2008年11月6日晚上收集的可疑样本21个

显示全部楼层 · 发表于 2008-11-6 21:36:59

2008年11月6日晚上收集的可疑样本21个
如果您的安全软件无法查杀,
请及时上报. 谢谢
其中驱逐舰发现7个.....其余已上报
点击下载2008年11月6日中午21个样本

显示全部楼层 · 发表于 2008-11-6 21:45:44

金山毒霸可信认证技术查询结果如下

0.exe    -----------    分析中
11.exe    -----------    病毒
13.exe    -----------    病毒
3.exe    -----------    可疑的
4.exe    -----------    病毒
5.exe    -----------    病毒
6.exe    -----------    分析中
7.exe    -----------    病毒
8.exe    -----------    分析中
b19.css    -----------    病毒
bf.css    -----------    病毒
Boot.bat    -----------    未知
ce.css    -----------    病毒
d1.exe    -----------    分析中
d3.exe    -----------    可疑的
ff[1].js    -----------    安全(*)
IE.exe    -----------    分析中
ms.css    -----------    病毒
re.css    -----------    病毒
spolsv.exe    -----------    分析中
svhcots.exe    -----------    分析中

信息 2008-11-06  21:44:53 您此次查毒隔离了12个文件
信息 2008-11-06  21:44:53 您此次查毒清除了1个病毒
信息 2008-11-06  21:44:53 您此次查毒共查出13个病毒以及危险代码
信息 2008-11-06  21:44:53 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件55个
信息 2008-11-06  21:44:53 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
风险程序 2008-11-06  21:44:53 D:\Desktop\21ge_virus\8.exe Win32.Adware.Cinmus.a.363520 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\re.css Win32.Troj.DropRootKitT.rt.131072 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\ms.css Win32.Troj.DropRootKitT.rt.131072 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\IE.exe Win32.Troj.PswQQ.cc.503808 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\ce.css Win32.Troj.DropRootKitT.rt.131072 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\bf.css Win32.Troj.DropRootKitT.rt.131072 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\b19.css Win32.Troj.DropRootKitT.rt.131072 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\7.exe Win32.Troj.Agent.lu.106270 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\5.exe Win32.TrojDownloader.Unknown.196608 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\4.exe Win32.Troj.BhoT.cz.172032 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\13.exe Win32.Troj.StringT.zo.978944 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\11.exe Win32.Troj.PopHotT.lm.294912 隔离成功
病毒 2008-11-06  21:44:52 D:\Desktop\21ge_virus\0.exe Win32.Troj.IAgent.mv.701440 隔离成功

显示全部楼层 · 发表于 2008-11-6 21:49:21

2008/11/6 21:48:15 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\ms.css probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:14 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\IE.exe a variant of Win32/PSW.Delf.NMX trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:11 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\ce.css probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:11 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\bf.css probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:10 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\b19.css probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:09 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\13.exe a variant of Win32/Spy.Pophot trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:06 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\11.exe Win32/AutoRun.YE worm cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:06 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\8.exe Win32/Agent.OFU trojan deleted - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:05 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\7.exe Win32/Adware.Cinmus application deleted - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:04 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\6.exe a variant of Win32/TrojanClicker.Agent.NDJ trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:03 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\5.exe a variant of Win32/Adware.Cinmus application deleted - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:48:00 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\4.exe probably a variant of Win32/Adware.Cinmus application deleted - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:47:59 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\3.exe a variant of Win32/TrojanDownloader.QQHelper.NEZ trojan deleted - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:47:56 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\svhcots.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:47:56 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\spolsv.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.
2008/11/6 21:47:56 Real-time file system protection file D:\Users\ekincheng\Desktop\New Folder\0.exe Win32/Hupigon trojan cleaned by deleting - quarantined Event occurred on a new file created by the application: D:\Program Files\7-Zip\7zFM.exe.

