15

sam.to

ilove.scr1是使用文件夾图标
有人上报MyPhoto009-XxX.JPEG_www.facebook.scr2到X星,居然說不是病毒


bba36866280c909c7dc5e90a7716ffc1  2.ex2e
e6aef70bb3b3b259e005b088445e2b20  Azada.ex2e
283d36300d749f948a8849a249b34479  CfProtect.dll2
2af586c0df1545940e171e6079e60382  da11.ex2e
875449c4563f3e68ef463f185722d280  da12.exe2
4df649e0c76137dd7e7029f3ed709c75  da5.ex2e
164ae41be41059cbdc7cda08b7609269  da8.exe2
c06a741b0b7005685ab9e25f41a1d9e5  ilove.scr1
714cf24fc19a20ae0dc701b48ded2cf6  MSCOMCTL.OC2X
b8735dc8f0bd559c7205162fd7e41d0a  MyPhoto009-XxX.JPEG_www.facebook.scr2
b4a73ccf2c56812b06d8d0fd60a6a69e  setup_2008006.exee
819ecf961ca99ee91775c5d4d67b76f8  TTPlayer.exe2
330d903d6ab8f5ed2dd0e295b9d6e1e9  TXPlatform.exe2
d36cfb477fb8b9dda8da5a5958029e6e  urlmon.dl2l
60a6c09cde39a8f875c8b21ebac7a794  木马彩衣7155VK.exe2


已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tbkt        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\da11.ex2e
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tarw        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\da12.exe2
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tapu        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\da5.ex2e//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tapu        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\da8.exe2//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tcls        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\ilove.scr1/love.exe
已刪除: 病毒 Worm.Win32.AutoRun.lya        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\MyPhoto009-XxX.JPEG_www.facebook.scr2
已刪除: 特洛伊木馬程式 Packed.Win32.Klone.af        檔案: C:\Documents and Settings\kato9096\桌面\24102\What\木马彩衣7155VK.exe2

卡巴只报7个,上报8个

Hello,

2.ex2e - Backdoor.Win32.Hupigon.drxd,
setup_2008006.exee - Trojan-Downloader.Win32.Agent.afqf

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Azada.ex2e, CfProtect.dll2, MSCOMCTL.OC2X, TTPlayer.exe2, TXPlatform.exe2, urlmon.dl2l

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-9-7 00:12 编辑 ]

The EQs

从文件名就能看出有几个是正常的文件

Palkia

rs 杀 5

sam.to

汗,上报时密碼出錯,要重新上报

nosferatu

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\What'
C:\Documents and Settings\Administrator\桌面\What\What\2.ex2e
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\da11.ex2e
    [DETECTION] Is the TR/PSW.Lmir.UMP Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\da12.exe2
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\da5.ex2e
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\da8.exe2
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\ilove.scr1
    [0] Archive type: RAR SFX (self extracting)
      --> love.exe
        [1] Archive type: RSRC
        --> Object
          [DETECTION] Is the TR/Crypt.Delf.AA.43 Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\MyPhoto009-XxX.JPEG_www.facebook.scr2
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\setup_2008006.exee
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\What\What\木马彩衣7155VK.exe2
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
    [NOTE]      The file was deleted!


End of the scan: 星期四 2008年9月4日  08:05
Used time: 00:15 Minute(s)

The scan has been done completely.

      2 Scanning directories
     17 Files were scanned
      9 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      9 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      1 Archives were scanned
      0 Warnings
      9 Notes
File ID         Filename        Size (Byte)        Result
25127352         Azada.ex2e         2.36 MB         UNDER ANALYSIS
25127353         CfProtect.dll2         1.49 MB         UNDER ANALYSIS
25127356         TTPlayer.exe2         969.5 KB         UNDER ANALYSIS
25127357         TXPlatform.exe2         149.33 KB         UNDER ANALYSIS
153220         MSCOMCTL.OC2X         1.02 MB         KNOWN CLEAN
3743850         urlmon.dl2l         594.5 KB         KNOWN CLEAN

