nod32 4.0.417b被木马穿透干掉了

sjsj861023

那么强大的毒...关注下.....

白羊座

楼主速发样本，正好试试我的规则

dx555

谢谢饭友们的关心和关注。没办法，只有重装系统后，用小红伞p8扫描才杀掉了病毒，nod32.4.0.417扫描不出来。由于拖了两天，所以，我全部硬盘上的几千个exe 、部分rar、com文件都被感染了。由于字数限制，下面是小红伞扫描的部分结果。
Avira AntiVir Premium
Report file date: 2009年4月19日 星期日  15:12
Start of the scan: 2009年4月19日 星期日  15:12
Starting the file scan:
Begin scan in 'D:\' <D>
D:\Passbay自由行移动应用平台 V3.75┊将软件内置于USB设备.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5dcf22.qua'!
D:\TTPlayer\TTPlayer.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3acf19.qua'!
D:\OllyDbg知识专题1\OllyDBG 2.0汉化版.EXE
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a56cf36.qua'!
D:\OllyDbg知识专题1\破解软件安装版\MoleBoxProSetup.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a56cf3b.qua'!
D:\OllyDbg知识专题1\破解软件安装版\TRW2000v122setup.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a41cf1e.qua'!
D:\OllyDbg知识专题1\RL!dePacker_1.41\RL!dePacker.exe
    [DETECTION] Contains code of the W32/Almanahe.B Windows virus
    [NOTE]      The file was moved to '4a0bcf19.qua'!
D:\OllyDbg知识专题1\7-类MoleBox打包程序的脱壳\DiE.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a2fcf36.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\UniExtract.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf3c.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\AspackDie.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5acf42.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\extractMHT.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5ecf47.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\IsXunpack.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a42cf42.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\arc.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4dcf42.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\Expander.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5acf49.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\kgb_arch_decompress.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4ccf38.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\PEiD.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf16.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\pea.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4bcf37.qua'!
D:\OllyDbg知识专题1\新建文件夹 (3)\万能解包工具UniExtract1.5绿色版\bin\xace.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4dcf33.qua'!
D:\OllyDbg知识专题1\6-轻松解被MoleBox打包了的程序\flashfxp.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4bcf3f.qua'!
D:\OllyDbg知识专题1\CodeView\CodeView v2.22[乱码查看器].exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4ecf43.qua'!
D:\cctvbox\CCTVRegOcx.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3ecf1f.qua'!
D:\电工速查速算和实用五金手册\实用五金手册\MetalsBook.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5ecf67.qua'!
D:\电工速查速算和实用五金手册\SSReader3.71\CR-SSReader.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a17cf54.qua'!
D:\电工速查速算和实用五金手册\SSReader3.71\SR371T0228.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a1dcf55.qua'!
D:\电工速查速算和实用五金手册\SSReader3.71\SSReader362.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3ccf56.qua'!
D:\电工速查速算和实用五金手册\SSREADER\ss_all.htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '4a49cf78.qua'!
D:\电工速查速算和实用五金手册\SSREADER\ss_select.htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '4bc1ffe9.qua'!
D:\电工速查速算和实用五金手册\SSREADER\sscdcreater.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4dcf78.qua'!
D:\电工速查速算和实用五金手册\SSREADER\update.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4ecf75.qua'!
D:\电工速查速算和实用五金手册\SSREADER\SsReader.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3ccf79.qua'!
D:\电工速查速算和实用五金手册\SSREADER\SSScan\scan.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4bcf6d.qua'!
D:\签名设计软件绿色版\Ougishi4lb14.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a51cf7f.qua'!
D:\签名设计软件绿色版\uninstall.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf79.qua'!
D:\Recycled\Dd2\egui.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5fcf73.qua'!
D:\Recycled\Dd2\SysInspector.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5dcf87.qua'!
D:\Recycled\Dd2\SysRescue.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4bd5ff18.qua'!
D:\家庭常用\求医通.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'da05224a.qua'!
D:\家庭常用\求医通qytv2.0.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'db820abb.qua'!
D:\Total Uninstall 4文件安装监测\unins000.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf7e.qua'!
D:\Total Uninstall 4文件安装监测\TuAgent.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a2bcf85.qua'!
D:\Total Uninstall 4文件安装监测\TuStarter.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3dcf85.qua'!
D:\Total Uninstall 4文件安装监测\TU文件安装检测4.8.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'af71cf65.qua'!
