[病毒样本] 28x

显示全部楼层 · 发表于 2008-12-4 19:12:46

驱逐艦漏10个

显示全部楼层 · 发表于 2008-12-4 19:19:22

伞20

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\桌面'
C:\Documents and Settings\Administrator\桌面\桌面\123.EXE
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\4.EXE
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\4090140_EX.TMP
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\56BC86C7.DLL
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\7B6795.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\950D1600.DLL
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\CML2A.TMP
[DETECTION] Contains recognition pattern of the ADSPY/BDSearch.CVA adware or spyware
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\D9C002DD.DLL
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\HLXGDKLQRRPGMN.DLL
[DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\IASMIC.DLL
[0] Archive type: RSRC
--> Object
   [DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\IE[1].EXE
C:\Documents and Settings\Administrator\桌面\桌面\IE[1].EXE
   --> grwye.exe
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\J04.EXE
[0] Archive type: OVL
--> Object
   [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\LAVBORM.EXE
C:\Documents and Settings\Administrator\桌面\桌面\LAVBORM.EXE
   --> grwye.exe
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\MHUNIC.DLL
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\MSVSC.EXE
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The detection was classified as suspicious.
[NOTE]    The file was moved to '498dbef8.qua'!
C:\Documents and Settings\Administrator\桌面\桌面\QWE.EXE
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\SETUP701.EXE
   [DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\SHELL.FNE
[DETECTION] Is the TR/Peed.A.807 Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\SYSDOWN.VXD
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\VMDETDHC.EXE
   [DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\桌面\输入法设置工具6C1B.EXE
[DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-12-4 19:23:33

卡巴19个

2008-12-4 19:30:41       Untreated: Trojan-PSW.Win32.QQGame.j       C:\Documents and Settings\Administrator\桌面\k\123.EXE/NSPack       Postponed
2008-12-4 19:30:41       Untreated: Trojan-GameThief.Win32.Magania.abou       C:\Documents and Settings\Administrator\桌面\k\4.EXE       Postponed
2008-12-4 19:30:42       Untreated: Trojan.Win32.Dialer.bib       C:\Documents and Settings\Administrator\桌面\k\4090140_EX.TMP       Postponed
2008-12-4 19:30:43       Untreated: Trojan-GameThief.Win32.Magania.amfb       C:\Documents and Settings\Administrator\桌面\k\950D1600.DLL/UPack       Postponed
2008-12-4 19:30:43       Untreated: Trojan-GameThief.Win32.Magania.amgc       C:\Documents and Settings\Administrator\桌面\k\56BC86C7.DLL/UPack       Postponed
2008-12-4 19:30:44       Untreated: Trojan.Win32.Agent.aomy       C:\Documents and Settings\Administrator\桌面\k\COM.RUN       Postponed
2008-12-4 19:30:44       Untreated: HEUR:Trojan.Win32.Generic       C:\Documents and Settings\Administrator\桌面\k\D9C002DD.DLL/UPack       Postponed
2008-12-4 19:30:45       Untreated: Trojan-Downloader.Win32.VB.hpi       C:\Documents and Settings\Administrator\桌面\k\7B6795.EXE       Postponed
2008-12-4 19:30:46       Untreated: Trojan.Win32.Dialer.bib       C:\Documents and Settings\Administrator\桌面\k\IASMIC.DLL       Postponed
2008-12-4 19:30:49       Untreated: Trojan-PSW.Win32.QQGame.j       C:\Documents and Settings\Administrator\桌面\k\IE[1].EXE/PE_Patch.UPX/123.exe/NSPack       Postponed
2008-12-4 19:30:50       Untreated: Trojan-PSW.Win32.QQGame.j       C:\Documents and Settings\Administrator\桌面\k\LAVBORM.EXE/PE_Patch.UPX/123.exe/NSPack       Postponed
2008-12-4 19:30:50       Untreated: Rootkit.Win32.Small.du       C:\Documents and Settings\Administrator\桌面\k\J04.EXE/NSPack/#       Postponed
2008-12-4 19:30:50       Untreated: Trojan.Win32.VB.gsa       C:\Documents and Settings\Administrator\桌面\k\MSVSC.EXE       Postponed
2008-12-4 19:30:50       Untreated: HEUR:Backdoor.Win32.Generic       C:\Documents and Settings\Administrator\桌面\k\MHUNIC.DLL       Postponed
2008-12-4 19:30:50       Untreated: Trojan-PSW.Win32.QQGame.j       C:\Documents and Settings\Administrator\桌面\k\QWE.EXE/NSPack       Postponed
2008-12-4 19:30:50       Untreated: Trojan.Win32.Delf.glv       C:\Documents and Settings\Administrator\桌面\k\SETUP701.EXE/ASPack       Postponed
2008-12-4 19:30:51       Untreated: Trojan-PSW.Win32.QQGame.ac       C:\Documents and Settings\Administrator\桌面\k\SYSDOWN.VXD       Postponed
2008-12-4 19:30:51       Untreated: Virus.Win32.Parite.b       C:\Documents and Settings\Administrator\桌面\k\输入法设置工具6C1B.EXE       Postponed
2008-12-4 19:30:51       Untreated: Trojan.Win32.Delf.glx       C:\Documents and Settings\Administrator\桌面\k\VMDETDHC.EXE/PE_Patch.UPX/UPX       Postponed