显示全部楼层 · 发表于 2008-11-6 21:59:49

2008-11-6 JAY21:58:11 Untreated Trojan program Heur.Trojan.Generic High Partial C:\Documents and Settings\Owner\桌面\21ge_virus\IE.exe/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:11 Untreated Trojan program Trojan-Dropper.Win32.Agent.yjl High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\ms.css/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:08 Untreated Trojan program Backdoor.Win32.PcClient.rfy High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\d3.exe/data0003 Postponed
2008-11-6 JAY21:58:08 Untreated Trojan program Trojan-Dropper.Win32.Agent.yjl High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\ce.css/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:08 Untreated Trojan program Trojan-Dropper.Win32.Agent.yjl High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\bf.css/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:07 Untreated Trojan program Trojan-Spy.Win32.Pophot.csw High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\13.exe/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:07 Untreated Trojan program Trojan-Dropper.Win32.Agent.yjl High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\b19.css/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:07 Untreated Virus Worm.Win32.AutoRun.pqa High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\11.exe/PE_Patch/UPack Postponed
2008-11-6 JAY21:58:07 Untreated Adware not-a-virus:AdWare.Win32.BHO.dte Medium Exact C:\Documents and Settings\Owner\桌面\21ge_virus\8.exe/data0002 Postponed
2008-11-6 JAY21:58:07 Untreated Trojan program Trojan-Downloader.Win32.Agent.zdo High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\7.exe Postponed
2008-11-6 JAY21:58:07 Untreated Trojan program Trojan.Win32.Agent.alpi High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\6.exe/PE_Patch.UPX/UPX Postponed
2008-11-6 JAY21:58:06 Untreated Trojan program Trojan-Downloader.Win32.Agent.antu High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\5.exe/data0003 Postponed
2008-11-6 JAY21:58:06 Untreated Adware not-a-virus:AdWare.Win32.AdMedia.ed Medium Exact C:\Documents and Settings\Owner\桌面\21ge_virus\4.exe Postponed
2008-11-6 JAY21:58:06 Untreated Adware not-a-virus:AdWare.Win32.BHO.dnx Medium Exact C:\Documents and Settings\Owner\桌面\21ge_virus\3.exe/data0002 Postponed
2008-11-6 JAY21:58:06 Untreated Trojan program Trojan-Dropper.Win32.Agent.yjl High Exact C:\Documents and Settings\Owner\桌面\21ge_virus\re.css/PE_Patch/UPack Postponed

显示全部楼层 · 发表于 2008-11-6 22:01:01

卡巴 8.0.0.505 14个

2008-11-06 21:56:16 已被删除: Trojan-Dropper.Win32.Agent.yjl F:\病毒样本\21ge_virus\re.css
2008-11-06 21:56:15 已被删除: Trojan-Dropper.Win32.Agent.yjl F:\病毒样本\21ge_virus\ms.css
2008-11-06 21:56:15 已被删除: Backdoor.Win32.PcClient.rfy F:\病毒样本\21ge_virus\d3.exe
2008-11-06 21:56:13 已被删除: not-a-virus:AdWare.Win32.Agent.gfn F:\病毒样本\21ge_virus\8.exe
2008-11-06 21:56:13 已被删除: Trojan-Dropper.Win32.Agent.yjl F:\病毒样本\21ge_virus\ce.css
2008-11-06 21:56:13 已被删除: Trojan-Dropper.Win32.Agent.yjl F:\病毒样本\21ge_virus\b19.css
2008-11-06 21:56:13 已被删除: Trojan-Dropper.Win32.Agent.yjl F:\病毒样本\21ge_virus\bf.css
2008-11-06 21:56:13 已被删除: Trojan-Downloader.Win32.Agent.zdo F:\病毒样本\21ge_virus\7.exe
2008-11-06 21:56:13 已被删除: Trojan.Win32.Agent.alpi F:\病毒样本\21ge_virus\6.exe
2008-11-06 21:56:13 已被删除: Trojan-Downloader.Win32.Agent.antu F:\病毒样本\21ge_virus\5.exe
2008-11-06 21:56:12 已被删除: not-a-virus:AdWare.Win32.AdMedia.ed F:\病毒样本\21ge_virus\4.exe
2008-11-06 21:56:12 已被删除: Trojan-Spy.Win32.Pophot.csw F:\病毒样本\21ge_virus\13.exe
2008-11-06 21:56:12 已被删除: not-a-virus:AdWare.Win32.BHO.dnx F:\病毒样本\21ge_virus\3.exe
2008-11-06 21:56:12 已被删除: Worm.Win32.AutoRun.pqa F:\病毒样本\21ge_virus\11.exe

