军事文摘

显示全部楼层 · 发表于 2008-10-10 14:16:52

http://www.jswzmil.com

-->http://www.jjjgo.cn/win.exe

--->http://www.hiiiii.cn/list.txt

http://www.jjjgo.cn/108.exe
http://www.jjjgo.cn/look/go1.exe
http://www.jjjgo.cn/look/go2.exe
http://www.jjjgo.cn/look/go3.exe
http://www.jjjgo.cn/look/go15.exe
http://www.jjjgo.cn/look/go4.exe
http://www.jjjgo.cn/look/go5.exe
http://www.jjjgo.cn/look/go6.exe
http://www.jjjgo.cn/look/go7.exe
http://www.jjjgo.cn/look/go8.exe
http://www.jjjgo.cn/look/go9.exe
http://www.jjjgo.cn/look/go10.exe
http://www.jjjgo.cn/look/go18.exe
http://www.jjjgo.cn/look/go19.exe
http://www.jjjgo.cn/look/go14.exe
http://www.jjjgo.cn/look/go11.exe
http://www.jjjgo.cn/look/go12.exe
http://www.jjjgo.cn/look/go13.exe
http://www.jjjgo.cn/look/go16.exe
http://www.jjjgo.cn/look/go20.exe
http://www.jjjgo.cn/look/cj/QQ.exe
http://www.jjjgo.cn/look/cj/pp0074.exe
http://www.jjjgo.cn/look/cj/ie.exe
http://www.jjjgo.cn/look/cj/alxea.exe
http://www.jjjgo.cn/look/cj/yoyo.exe

显示全部楼层 · 发表于 2008-10-10 14:33:53

显示全部楼层 · 发表于 2008-10-10 14:46:56

2008-10-10 14:45:34 文件系统实时防护文件 D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PGPICP20\win[1].exe 未查明的 NewHeur_PE 病毒正在清除 (访问被拒绝) 时出错 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: D:\Program Files\Internet Explorer\iexplore.exe.

显示全部楼层 · 发表于 2008-10-10 14:49:10

卡巴报10

上报14

已刪除: 病毒 Virus.Win32.Parite.b 檔案: C:\Documents and Settings\kato9096\桌面\344876\108.exe$
已刪除: 病毒 Virus.Win32.Parite.b 檔案: C:\Documents and Settings\kato9096\桌面\344876\alxea.exe$
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tcqi 檔案: C:\Documents and Settings\kato9096\桌面\344876\go10.exe$//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.WOW.cdw 檔案: C:\Documents and Settings\kato9096\桌面\344876\go11.exe$//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tlyx 檔案: C:\Documents and Settings\kato9096\桌面\344876\go13.exe$//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tmrw 檔案: C:\Documents and Settings\kato9096\桌面\344876\go16.exe$
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tlyy 檔案: C:\Documents and Settings\kato9096\桌面\344876\go19.exe$//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.afri 檔案: C:\Documents and Settings\kato9096\桌面\344876\go8.exe$//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.tlyy 檔案: C:\Documents and Settings\kato9096\桌面\344876\go9.exe$//PE_Patch//UPack
已刪除: 病毒 Virus.Win32.Parite.b 檔案: C:\Documents and Settings\kato9096\桌面\344876\yoyo.exe$

显示全部楼层 · 发表于 2008-10-10 14:52:28

firefox早block了

显示全部楼层 · 发表于 2008-10-10 14:53:07

0 Scanning directories
   25 Files were scanned
   20 viruses and/or unwanted programs were found
   3 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-10-10 14:59:45

2008/10/10 14:58:19 1223621899 Silhouette 2696 Sign of "Win32:Downloader-AZY [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\108.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Parite" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\alxea.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go1.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-WVL [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go10.exe$\[Upack]\[Embedded#5060]\[Upack]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go12.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go14.exe$\[Upack]\[Embedded#5070]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go15.exe$\[UPX]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go16.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go18.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go19.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go2.exe$\[UPX]\[Embedded#5060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-ZRH [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go3.exe$\[UPX]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go4.exe$\[UPX]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go5.exe$\[UPX]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go6.exe$\[UPX]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go7.exe$\[Upack]\[Embedded#4060]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go7.exe$\[Embedded#2534]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\go9.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Agent-GRW [Trj]" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\pp0074.exe$\[Upack]" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\QQ.exe$" file.
2008/10/10 14:58:25 1223621905 Silhouette 2696 Sign of "Win32:Parite" has been found in "C:\Users\Silhouette\Desktop\344876.rar\344876\yoyo.exe$" file.

显示全部楼层 · 发表于 2008-10-10 15:00:25

Begin scan in 'C:\Users\Silhouette\Desktop\344876.rar'
C:\Users\Silhouette\Desktop\344876.rar
C:\Users\Silhouette\Desktop\344876.rar
[0] Archive type: RAR
--> 344876\go13.exe$
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 344876\go8.exe$
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 344876\ie.exe$
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-10-10 15:06:53

显示全部楼层 · 发表于 2008-10-10 15:41:29

扫描结果 :	29%的杀软(11/38)报告发现病毒
时间 :	2008/10/10 15:30:35

红伞查杀23个Pass 1个，上报提交分析。
--------------------------------------------------------------------
Start of the scan: 2008年10月10日  15:21
Starting the file scan:
Begin scan in 'C:\Documents and Settings\桌面\344876'
C:\Documents and Settings\桌面\344876\108.exe$
[DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    A backup was created as '492702b1.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\alxea.exe$
[DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    A backup was created as '496702ed.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go1.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '492002f1.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go10.exe$
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    A backup was created as '4848e722.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go11.exe$
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE]    A backup was created as '492002f2.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go12.exe$
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/PSW.Delf.cpj Trojan
[NOTE]    A backup was created as '4848e723.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go13.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492002f4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go14.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492002f3.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go15.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '4848e724.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go16.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '4848e725.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go18.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492002f6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go19.exe$
[DETECTION] Is the TR/PSW.Onlineg.tlxy Trojan
[NOTE]    A backup was created as '492002f5.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go2.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '492102f5.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go3.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '492202f5.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go4.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '492302f6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go5.exe$
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    A backup was created as '492402f6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go6.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492502f6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go7.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492602f6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go8.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492702f7.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\go9.exe$
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '492802f7.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\ie.exe$
[0] Archive type: RSRC
--> Object
   [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    A backup was created as '491d02ee.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\pp0074.exe$
   [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    A backup was created as '491f02f9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\桌面\344876\yoyo.exe$
[DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    A backup was created as '496802f9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2008年10月10日  15:21
Used time: 00:13 Minute(s)

[已鉴定] 军事文摘

评分

漏四个

avast!漏的