几个病毒

显示全部楼层 · 发表于 2009-6-2 23:55:37

里面有个kaoni.exe报的很少，不过很可疑。

显示全部楼层 · 发表于 2009-6-2 23:58:02

2/6/2009 23:57:11 已偵測: Trojan-GameThief.Win32.WOW.ohl C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\1.dll
2/6/2009 23:57:13 已偵測: Trojan-Downloader.Win32.Small.jss C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\debug.dll/UPack
2/6/2009 23:57:14 已偵測: Trojan-Dropper.Win32.Agent.aqev C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\A17.exe/PE_Patch.UPX/UPX
2/6/2009 23:57:19 已偵測: Backdoor.Win32.Delf.pja C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\MMM.MMM/PE_Patch/UPack
2/6/2009 23:57:20 已偵測: Backdoor.Win32.Delf.pja C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\QQgunK.exe/PE_Patch/UPack
2/6/2009 23:57:20 已偵測: Trojan.Win32.Agent.cgjo C:\Documents and Settings\kato9096\桌面\新建文件夹\新建文件夹\QQq2BY.exe/PE_Patch/UPack

上报4个

显示全部楼层 · 发表于 2009-6-3 08:04:13

D:\TDDownload\新建文件夹.part1.rar/Iexplore.exe 已检测: Trojan-Downloader!IK
D:\TDDownload\新建文件夹.part1.rar/aolui.exe 已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\新建文件夹.part1.rar/ufwlu.exe 已检测: Trojan-Downloader.Win32.VB!IK
D:\TDDownload\新建文件夹.part1.rar/svcho.exe 已检测: Trojan-PWS.Win32.VB!IK
D:\TDDownload\新建文件夹.part2.rar/1.dll 已检测: Trojan-GameThief.Win32.WOW!IK
D:\TDDownload\新建文件夹.part2.rar/q.dat 已检测: Rootkit.OnLineGames!IK
D:\TDDownload\新建文件夹.part2.rar/debug.dll 已检测: Trojan-PWS.Win32.Small!IK
D:\TDDownload\新建文件夹.part2.rar/QT1.exe 已检测: Trojan-PWS.Win32.Small!IK
D:\TDDownload\新建文件夹.part2.rar/QTB.exe 已检测: Trojan-PWS.Win32.Small!IK
D:\TDDownload\新建文件夹.part2.rar/A17.exe 已检测: Trojan-Downloader.Agent.pmd.2!IK

显示全部楼层 · 发表于 2009-6-3 08:27:04

KILL 14个
Beginning disinfection:
G:\virus\新建文件夹\新建文件夹\1.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\A17.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\aolui.exe
[DETECTION] Is the TR/Agent.rrz.2 Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\debug.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\debug.obj
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\Iexplore.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\MMM.MMM
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\q.dat
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\QQgunK.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\QQq2BY.exe
[DETECTION] Is the TR/Crypt.UPKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\QT1.exe
[DETECTION] Is the TR/Crypt.UPKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\QTB.exe
[DETECTION] Is the TR/Crypt.UPKM.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\svcho.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
G:\virus\新建文件夹\新建文件夹\ufwlu.exe
[DETECTION] Is the TR/Agent.rrz.2 Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-6-3 08:32:45

2009-06-03 8:31:52 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\Iexplore.exe" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\aolui.exe\[Embedded_R#ECPLOR]" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\aolui.exe" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\ufwlu.exe\[Embedded_R#ECPLOR]" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\ufwlu.exe" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\svcho.exe\[Embedded_O#06000]\[Embedded_R#ECPLOR]" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\svcho.exe\[Embedded_O#06000]" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\svcho.exe" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\1.dll" file.
2009-06-03 8:31:55 gxf 2540 Sign of "Win32:Agent-ADVJ [Rtk]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\q.dat" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\MMM.MMM\[Upack]" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Delf-EQM [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\debug.dll\[Upack]" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\debug.obj\[Embedded_R#MYFILE]\[Upack]" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\QQgunK.exe\[Upack]" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\QQq2BY.exe\[Upack]" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\QT1.exe" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\QTB.exe" file.
2009-06-03 8:31:56 gxf 2540 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\gxf\桌面\新建文件夹[1]\新建文件夹\A17.exe" file.

显示全部楼层 · 发表于 2009-6-3 13:26:58

显示全部楼层 · 发表于 2009-6-3 14:11:06

2009-06-03 14:06:45 创建文件    操作:阻止
进程路径:E:\virus\新建文件夹\A17.exe
文件路径:C:\WINDOWS\System32\SGCQ.dll
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.dll

2009-06-03 14:06:53 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\aolui.exe
文件路径:C:\WINDOWS\system32\taskkill.exe
命令行:/f /pid 0
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:06:53 运行应用程序    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\aolui.exe
文件路径:C:\WINDOWS\system32\net.exe
命令行:stop sharedaccess
触发规则:应用程序规则->AD:04…禁止的程序操作->*.*->%windir%\system32\net.exe

2009-06-03 14:07:02 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\Iexplore.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Local AppData
触发规则:所有程序规则->RD:07…系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-06-03 14:07:09 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:09 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:09 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:10 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\Iexplore.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:History
触发规则:所有程序规则->RD:03…IE浏览器设置保护（黑名单）->*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

