发表于 2008-8-8 17:16:23

<W32/Nilage.gen!GSA (not disinfectable, 普通)> C:\Download Files\virus.rar->456456.exe->(UPack)

显示全部楼层 · 发表于 2008-8-9 18:56:16

卡巴KIS2009杀这个可不好杀！查出4个有2个写入错误！？？？

显示全部楼层 · 发表于 2008-8-9 20:18:09

McAfee fg1_Setup.exe Adware-Baidu

[病毒样本] 6

nis2008

Norman Virus Control 5.99

F-Prot 4.4.4

浏览过的版块