23个

小邪邪

23

Kitman

Begin scan in 'C:\Users\TOSHIBA\Downloads\vir.zip'
C:\Users\TOSHIBA\Downloads\vir.zip\vir\000.exe
    [0] Archive type: RSRC
    --> Object
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE]      A backup was created as '490a5acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\001.exe
    [DETECTION] Is the TR/FraudPack.aal Trojan
    [NOTE]      A backup was created as '490b5acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\003.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '490d5acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\004.exe
    [DETECTION] Is the TR/Dldr.CodecPack.AE Trojan
    [NOTE]      A backup was created as '490e5acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\005.exe
    [DETECTION] Is the TR/Drop.Cattivo.A Trojan
    [NOTE]      A backup was created as '490f5acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\006.exe
    [DETECTION] Is the TR/Drop.Cattivo.A Trojan
    [NOTE]      A backup was created as '49105acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\007.exe
    [DETECTION] Is the TR/Dldr.Agent.ahmc Trojan
    [NOTE]      A backup was created as '49115acd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\008.exe
    [DETECTION] Is the TR/FraudPack.94208.1 Trojan
    [NOTE]      A backup was created as '49125ace.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\009.exe
    [DETECTION] Is the TR/Dldr.FakeAler.AF Trojan
    [NOTE]      A backup was created as '49135ace.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\010.exe
    [DETECTION] Is the TR/Drop.Agen.104964 Trojan
    [NOTE]      A backup was created as '490a5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\011.exe
    [DETECTION] Is the TR/Drop.RKit.BQ Trojan
    [NOTE]      A backup was created as '490b5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\012.exe
    [DETECTION] Is the TR/Agent.aegc Trojan
    [NOTE]      A backup was created as '490c5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\013.exe
    [DETECTION] Is the TR/Dldr.FakeAler.AD Trojan
    [NOTE]      A backup was created as '490d5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\014.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '490e5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\015.exe
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE]      A backup was created as '490f5acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\016.exe
    [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
    [NOTE]      A backup was created as '49105acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\017.exe
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE]      A backup was created as '49115acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\018.exe
    [DETECTION] Is the TR/Drop.Cutwail.AS Trojan
    [NOTE]      A backup was created as '49125acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\019.exe
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      A backup was created as '49135acf.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\020.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      A backup was created as '490a5ad0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\021.exe
    [DETECTION] Is the TR/FraudPack.aag Trojan
    [NOTE]      A backup was created as '490b5ad0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\vir.zip\vir\022.exe
    [DETECTION] Is the TR/FraudPack.aag Trojan
    [NOTE]      A backup was created as '490c5ad0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年9月24日  23:19
Used time: 00:03 Minute(s)

The scan has been done completely.

      2 Scanning directories
     23 Files were scanned
     22 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     22 files were deleted
      0 files were repaired
     22 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
     22 Notes
The file '002.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content. 

[ 本帖最后由 Kitman 于 2008-9-24 23:22 编辑 ]

wangjay1980

K

无尽藏海

维生素B2

rising2009 0

1688388728

蜘蛛13个

欠妳緈諨

Virus check with G DATA AntiVirus
Version 18.7.8155.555
Virus signature dated 9/24/2008
Start time: 9/24/2008 17:52
Engine(s): Engine A (AVK 19.692), Engine B (AVB 19.37)
Heuristics: On
Archive: On
System areas: Off

