qianwenxiang大大给我的一些样本分享一部分

显示全部楼层 · 发表于 2008-8-22 23:10:42

自己分析了一下发现死的不是EXE的好像好多

可是我们list明文规定了只能收集EXE..

唉又要慢慢选了吐血~~

不过还是要多谢qianwenxiang大大的帮助

显示全部楼层 · 发表于 2008-8-23 00:05:13

让可雨给你搞个 exe filter 算了

信息 2008-08-23  00:06:09 您此次查毒隔离了52个文件
信息 2008-08-23  00:06:09 您此次查毒清除了4个病毒
信息 2008-08-23  00:06:09 您此次查毒共查出56个病毒以及危险代码
信息 2008-08-23  00:06:09 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件107个
信息 2008-08-23  00:06:09 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒

[ 本帖最后由挪威的冬天于 2008-8-23 00:07 编辑 ]

显示全部楼层 · 发表于 2008-8-23 00:56:22

在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\1.exe@ 中发现 Adware/Clicker.ggx 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\11.exe@ 中发现 TrojanSpy.OnLineGames.bcf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\2.exe@ 中发现 Adware/Clicker.ggx 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\20.exe@ 中发现 Trojan/DNSChanger.ils 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\25.exe@ 中发现 TrojanDownloader.FraudLoad.bb 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\26.exe@ 中发现 Trojan/CallBeep.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\22.exe@ 中发现 TrojanDownloader.Small.affh 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\27.exe@ 中发现 Trojan/PSW.Agent.fit 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\31.exe@ 中发现 TrojanDownloader.Agent.aljc 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\33.exe@ 中发现 Trojan/PSW.OnLineGames.Gen 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\3.exe@ 中发现 TrojanDownloader.VB.kjf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\37.exe@ 中发现 TrojanSpy.Zbot.bcb 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\38.exe@ 中发现 TrojanSpy.Pophot.ars 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\4.exe@ 中发现 Trojan/Pakes.bcf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\35.exe@ 中发现 TrojanDownloader.VB.igu 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\45.exe@ 中发现 TrojanDownloader.Delf.mkj 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\44.exe@ 中发现 TrojanSpy.Zbot.ces 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\46.exe@ 中发现 Backdoor/Ceckno.z 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\48.exe@ 中发现 Trojan/Agent.bcxf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\55.exe@ 中发现 TrojanSpy.Agent.fzu 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\57.exe@ 中发现 TrojanDownloader.Small.afwf 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\5.exe@ 中发现 TrojanDownloader.VB.zi 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\58.exe@ 中发现 TrojanSpy.Pophot.aqy 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\65.exe@ 中发现 TrojanDownloader.Hmir.cea 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\67.exe@ 中发现 Rootkit.Clbd.cq 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\68.exe@ 中发现 Backdoor/Shark.ot 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\69.exe@ 中发现 Rootkit.Clbd.cz 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\73.exe@ 中发现 Backdoor/PcClient.exd 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\74.exe@ 中发现 Trojan/Buzus.cfs 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\77.exe@ 中发现 TrojanSpy.Agent.gdr 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\cuidcdg\cuidcdg\6.exe@ 中发现 TrojanDownloader.Agent.ancd 病毒, 已删除

