可疑x9

显示全部楼层 · 发表于 2008-10-6 20:10:56

可疑x9

显示全部楼层 · 发表于 2008-10-6 20:16:03

2008-10-6 JAY20:15:21 Untreated Malware Constructor.Win32.WormGen.d Medium Exact C:\Documents and Settings\Owner\桌面\可疑.rar/可疑\xhxzz.exe/NSPack Postponed
2008-10-6 JAY20:15:17 Untreated Malware Constructor.Win32.Downldr.dh Medium Exact C:\Documents and Settings\Owner\桌面\可疑.rar/可疑\dlts.exe Postponed
2008-10-6 JAY20:15:17 Untreated Malware Constructor.Win32.WormGen.d Medium Exact C:\Documents and Settings\Owner\桌面\可疑.rar/可疑\hx.exe/NSPack Postponed
2008-10-6 JAY20:15:14 Untreated Malware Constructor.Win32.Morjinz.a Medium Exact C:\Documents and Settings\Owner\桌面\可疑.rar/可疑\Data\Builder.exe Postponed
2008-10-6 JAY20:15:14 Untreated Trojan program Backdoor.Win32.Poison.dwo High Exact C:\Documents and Settings\Owner\桌面\可疑.rar/可疑\Data\Loader.exe Postponed

显示全部楼层 · 发表于 2008-10-6 20:17:58

kv 发现6个病毒

显示全部楼层 · 发表于 2008-10-6 20:22:27

Scan Stats:
  Scan Time: 3 seconds
  Scan Options:
  Scan Targets: D:\Virus\可疑.rar
  Counts:
Total items scanned: 11
- Files & Directories: 11
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 7
Total items resolved: 0
Total items that require attention: 7

Resolved Threats:

Unresolved Threats:
Risks in compressed file "可疑.rar"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Not Attempted

显示全部楼层 · 发表于 2008-10-6 20:41:06

McAfee 报了7个。。

builder.exe       generic.dx
dgrat.exe          generic.dx
dlts.exe             generic.dx
etr.exe              exploit-ms06-014
ewqs.exe       new malware.aq
hx.exe             no
loader.exe       generic backdoor
net.exe          backdoor-tw
xhxzz.exe          no

显示全部楼层 · 发表于 2008-10-6 20:44:27

0 Scanning directories
   10 Files were scanned
   8 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings

显示全部楼层 · 发表于 2008-10-6 20:58:53

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2008-10-6
开始时间: 2008-10-6 20:58
引擎: KAV 引擎 (AVK 19.897), BD  引擎 (BD 19.688)
启发式: 打开
压缩文件: 打开
系统区域: 关闭

扫描所选择的目录和文件...
对象: Loader.exe
路径: S:\可疑\Data
Status: 已发现病毒
病毒: Backdoor.Win32.Poison.dwo (KAV 引擎), Backdoor.Generic.55270 (BD  引擎)
对象: Builder.exe
路径: S:\可疑\Data
Status: 已发现病毒
病毒: Constructor.Win32.Morjinz.b (KAV 引擎), Trojan.Constructor.Morjinz.A (BD  引擎)
对象: hx.exe
路径: S:\可疑
Status: 已发现病毒
病毒: Constructor.Win32.WormGen.d (KAV 引擎), Trojan.Dropper.Delf.BDE (BD  引擎)
对象: dlts.exe
路径: S:\可疑
Status: 已发现病毒
病毒: Constructor.Win32.Downldr.dh (KAV 引擎)
对象: DGRAT.exe
路径: S:\可疑
Status: 已发现病毒
病毒: Trojan.Generic.350061 (BD  引擎)
对象: xhxzz.exe
路径: S:\可疑
Status: 已发现病毒
病毒: Constructor.Win32.WormGen.d (KAV 引擎), Trojan.Dropper.Delf.BDE (BD  引擎)
分析完毕: 2008-10-6 20:58
已检查 9 个文件
已发现 6 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2008-10-6 21:00:54

终于成功的在AVK08实现了普通双重检测

使用 G DATA AntiVirus 进行病毒病毒
版本 18.9.1.9
病毒特征库日期 10/6/2008
开始时间: 10/6/2008 20:59
引擎: KAV 引擎 (AVK 19.897), AVAST 引擎 (AVB 19.50)
启发式：开启
文件: 开启
系统区域: 关闭

检测选中目录和文件...
S:\可疑\

项目: Net.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Win32:Nethief-H [Trj] (AVAST 引擎)
项目: Loader.exe
路径: S:\可疑\Data
状态: 检测到病毒
病毒: Backdoor.Win32.Poison.dwo (KAV 引擎), Win32:Poison-HL [Trj] (AVAST 引擎)
项目: Builder.exe
路径: S:\可疑\Data
状态: 检测到病毒
病毒: Constructor.Win32.Morjinz.b (KAV 引擎), Win32:VB-HOG [Trj] (AVAST 引擎)
项目: hx.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Constructor.Win32.WormGen.d (KAV 引擎), Win32:Agent-SIM [Trj] (AVAST 引擎)
项目: dlts.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Constructor.Win32.Downldr.dh (KAV 引擎)
项目: ewqs.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Win32:Trojan-gen {Other} (AVAST 引擎)
项目: DGRAT.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Win32:Poison-HL [Trj] (AVAST 引擎)
项目: xhxzz.exe
路径: S:\可疑
状态: 检测到病毒
病毒: Constructor.Win32.WormGen.d (KAV 引擎), Win32:Agent-SIM [Trj] (AVAST 引擎)

检测执行时间： 10/6/2008 20:59
9 个文件被检查
8 个感染文件被发现
0 个可疑文件被发现

显示全部楼层 · 发表于 2008-10-6 21:02:09

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\Net.exe - 已感染 BackDoor.Nethief.origin
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\Data\Builder.exe - 已感染 Trojan.DownLoader.24308
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\hx.exe\data001 - 已感染 Win32.HLLW.Autoruner.2542
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\hx.exe\data002 - 已感染 Win32.HLLW.Autoruner.2542
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\hx.exe\data003 - 已感染 Win32.HLLW.Autoruner.2542
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\DGRAT.exe - 已感染 Trojan.DownLoad.4854
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\xhxzz.exe\data001 - 已感染 Win32.HLLW.Autoruner.origin
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\xhxzz.exe\data002 - 已感染 Win32.HLLW.Autoruner.origin
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1V8AEHCO\可疑[1].rar\可疑\xhxzz.exe\data003 - 已感染 Win32.HLLW.Autoruner.origin

压缩包含 9 个被感染的对象

显示全部楼层 · 发表于 2008-10-6 23:21:59

2008-10-6 23:20:52 检测到威胁: Backdoor.Win32.Poison.dwo D:\My Documents\桌面\可疑.rar/可疑\Data\Loader.exe
2008-10-6 23:20:52 未处理: Backdoor.Win32.Poison.dwo D:\My Documents\桌面\可疑.rar/可疑\Data\Loader.exe 延期
2008-10-6 23:20:55 检测到威胁: Backdoor.Win32.Poison.dwo D:\My Documents\桌面\可疑.rar/可疑\Data\Loader.exe

[可疑文件] 可疑x9

本帖子中包含更多资源

本帖子中包含更多资源

kis2009