Check the following directories and files:
  S:\vir\

Object: 014.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Delf.ojl (Engine A)
Object: 015.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.adni (Engine A)
Object: 016.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.VB.fjp (Engine A)
Object: 017.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Backdoor.Win32.Delf.aec (Engine A)
Object: 018.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Backdoor.Win32.Agent.rsv (Engine A)
Object: 019.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.Monder.gen (Engine A)
Object: 020.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Dropper.Win32.Agent.xea (Engine A)
Object: 021.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.FraudPack.aag (Engine A)
Object: 022.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.FraudPack.aag (Engine A)
Object: 000.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Dropper.Win32.Agent.xag (Engine A)
Object: 001.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.FraudPack.aal (Engine A)
Object: 003.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Win32:Trojan-gen {Other} (Engine B)
Object: 004.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.CodecPack.ae (Engine A)
Object: 005.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Worm.Win32.AutoRun.nls (Engine A)
Object: 006.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Worm.Win32.AutoRun.nls (Engine A)
Object: 007.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Agent.ahmc (Engine A)
Object: 008.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.FraudPack.gen (Engine A)
Object: 009.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.Agent.aeml (Engine A)
Object: 010.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.BHO.guk (Engine A)
Object: 011.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.Agent.aemm (Engine A)
Object: 012.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan.Win32.Agent.aegc (Engine A)
Object: 013.exe
        Path: S:\vir
        Status: Virus detected
        Virus: Trojan-Downloader.Win32.Small.adrg (Engine A)

Analysis performed in full: 9/24/2008 17:53
    23 files checked
    22 infected files detected
    0 suspicious files found

欠妳緈諨

002.exe
File 002.exe received on 09.24.2008 17:21:10 (CET)
Current status: finished

Result: 0/36 (0.00%)
Compact Print results  
Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.24 -
AntiVir 7.8.1.34 2008.09.24 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.24 -
BitDefender 7.2 2008.09.24 -
CAT-QuickHeal 9.50 2008.09.24 -
ClamAV 0.93.1 2008.09.24 -
DrWeb 4.44.0.09170 2008.09.24 -
eSafe 7.0.17.0 2008.09.24 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.24 -
F-Prot 4.4.4.56 2008.09.23 -
F-Secure 8.0.14332.0 2008.09.24 -
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.24 -
Ikarus T3.1.1.34.0 2008.09.24 -
K7AntiVirus 7.10.470 2008.09.24 -
Kaspersky 7.0.0.125 2008.09.24 -
McAfee 5390 2008.09.23 -
Microsoft 1.3903 2008.09.24 -
NOD32 3468 2008.09.24 -
Norman 5.80.02 2008.09.24 -
Panda 9.0.0.4 2008.09.24 -
PCTools 4.4.2.0 2008.09.24 -
Prevx1 V2 2008.09.24 -
Rising 20.63.22.00 2008.09.24 -
Sophos 4.33.0 2008.09.24 -
Sunbelt 3.1.1666.1 2008.09.24 -
Symantec 10 2008.09.24 -
TheHacker 6.3.0.9.092 2008.09.24 -
TrendMicro 8.700.0.1004 2008.09.24 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.24.1390 2008.09.24 -
VirusBuster 4.5.11.0 2008.09.24 -
Webwasher-Gateway 6.6.2 2008.09.24 -

bjfhj

C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/015.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/016.exe - 可能是 Win32/VB.NPK 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/017.exe - 未查明的 NewHeur_PE 病毒
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/018.exe - Win32/Wigon.EY 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/019.exe - 可能是 Win32/Adware.Virtumonde.NBJ 应用程序 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/020.exe - Win32/Dialer.NEW 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/021.exe - Win32/TrojanDownloader.FakeAlert.IY 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/022.exe - Win32/TrojanDownloader.FakeAlert.IY 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/000.exe - Win32/Dialer.NEW 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/001.exe - Win32/TrojanDownloader.FakeAlert.IY 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/003.exe - Win32/TrojanDownloader.Agent.OFU 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/004.exe - Win32/TrojanDownloader.Zlob.CNF 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/005.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/006.exe - 可能是 Win32/Genetik 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/007.exe - Win32/TrojanDownloader.Zlob.CNG 特洛伊木马
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/010.exe - Win32/Kryptik.O 特洛伊木马 的变种
C:\Documents and Settings\Administrator\桌面\vir.zip > ZIP > vir/012.exe - Win32/BHO.NHM 特洛伊木马

wenbin

小邪邪的病毒样本应该报给咖啡了吧?