显示全部楼层 · 发表于 2008-8-23 01:23:44

2008/8/23 1:20:42 已删除病毒 Worm.Win32.AutoRun.lst G:\Temp\Virus\cuidcdg\cuidcdg\32.exe@
2008/8/23 1:20:44 已删除病毒 Rootkit.Win32.Clbd.hy G:\Temp\Virus\cuidcdg\cuidcdg\52.exe@
2008/8/23 1:20:45 已删除病毒 Rootkit.Win32.Ressdt.ae G:\Temp\Virus\cuidcdg\cuidcdg\61.exe@
2008/8/23 1:20:45 已删除病毒 Rootkit.Win32.Clbd.hn G:\Temp\Virus\cuidcdg\cuidcdg\67.exe@
2008/8/23 1:20:45 已删除病毒 Rootkit.Win32.Clbd.hx G:\Temp\Virus\cuidcdg\cuidcdg\69.exe@
2008/8/23 1:20:41 已删除木马程序 Trojan.Win32.Delf.eab G:\Temp\Virus\cuidcdg\cuidcdg\1.exe@
2008/8/23 1:20:41 已删除木马程序 Backdoor.Win32.Ceckno.bky G:\Temp\Virus\cuidcdg\cuidcdg\12.exe@
2008/8/23 1:20:41 已删除木马程序 Trojan-Spy.Win32.Zbot.eal G:\Temp\Virus\cuidcdg\cuidcdg\14.exe@
2008/8/23 1:20:41 已删除木马程序 Trojan-Downloader.Win32.Delf.may G:\Temp\Virus\cuidcdg\cuidcdg\15.exe@
2008/8/23 1:20:41 已删除木马程序 Trojan-Spy.Win32.Zbot.dup G:\Temp\Virus\cuidcdg\cuidcdg\18.exe@
2008/8/23 1:20:41 已删除木马程序 Trojan.Win32.Delf.eab G:\Temp\Virus\cuidcdg\cuidcdg\2.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan.Win32.DNSChanger.baw G:\Temp\Virus\cuidcdg\cuidcdg\20.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan.Win32.Monder.gen G:\Temp\Virus\cuidcdg\cuidcdg\21.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.zie G:\Temp\Virus\cuidcdg\cuidcdg\22.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.zie G:\Temp\Virus\cuidcdg\cuidcdg\22.exe@//PE_Patch//UPack
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.FraudLoad.gen G:\Temp\Virus\cuidcdg\cuidcdg\25.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.zie G:\Temp\Virus\cuidcdg\cuidcdg\26.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.zie G:\Temp\Virus\cuidcdg\cuidcdg\26.exe@//FSG
2008/8/23 1:20:42 已删除木马程序 Trojan-GameThief.Win32.OnLineGames.sqvf G:\Temp\Virus\cuidcdg\cuidcdg\27.exe@
2008/8/23 1:20:44 已删除木马程序 Trojan.Win32.DNSChanger.hyb G:\Temp\Virus\cuidcdg\cuidcdg\28.exe@
2008/8/23 1:20:44 已删除木马程序 Trojan.Win32.DNSChanger.hyb G:\Temp\Virus\cuidcdg\cuidcdg\28.exe@//data0003
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.abst G:\Temp\Virus\cuidcdg\cuidcdg\29.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Small.abst G:\Temp\Virus\cuidcdg\cuidcdg\29.exe@//PE_Patch//UPack
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.VB.gwu G:\Temp\Virus\cuidcdg\cuidcdg\3.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Zlob.wnn G:\Temp\Virus\cuidcdg\cuidcdg\30.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Agent.vgu G:\Temp\Virus\cuidcdg\cuidcdg\31.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Agent.vgu G:\Temp\Virus\cuidcdg\cuidcdg\31.exe@//PE_Patch//UPack