[ 本帖最后由 change_018 于 2008-12-4 19:26 编辑 ]

显示全部楼层 · 发表于 2008-12-4 19:26:01

8.0.0.506 高启发 19个

2008-12-04 19:23:07 已被隔离: HEUR:Backdoor.Win32.Generic 文件 F:\病毒样本\桌面[1]\ MHUNIC.DLL
2008-12-04 19:23:06 已被隔离: HEUR:Trojan.Win32.Generic 文件 F:\病毒样本\桌面[1]\ D9C002DD.DLL
2008-12-04 19:23:08 已被删除: Worm.Win32.Antinny.ae 文件 F:\病毒样本\桌面[1]\ 输入法设置工具6C1B.EXE
2008-12-04 19:23:08 已被删除: Trojan.Win32.Delf.glx 文件 F:\病毒样本\桌面[1]\ VMDETDHC.EXE
2008-12-04 19:23:08 已被删除: Trojan-PSW.Win32.QQGame.ac 文件 F:\病毒样本\桌面[1]\ SYSDOWN.VXD
2008-12-04 19:23:08 已被删除: Trojan.Win32.Delf.glv 文件 F:\病毒样本\桌面[1]\ SETUP701.EXE
2008-12-04 19:23:07 已被删除: Trojan-Dropper.Win32.Agent.aagh 文件 F:\病毒样本\桌面[1]\ LAVBORM.EXE
2008-12-04 19:23:07 已被删除: Trojan.Win32.VB.gsa 文件 F:\病毒样本\桌面[1]\ MSVSC.EXE
2008-12-04 19:23:07 已被删除: Trojan-PSW.Win32.QQGame.j 文件 F:\病毒样本\桌面[1]\ QWE.EXE
2008-12-04 19:23:07 已被删除: Rootkit.Win32.Small.du 文件 F:\病毒样本\桌面[1]\ J04.EXE
2008-12-04 19:23:07 已被删除: Trojan-Dropper.Win32.Agent.aagh 文件 F:\病毒样本\桌面[1]\ IE[1].EXE
2008-12-04 19:23:07 已被删除: Trojan.Win32.Dialer.bib 文件 F:\病毒样本\桌面[1]\ IASMIC.DLL
2008-12-04 19:23:06 已被删除: Trojan-Downloader.Win32.VB.hpi 文件 F:\病毒样本\桌面[1]\ 7B6795.EXE
2008-12-04 19:23:06 已被删除: Trojan.Win32.Agent.aomy 文件 F:\病毒样本\桌面[1]\ COM.RUN
2008-12-04 19:23:06 已被删除: Trojan-GameThief.Win32.Magania.amfb 文件 F:\病毒样本\桌面[1]\ 950D1600.DLL
2008-12-04 19:23:06 已被删除: Trojan-GameThief.Win32.Magania.amgc 文件 F:\病毒样本\桌面[1]\ 56BC86C7.DLL
2008-12-04 19:23:05 已被删除: Trojan-PSW.Win32.QQGame.j 文件 F:\病毒样本\桌面[1]\ 123.EXE
2008-12-04 19:23:05 已被删除: Trojan-GameThief.Win32.Magania.abou 文件 F:\病毒样本\桌面[1]\ 4.EXE
2008-12-04 19:23:05 已被删除: Trojan.Win32.Dialer.bib 文件 F:\病毒样本\桌面[1]\ 4090140_EX.TMP

