[病毒样本] 26x

显示全部楼层 · 发表于 2008-8-22 15:55:06

清理沙盘中..

显示全部楼层 · 发表于 2008-8-22 16:01:23

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\system32'
C:\Documents and Settings\Administrator\桌面\system32\901BE.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\A4D08.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\blphca45j0el4a.scr
[DETECTION] Contains recognition pattern of the JOKE/BlueScreen.B joke
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\keDLL.dll
[DETECTION] Is the TR/SPY.KeyLogger.QL Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\kehide.dll
[DETECTION] Is the TR/SPY.KeyLogger.QL.1 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\keProc.dll
[DETECTION] Is the TR/SPY.KeyLogger.QL.2 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\kePwd.dll
[DETECTION] Is the TR/SPY.KeyLogger.QL.3 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\lphca45j0el4a.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\msliksurcredo.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\msliksurdns.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\ntdll32.dll
[DETECTION] Is the TR/Spy.Agent.ct.4.A Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\ntos.exe
[DETECTION] Is the TR/Spy.ZBot.DYD Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\phrxnek.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\pphca45j0el4a.exe
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\qpzm9yar.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\rapimgr.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\rsg0km6kst.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\srv.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\SVCH1ST.EXE
[DETECTION] Is the TR/Spy.Agent.ct.12 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\utilty.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\XP-D41D8CD9.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\_ctfnon.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\system32\_Server47.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE]    The file was deleted!

End of the scan: 星期五 2008年8月22日  16:00
Used time: 00:21 Minute(s)

The scan has been done completely.

   1 Scanning directories
   26 Files were scanned
   23 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   23 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   0 Archives were scanned
   0 Warnings
   23 Notes

显示全部楼层 · 发表于 2008-8-22 16:32:17

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\system32[1] 上的扫描。
================
'Generic.nFile' 在 'A4D08.exe' 中被检测到。
'Generic.nFile' 在 'phrxnek.exe' 中被检测到。
'Heur.Downloader.b' 在 'qpzm9yar.dll' 中被检测到。
'Heur.Downloader' 在 'rapimgr.exe' 中被检测到。
'Heur.Downloader.b' 在 'rsg0km6kst.dll' 中被检测到。
'Basic.Virus' 在 'srv.exe' 中被检测到。
'Generic.nFile' 在 'SVCH1ST.EXE' 中被检测到。
'SL.Trojan.21202' 在 'utilty.exe' 中被检测到。
'Generic.nFile' 在 'XP-D41D8CD9.EXE' 中被检测到。
'Generic.nFile' 在 '_ctfnon.exe' 中被检测到。
'Generic.nFile' 在 '_Server47.exe' 中被检测到。
================
扫描文件数： 27
本次扫描发现了 11 个已知威胁，请及时处理。
实际文件数： 26
扫描时间： 0-00-00 00:00:04:0485
威胁比率： 42.31%