2008/8/23 1:20:42 已删除木马程序 Trojan-GameThief.Win32.OnLineGames.smde G:\Temp\Virus\cuidcdg\cuidcdg\33.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.VB.ggi G:\Temp\Virus\cuidcdg\cuidcdg\35.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.VB.ggi G:\Temp\Virus\cuidcdg\cuidcdg\35.exe@//PE_Patch.PECompact//PecBundle//PECompact
2008/8/23 1:20:42 已删除木马程序 Trojan.Win32.Monder.fpg G:\Temp\Virus\cuidcdg\cuidcdg\36.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Spy.Win32.Zbot.aez G:\Temp\Virus\cuidcdg\cuidcdg\37.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Spy.Win32.Pophot.cah G:\Temp\Virus\cuidcdg\cuidcdg\38.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Downloader.Win32.Agent.abxj G:\Temp\Virus\cuidcdg\cuidcdg\4.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Spy.Win32.Banker.mfw G:\Temp\Virus\cuidcdg\cuidcdg\40.exe@
2008/8/23 1:20:42 已删除木马程序 Trojan-Spy.Win32.Banker.mfw G:\Temp\Virus\cuidcdg\cuidcdg\40.exe@//UPX
2008/8/23 1:20:43 已删除木马程序 Trojan.Win32.DNSChanger.gpg G:\Temp\Virus\cuidcdg\cuidcdg\42.exe@
2008/8/23 1:20:43 已删除木马程序 Trojan.Win32.Monder.dne G:\Temp\Virus\cuidcdg\cuidcdg\43.exe@
2008/8/23 1:20:43 已删除木马程序 Trojan-Spy.Win32.Zbot.dxx G:\Temp\Virus\cuidcdg\cuidcdg\44.exe@
2008/8/23 1:20:43 已删除木马程序 Trojan-Downloader.Win32.Agent.abns G:\Temp\Virus\cuidcdg\cuidcdg\45.exe@
2008/8/23 1:20:43 已删除木马程序 Backdoor.Win32.Ceckno.cz G:\Temp\Virus\cuidcdg\cuidcdg\46.exe@
2008/8/23 1:20:43 已删除木马程序 Trojan.Win32.DNSChanger.gpg G:\Temp\Virus\cuidcdg\cuidcdg\47.exe@
2008/8/23 1:20:43 已删除木马程序 Backdoor.Win32.Bifrose.fmv G:\Temp\Virus\cuidcdg\cuidcdg\48.exe@
2008/8/23 1:20:43 已删除木马程序 Backdoor.Win32.Bifrose.fmv G:\Temp\Virus\cuidcdg\cuidcdg\48.exe@//PE_Patch.PNH//PE-Crypt.PNH
2008/8/23 1:20:43 已删除木马程序 Trojan-Downloader.Win32.Small.aalx G:\Temp\Virus\cuidcdg\cuidcdg\49.exe@
2008/8/23 1:20:43 已隔离木马程序 Trojan-PSW.Win32.LdPinch.zie G:\Temp\Virus\cuidcdg\cuidcdg\5.exe@
2008/8/23 1:20:43 已隔离木马程序 Trojan-PSW.Win32.LdPinch.zie G:\Temp\Virus\cuidcdg\cuidcdg\5.exe@//data0000
2008/8/23 1:20:43 已删除木马程序 Trojan.Win32.DNSChanger.gpg G:\Temp\Virus\cuidcdg\cuidcdg\50.exe@
2008/8/23 1:20:44 已删除木马程序 Trojan-Spy.Win32.Agent.dgh G:\Temp\Virus\cuidcdg\cuidcdg\55.exe@
2008/8/23 1:20:44 已删除木马程序 Trojan-Downloader.Win32.Small.abdj G:\Temp\Virus\cuidcdg\cuidcdg\57.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-PSW.Win32.Agent.koi G:\Temp\Virus\cuidcdg\cuidcdg\58.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-PSW.Win32.Agent.koi G:\Temp\Virus\cuidcdg\cuidcdg\58.exe@//PE_Patch//UPack
