zbot大集合

显示全部楼层 · 发表于 2008-9-10 15:22:52

全部从spam来的，主流av应该全灭

显示全部楼层 · 发表于 2008-9-10 15:37:38

Starting the file scan:

Begin scan in 'C:\Users\TOSHIBA\Downloads\Desktop'
C:\Users\TOSHIBA\Downloads\Desktop\1BuLAl9N.part
[0] Archive type: ZIP
--> ticket_983992.exe
   [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE]    A backup was created as '493c796b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\2AjTtzVm.part
[0] Archive type: ZIP
--> 98676512.exe
   [DETECTION] Is the TR/Spy.ZBot.eog Trojan
[NOTE]    A backup was created as '4931796a.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\3GzVRYzu.part
[0] Archive type: ZIP
--> 98676512.exe
   [DETECTION] Is the TR/Spy.ZBot.eog Trojan
[NOTE]    A backup was created as '49417970.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\8uCsci8t.part
[0] Archive type: ZIP
--> Fees_2008-2009.doc_____________________________.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.lua worm
[NOTE]    A backup was created as '490a799e.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\9+c9a6M0.part
[0] Archive type: ZIP
--> Fees_2008-2009.doc_____________________________.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.lua worm
[NOTE]    A backup was created as '492a7954.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\BvvbqADa.part
[0] Archive type: ZIP
--> IDCARD.exe
   [DETECTION] Is the TR/Spy.ZBot.dya Trojan
[NOTE]    A backup was created as '493d799f.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\cWkjumP4.part
[0] Archive type: ZIP
--> contract_2.exe
   [DETECTION] Is the TR/Dldr.Agent.adtj Trojan
[NOTE]    A backup was created as '49327980.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\d+N49UdN.part
[0] Archive type: ZIP
--> Ticket_N141-SK.exe
   [DETECTION] Is the TR/Spy.ZBot.eba Trojan
[NOTE]    A backup was created as '49157955.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\gFCIYG_6.part
[0] Archive type: ZIP
--> Fees_2008-2009.doc.exe
   [DETECTION] Is the TR/Dldr.Agent.adtj Trojan
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '490a7970.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\HbYi4hHJ.part
[0] Archive type: ZIP
--> Fees_2008-2009.doc.exe
   [DETECTION] Is the TR/Dldr.Agent.adtj Trojan
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '4920798c.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\OA98Dd9l.part
[0] Archive type: ZIP
--> Fees-2008_2009.doc.exe
   [DETECTION] Is the TR/Dldr.Agent.adtj Trojan
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '4900796b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\q6I5rJR6.part
[0] Archive type: ZIP
--> Fees_2008-2009.doc.exe
   [DETECTION] Is the TR/Dldr.Agent.HNL Trojan
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '49107960.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\QVJMsL3M.part
[0] Archive type: ZIP
--> In776162.exe
   [DETECTION] Is the TR/Spy.ZBot.ejx Trojan
[NOTE]    A backup was created as '49117980.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\Rl7yKx93.part
[0] Archive type: ZIP
--> Invoice_20080801.exe
   [DETECTION] Is the TR/Spy.ZBot.eaa Trojan
[NOTE]    A backup was created as '48fe7996.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\U12tccSW.part
[0] Archive type: ZIP
--> 98676512.exe
   [DETECTION] Is the TR/Spy.ZBot.eog Trojan
[NOTE]    A backup was created as '48f9795b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\wnNhaFZz.part
[0] Archive type: ZIP
--> e-Ticket_29.doc.exe
   [DETECTION] Is the TR/Dldr.Agent.adtj Trojan
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '49157998.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\yNU6P0Px.part
[0] Archive type: ZIP
--> eTicket_N832.doc.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.lwx worm
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '491c7978.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\ZqF6VDY7.part
[0] Archive type: ZIP
--> MB_8712.exe
   [DETECTION] Is the TR/Spy.ZBot.DMG Trojan
[NOTE]    A backup was created as '490d799b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\_FEKEmr3.part
[0] Archive type: ZIP
--> BANK_DETAILS.exe
   [DETECTION] Is the TR/FraudPack.68096 Trojan
[NOTE]    A backup was created as '490c7970.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Users\TOSHIBA\Downloads\Desktop\_sGtgVHK.part
[0] Archive type: ZIP
--> contract_2.doc.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.mqf worm
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
[NOTE]    The detection was classified as suspicious.
[NOTE]    A backup was created as '490e799d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2008年9月10日  15:37
Used time: 00:04 Minute(s)

The scan has been done completely.

