几个AUTO病毒

chabosh

几个AUTO病毒

无尽藏海

Scan Stats:
  Scan Time: 110 seconds
  Scan Options:
  Scan Targets: D:\Virus\Dudu26
  Counts:
   Total items scanned: 8
   - Files & Directories: 8
   - Registry Entries: 0
   - Processes & Start-up Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 0
   - Skipped Files: 0

   Total security risks detected: 5
   Total items resolved: 5
   Total items that require attention: 0

Resolved Threats:
VBS.Runauto
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\dudu26\dudu\'.vbs - Deleted


VBS.Runauto.B
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
2 Files
d:\virus\dudu26\dudu\.vbs - Deleted
d:\virus\dudu26\dudu\2.vbs - Deleted


W32.SillyFDC
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Restart Required
-----------
54 Registry Entries
[Restricted item (permission required)] - N/A
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer->NoDriveTypeAutoRun:149 - Repaired
[Restricted item (permission required)] - N/A
[Restricted item (permission required)] - N/A
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce - Repaired
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->HideFileExt:0 - Repaired
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Repaired
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule->ImagePath:%SystemRoot%\System32\svchost.exe -k netsvcs - Repaired
HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command - Repaired
HKEY_CLASSES_ROOT\regfile\shell\open\command - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system->DisableStatusMessages:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL->CheckedValue:1 - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Control Panel\Desktop->AutoEndTasks:... - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Control Panel\Desktop->AutoEndTasks:... - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Control Panel\Desktop->ScreenSaveTimeOut:600 - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Control Panel\Desktop->ScreenSaveTimeOut:600 - Repaired
HKEY_CLASSES_ROOT\comfile\shell\open\command - Repaired
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ - Repaired
HKEY_CLASSES_ROOT\exefile - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt->UncheckedValue:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden->UncheckedValue:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideFileExt->CheckedValue:0 - Repaired
HKEY_CLASSES_ROOT\batfile\shell\edit\command\ - Repaired
HKEY_CLASSES_ROOT\comfile\ - Repaired
HKEY_CLASSES_ROOT\inifile\shell\open\command\ - Repaired
HKEY_CLASSES_ROOT\piffile\shell\open\command\ - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\->Shell:Explorer.exe - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\->Userinit:C:\Windows\system32\userinit.exe, - Repaired
[Restricted item (permission required)] - N/A
HKEY_USERS\S-1-5-21-1350214121-284562733-1199252589-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\->DisableRegistryTools:0 - Repaired
[Restricted item (permission required)] - N/A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\->AlternateShell:cmd.exe - Repaired
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\->DisableConfig:0 - Repaired
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\->DisableSR:0 - Repaired
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\->LimitSystemRestoreCheckpointing:0 - Repaired
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\->DisableMSI:0 - Repaired
HKEY_LOCAL_MACHINE\Software\Classes\exefile\ - Repaired
[Restricted item (permission required)] - N/A
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->HideFileExt:0 - Repaired
[Restricted item (permission required)] - N/A
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->Hidden:1 - Repaired
[Restricted item (permission required)] - N/A
[Restricted item (permission required)] - N/A
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->ShowSuperHidden:1 - Repaired
10 Files
d:\virus\dudu26\dudu\delautorun.bat - Deleted
c:\users\无尽藏海\appdata\local\temp\~df1921.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~df4e35.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~df5df2.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~df7dc8.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~df84ea.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~dfa4ad.tmp - Deleted
c:\users\无尽藏海\appdata\local\temp\~dfb71c.tmp - Restart Required
c:\windows\setup\state - Restart Required
C:\Windows\setup - Restart Required


W32.Rajump
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
1 Registry Entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL->CheckedValue:1 - Repaired
1 File
d:\virus\dudu26\dudu\ravmon.exe - Deleted


Trojan Horse
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\dudu26\dudu\recycled.exe - Deleted

Kitman

Begin scan in 'C:\Users\TOSHIBA\Downloads\Dudu'
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\'.vbs
    [DETECTION] Contains recognition pattern of the WORM/Autorun.E.1 worm
    [NOTE]      A backup was created as '497a161f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.VF VBS script virus
    [NOTE]      A backup was created as '4abbb5a8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\2.vbs
    [DETECTION] Contains recognition pattern of the VBS/Autorun.VF VBS script virus
    [NOTE]      A backup was created as '497a1621.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\delautorun.bat
    [DETECTION] Contains recognition pattern of the WORM/Autorun.ETF worm
    [NOTE]      A backup was created as '49701656.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\RavMon.exe
    [DETECTION] Is the TR/Agent.Abt.3 Trojan
    [NOTE]      A backup was created as '497a1652.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Users\TOSHIBA\Downloads\Dudu\Dudu\Recycled.exe
    [DETECTION] Is the TR/Dldr.VB.fxs Trojan
    [NOTE]      A backup was created as '49671656.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年10月26日  15:02
Used time: 00:05 Minute(s)

The scan has been done completely.

      2 Scanning directories
      6 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      6 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      6 Notes

syfwxmh

kaspersky miss 1 to kl

kingmuro

mcafee8。7

KOI9009

卡巴+红伞 全灭

lingbo110120

NOD 全灭
'.vbs - VBS/AutoRun.O 蠕虫 - 通过删除清除 - 已隔离
.vbs - VBS/AutoRun.G 蠕虫 - 通过删除清除 - 已隔离
2.vbs - VBS/AutoRun.G 蠕虫 - 通过删除清除 - 已隔离
delautorun.bat - Win32/AutoRun.MF 蠕虫 的变种 - 通过删除清除 - 已隔离
RavMon.exe - Win32/Agent.NAV 蠕虫 - 通过删除清除 - 已隔离
Recycled.exe - 可能是 Win32/TrojanDownloader.VB 特洛伊木马 的变种 - 通过删除清除 - 已隔离

syfwxmh

卡巴不报的回信
Hello.
No malicious software was found in the attached file.

Please quote all when answering.


-----------------
Regards, Kirill Erakhtin
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
http://www.kaspersky.com/trials - trial version


> Attachment: delautorun.rar

欠妳緈諨

david0921

还没有解压缩就被NIS2009干掉了