【5+5+5】

显示全部楼层 · 发表于 2009-6-7 13:31:12

C:\Documents and Settings\Administrator\桌面\新建文件夹\P3\DRIVER\DRIVER.exe - Win32/Adware.Agent.NKI 应用程序
C:\Documents and Settings\Administrator\桌面\新建文件夹\P3\Setup\Setup.exe - Win32/TrojanClicker.VB.COJ 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\P1\Autorun[1].inf\Autorun.inf.exe - Win32/Adware.Agent.NKI 应用程序
C:\Documents and Settings\Administrator\桌面\新建文件夹\P1\bad\bad\bad.exe - 未查明的 NewHeur_PE 病毒
C:\Documents and Settings\Administrator\桌面\新建文件夹\P1\media[1]\media[1].htm - 可能是 JS/TrojanDownloader.Agent 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\2\2 > NSIS > jah35521.exe - Win32/Kryptik.BT 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\bd\bd.exe > RAR > setup1.exe - Win32/VB.OAF 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\bd\bd.exe > RAR > setup2.exe - Win32/VB.OAE 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\bd\bd.exe > RAR > setup.exe - Win32/TrojanDownloader.VB.NWS 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\kille\KillE.exe - Win32/Agent.PID 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\P2\Setup2\Setup.exe - Win32/TrojanClicker.VB.COJ 特洛伊木马

显示全部楼层 · 发表于 2009-6-7 13:35:39

7/6/2009 13:36:24 Detected: Worm.Win32.AutoRun.stz C:\Documents and Settings\kato\桌面\P2.rar/P2\2\2/stream/data0001
7/6/2009 13:36:24 Processing error: Worm.Win32.AutoRun.stz C:\Documents and Settings\kato\桌面\P2.rar/P2\2\2/stream
7/6/2009 13:36:25 Detected: Trojan-Downloader.Win32.Agent.bpza C:\Documents and Settings\kato\桌面\P2.rar/P2\bd\bd.exe/setup.exe/PE_Patch.UPX/UPX
7/6/2009 13:36:25 Detected: Trojan.Win32.Agent2.hbn C:\Documents and Settings\kato\桌面\P2.rar/P2\kille\KillE.exe
7/6/2009 13:36:25 Detected: Trojan.Win32.Agent.brcv C:\Documents and Settings\kato\桌面\P2.rar/P2\Setup2\Setup.exe/winhost.exe
7/6/2009 13:36:27 Detected: not-a-virus:AdWare.Win32.Agent.hyz C:\Documents and Settings\kato\桌面\P3.rar/P3\DRIVER\DRIVER.exe
7/6/2009 13:36:48 Detected: Trojan.Win32.Agent.brcv C:\Documents and Settings\kato\桌面\P3.rar/P3\Setup\Setup.exe/winhost.exe
7/6/2009 13:36:57 Detected: not-a-virus:AdWare.Win32.Agent.hyz C:\Documents and Settings\kato\桌面\P1.rar/P1\Autorun[1].inf\Autorun.inf.exe
7/6/2009 13:37:05 Detected: Trojan-Downloader.Win32.Agent.aubs C:\Documents and Settings\kato\桌面\P1.rar/P1\bad\bad\bad.exe
7/6/2009 13:37:05 Detected: Trojan-Downloader.JS.Agent.cyp C:\Documents and Settings\kato\桌面\P1.rar/P1\media[1]\media[1].htm

to kl

[ 本帖最后由 sam.to 于 2009-6-7 13:37 编辑 ]