2008/8/23 1:20:45 已删除木马程序 Trojan.Win32.Monder.fye G:\Temp\Virus\cuidcdg\cuidcdg\59.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Agent.abrl G:\Temp\Virus\cuidcdg\cuidcdg\6.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan.Win32.Inject.fbo G:\Temp\Virus\cuidcdg\cuidcdg\62.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Losabel.zk G:\Temp\Virus\cuidcdg\cuidcdg\63.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Hmir.jwn G:\Temp\Virus\cuidcdg\cuidcdg\64.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Hmir.jgr G:\Temp\Virus\cuidcdg\cuidcdg\65.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan.Win32.DNSChanger.gpg G:\Temp\Virus\cuidcdg\cuidcdg\66.exe@
2008/8/23 1:20:45 已删除木马程序 Backdoor.Win32.Shark.buc G:\Temp\Virus\cuidcdg\cuidcdg\68.exe@
2008/8/23 1:20:50 已删除木马程序 Backdoor.Win32.PcClient.iyl G:\Temp\Virus\cuidcdg\cuidcdg\73.exe@
2008/8/23 1:20:50 已删除木马程序 Backdoor.Win32.PcClient.iyl G:\Temp\Virus\cuidcdg\cuidcdg\73.exe@//PE_Patch.PECompact//PecBundle//PECompact//#
2008/8/23 1:20:45 已删除木马程序 Trojan.Win32.Buzus.lof G:\Temp\Virus\cuidcdg\cuidcdg\74.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Delf.haf G:\Temp\Virus\cuidcdg\cuidcdg\75.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Downloader.Win32.Delf.haf G:\Temp\Virus\cuidcdg\cuidcdg\75.exe@//UPX
2008/8/23 1:20:46 已隔离木马程序 Heur.AntiAV G:\Temp\Virus\cuidcdg\cuidcdg\76.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Mailfinder.Win32.Agent.qj G:\Temp\Virus\cuidcdg\cuidcdg\77.exe@
2008/8/23 1:20:45 已删除木马程序 Backdoor.Win32.Ceckno.bns G:\Temp\Virus\cuidcdg\cuidcdg\78.exe@
2008/8/23 1:20:45 已删除木马程序 Trojan-Spy.Win32.Goldun.asf G:\Temp\Virus\cuidcdg\cuidcdg\79.exe@
2008/8/23 1:20:44 已删除恶意程序 Hoax.Win32.Renos.varq G:\Temp\Virus\cuidcdg\cuidcdg\56.exe@
2008/8/23 1:20:41 已删除风险软件 not-a-virus:AdWare.Win32.Cinmus.ptd G:\Temp\Virus\cuidcdg\cuidcdg\13.exe@
2008/8/23 1:20:41 已删除自动拨号 not-a-virus:Porn-Dialer.Win32.Holistyc.gen G:\Temp\Virus\cuidcdg\cuidcdg\16.exe@
2008/8/23 1:20:41 已删除自动拨号 not-a-virus:Porn-Dialer.Win32.Holistyc.gen G:\Temp\Virus\cuidcdg\cuidcdg\16.exe@//UPX
2008/8/23 1:20:41 已删除风险软件 not-a-virus:FraudTool.Win32.AntiSpyCheck.q G:\Temp\Virus\cuidcdg\cuidcdg\17.exe@
2008/8/23 1:20:42 已删除风险软件 not-a-virus:FraudTool.Win32.PowerAntivirus2009.ag G:\Temp\Virus\cuidcdg\cuidcdg\23.exe@
2008/8/23 1:20:42 已删除风险软件 not-a-virus:FraudTool.Win32.PowerAntivirus2009.ag G:\Temp\Virus\cuidcdg\cuidcdg\23.exe@//PE_Patch.UPX//UPX
2008/8/23 1:20:45 已删除风险软件 not-a-virus:FraudTool.Win32.UltimateDefender.cm G:\Temp\Virus\cuidcdg\cuidcdg\60.exe@
其余的上报

