可疑x8

显示全部楼层 · 发表于 2008-10-6 21:44:45

疑似盗Q类木马

显示全部楼层 · 发表于 2008-10-6 21:48:52

Begin scan in 'E:\Download\Virus\可疑x8\可疑x8'
E:\Download\Virus\可疑x8\可疑x8\DD QQ\qq.exe
   --> Object
      [1] Archive type: RSRC
      --> Object
      --> Object
         [3] Archive type: RSRC
         --> Object
            [DETECTION] Is the TR/PSW.QQpass.acv Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\LoveQQ\LoveQQ.exe
[0] Archive type: RSRC
   --> Object
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.QQpass.bav Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\MXZ QQ\QQ.exe
[0] Archive type: RSRC
   --> Object
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.QQpass.bav Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\nx1\NX.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\nx2\NX2.exe
[DETECTION] Is the TR/Drop.Delf.aid.3 Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\LM QQ\LM QQ.exe
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Spy.QQpass Trojan
      --> Object
      [DETECTION] Is the TR/Spy.QQpass Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\SPDL\DownLoad.exe
   --> Object
      [1] Archive type: RSRC
      --> Object
      --> Object
         [3] Archive type: RSRC
         --> Object
            [DETECTION] Is the TR/Dldr.Delf.cad Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\可疑x8\可疑x8\ZZM\ZZM.exe
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Dldr.Delf.bhe.8 Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-10-6 21:50:05

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5274DUR\可疑x8[1].part1.rar\可疑x8\DD QQ\qq.exe - 已感染 Trojan.MulDrop.14591
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5274DUR\可疑x8[1].part1.rar\可疑x8\LoveQQ\LoveQQ.exe - 已感染 Trojan.PWS.Qqpass.2126
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5274DUR\可疑x8[1].part1.rar\可疑x8\MXZ QQ\QQ.exe - 已感染 Trojan.PWS.Qqpass.2126
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5274DUR\可疑x8[1].part1.rar\可疑x8\nx1\NX.exe\data001 - 已感染 Win32.HLLW.Autoruner.681

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GHUFWLMB\可疑x8[1].part2.rar\可疑x8\SPDL\DownLoad.exe - 已感染 BackDoor.Pigeon.9991
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GHUFWLMB\可疑x8[1].part2.rar\可疑x8\ZZM\ZZM.exe - 已感染 Win32.HLLW.Autoruner.961

压缩包含 6 个被感染的对象

显示全部楼层 · 发表于 2008-10-6 21:50:33

使用 G DATA AntiVirus 进行病毒病毒
版本 18.9.1.9
病毒特征库日期 10/6/2008
开始时间: 10/6/2008 21:49
引擎: KAV 引擎 (AVK 19.897), AVAST 引擎 (AVB 19.50)
启发式：开启
文件: 开启
系统区域: 关闭

检测选中目录和文件...
S:\可疑x8\

项目: qq.exe
路径: S:\可疑x8\DD QQ
状态: 检测到病毒
病毒: Trojan-PSW.Win32.QQPass.ani (KAV 引擎), Win32:OnLineGames-BQP [Trj] (AVAST 引擎)
项目: LoveQQ.exe
路径: S:\可疑x8\LoveQQ
状态: 检测到病毒
病毒: Trojan-PSW.Win32.QQPass.anh (KAV 引擎)
项目: QQ.exe
路径: S:\可疑x8\MXZ QQ
状态: 检测到病毒
病毒: Trojan-PSW.Win32.QQPass.anh (KAV 引擎)
项目: NX.exe
路径: S:\可疑x8\nx1
状态: 检测到病毒
病毒: Trojan-Dropper.Win32.Delf.aid (KAV 引擎), Win32:AutoRun-DF (AVAST 引擎)
项目: NX2.exe
路径: S:\可疑x8\nx2
状态: 检测到病毒
病毒: Trojan-Dropper.Win32.Delf.aid (KAV 引擎), Win32:AutoRun-DF (AVAST 引擎)
项目: LM QQ.exe
路径: S:\可疑x8\LM QQ
状态: 检测到病毒
病毒: Constructor.Win32.QQPass.i (KAV 引擎), Win32:Agent-ABLA [Trj] (AVAST 引擎)
项目: DownLoad.exe
路径: S:\可疑x8\SPDL
状态: 检测到病毒
病毒: Trojan-Downloader.Win32.Delf.dex (KAV 引擎)
项目: ZZM.exe
路径: S:\可疑x8\ZZM
状态: 检测到病毒
病毒: Trojan-Downloader.Win32.Delf.dev (KAV 引擎), Win32:Delf-ERY [Trj] (AVAST 引擎)

检测执行时间： 10/6/2008 21:50
8 个文件被检查
8 个感染文件被发现
0 个可疑文件被发现

显示全部楼层 · 发表于 2008-10-6 21:52:51

Scan Stats:
  Scan Time: 4 seconds
  Scan Options:
  Scan Targets: D:\Virus\可疑x8\可疑x8.zip
  Counts:
Total items scanned: 9
- Files & Directories: 9
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 8
Total items resolved: 8
Total items that require attention: 0

Resolved Threats:
Trojan.PWS.QQPass
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[qq.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

W32.SillyDC
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[lm qq.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

Infostealer
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[loveqq.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

Trojan.PWS.QQPass
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[qq.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

Trojan Horse
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[nx.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

W32.SillyFDC
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[nx2.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

Trojan Horse
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[download.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

Downloader
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
[zzm.exe] inside of [d:\virus\可疑x8\可疑x8.zip] - Deleted

