21

sam.to

e55e93959c6cce3cf735f64c702e6729  4BCGDM50SI.exe3
0f717b16f29a6190bcb43f3fdcd22806  auto.exe3
903247c23388a8225b2c16e88b2ce427  DSC01087.JPG.exe3
e55e93959c6cce3cf735f64c702e6729  F8YBSPSXC.exe3
e55e93959c6cce3cf735f64c702e6729  G45XB.exe3
4ef4367221228b4bf12a778b5d42452d  hfpthe.dll3
e55e93959c6cce3cf735f64c702e6729  LHPYDXY.exe3
020fb3cb92ee70ec52729ef72c9452a4  LLZJY080903.EXE3
d21c209ede6f3dc63f480c84792953d0  lsosss.exe3
ae8a03dddd172313bf5cac0082438b20  miPhoto0011-jaja.JPEG_www.myspace.scr3
14de929cb5b90c45238d56e0bd672f28  mizoe.exe3
1347a5850958dce87216411605fc6943  myPhoto15.JPEG_www.myspace.scr3
5a0ab43c110696e237ace8d5d9ad630c  PROSCORE.DLL3
43699754a87b557ddbae102fe159b05a  RegCode.dll3
e55e93959c6cce3cf735f64c702e6729  RU84KA.exe3
e55e93959c6cce3cf735f64c702e6729  TBY08NLM75.exe3
e55e93959c6cce3cf735f64c702e6729  TPCPBX1.exe3
fe4db30f01803af8ce2bc976da99ffef  TtlGmRCnt.exe3
17df36a15678ae27a4055a96085bcc7c  winlogon.exe3
e55e93959c6cce3cf735f64c702e6729  ZOXOED.exe3
606037d028939e07428bae044e0338a2  有毒  测试.exe3

已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\4BCGDM50SI.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.Chifrax.a        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\DSC01087.JPG.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\F8YBSPSXC.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\G45XB.exe3
已刪除: 特洛伊木馬程式 Backdoor.Win32.PcClient.lhp        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\hfpthe.dll3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\LHPYDXY.exe3
已刪除: 病毒 Worm.Win32.AutoRun.mhg        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\LLZJY080903.EXE3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.aczg        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\lsosss.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.Qhost.klg        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\miPhoto0011-jaja.JPEG_www.myspace.scr3
已刪除: 病毒 Worm.Win32.AutoRun.mxz        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\myPhoto15.JPEG_www.myspace.scr3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\RU84KA.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\TBY08NLM75.exe3
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\TPCPBX1.exe3
已刪除: 病毒 Virus.Win32.Delf.bz        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\winlogon.exe3//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.AntiAV.ka        檔案: C:\Documents and Settings\kato9096\桌面\222222222222222222222222222222\auto\ZOXOED.exe3

卡巴报15,上报6个

Kitman

16
Starting the file scan:

Begin scan in 'C:\Users\TOSHIBA\Downloads\auto'
C:\Users\TOSHIBA\Downloads\auto\auto\4BCGDM50SI.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '490c4815.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\auto.exe3
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '493d4849.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\F8YBSPSXC.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '4922480c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\G45XB.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '48fe4808.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\hfpthe.dll3
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      A backup was created as '4939483a.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\LHPYDXY.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '4919481c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\LLZJY080903.EXE3
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '49234820.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\lsosss.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49384847.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\miPhoto0011-jaja.JPEG_www.myspace.scr3
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      A backup was created as '4919483d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\myPhoto15.JPEG_www.myspace.scr3
    [DETECTION] Is the TR/Hoster.G Trojan
    [NOTE]      A backup was created as '4919484d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\RU84KA.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49014829.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\TBY08NLM75.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49224817.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\TPCPBX1.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '490c4825.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\winlogon.exe3
    [DETECTION] Contains recognition pattern of the W32/Delf.BZ Windows virus
    [NOTE]      A backup was created as '4937483e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\ZOXOED.exe3
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '49214824.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\auto\auto\有毒  测试.exe3
    [DETECTION] Is the TR/Small.300308 Trojan
    [NOTE]      A backup was created as '48e9b3a7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年9月12日  00:31
Used time: 00:04 Minute(s)

The scan has been done completely.

      2 Scanning directories
     21 Files were scanned
      7 viruses and/or unwanted programs were found
      9 Files were classified as suspicious:
     16 files were deleted
      0 files were repaired
     16 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      0 Archives were scanned
      0 Warnings
     16 Notes

袏珥盯

扫22,杀17


[ 本帖最后由 袏珥盯 于 2008-9-12 03:03 编辑 ]

chenwei54

Avira AntiVir Premium
Report file date: 2008年9月12日  08:25

Scanning for 1609795 virus strains and unwanted programs.