显示全部楼层 · 发表于 2008-8-23 11:10:24

这个。。。
好像里面是DLL和SYS

显示全部楼层 · 发表于 2008-8-23 11:13:56

D:\123\cuidcdg\1.exe@ >>> suspicion for Trojan.Win32.Delf.alp ( 08B3250E 03E17C65 001DAF1C 00234419 418304)
D:\123\cuidcdg\20.exe@ >>>>> Trojan.Win32.DNSChanger.baw  deletion disabled by settings
D:\123\cuidcdg\22.exe@ >>>>> Trojan-Downloader.Win32.Small.zie  deletion disabled by settings
D:\123\cuidcdg\25.exe@ >>>>> Trojan-Downloader.Win32.FraudLoad.gen  deletion disabled by settings
D:\123\cuidcdg\4.exe@ >>>>> Trojan-Downloader.Win32.Agent.abxj  deletion disabled by settings
D:\123\cuidcdg\55.exe@ >>>>> Trojan-Spy.Win32.Agent.dgh  deletion disabled by settings
D:\123\cuidcdg\79.exe@ >>>>> Trojan-Spy.Win32.Goldun.asf  deletion disabled by settings

g不错不错。。。。
还报了7个~

显示全部楼层 · 发表于 2008-8-23 12:29:36

C:\test\cuidcdg\1.exe@ - Win32/Adware.MoKeAD 应用程序
C:\test\cuidcdg\10.exe@ - Win32/Adware.Zhongsou 应用程序
C:\test\cuidcdg\11.exe@ - Win32/Pacex.Gen 病毒的变种
C:\test\cuidcdg\14.exe@ - Win32/Spy.Agent.PZ 木马的变种
C:\test\cuidcdg\16.exe@ - Win32/Dialer.ShortDial 应用程序的变种
C:\test\cuidcdg\17.exe@ - Win32/Adware.AntiSpyCheck 应用程序
C:\test\cuidcdg\18.exe@ - Win32/Spy.Agent.PZ 木马的变种
C:\test\cuidcdg\19.exe@ - 未查明的 NewHeur_PE 病毒 [7]
C:\test\cuidcdg\2.exe@ - Win32/Adware.MoKeAD 应用程序
C:\test\cuidcdg\20.exe@ - 可能是 Win32/DNSChanger 木马的一个变种
C:\test\cuidcdg\21.exe@ - Win32/DNSChanger.NAI 木马的变种
C:\test\cuidcdg\22.exe@ - Win32/TrojanDownloader.Agent.OBQ 木马的变种
C:\test\cuidcdg\23.exe@ - Win32/Adware.PowerAntivirus 应用程序的变种
C:\test\cuidcdg\25.exe@ - Win32/Adware.XPAntivirus 应用程序
C:\test\cuidcdg\26.exe@ - Win32/TrojanDownloader.Agent.OBQ 木马的变种
C:\test\cuidcdg\27.exe@ - Win32/Inject.NBE 木马的变种
C:\test\cuidcdg\28.exe@ >>NSIS >>inst1.exe - Win32/TrojanDownloader.Zlob.CJB 木马
C:\test\cuidcdg\28.exe@ >>NSIS >>inst2.exe - Win32/DNSChanger.NAJ 木马
C:\test\cuidcdg\28.exe@ >>NSIS >>inst3.exe - Win32/TrojanDownloader.Zlob.CJB 木马
C:\test\cuidcdg\29.exe@ - 未查明的 NewHeur_PE 病毒 [7]