显示全部楼层 · 发表于 2008-8-22 16:35:59

显示全部楼层 · 发表于 2008-8-22 17:06:28

微软的FF杀了17个

显示全部楼层 · 发表于 2008-8-22 17:11:33

卡巴 8.0.0.454 高启发 19个

2008-08-22 17:09:03 扫描已检测到: Backdoor.Win32.Agent.piu f:\病毒样本\system32[1]\utilty.exe
2008-08-22 17:09:03 扫描已检测到: Backdoor.Win32.Ceckno.cqr f:\病毒样本\system32[1]\rapimgr.exe/UPX
2008-08-22 17:09:04 扫描已检测到: Backdoor.Win32.Hupigon.bitp f:\病毒样本\system32[1]\_ctfnon.exe
2008-08-22 17:09:04 扫描已检测到: Backdoor.Win32.Hupigon.cbuc f:\病毒样本\system32[1]\_Server47.exe
2008-08-22 17:09:03 扫描已检测到: Backdoor.Win32.Hupigon.dfsb f:\病毒样本\system32[1]\srv.exe
2008-08-22 17:09:02 扫描已检测到: Net-Worm.Win32.Kolabc.blb f:\病毒样本\system32[1]\phrxnek.exe
2008-08-22 17:09:02 扫描已检测到: Trojan-Downloader.Win32.Small.abrs f:\病毒样本\system32[1]\lphca45j0el4a.exe
2008-08-22 17:09:04 扫描已检测到: Trojan-Downloader.Win32.VB.gtd f:\病毒样本\system32[1]\901BE.exe/PE_Patch.PECompact/PecBundle/PECompact
2008-08-22 17:09:00 扫描已检测到: Trojan-Downloader.Win32.VB.guj f:\病毒样本\system32[1]\A4D08.exe
2008-08-22 17:09:04 扫描已检测到: Trojan-Downloader.Win32.VB.gwu f:\病毒样本\system32[1]\XP-D41D8CD9.EXE
2008-08-22 17:09:02 扫描已检测到: Trojan-PSW.Win32.QQPass.iz f:\病毒样本\system32[1]\ntdll32.dll
2008-08-22 17:09:03 扫描已检测到: Trojan-Spy.Win32.Agent.cjj f:\病毒样本\system32[1]\SVCH1ST.EXE
2008-08-22 17:09:00 扫描已检测到: Trojan-Spy.Win32.KeyLogger.ql f:\病毒样本\system32[1]\kePwd.dll
2008-08-22 17:09:00 扫描已检测到: Trojan-Spy.Win32.KeyLogger.ql f:\病毒样本\system32[1]\keProc.dll
2008-08-22 17:09:00 扫描已检测到: Trojan-Spy.Win32.KeyLogger.ql f:\病毒样本\system32[1]\kehide.dll
2008-08-22 17:09:00 扫描已检测到: Trojan-Spy.Win32.KeyLogger.ql f:\病毒样本\system32[1]\kehide.exe
2008-08-22 17:09:00 扫描已检测到: Trojan-Spy.Win32.KeyLogger.ql f:\病毒样本\system32[1]\keDLL.dll
2008-08-22 17:09:02 扫描已检测到: Trojan-Spy.Win32.Zbot.dyx f:\病毒样本\system32[1]\ntos.exe
2008-08-22 17:09:02 扫描已检测到: not-a-virus:FraudTool.Win32.MalwareProtector.r f:\病毒样本\system32[1]\pphca45j0el4a.exe

显示全部楼层 · 发表于 2008-8-22 18:13:05

金山 miss 12

显示全部楼层 · 发表于 2008-8-22 19:22:43

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.gtd 檔案: C:\Documents and Settings\kato9096\桌面\system32\901BE.exe//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.guj 檔案: C:\Documents and Settings\kato9096\桌面\system32\A4D08.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeyLogger.ql 檔案: C:\Documents and Settings\kato9096\桌面\system32\keDLL.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeyLogger.ql 檔案: C:\Documents and Settings\kato9096\桌面\system32\kehide.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeyLogger.ql 檔案: C:\Documents and Settings\kato9096\桌面\system32\kehide.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeyLogger.ql 檔案: C:\Documents and Settings\kato9096\桌面\system32\keProc.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeyLogger.ql 檔案: C:\Documents and Settings\kato9096\桌面\system32\kePwd.dll
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.abrs 檔案: C:\Documents and Settings\kato9096\桌面\system32\lphca45j0el4a.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.hd 檔案: C:\Documents and Settings\kato9096\桌面\system32\ntdll32.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.dyx 檔案: C:\Documents and Settings\kato9096\桌面\system32\ntos.exe
已刪除: 病毒 Net-Worm.Win32.Kolabc.blb 檔案: C:\Documents and Settings\kato9096\桌面\system32\phrxnek.exe
已刪除: Riskware not-a-virus:FraudTool.Win32.MalwareProtector.r 檔案: C:\Documents and Settings\kato9096\桌面\system32\pphca45j0el4a.exe
已刪除: 特洛伊木馬程式 Backdoor.Win32.Ceckno.cqr 檔案: C:\Documents and Settings\kato9096\桌面\system32\rapimgr.exe//UPX
已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.dfsb 檔案: C:\Documents and Settings\kato9096\桌面\system32\srv.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Agent.cjj 檔案: C:\Documents and Settings\kato9096\桌面\system32\SVCH1ST.EXE
已刪除: 特洛伊木馬程式 Backdoor.Win32.Agent.piu 檔案: C:\Documents and Settings\kato9096\桌面\system32\utilty.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.gwu 檔案: C:\Documents and Settings\kato9096\桌面\system32\XP-D41D8CD9.EXE
已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.bitp 檔案: C:\Documents and Settings\kato9096\桌面\system32\_ctfnon.exe
已刪除: 特洛伊木馬程式 Backdoor.Win32.Hupigon.bhes 檔案: C:\Documents and Settings\kato9096\桌面\system32\_Server47.exe

报19,上报7

显示全部楼层 · 发表于 2008-8-22 19:32:16

McAfee 12个。。

[病毒样本] 26x

NOD32 17个

浏览过的版块