同学电脑上扫出来一碓病毒 飞塔回复最快

起点

下面这个有点意思，其他估计都是老病毒了，不过这个已经上报avira 为  faulse positive 了

1. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\
   
2. Content.IE5\WXYBGD6N\liveexup[1].cab
   
3.   [0] Archive type: CAB (Microsoft)
   
4.   --> alLiveEx.dll
   
5.       [DETECTION] Contains suspicious code HEUR/Malware
   
6.       [INFO]      The file was moved to '46333fc2.qua'!

复制代码

最近试着上报了一些杀软，回复速度 Fortinet  > Avira Antivir >= Kaspersky

1. 飞塔的回复Dear Navigateqd,
   
2. 
   
3. Our analysts have analyzed the samples you provided. We will add detection for them in the next update.
   
4. 
   
5. The sample you submitted will be detected as follows:
   
6. 
   
7. 0524-bt130[1].swf -- Adware/Small
   
8. helperup[1].cab          -- Spy/Agent
   
9. keepmainM[1].cab --  Misc/PUP
   
10. CnsMinExM[1].cab --  Adware/Cnsmin
    
11. 
    
12. Best Regards,
    
13. 
    
14. AV Lab - Lzxia
    
15. 
    
16. To submit a suspicious file to Fortinet:
    
17. http://www.fortinet.com/FortiGuardCenter/virus_scanner.html

复制代码

1. 
   
2. 
   
3. Antivir Scan Report
   
4. 
   
5. Starting the file scan:
   
6. Begin scan in 'C:\'
   
7. C:\WINDOWS\system32\cns.exe
   
8.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
   
9.       [INFO]      The file was deleted!
   
10. C:\WINDOWS\system32\cns.dll
    
11.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
12.       [INFO]      The file was moved to '46303f1a.qua'!
    
13. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9ENS12F\helperup[1].cab
    
14.   [0] Archive type: CAB (Microsoft)
    
15.   --> helper.dll
    
16.       [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
    
17.       [INFO]      The file was moved to '46293fa7.qua'!
    
18. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9ENS12F\keepmainM[1].cab
    
19.   [0] Archive type: CAB (Microsoft)
    
20.   --> cns1.dll
    
21.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
22.   --> cns1.exe
    
23.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
24.   --> cnsminkp.vxd
    
25.       [DETECTION] Contains signature of the application APPL/Inst.Yok.6
    
26.       [INFO]      The file was moved to '46223fa8.qua'!
    
27. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9ENS12F\patch21[1].cab
    
28.   [0] Archive type: CAB (Microsoft)
    
29.   --> patch21.dll
    
30.       [DETECTION] Is the Trojan horse TR/Agent.PS.1
    
31.       [INFO]      The file was moved to '46313fa6.qua'!
    
32. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9ENS12F\0524-bt130[1].swf
    
33.       [DETECTION] Contains the SWF virus SWF/Small.B
    
34.       [INFO]      The file was moved to '45ef3f7c.qua'!
    
35. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTYNOH6Z\askeepmain[1].cab
    
36.   [0] Archive type: CAB (Microsoft)
    
37.   --> cns1.dat
    
38.       [DETECTION] Contains signature of the application APPL/Inst.Yok.3
    
39.   --> CNS1.dll
    
40.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
41.   --> CNS1.exe
    
42.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
43.   --> CnsMinKP2K.sys
    
44.       [DETECTION] Is the Trojan horse TR/Agent.BJJ
    
45.   --> CnsminKP.vxd
    
46.       [DETECTION] Contains signature of the application APPL/Inst.Yok.6
    
47.       [INFO]      The file was moved to '46283fc1.qua'!
    
48. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTYNOH6Z\CnsMinUpM[1].cab
    
49.   [0] Archive type: CAB (Microsoft)
    
50.   --> CnsMin.dll
    
51.       [DETECTION] Is the Trojan horse TR/Drop.ZSKiller.1
    
52.       [INFO]      The file was moved to '46303fbd.qua'!
    
53. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTYNOH6Z\CnsMinExM[1].cab
    
54.   [0] Archive type: CAB (Microsoft)
    
55.   --> CnsMinEx.dll
    
56.       [DETECTION] Is the Trojan horse TR/Dloader.Q
    
57.       [INFO]      The file was moved to '47a3f0aa.qua'!
    
58. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTYNOH6Z\keepmainM[1].cab
    
59.   [0] Archive type: CAB (Microsoft)
    
60.   --> cns1.dll
    
61.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
62.   --> cns1.exe
    
63.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
64.   --> cnsminkp.vxd
    
65.       [DETECTION] Contains signature of the application APPL/Inst.Yok.6
    
66.       [INFO]      The file was moved to '46223fb5.qua'!
    
67. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WXYBGD6N\liveexup[1].cab
    
68.   [0] Archive type: CAB (Microsoft)
    
69.   --> alLiveEx.dll
    
70.       [DETECTION] Contains suspicious code HEUR/Malware
    
71.       [INFO]      The file was moved to '46333fc2.qua'!
    
72. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9ANSPYR\helperup[1].cab
    
73.   [0] Archive type: CAB (Microsoft)
    
74.   --> helper.dll
    
75.       [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
    
76.       [INFO]      The file was moved to '46293fc8.qua'!
    
77. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP4\A0000484.dll
    
78.       [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
    
79.       [INFO]      The file was moved to '45ed4064.qua'!
    
80. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP4\A0000490.exe
    
81.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
82.       [INFO]      The file was moved to '447dfea1.qua'!
    
83. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP4\A0000491.dll
    
84.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
85.       [INFO]      The file was moved to '45ed4066.qua'!
    
86. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP5\A0000649.DLL
    
87.       [DETECTION] Contains suspicious code HEUR/Malware
    
88.       [INFO]      The file was moved to '45ed4067.qua'!
    
89. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP5\A0000796.dll
    
90.       [DETECTION] Is the Trojan horse TR/Dldr.Agen.rs.2.A
    
91.       [INFO]      The file was moved to '45ed406a.qua'!
    
92. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP6\A0001011.exe
    
93.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
94.       [INFO]      The file was moved to '45ed406e.qua'!
    
95. C:\System Volume Information\_restore{36F871F3-CC96-46CA-9A5F-49F788BA0279}\RP6\A0001012.dll
    
96.       [DETECTION] Is the Trojan horse TR/Dldr.Baido
    
97.       [INFO]      The file was moved to '45ed406f.qua'!
    
98. Begin scan in 'D:\'
    
99. D:\pagefile.sys
    
100.       [WARNING]   The file could not be opened!
     
101. Begin scan in 'E:\'
     
102. Begin scan in 'A:\'
     
103. The path A:\ could not be found!
     
104. 设备未就绪。
     
105. Begin scan in 'F:\'
     
106. The path F:\ could not be found!
     
107. 设备未就绪。

复制代码

[ 本帖最后由 navigateqd 于 2007-1-29 10:35 编辑 ]

asdasd

LZ能发几个厉害的病毒吗?


我想试试.


现在的病毒都类似阳痿... 没有一点刺激性啊.


LZ发点厉害的.

丫头

拿去玩玩~~~~

起点

原帖由 asdasd 于 2007-1-29 09:11 发表
LZ能发几个厉害的病毒吗?


我想试试.


现在的病毒都类似阳痿... 没有一点刺激性啊.


LZ发点厉害的.

这个需要找自己电脑上有“病毒库”的，不过传播病毒是违法的
希望大家发扬本仅仅用于上报

shx19821006

偶的红伞干掉了

hsjj2005

费尔如图。

waterou

阳痿。。。某楼的兄弟真牛啊~

景圣临

3721?

泊远

一点飞塔就拦截了

ALEXBLAIR

卡巴对3721 cns这些东西不感兴趣
那个flash被检测为Trojan program Trojan-Clicker.SWF.Small.a