C:\test\cuidcdg\3.exe@ - Win32/FlyStudio.NAM 木马
C:\test\cuidcdg\31.exe@ - Win32/TrojanDownloader.Agent.OBQ 木马的变种
C:\test\cuidcdg\33.exe@ - Win32/PSW.OnLineGames.NQM 木马的变种
C:\test\cuidcdg\35.exe@ - Win32/TrojanDownloader.VB.NOE 木马
C:\test\cuidcdg\36.exe@ - Win32/Adware.Virtumonde.NBD 应用程序的变种
C:\test\cuidcdg\37.exe@ - 可能是 Win32/Spy.Agent 木马的一个变种
C:\test\cuidcdg\40.exe@ - Win32/Spy.Agent.NFT 木马的变种
C:\test\cuidcdg\41.exe@ - Win32/DNSChanger.NAI 木马的变种
C:\test\cuidcdg\43.exe@ - Win32/Adware.Virtumonde.NBC 应用程序的变种
C:\test\cuidcdg\44.exe@ - Win32/Spy.Agent.PZ 木马的变种
C:\test\cuidcdg\45.exe@ - Win32/Spy.Agent.PZ 木马的变种
C:\test\cuidcdg\46.exe@ - Win32/Ceckno 木马的变种
C:\test\cuidcdg\48.exe@ - 可能是 Win32/Agent 木马的一个变种
C:\test\cuidcdg\5.exe@ - Win32/TrojanDropper.VB.NED 木马
C:\test\cuidcdg\51.exe@ - Win32/DNSChanger.NAI 木马的变种
C:\test\cuidcdg\52.exe@ - Win32/Agent.HYA 木马
C:\test\cuidcdg\56.exe@ - Win32/Adware.UltimateDefender 应用程序的变种
C:\test\cuidcdg\58.exe@ - Win32/TrojanDownloader.Agent.OBU 木马的变种
C:\test\cuidcdg\59.exe@ - Win32/Adware.Virtumonde.NBB 应用程序的变种
C:\test\cuidcdg\6.exe@ - Win32/AutoRun.WP 蠕虫
C:\test\cuidcdg\60.exe@ - Win32/Adware.UltimateDefender 应用程序
C:\test\cuidcdg\61.exe@ - 可能是 Win32/Genetik 木马的一个变种
C:\test\cuidcdg\62.exe@ - Win32/PSW.Gamania.NAQ 木马
C:\test\cuidcdg\63.exe@ - 可能是 Win32/Genetik 木马的一个变种
C:\test\cuidcdg\64.exe@ - 可能是 Win32/Rootkit.Agent.NBQ 木马的一个变种
C:\test\cuidcdg\65.exe@ - 可能是 Win32/Rootkit.Agent.NBQ 木马的一个变种
C:\test\cuidcdg\68.exe@ - 可能是 Win32/Shark 木马的一个变种
C:\test\cuidcdg\70.exe@ - Win32/DNSChanger.NAI 木马的变种
C:\test\cuidcdg\72.exe@ - Win32/Spy.Pophot 木马的变种
C:\test\cuidcdg\73.exe@ - Win32/PcClient 木马的变种
C:\test\cuidcdg\75.exe@ - Win32/PSW.Agent.CU 木马的变种
C:\test\cuidcdg\76.exe@ - Win32/AutoRun.JX 蠕虫的变种
C:\test\cuidcdg\77.exe@ - Win32/AutoRun.VM 蠕虫
C:\test\cuidcdg\79.exe@ - Win32/Spy.Goldun.ASF 木马
C:\test\cuidcdg\9.exe@ - Win32/Adware.Zhongsou 应用程序
已扫描的文件数目：89
已发现的病毒数目：55