显示全部楼层 · 发表于 2008-11-6 22:03:37

上报没？

显示全部楼层 · 发表于 2008-11-6 22:16:12

显示全部楼层 · 发表于 2008-11-6 22:18:49

那我TO KL

显示全部楼层 · 发表于 2008-11-6 22:21:00

Miss  2
Begin scan in 'E:\Download\Virus\virus'
E:\Download\Virus\virus\re.css
   [DETECTION] Is the TR/Dldr.Agent.albp Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\0.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE]    The file was deleted!
E:\Download\Virus\virus\spolsv.exe
[0] Archive type: RSRC
--> Object
   [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The file was deleted!
E:\Download\Virus\virus\svhcots.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The detection was classified as suspicious.
[NOTE]    The file was moved to '497afd97.qua'!
E:\Download\Virus\virus\3.exe
[0] Archive type: NSIS
   --> main/msce24.exe
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Spy.Gen Trojan
[DETECTION] Contains recognition pattern of the DR/BHO.dnx.5 dropper
[NOTE]    The file was deleted!
E:\Download\Virus\virus\4.exe
[DETECTION] Contains recognition pattern of the DR/Cinmus.vye dropper
[NOTE]    The file was deleted!
E:\Download\Virus\virus\5.exe
[0] Archive type: NSIS
--> ProgramFilesDir/10.exe
   [DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Contains recognition pattern of the ADSPY/Cinmus.188 adware or spyware
[NOTE]    The file was deleted!
E:\Download\Virus\virus\6.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\7.exe
[0] Archive type: NSIS
--> SOFTWARE/MicroPlugins/Common/cpush.dll
   [DETECTION] Contains recognition pattern of the ADSPY/Bho.AAC adware or spyware
--> SOFTWARE/MicroPlugins/Common/cpush.tmp
   [DETECTION] Contains recognition pattern of the ADSPY/Bho.AAC adware or spyware
[DETECTION] Contains recognition pattern of the DR/Boran.AD dropper
[NOTE]    The file was deleted!
E:\Download\Virus\virus\8.exe
[0] Archive type: NSIS
--> ProgramFilesDir/cmmon32.exe
   [DETECTION] Is the TR/Agent.28672.139 Trojan
--> ProgramFilesDir/HtmlPeek.dll
   [DETECTION] Contains recognition pattern of the ADSPY/Agent.gfn adware or spyware
[DETECTION] Is the TR/Generic.812538 Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\11.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\13.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE]    The file was deleted!
E:\Download\Virus\virus\b19.css
   [DETECTION] Is the TR/Dldr.Agent.albp Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\bf.css
   [DETECTION] Is the TR/Dldr.Agent.albp Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\ce.css
   [DETECTION] Is the TR/Dldr.Agent.albp Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\d1.exe
[0] Archive type: NSIS
--> [UnknownDir]/sysvc.dat
   [DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\d3.exe
[0] Archive type: NSIS
--> [UnknownDir]/sysvc.dat
   [DETECTION] Is the TR/Downloader.Gen Trojan
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.rfy back-door program
[NOTE]    The file was deleted!
E:\Download\Virus\virus\IE.exe
   [DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
E:\Download\Virus\virus\ms.css
   [DETECTION] Is the TR/Dldr.Agent.albp Trojan
[NOTE]    The file was deleted!

End of the scan: 2008年11月6日星期四  22:20
Used time: 00:07 Minute(s)

The scan has been done completely.

   1 Scanning directories
   36 Files were scanned
   24 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   18 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   6 Archives were scanned
   0 Warnings
   19 Notes

显示全部楼层 · 发表于 2008-11-6 22:28:19

[病毒样本] 2008年11月6日晚上收集的可疑样本21个

本帖子中包含更多资源

回复 4楼 wangjay1980 的帖子

回复 6楼 syfwxmh 的帖子

回复 7楼 wangjay1980 的帖子

本帖子中包含更多资源