我是谁caojie

avk直接把两个压缩包全都隔离了

BING126

McAfee  报了5个。。

2.ex2e                          no   
azada.ex2e                   no   
cfprotect.dll2                 no   
da11.ex2e                     pws-onlinegames.ce           
da12.exe2                     pws-mmorpg.gen            
da5.ex2e                       new malware.n               
da8.exe2                       new malware.n               
ilove.scr1                       no  
mscomctl.oc2x               no   
myphoto009-xxx.jpeg_   no
setup_2008006.exee     no   
ttplayer.exe2                  no   
txplatform.exe2               new malware.gq                 
urlmon.dl2l                     no   
木马彩衣7155vk.exe2     no

[ 本帖最后由 BING126 于 2008-9-4 21:47 编辑 ]

曲中求

咖啡 8.5

7个

2008-9-4        22:25:03        引擎版本=5300.2777
2008-9-4        22:25:03        防病毒 DAT 版本=5376.0000
2008-9-4        22:25:03        EXTRA.DAT 中的检测项特征码数=无
2008-9-4        22:25:03        EXTRA.DAT 中的检测项特征码名称=无
2008-9-4        22:24:57        扫描已启动        9E4A1CD1F2E54EE\曲中求        按需扫描
2008-9-4        22:25:04        未采取操作         曲中求        E:\病毒\What[1]\What\da11.ex2e        PWS-OnlineGames.ce(特洛伊)
2008-9-4        22:25:11        未采取操作         曲中求        E:\病毒\What[1]\What\da12.exe2        PWS-Mmorpg.gen(特洛伊)
2008-9-4        22:25:12        未采取操作         曲中求        E:\病毒\What[1]\What\da5.ex2e\da5.ex2e\00005060.EXE        PWS-Mmorpg.gen(特洛伊)
2008-9-4        22:25:13        未采取操作         曲中求        E:\病毒\What[1]\What\da8.exe2\da8.exe2\00005060.EXE        PWS-Mmorpg.gen(特洛伊)
2008-9-4        22:25:13        未采取操作         曲中求        E:\病毒\What[1]\What\MyPhoto009-XxX.JPEG_www.facebook.scr2        Generic PUP.x(可能有害的程序)
2008-9-4        22:25:13        未采取操作         曲中求        E:\病毒\What[1]\What\TXPlatform.exe2        New Malware.gq(特洛伊)
2008-9-4        22:25:14        未采取操作         曲中求        E:\病毒\What[1]\What\木马彩衣7155VK.exe2        New Malware.fi(特洛伊)
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        扫描摘要
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已扫描的进程: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已检测的进程: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已清除病毒的进程: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已扫描的引导区: 1
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已检测的引导区: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已清除病毒的引导区: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已扫描的文件: 15
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        含有检测项的文件: 7
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        文件检测项: 7
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已清除病毒的文件： 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已删除的文件: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        未扫描的文件: 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        扫描摘要(注册表扫描)
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已扫描的项         : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已检测的项        : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已清理的项         : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已删除的项         : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        扫描摘要(Cookie 扫描)
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已扫描的 Cookie      : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已检测的 Cookie     : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已清理的 Cookie      : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        已删除的 Cookie      : 0
2008-9-4        22:25:14        扫描摘要        9E4A1CD1F2E54EE\曲中求        运行时间: 0:00:17
2008-9-4        22:25:14        扫描结束        9E4A1CD1F2E54EE\曲中求        按需扫描

sam.to

Hello,

2.ex2e - Backdoor.Win32.Hupigon.drxd,
setup_2008006.exee - Trojan-Downloader.Win32.Agent.afqf

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Azada.ex2e, CfProtect.dll2, MSCOMCTL.OC2X, TTPlayer.exe2, TXPlatform.exe2, urlmon.dl2l

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

斯太尔

小A全报