显示全部楼层 · 发表于 2008-10-6 21:59:36

紅傘棒

显示全部楼层 · 发表于 2008-10-6 23:18:23

2008-10-6 23:17:24       检测到威胁: Trojan-Downloader.Win32.Delf.dex       D:\My Documents\桌面\可疑x8\SPDL\DownLoad.exe/PE_Patch.PECompact/PecBundle/PECompact
2008-10-6 23:17:24       未处理: Trojan-Downloader.Win32.Delf.dex       D:\My Documents\桌面\可疑x8\SPDL\DownLoad.exe/PE_Patch.PECompact/PecBundle/PECompact       延期
2008-10-6 23:17:24       检测到威胁: Trojan-Downloader.Win32.Delf.dev       D:\My Documents\桌面\可疑x8\ZZM\ZZM.exe
2008-10-6 23:17:24       未处理: Trojan-Downloader.Win32.Delf.dev       D:\My Documents\桌面\可疑x8\ZZM\ZZM.exe       延期
2008-10-6 23:17:24       检测到威胁: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx1\NX.exe/NSPack
2008-10-6 23:17:24       检测到威胁: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx2\NX2.exe/NSPack/FSG
2008-10-6 23:17:24       未处理: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx1\NX.exe/NSPack       延期
2008-10-6 23:17:24       未处理: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx2\NX2.exe/NSPack/FSG       延期
2008-10-6 23:17:25       检测到威胁: Trojan-PSW.Win32.QQPass.ani       D:\My Documents\桌面\可疑x8\DD QQ\qq.exe/NSPack
2008-10-6 23:17:25       未处理: Trojan-PSW.Win32.QQPass.ani       D:\My Documents\桌面\可疑x8\DD QQ\qq.exe/NSPack       延期
2008-10-6 23:17:25       检测到威胁: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\MXZ QQ\QQ.exe
2008-10-6 23:17:25       未处理: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\MXZ QQ\QQ.exe       延期
2008-10-6 23:17:25       检测到威胁: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\LoveQQ\LoveQQ.exe
2008-10-6 23:17:25       未处理: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\LoveQQ\LoveQQ.exe       延期
2008-10-6 23:17:25       检测到威胁: Trojan-PSW.Win32.QQPass.ani       D:\My Documents\桌面\可疑x8\DD QQ\qq.exe/NSPack
2008-10-6 23:17:29       检测到威胁: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\LoveQQ\LoveQQ.exe
2008-10-6 23:17:29       检测到威胁: Trojan-PSW.Win32.QQPass.anh       D:\My Documents\桌面\可疑x8\MXZ QQ\QQ.exe
2008-10-6 23:17:29       检测到威胁: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx1\NX.exe/NSPack
2008-10-6 23:17:30       检测到威胁: Trojan-Dropper.Win32.Delf.aid       D:\My Documents\桌面\可疑x8\nx2\NX2.exe/NSPack/FSG
2008-10-6 23:17:30       检测到威胁: Trojan-Downloader.Win32.Delf.dex       D:\My Documents\桌面\可疑x8\SPDL\DownLoad.exe/PE_Patch.PECompact/PecBundle/PECompact
2008-10-6 23:17:30       检测到威胁: Trojan-Downloader.Win32.Delf.dev       D:\My Documents\桌面\可疑x8\ZZM\ZZM.exe

驱逐舰杀毒图

显示全部楼层 · 发表于 2008-10-7 12:31:17

小A全报

显示全部楼层 · 发表于 2008-10-7 19:44:21

Virus check with G DATA AntiVirus
Version 18.7.8155.555
Virus signature dated 10/7/2008
Start time: 10/7/2008 19:43
Engine(s): Engine A (AVK 19.909), Engine B (BD 19.688)
Heuristics: On
Archive: On
System areas: Off

Check the following directories and files:
S:\可疑x8\

Object: qq.exe
Path: S:\可疑x8\DD QQ
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.ani (Engine A), Trojan.Generic.663335 (Engine B)
Object: LoveQQ.exe
Path: S:\可疑x8\LoveQQ
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.anh (Engine A), Trojan.Generic.678273 (Engine B)
Object: QQ.exe
Path: S:\可疑x8\MXZ QQ
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.anh (Engine A), Trojan.Generic.678273 (Engine B)
Object: NX.exe
Path: S:\可疑x8\nx1
Status: Virus detected
Virus: Trojan-Dropper.Win32.Delf.aid (Engine A), Trojan.Generic.680008 (Engine B)
Object: NX2.exe
Path: S:\可疑x8\nx2
Status: Virus detected
Virus: Trojan-Dropper.Win32.Delf.aid (Engine A), Trojan.Generic.680008 (Engine B)
Object: LM QQ.exe
Path: S:\可疑x8\LM QQ
Status: Virus detected
Virus: Constructor.Win32.QQPass.i (Engine A), Backdoor.IRCBot.ABFT (Engine B)
Object: DownLoad.exe
Path: S:\可疑x8\SPDL
Status: Virus detected
Virus: Trojan-Downloader.Win32.Delf.dex (Engine A), Trojan.Generic.203725 (Engine B)
Object: ZZM.exe
Path: S:\可疑x8\ZZM
Status: Virus detected
Virus: Trojan-Downloader.Win32.Delf.dev (Engine A), Packer.PEArmor.A (Engine B)

Analysis performed in full: 10/7/2008 19:43
8 files checked
8 infected files detected
0 suspicious files found

显示全部楼层 · 发表于 2008-10-7 21:07:21

McAfee 报了7个。。

download.exe       pws-qqpass.dll
lm qq.exe             new malware.n
loveqq.exe          pws-qqgame
nx.exe                   generic dropper
nx2.exe                generic dropper
qq.exe                   no
qq2.exe                pws-qqgame
zzm.exe                downloader.gen.a

[可疑文件] 可疑x8

本帖子中包含更多资源

kis2009

本帖子中包含更多资源