D:\Total Uninstall 4文件安装监测\_Tu.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5fcf65.qua'!
D:\文件夹染色工具 绿色版\文件夹染色1.42.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'a3241e07.qua'!
D:\文件夹染色工具 绿色版\彩色文件夹2\彩色文件夹.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'af725184.qua'!
D:\文件夹染色工具 绿色版\彩色文件夹2\iconcache.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a59cf75.qua'!
D:\文件夹染色工具 绿色版\彩色文件夹2\colorfld.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a56cf81.qua'!
D:\文件夹染色工具 绿色版\FileMenuTools\FileMenu Tools\FileMenuTools.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a56cf80.qua'!
D:\文件夹染色工具 绿色版\iColorFolder\iColorFolder.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a59cf5a.qua'!
D:\文件夹染色工具 绿色版\iColorFolder\uninstall.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf85.qua'!
D:\屏幕截图宝\易用屏幕录像专家 V5.0 绿色汉化版.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'a63a4441.qua'!
D:\屏幕截图宝\屏幕截图宝.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'ac152d6e.qua'!
D:\屏幕截图宝\屏幕截图.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'ad92edbf.qua'!
D:\屏幕截图宝\WinSnap V2.1.6屏幕捕获绿色版\AdvConfig.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a60cf7d.qua'!
D:\屏幕截图宝\WinSnap V2.1.6屏幕捕获绿色版\WinSnap.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a58cf83.qua'!
D:\屏幕截图宝\易用屏幕录像专家 5.0 汉化绿色版_用来录制屏幕操作\softxxlyiypl\unins000.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf89.qua'!
D:\屏幕截图宝\易用屏幕录像专家 5.0 汉化绿色版_用来录制屏幕操作\softxxlyiypl\Screen2Exe.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5ccf7e.qua'!
D:\屏幕截图宝\易用屏幕录像专家 5.0 汉化绿色版_用来录制屏幕操作\softxxlyiypl\ScrSelfPlayer.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4bd51e9f.qua'!
D:\屏幕截图宝\Capture Text(文字识别抓取)5.5汉化绿色版_将截图转为可编辑文本\Capture Text\CaptureText.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5acf7c.qua'!
D:\民间实用土方\民间实用土方.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'a5896510.qua'!
D:\下载程序\RaySource_Setup_V3.1.10.8366(1).exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a63cf7e.qua'!
D:\下载程序\迅雷吸尘器2.1beta1.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '9e236615.qua'!
D:\下载程序\纳米机器人\DUTool.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3ecf74.qua'!
D:\下载程序\纳米机器人\Data\du.html
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '4a18cf94.qua'!
D:\备份\Favorites\All Users\「开始」菜单\程序\装机人员工具箱\简单修复\修复系统首页.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'c6e62833.qua'!
D:\多种密码破解软件\多功能密码破解软件\生日字典生成器.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'a542350b.qua'!
D:\多种密码破解软件\多功能密码破解软件\UnSb0804.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a3dcf94.qua'!
D:\多种密码破解软件\多功能密码破解软件\多功能密码破解软件.EXE
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to 'cae821c6.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\123key.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a1dcf5a.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\acbtkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a4ccf8b.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\actkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5ecf8b.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\ariskkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf9a.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\bckupkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a55cf8b.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\bckey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4bdc1e6c.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\efskey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a5dcf8e.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\fmkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a55cf96.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\lnkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a55cf97.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\iekey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a55cf8e.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\mailkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a53cf8a.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\moneykey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a58cf98.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\msgrkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4a51cf9c.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\oekey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      The file was moved to '4bdc1e6f.qua'!
D:\多种密码破解软件\LostPassword Passware Kit v8.1 汉化绿色版\Passware\myobkey.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
%

shine

哇！楼主中彩了！

hzghgz

样本呢？

没样本的不可信。

还有就是病毒库是什么时候的？

sdwhsea

我想本身自己的电脑的补丁就没有打全，也是一个中毒的重要原因，我公司的电脑用ESS3.0有一年多时间了，除了中过一次U盘病毒外，基本上没有中国任何毒！

傻猪猪米走鸡

楼主随便在红伞的隔离区恢复一个样本发上来……很简单的，深呼吸……