Licensed to:      chen kevin
Serial number:    1102540995-PEPWE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         sylvanas
Computer name:    933D59295CF4477

Version information:
BUILD.DAT     : 8.1.0.367      20012 Bytes   2008-8-12 11:31:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes   2008-6-26 02:57:54
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   2008-5-26 01:56:42
LUKE.DLL      : 8.1.4.5       164097 Bytes   2008-6-12 06:44:20
LUKERES.DLL   : 8.1.4.0        12033 Bytes   2008-5-26 01:58:54
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes   2007-7-18 06:36:36
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes   2008-6-24 07:53:28
ANTIVIR2.VDF  : 7.0.6.94     2998784 Bytes   2008-8-31 09:53:44
ANTIVIR3.VDF  : 7.0.6.148     334848 Bytes   2008-9-11 17:27:30
Engineversion : 8.1.1.28  
AEVDF.DLL     : 8.1.0.5       102772 Bytes    2008-4-2 06:36:34
AESCRIPT.DLL  : 8.1.0.70      319866 Bytes    2008-9-3 08:22:34
AESCN.DLL     : 8.1.0.23      119156 Bytes   2008-7-15 07:58:46
AERDL.DLL     : 8.1.1.1       397683 Bytes    2008-9-3 08:22:34
AEPACK.DLL    : 8.1.2.1       364917 Bytes   2008-7-15 07:58:46
AEOFFICE.DLL  : 8.1.0.23      196987 Bytes    2008-9-3 08:22:34
AEHEUR.DLL    : 8.1.0.51     1397111 Bytes    2008-9-3 08:22:34
AEHELP.DLL    : 8.1.0.15      115063 Bytes   2008-5-29 06:08:42
AEGEN.DLL     : 8.1.0.36      315764 Bytes   2008-8-18 10:05:36
AEEMU.DLL     : 8.1.0.7       430452 Bytes   2008-7-31 06:02:16
AECORE.DLL    : 8.1.1.11      172406 Bytes    2008-9-3 08:22:32
AEBB.DLL      : 8.1.0.1        53617 Bytes   2008-7-18 03:20:50
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    2008-7-9 02:40:06
AVPREF.DLL    : 8.0.2.0        38657 Bytes   2008-5-16 03:28:02
AVREP.DLL     : 8.0.0.2        98344 Bytes    2008-9-7 18:30:56
AVREG.DLL     : 8.0.0.1        33537 Bytes    2008-5-9 05:26:42
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2008-2-12 02:29:24
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   2008-6-12 06:27:50
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   2008-1-22 11:28:04
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   2008-6-12 06:49:42
NETNT.DLL     : 8.0.0.1         7937 Bytes   2008-1-25 06:05:12
RCIMAGE.DLL   : 8.0.0.51     2564353 Bytes   2008-6-12 07:29:32
RCTEXT.DLL    : 8.0.51.0       86273 Bytes   2008-6-27 05:00:58

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bb472ba7.avp
Logging..........................: low
Primary action...................: delete
Secondary action.................: delete
Scan master boot sector..........: off
Scan boot sector.................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Skipped files....................: E:\DNF\TerSafe.dll,
Deviating risk categories........: +JOKE,+PCK,+SPR,

Start of the scan: 2008年9月12日  08:25

Starting the file scan:

Begin scan in 'D:\DOWNLOAD\412465214512.rar'
D:\DOWNLOAD\412465214512.rar
    [0] Archive type: RAR
    --> 412465214512\05.exe!
      [DETECTION] Is the TR/Onlinegames.tboi Trojan
    --> 412465214512\10(1).exe!
      [DETECTION] Is the TR/Onlinegames.tboe Trojan
    --> 412465214512\28.exe!
      [DETECTION] Is the TR/Onlinegames.tbod Trojan
    --> 412465214512\aa10.exe!
      [DETECTION] Is the TR/Onlinegames.tboi Trojan
      --> 412465214512\aa2.exe!
          [DETECTION] Is the TR/PSW.Online.Osh.2 Trojan
    --> 412465214512\aa20.exe!
      [DETECTION] Is the TR/Onlinegames.tbod Trojan
      --> 412465214512\aa6.exe!
          [DETECTION] Is the TR/PSW.Online.bin Trojan
    --> 412465214512\aa9.exe!
      [DETECTION] Is the TR/Onlinegames.tboe Trojan
    --> 412465214512\zzzx.exe!
      [DETECTION] Is the TR/Onlinegames.tboe Trojan
    [NOTE]      A backup was created as '48fbb745.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年9月12日  08:25
Used time: 00:03 Minute(s)

The scan has been done completely.

