毒包请大家看看

chabosh

毒包请大家看看

Sherry.ai

Miss 4

[ 本帖最后由 935623508 于 2009-5-7 11:36 编辑 ]

Sebastian

Starting the file scan:

Begin scan in 'D:\kafan\du'
D:\kafan\du\1[1].exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a335801.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\101781_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3357d6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\101937_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4b44c30f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\104921_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3657d6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\107140_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3957d6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\108921_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3a57d6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\109359_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3b57d6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\111[1].exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '4a3357d8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\112312_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3457d8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\114281_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3657d8.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\178781_0x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3a57de.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\2[1].exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a335802.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\3[1].exe
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      A backup was created as '4b44ccdb.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\702562_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3457d7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\888888.exe
    [DETECTION] Is the TR/Dldr.Agent.xsd Trojan
    [NOTE]      A backup was created as '4a3a57e0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\97171_3407920x.exe
    [DETECTION] Is the TR/Dldr.Geral.IG Trojan
    [NOTE]      A backup was created as '4a3357df.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\aa29[1].exe
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      A backup was created as '4a345809.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\ad13147.exe
  [0] Archive type: NSIS
    [DETECTION] Contains recognition pattern of the DR/BHO.gkm.114 dropper
    --> SOFTWARE/MicroPlugins/Common/cpush.dll
      [DETECTION] Contains recognition pattern of the ADSPY/Bho.gkm adware or spyware
    --> SOFTWARE/MicroPlugins/Common/cpush.tmp
      [DETECTION] Contains recognition pattern of the ADSPY/Bho.gkm adware or spyware
    [NOTE]      A backup was created as '4a33580c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\cegfihjl.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '4a69580d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\ctfmn.exe
    --> Object
      [DETECTION] Contains recognition pattern of the W32/Autorun.BK Windows virus
    [NOTE]      A backup was created as '4a68581d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\idzam.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a7c580d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\ijzam.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a7c5813.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\iozam.exe
    [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      A backup was created as '4a7c5818.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\itzam.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      A backup was created as '4a7c581d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\mei33[1].exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      A backup was created as '4a6b580e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\mspaint.exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      A backup was created as '4a72581c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\scvhost.exe
    --> Object
      [DETECTION] Is the TR/Killav.PN Trojan
    [NOTE]      A backup was created as '4a78580c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\kafan\du\vxbzcb.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      A backup was created as '4a645822.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年5月7日  11:38
Used time: 00:04 Minute(s)

The scan has been done completely.

      1 Scanned directories
     31 Files were scanned
     30 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
     28 files were deleted
      0 Viruses and unwanted programs were repaired
     28 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
     28 Notes



D:\kafan\du\1[1].exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\101781_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\101937_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\104921_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\107140_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\108921_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\109359_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\111[1].exe     已检测: Trojan-Dropper.Agent!IK
D:\kafan\du\112312_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\114281_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\178781_0x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\2[1].exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\3[1].exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\702562_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\888888.exe     已检测: Trojan-Downloader.Win32.VB.aqm!IK
D:\kafan\du\97171_3407920x.exe     已检测: Trojan.Win32.Qhost!IK
D:\kafan\du\aa29[1].exe     已检测: Trojan-PWS.Win32.QQPass!IK
D:\kafan\du\ad13147.exe/cpush.dll     已检测: Virus.Win32.BHO.GG!IK
D:\kafan\du\cegfihjl.exe     已检测: Trojan-Spy!IK
D:\kafan\du\ctfmn.exe     已检测: Worm.Win32.AutoRun!IK
D:\kafan\du\idzam.exe     已检测: Trojan-Downloader.Win32.Small!IK
D:\kafan\du\ijzam.exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\iozam.exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\itzam.exe     已检测: Trojan-Downloader.Win32.Apher!IK
D:\kafan\du\mei33[1].exe     已检测: Virus.Trojan.Win32.Agent!IK
D:\kafan\du\mspaint.exe     已检测: Virus.Trojan.Win32.Agent!IK
D:\kafan\du\scvhost.exe     已检测: Trojan.Win32.AntiAV!IK
D:\kafan\du\vxbzcb.exe     已检测: Trojan-Spy!IK

已扫描

文件:     30
跟踪记录:     0
Cookies:     0
进程:     0

已发现

文件:     28
跟踪记录:     0
Cookies:     0
进程:     0
注册表键:     0

[ 本帖最后由 Sebastian 于 2009-5-7 11:45 编辑 ]

328397663

原帖由 chabosh 于 2009-5-7 11:32 发表
毒包请大家看看

不报的..to kl

[ 本帖最后由 328397663 于 2009-5-7 12:55 编辑 ]

einnawy

费尔 扫描kill26  动态防御kill2  剩余1

冰封大地

恩，是病毒的样本，我再查查

青春灌醉

毒包看得多了，免疫力就下降了，还是留给高人看吧

kalynn84

小A报28个2009-5-7 14:26:31        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\1[1].exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\101781_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\101937_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\104921_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\107140_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\108921_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\109359_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\112312_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\114281_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\178781_0x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\2[1].exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\3[1].exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\702562_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\888888.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Agent-AEVX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\97171_3407920x.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Delf-FZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\aa29[1].exe\[UPX]\[Embedded_R#FILE]" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:BHO-GG [Adw]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\ad13147.exe\$COMMONFILES\PushWare\cpush.dll" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\cegfihjl.exe\[Embedded_R#117e8]" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\cegfihjl.exe\[Embedded_R#3c9e8]" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\cegfihjl.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:AutoRun-AGN [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\ctfmn.exe\[Upack]" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\idzam.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\ijzam.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\iozam.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\itzam.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\mei33[1].exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\mspaint.exe" file.  
2009-5-7 14:26:35        Ivan        2728        Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Administrator\桌面\du.part1.rar\du\scvhost.exe\[UPX]\[Embedded_Ra#04110]\[Embedded_Ia#dda0]" file.

BING126

McAfee 报了15个。。

HKLHF

毒出来的总是那么快，分析永远是跟不上的