显示全部楼层 · 发表于 2008-12-4 19:26:39

撞车。。。。

显示全部楼层 · 发表于 2008-12-4 19:27:39

NOD剩9个

显示全部楼层 · 发表于 2008-12-4 19:29:42

卡巴右键扫描报数不准确实这样
刚才扫两包都是右键数目多2个

显示全部楼层 · 发表于 2008-12-4 20:00:36

报告中的删除和隔离数是准确的，清除数不一定准确，有的单个样本中包含几个病毒，其中可能有可以被清除的病毒，会被计入清除的数字，但样本中包含的其余病毒可能无法清除，该样本就会被删除，会被再次计入删除数中。
检测到数不一致的问题，我曾修改过相关文件进行测试，可以做到一致，但扫描到的漏洞数不被计入在内，不修改是计入检测到数中的，没办法，呵呵。我挑选了10来个样本，怪异的是同样扫描不同次的检测到数还会出现不一样。等2010吧。

显示全部楼层 · 发表于 2008-12-4 20:03:47

[Scanning : C:\TMP]

C:\TMP\桌面.part1.rar<RAR>:输入法设置工具6C1B.EXE <- W95.Parite.B : No action
C:\TMP\桌面.part1.rar<RAR>:4.EXE<DLLRES>:res0.exe<DLLRES>:res0.exe <- Adware.Iehlpr.Rp : No action
C:\TMP\桌面.part1.rar<RAR>:7B6795.EXE <- Trojan.Downloader.Vb.Iue : No action
C:\TMP\桌面.part2.rar<RAR>:4090140_EX.TMP<DLLRES>:res0.exe <- Adware.Iehlpr.Rp : No action
C:\TMP\桌面.part2.rar<RAR>:IASMIC.DLL<DLLRES>:res0.exe <- Adware.Iehlpr.Rp : No action
C:\TMP\桌面.part2.rar<RAR>:IE[1].EXE<ZIP>:123.exe <- Trojan.Psw.Qqpass.Tt : No action
C:\TMP\桌面.part2.rar<RAR>:IE[1].EXE<UPX>:IE[1].EXE<ZIP>:123.exe <- Trojan.Psw.Qqpass.Tt : No action
C:\TMP\桌面.part2.rar<RAR>:LAVBORM.EXE<ZIP>:123.exe <- Trojan.Psw.Qqpass.Tt : No action
C:\TMP\桌面.part2.rar<RAR>:LAVBORM.EXE<UPX>:LAVBORM.EXE<ZIP>:123.exe <- Trojan.Psw.Qqpass.Tt : No action
C:\TMP\桌面.part2.rar<RAR>:QWE.EXE <- Trojan.Psw.Qqpass.Tt : No action
C:\TMP\桌面.part2.rar<RAR>:SYSDOWN.VXD <- Trojan.Psw.Qqpass.Tt : No action

[病毒样本] 28x

本帖子中包含更多资源

回复 6楼浪滔天的帖子

回复 8楼 change_018 的帖子

评分

ArcaVir2008

[病毒样本] 28x

本帖子中包含更多资源

回复 6楼 浪滔天 的帖子

回复 8楼 change_018 的帖子

评分

ArcaVir2008

回复 6楼浪滔天的帖子