      0 Scanning directories
     14 Files were scanned
     13 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes

啊弥陀佛

微点拦截

水晶

瑞星09病毒名称                                                        处理结果                                                        发现日期                                                        查杀方式                                                        访问染毒文件的进程                                              文件                                                            
Worm.Agent.xo                                                   删除成功                                                        2008-09-12 10:21:48                                             文件监控                                                        C:\PROGRAM FILES\WINRAR\WINRAR.EXE                              C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\AUTO\WINLOGON.EXE3>>upack0.34

BING126

McAfee 报了13个。。

4bcgdm50si.exe3         generic dropper.aj         
auto.exe3                     new malware.n               
dsc01087.jpg.exe3       with fishy extension      
f8ybspsxc.exe3             generic dropper.aj        
g45xb.exe3                   generic dropper.aj          
hfpthe.dll3                     no  
lhpydxy.exe3                generic dropper.aj      
llzjy080903.exe3           downloader-azn.dr          
lsosss.exe3                   no
miphoto0011-jaja.jpe    generic pup.x              
mizoe.exe3                    no  
myphoto15.jpeg_www.m no
proscore.dll3                  no  
regcode.dll3                   no  
ru84ka.exe3                   generic dropper.aj        
tby08nlm75.exe3            generic dropper.aj         
tpcpbx1.exe3                  generic dropper.aj         
ttlgmrcnt.exe3                 no  
winlogon.exe3                 w32/mumawow                
有毒  测试.exe3               no            
zoxoed.exe3                   generic dropper.aj

醉一生爱妍

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.Win32.Undef.duq   
病毒： Trojan.DL.Win32.Delf.gdb
病毒： Backdoor.Win32.PcClient.eur
病毒： Trojan.DL.Win32.MyDown.as
病毒： Trojan.Win32.Undef.qdw   
病毒： Backdoor.Win32.Mnless.me
病毒： Backdoor.Win32.Bifrose.a

MAC 地址：00:11:2F:5A:58:BC

用户来源：互联网

软件版本：20.61.42

qigang

已被转至剑盟！

woai_jolin

Scan Log
Version of virus signature database: 3439 (20080912)
Date: 2008-9-13  Time: 7:44:22
Scanned disks, folders and files: G:\v\auto
G:\v\auto\auto\4BCGDM50SI.exe3 - is OK
G:\v\auto\auto\auto.exe3 - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
G:\v\auto\auto\DSC01087.JPG.exe3 - is OK
G:\v\auto\auto\F8YBSPSXC.exe3 - is OK
G:\v\auto\auto\G45XB.exe3 - is OK
G:\v\auto\auto\hfpthe.dll3 - Win32/PcClient trojan - cleaned by deleting - quarantined [1]
G:\v\auto\auto\LHPYDXY.exe3 - is OK
G:\v\auto\auto\LLZJY080903.EXE3 - a variant of Win32/AutoRun.YE worm - cleaned by deleting - quarantined [1]
G:\v\auto\auto\lsosss.exe3 - Win32/TrojanDownloader.Small.ACZG trojan - cleaned by deleting - quarantined [1]
G:\v\auto\auto\miPhoto0011-jaja.JPEG_www.myspace.scr3 - Win32/AutoRun.YL worm - cleaned by deleting - quarantined [1]
G:\v\auto\auto\mizoe.exe3 - is OK
G:\v\auto\auto\myPhoto15.JPEG_www.myspace.scr3 - a variant of Win32/Injector.CR trojan - cleaned by deleting - quarantined [1]
G:\v\auto\auto\PROSCORE.DLL3 - is OK
G:\v\auto\auto\RegCode.dll3 - is OK
G:\v\auto\auto\RU84KA.exe3 - is OK
G:\v\auto\auto\TBY08NLM75.exe3 - is OK
G:\v\auto\auto\TPCPBX1.exe3 - is OK
G:\v\auto\auto\TtlGmRCnt.exe3 » ASPack v2.12 - is OK
G:\v\auto\auto\winlogon.exe3 - Win32/Drowor.NAB virus - deleted - quarantined
G:\v\auto\auto\ZOXOED.exe3 - is OK
G:\v\auto\auto\有毒  测试.exe3 » UPX v12_m5 - is OK
Number of scanned objects: 21
Number of threats found: 7
Number of cleaned objects: 7
Time of completion: 7:44:25  Total scanning time: 3 sec (00:00:03)

Notes:
[1] Object has been deleted as it only contained the virus body.