显示全部楼层 · 发表于 2008-8-23 12:34:12

Start of the scan: 2008年8月23日  12:38

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg'
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\0.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\1.exe@
[DETECTION] Is the TR/Delf.eab Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\10.exe@
[DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.C adware or spyware
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\11.exe@
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\12.exe@
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\13.exe@
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\14.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\15.exe@
[DETECTION] Is the TR/Dldr.Delf.may Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\16.exe@
   [DETECTION] Contains recognition pattern of the DIAL/302181 dialer
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\17.exe@
[DETECTION] Contains recognition pattern of the SPR/Fake.AntiSpy.U program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\18.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\2.exe@
[DETECTION] Is the TR/Delf.drb Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\20.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\21.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\22.exe@
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Dldr.Small.ZFF.1 Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.zfn.5 Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.zfq Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.zie.5 Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.zre.2 Trojan
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\23.exe@
[DETECTION] Contains recognition pattern of the SPR/fak.PowerAV09.A program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\25.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\26.exe@
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Dldr.Small.aase Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.zfq Trojan
      --> Object
      [DETECTION] Is the TR/Dldr.Small.abiz Trojan
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\27.exe@
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\28.exe@
[DETECTION] Contains recognition pattern of the DR/Dldr.DNSChanger.Gen dropper
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\29.exe@
   [DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\3.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\30.exe@
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\31.exe@
[DETECTION] Is the TR/Dldr.Agent.vgu.4 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\32.exe@
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\33.exe@
[DETECTION] Is the TR/Onlinegames.ANOC Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\35.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\36.exe@
[DETECTION] Is the TR/Monder.fpg Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\37.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\38.exe@
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\4.exe@
[DETECTION] Is the TR/Drop.Small.bte Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\40.exe@
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.asa.42 back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\41.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\43.exe@
   [DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\44.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\45.exe@
[DETECTION] Is the TR/Dldr.Small.aayu Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\46.exe@
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Ceckno.CZ.4 back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\47.exe@
[DETECTION] Is the TR/Dldr.Baido.A Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\48.exe@
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\5.exe@
[0] Archive type: OVL
--> Object
   [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\50.exe@
[DETECTION] Is the TR/Dldr.Baido.A Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\51.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\52.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\55.exe@
[DETECTION] Is the TR/Spy.Agent.dgh Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\56.exe@
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\58.exe@
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\59.exe@
[DETECTION] Is the TR/Monder.frm Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\6.exe@
[DETECTION] Is the TR/Autorun.QW.2 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\60.exe@
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\61.exe@
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\62.exe@
[DETECTION] Is the TR/Inject.fbo Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\63.exe@
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\64.exe@
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\65.exe@
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\66.exe@
[DETECTION] Is the TR/Dldr.Baido.A Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\67.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\68.exe@
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Shark.buc.1 back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\69.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\7.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\72.exe@
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\73.exe@
[DETECTION] Contains recognition pattern of the DR/PcClient.Gen dropper
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\74.exe@
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE]    DR/Delphi.Gen:[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Start Page>=sz:baidu.com>=SZ:about:blank
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\75.exe@
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/PSW.Lineage.JD.4 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\76.exe@
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\78.exe@
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\79.exe@
[DETECTION] Is the TR/Spy.Goldun.asf Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\8.exe@
[DETECTION] Is the TR/Drop.BHO.78347 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Owner\桌面\新建文件夹\cuidcdg\9.exe@
[DETECTION] Contains recognition pattern of the ADSPY/ZzToolbar.B adware or spyware
[NOTE]    The file was deleted!

End of the scan: 2008年8月23日  12:38
Used time: 00:27 Minute(s)

The scan has been done completely.

   1 Scanning directories
   80 Files were scanned
   76 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   68 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   0 Archives were scanned
   0 Warnings
   68 Notes

显示全部楼层 · 发表于 2008-8-23 12:35:30

红伞漏12…………上报

显示全部楼层 · 发表于 2008-8-23 19:57:35

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： AdWare.Win32.Softuu.b
病毒： Trojan.Win32.Ntos.hu
病毒： Trojan.Win32.DNSChanger.GEN
病毒： Trojan.Win32.DNSChanger.drb
病毒： Trojan.Win32.Undef.kff
病毒： Trojan.DL.Win32.Mnless.avu
病毒： Trojan.Win32.KillAV.abc
病毒： Trojan.DL.Win32.Undef.asd
病毒： Trojan.Win32.Undef.kff
病毒： Trojan.DL.Win32.Game.a
病毒： Trojan.Win32.Undef.ktd
病毒： Trojan.DL.Win32.Undef.anb
病毒： Worm.Win32.Agent.wc
病毒： Trojan.DL.Win32.Undef.afr
病毒： Worm.Win32.DownLoader.cd
病毒： Trojan.PSW.Win32.Mapdimp.n
病毒： Trojan.Win32.VB.fna
病毒： Trojan.DL.Win32.Mnless.avs
病毒： Trojan.PSW.Win32.Banker.GEN
病毒： Backdoor.Win32.Ceckno.ep
病毒： Trojan.DL.Win32.Undef.anv
病毒： Trojan.Win32.VUNDO.bkp
病毒： Backdoor.Win32.RWX.vm
病毒： Trojan.DL.Win32.Braviax.o
病毒： Trojan.DL.Win32.MyDown.ak
病毒： Trojan.DL.Win32.MyDown.ak

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.58.52

[病毒样本] qianwenxiang大大给我的一些样本分享一部分

116/36

浏览过的版块

[病毒样本] qianwenxiang大大给我的一些样本 分享一部分

116/36

浏览过的版块

[病毒样本] qianwenxiang大大给我的一些样本分享一部分