   1 Scanning directories
   40 Files were scanned
   13 viruses and/or unwanted programs were found
   14 Files were classified as suspicious:
   20 files were deleted
   0 files were repaired
   20 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   13 Files not concerned
   20 Archives were scanned
   0 Warnings
   20 Notes

显示全部楼层 · 发表于 2008-9-10 15:43:09

这个是啥东东?

显示全部楼层 · 发表于 2008-9-10 15:44:41

解压就行了

显示全部楼层 · 发表于 2008-9-10 15:50:44

幸好全灭清光了

差点惨变非主流

显示全部楼层 · 发表于 2008-9-10 15:52:47

已刪除: 病毒 Worm.Win32.AutoRun.lpp 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/1BuLAl9N.part/ticket_983992.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.eog 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/2AjTtzVm.part/98676512.exe
已解毒: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.eog 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/3GzVRYzu.part
已刪除: 病毒 Worm.Win32.AutoRun.lua 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/8uCsci8t.part/Fees_2008-2009.doc_____________________________.exe
已解毒: 病毒 Worm.Win32.AutoRun.lua 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/9+c9a6M0.part
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.dya 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/BvvbqADa.part/IDCARD.exe
已刪除: 病毒 Worm.Win32.AutoRun.lru 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/cWkjumP4.part/contract_2.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.Crypt.lf 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/d+N49UdN.part/Ticket_N141-SK.exe
已刪除: 病毒 Worm.Win32.AutoRun.mdc 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/gFCIYG_6.part/Fees_2008-2009.doc.exe
已刪除: 病毒 Worm.Win32.AutoRun.lyo 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/HbYi4hHJ.part/Fees_2008-2009.doc.exe
已刪除: 病毒 Worm.Win32.AutoRun.lxg 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/OA98Dd9l.part/Fees-2008_2009.doc.exe
已刪除: 病毒 Worm.Win32.AutoRun.mtw 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/q6I5rJR6.part/Fees_2008-2009.doc.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.ejx 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/QVJMsL3M.part/In776162.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.eaa 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/Rl7yKx93.part/Invoice_20080801.exe
已解毒: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.eog 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/U12tccSW.part
已刪除: 病毒 Worm.Win32.AutoRun.mlx 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/wnNhaFZz.part/e-Ticket_29.doc.exe
已刪除: 病毒 Worm.Win32.AutoRun.lwx 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/yNU6P0Px.part/eTicket_N832.doc.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.dxc 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/ZqF6VDY7.part/MB_8712.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.FraudPack.gen 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/_FEKEmr3.part/BANK_DETAILS.exe
已刪除: 病毒 Worm.Win32.AutoRun.mqf 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/_sGtgVHK.part/contract_2.doc.exe

报20,不报的20个是死的

全都是1KB

所以不上报

[ 本帖最后由 kato9096 于 2008-9-10 15:54 编辑 ]

显示全部楼层 · 发表于 2008-9-10 15:56:29

原帖由 kato9096 于 2008-9-10 15:52 发表
已刪除: 病毒 Worm.Win32.AutoRun.lpp 檔案: C:\Documents and Settings\kato9096\桌面\Desktop.zip/1BuLAl9N.part/ticket_983992.exe
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Zbot.eog 檔案: C:\Documents and S ...

这本来就只有20个。。。。。。。。。。。。。余下的是卡巴清除后的文件。。。

显示全部楼层 · 发表于 2008-9-10 16:14:12

我設置了我的卡巴不解毒,為何会解毒?

显示全部楼层 · 发表于 2008-9-10 17:23:57

赛门铁克非主流？
报了19个

显示全部楼层 · 发表于 2008-9-10 19:52:12

那不是解毒，是包内清毒

[病毒样本] zbot大集合

回复 3楼啊弥陀佛的帖子

回复 8楼 kato9096 的帖子

[病毒样本] zbot大集合

回复 3楼 啊弥陀佛 的帖子

回复 8楼 kato9096 的帖子

回复 3楼啊弥陀佛的帖子