编号20090220网络流传地址抓取

molicn

红伞成绩：
Scan ended [The scan has been done completely.].
Number of files: 9
Number of folders: 0
Number of malware: 8
Number of errors: 1

nosferatu

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\jE.rar'
C:\Documents and Settings\Administrator\桌面\jE.rar
    [0] Archive type: RAR
    --> 1.exe
      [DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm
    --> 2.exe
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    --> 12.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
    --> flash.exe
      [DETECTION] Is the TR/Spy.ZBot.LN.3 Trojan
    --> or.exe
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> svchost.exe
      [DETECTION] Is the TR/FakeXPA.A.185 Trojan
    --> z.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
    --> bablo.exe
      [DETECTION] Is the TR/Spy.ZBot.nns Trojan
    [NOTE]      The file was deleted!

尤金卡巴斯基

2009/2/20 23:41:22        已清除        广告软件 not-a-virus:AdWare.Win32.BHO.ejm        G:\Temp\Virus\jE.rar/2.exe//PE_Patch.UPX//UPX               
2009/2/20 23:41:22        已清除        木马程序 Trojan.Win32.Agent2.dwt        G:\Temp\Virus\jE.rar/svchost.exe               
2009/2/20 23:41:22        已清除        木马程序 Trojan.Win32.Agent2.dvj        G:\Temp\Virus\jE.rar/z.exe               
2009/2/20 23:41:22        已清除        木马程序 Trojan-Spy.Win32.Zbot.nns        G:\Temp\Virus\jE.rar/bablo.exe               
2009/2/20 23:41:22        已清除        木马程序 Trojan-Spy.Win32.Zbot.nkb        G:\Temp\Virus\jE.rar/flash.exe               
2009/2/20 23:41:22        已清除        木马程序 Backdoor.Win32.UltimateDefender.xg        G:\Temp\Virus\jE.rar/1.exe               
2009/2/20 23:41:22        已清除        病毒 Rootkit.Win32.TDSS.plq        G:\Temp\Virus\jE.rar/or.exe               

Miss 1，To KL

ledled

MISS 3 to VB

左手

2009-02-21 03:58:58    创建文件      操作:阻止并结束进程
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\brastk.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

2009-02-21 03:59:01    修改注册表内容      操作:阻止
进程路径:E:\virus\flash.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:AppData
触发规则:所有程序规则->系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-02-21 03:59:01    修改文件      操作:阻止并结束进程
进程路径:E:\virus\flash.exe
文件路径:E:\virus\twext.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

2009-02-21 03:59:04    修改文件      操作:阻止并结束进程
进程路径:E:\virus\z.exe
文件路径:E:\virus\z.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

2009-02-21 03:59:04    修改文件      操作:阻止并结束进程
进程路径:E:\virus\z.exe
文件路径:E:\virus\z.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

2009-02-21 03:59:09    修改注册表内容      操作:阻止
进程路径:E:\virus\bablo.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:AppData
触发规则:所有程序规则->系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-02-21 03:59:09    修改文件      操作:阻止并结束进程
进程路径:E:\virus\bablo.exe
文件路径:E:\virus\twex.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

2009-02-21 03:59:09    创建文件      操作:阻止并结束进程
进程路径:E:\virus\12.exe
文件路径:C:\WINDOWS\System32\rs32net.exe
触发规则:应用程序规则->允许修改的程序->*.*->*\*.exe

Sebastian

TR/Spy.ZBot.LN.3

红心王子

2009-2-21        10:46:12        1235184372        Administrator        3208        Sign of "Win32:FakeAlert-AJ [Trj]" has been found in "d:\我的文档\桌面\jE.rar\1.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "d:\我的文档\桌面\jE.rar\2.exe\[Embedded_Ox#02c00]" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Adware-gen [Adw]" has been found in "d:\我的文档\桌面\jE.rar\2.exe\[Embedded_Ix#12404]" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "d:\我的文档\桌面\jE.rar\2.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\jE.rar\12.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Dropper-BEJ [Trj]" has been found in "d:\我的文档\桌面\jE.rar\flash.exe\[ASPack]" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Fasec [Trj]" has been found in "d:\我的文档\桌面\jE.rar\or.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Trojan-gen {Other}" has been found in "d:\我的文档\桌面\jE.rar\svchost.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:VB-LAF [Drp]" has been found in "d:\我的文档\桌面\jE.rar\z.exe" file.  
2009-2-21        10:46:16        1235184376        Administrator        3208        Sign of "Win32:Zbot-BAI [Trj]" has been found in "d:\我的文档\桌面\jE.rar\bablo.exe" file.

江湖的fans

TO  KV

黑衣~魂

DR.WEB 殺6
1.exe - infected with Trojan.Packed.1214
2.exe - is an adware program Adware.Bho.201
12.exe - infected with BackDoor.Bulknet.320
flash.exe - infected with Trojan.Packed.120
or.exe - infected with BackDoor.Tdss.81
bablo.exe - probably infected with Trojan.Packed.139

MISS-2
生成物殺
twext.exe - infected with Trojan.Packed.120

[ 本帖最后由 黑衣~魂 于 2009-2-21 12:28 编辑 ]

schumi小粉

avast 清空