2009-06-03 14:07:12 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:13 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:14 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:15 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:16 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:16 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:18 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:18 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:19 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\kaoni.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:24 创建文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\QQq2BY.exe
文件路径:C:\Program Files\Common Files\System\QQq2BY.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:07:24 创建文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\QQq2BY.exe
文件路径:C:\Program Files\Common Files\System\QQq2BY.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:07:26 创建文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\QQgunK.exe
文件路径:C:\Program Files\Common Files\System\QQgunK.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:07:26 创建文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\QQgunK.exe
文件路径:C:\Program Files\Common Files\System\QQgunK.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:07:27 创建文件    操作:阻止
进程路径:E:\virus\新建文件夹\QT1.exe
文件路径:C:\WINDOWS\Fonts\b4b147bc522828731f1a016bfa72c073
触发规则:所有程序规则->FD:05…禁止创建文件的目录（黑名单）->%windir%\*

2009-06-03 14:07:31 创建文件    操作:阻止
进程路径:E:\virus\新建文件夹\QTB.exe
文件路径:C:\WINDOWS\Fonts\b4b147bc522828731f1a016bfa72c073
触发规则:所有程序规则->FD:05…禁止创建文件的目录（黑名单）->%windir%\*

2009-06-03 14:07:34 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\svcho.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Personal
触发规则:所有程序规则->RD:07…系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-06-03 14:07:34 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\svcho.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Desktop
触发规则:所有程序规则->RD:07…系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-06-03 14:07:34 创建文件    操作:阻止
进程路径:E:\virus\新建文件夹\svcho.exe
文件路径:C:\Documents and Settings\cc\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
触发规则:所有程序规则->FD:04…创建文件的目录（黑白）->*\Quick Launch\*

2009-06-03 14:07:34 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\svcho.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Personal
触发规则:所有程序规则->RD:07…系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-06-03 14:07:34 修改注册表内容    操作:阻止
进程路径:E:\virus\新建文件夹\svcho.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Desktop
触发规则:所有程序规则->RD:07…系统和软件操作（黑白）->*\Software\Microsoft\Windows*\*

2009-06-03 14:07:34 修改文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\svcho.exe
文件路径:E:\virus\新建文件夹\svcho.exe
触发规则:应用程序规则->FD:04…常见修改程序组->%ProgramFiles%\Internet Explorer\iexplore.exe->*\*.exe

2009-06-03 14:07:34 修改文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\svcho.exe
文件路径:E:\virus\新建文件夹\svcho.exe
触发规则:应用程序规则->FD:04…常见修改程序组->%ProgramFiles%\Internet Explorer\iexplore.exe->*\*.exe

2009-06-03 14:07:40 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\ufwlu.exe
文件路径:C:\WINDOWS\system32\taskkill.exe
命令行:/f /pid 0
触发规则:所有程序规则->AD:02…禁止运行的高危程序（黑名单）->%windir%\system32\*

2009-06-03 14:07:41 运行应用程序    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\ufwlu.exe
文件路径:C:\WINDOWS\system32\net.exe
命令行:stop sharedaccess
触发规则:应用程序规则->AD:04…禁止的程序操作->*.*->%windir%\system32\net.exe

2009-06-03 14:07:44 创建文件    操作:阻止并结束进程
进程路径:E:\virus\新建文件夹\Iexplore.exe
文件路径:C:\TDDOWNLOAD\pipi.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:08:58 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\QT1.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c erase /A:RHSA "E:\virus\新建文件夹\QT1.exe"&cmd /c del "E:\virus\新建文件夹\QT1.exe"
触发规则:应用程序规则->AD:04…禁止的程序操作->*.*->*\cmd.exe

2009-06-03 14:09:02 运行应用程序    操作:阻止
进程路径:E:\virus\新建文件夹\QTB.exe
文件路径:C:\WINDOWS\system32\cmd.exe
命令行:/c erase /A:RHSA "E:\virus\新建文件夹\QTB.exe"&cmd /c del "E:\virus\新建文件夹\QTB.exe"
触发规则:应用程序规则->AD:04…禁止的程序操作->*.*->*\cmd.exe

2009-06-03 14:09:37 删除文件    操作:阻止
进程路径:C:\Documents and Settings\cc\Local Settings\Temp\_zip0000\_setup.exe
文件路径:C:\Documents and Settings\cc\Local Settings\Temp\_zip0000\wuremove.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

2009-06-03 14:09:37 删除文件    操作:阻止
进程路径:C:\Documents and Settings\cc\Local Settings\Temp\_zip0000\_setup.exe
文件路径:C:\Documents and Settings\cc\Local Settings\Temp\_zip0000\_setup.exe
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

[ 本帖最后由左手于 2009-6-3 14:12 编辑 ]

显示全部楼层 · 发表于 2009-6-3 14:49:52

mcafee 8.7i sp1只查出9个

显示全部楼层 · 发表于 2009-6-3 21:01:20

25362327 kaoni.exe 1.24 MB CLEAN

显示全部楼层 · 发表于 2009-6-4 11:20:09

debug.obj - Backdoor.Win32.Agent.ahkv,
q.dat - Rootkit.Win32.Agent.lgc,
QT1.exe_, QTB.exe_ - Trojan-Downloader.Win32.Delf.ubw

[病毒样本] 几个病毒

本帖子中包含更多资源

avast 4.8

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块