从班长电脑里挖来的x15

schumi小粉

从大学班长Nod32隔离区里挖来的货色，他就喜欢乱整软件，好在隔离区没被清空，资源大大的

下载地址：包1：http://www.brsbox.com/filebox/down/fc/42930b7156450ee046cfca553960b4a3
包2：http://www.brsbox.com/filebox/down/fc/efd3d479f11e1c1c9488b68f9afee740
密码：virus

Sebastian

Starting the file scan:

Begin scan in 'D:\kafan\1'
D:\kafan\1\real.htm
    [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
    [NOTE]      A backup was created as '4a4e42cc.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\1\real.hTml
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '4a4e42cd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\1\setup_100065.exe
    [DETECTION] Is the TR/Drop.Agent.zgt.2 Trojan
    [NOTE]      A backup was created as '4a6142cd.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\1\svchost.dll
    [DETECTION] Is the TR/Banker.Banbra.ehx Trojan
    [NOTE]      A backup was created as '4a5042de.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
Begin scan in 'D:\kafan\2'
D:\kafan\2\COM.RUN
    [DETECTION] Is the TR/Agent.askg Trojan
    [NOTE]      A backup was created as '4a3a42b9.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\2\dp1.fne
    [DETECTION] Is the TR/Agent.114688.47 Trojan
    [NOTE]      A backup was created as '4a1e42da.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\2\eAPI.fne
    [DETECTION] Is the TR/Mod.BHO.iin Trojan
    [NOTE]      A backup was created as '4a3d42ac.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\2\INTERNET.FNE
    [DETECTION] Is the TR/Mod.BHO.iio Trojan
    [NOTE]      A backup was created as '4a4142b9.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\2\MS-DOS.com
    [DETECTION] Contains recognition pattern of the W32/Huhk.C Windows virus
    [NOTE]      A backup was created as '4a1a42be.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\2\vorlnwj.exe
    [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan
    [NOTE]      A backup was created as '4a5f42da.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年4月21日  11:50
Used time: 00:03 Minute(s)

The scan has been done completely.

      2 Scanned directories
     89 Files were scanned
      9 Viruses and/or unwanted programs were found
      1 Files were classified as suspicious
     10 files were deleted
      0 Viruses and unwanted programs were repaired
     10 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
     79 Files not concerned
      2 Archives were scanned
      0 Warnings
     10 Notes

sam.to

89 Files were scanned
      9 Viruses and/or unwanted programs were found

究竟有多少不是

Sebastian

File ID         Filename        Size (Byte)        Result
2240609         snetcfg.exe         8.2 KB         FALSE POSITIVE
25012121         zlib.dll         192 KB         CLEAN
25327183         ####################.exe         646.85 KB         UNDER ANALYSIS
25327184         23.doc         28 KB         UNDER ANALYSIS
25234699         detect.exe         441.08 KB         FALSE POSITIVE

sam.to

只上报数个?

HKLHF

弄下来分析一下。。

tangxingyong

搞不懂了

kw1129

既然上传上来，那又何必设置密码！？
NOD有密码的包会跳 过的。

IllusionWing

D:\kafan\2\COM.RUN
D:\kafan\2\dp1.fne
D:\kafan\2\eAPI.fne
D:\kafan\2\INTERNET.FNE

FP..