显示全部楼层 · 发表于 2009-6-7 14:54:31

Begin scan in 'C:\Documents and Settings\F31\桌面\P1.rar'
C:\Documents and Settings\F31\桌面\P1.rar
  [0] Archive type: RAR
[NOTE]    A backup was created as '4a596442.qua'  ( QUARANTINE )
[WARNING] The file was ignored!
--> P1\Autorun[1].inf\Autorun.inf.exe
   [DETECTION] Contains recognition pattern of the ADSPY/Agent.hyz adware or spyware
--> P1\bad\bad\bad.exe
   [DETECTION] Is the TR/Dldr.Sket.A Trojan
--> P1\media[1]\media[1].htm
   [DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
Begin scan in 'C:\Documents and Settings\F31\桌面\P2.rar'
C:\Documents and Settings\F31\桌面\P2.rar
  [0] Archive type: RAR
[NOTE]    A backup was created as '4a596443.qua'  ( QUARANTINE )
[WARNING] The file was ignored!
--> P2\kille\KillE.exe
   [DETECTION] Is the TR/Drop.Cingo.B Trojan
--> P2\Setup2\Setup.exe
   [DETECTION] Contains recognition pattern of the DR/Agent.xbc dropper
--> P2\2\2
   [1] Archive type: NSIS
   [DETECTION] Contains recognition pattern of the DR/AutoRun.stz dropper
   --> ProgramFilesDir/jah35521.exe
      [DETECTION] Contains recognition pattern of the WORM/Autorun.stz worm
--> P2\bd\bd.exe
   [1] Archive type: RAR SFX (self extracting)
   [DETECTION] Contains recognition pattern of the DR/Dldr.Agent.bpza dropper
   --> setup.exe
      [DETECTION] Is the TR/Dldr.Agent.bpza Trojan
Begin scan in 'C:\Documents and Settings\F31\桌面\P3.rar'
C:\Documents and Settings\F31\桌面\P3.rar
  [0] Archive type: RAR
[NOTE]    A backup was created as '4a596444.qua'  ( QUARANTINE )
[WARNING] The file was ignored!
--> P3\DRIVER\DRIVER.exe
   [DETECTION] Contains recognition pattern of the ADSPY/Agent.hyz adware or spyware
--> P3\LT-RUNNER\LT-RUNNER.EXE
   [DETECTION] Contains recognition pattern of the SPR/FireWallPass program
--> P3\PnpWmkDrv\PnpWmkDrv.sys
   [DETECTION] Contains recognition pattern of the RKIT/Agent.GZ root kit
--> P3\Setup\Setup.exe
   [DETECTION] Contains recognition pattern of the DR/Agent.xbc dropper

End of the scan: 2009年6月7日  14:54
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   27 Files were scanned
   13 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious

显示全部楼层 · 发表于 2009-6-7 16:25:27

Hello,

110(2).dll,
C.exe,
LT-RUNNER.EXE,
PnpWmkDrv.sys,
wuauclt.exe

No malicious code were found in these files.

110.dll

This file is corrupted.

显示全部楼层 · 发表于 2009-6-7 19:56:18

DR.WEB
2\data002;C:\Documents and Settings\all\桌面\P2\P2\2\2;Trojan.Clb.23;;
2;C:\Documents and Settings\all\桌面\P2\P2\2;Archive contains infected objects;Deleted.;
bad.exe;C:\Documents and Settings\all\桌面\P1\P1\bad\bad;Modification of Win32.HLLM.Generic.349;Deleted.;
2.exe;C:\Documents and Settings\all\桌面;BackDoor.Beizhu.2655;Deleted.;

显示全部楼层 · 发表于 2009-6-7 20:23:18

已删除：广告程序 not-a-virus:AdWare.Win32.Agent.hyz 文件：D:\My Documents\桌面\test\P1.rar/P1\Autorun[1].inf\Autorun.inf.exe
已删除：木马程序 Trojan-Downloader.Win32.Agent.aubs 文件：D:\My Documents\桌面\test\P1.rar/P1\bad\bad\bad.exe
已删除：木马程序 Trojan-Downloader.JS.Agent.cyp 文件：D:\My Documents\桌面\test\P1.rar/P1\media[1]\media[1].htm
已删除：病毒 Worm.Win32.AutoRun.stz 文件：D:\My Documents\桌面\test\P2.rar/P2\2\2//stream//data0001
已删除：木马程序 Trojan-Downloader.Win32.Agent.bpza 文件：D:\My Documents\桌面\test\P2.rar/P2\bd\bd.exe/setup.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan.Win32.Agent2.hbn 文件：D:\My Documents\桌面\test\P2.rar/P2\kille\KillE.exe
已删除：木马程序 Trojan.Win32.Agent.brcv 文件：D:\My Documents\桌面\test\P2.rar/P2\Setup2\Setup.exe//winhost.exe
已删除：广告程序 not-a-virus:AdWare.Win32.Agent.hyz 文件：D:\My Documents\桌面\test\P3.rar/P3\DRIVER\DRIVER.exe
已删除：木马程序 Trojan.Win32.Agent.brcv 文件：D:\My Documents\桌面\test\P3.rar/P3\Setup\Setup.exe//winhost.exe
已删除：木马程序 Trojan.Win32.Agent.brcv 文件：D:\My Documents\桌面\test\P3.rar/P3\Setup\Setup.exe

显示全部楼层 · 发表于 2009-6-7 20:27:37

显示全部楼层 · 发表于 2009-6-7 20:28:41

蜘蛛2个

显示全部楼层 · 发表于 2009-6-7 20:45:30

D:\TDDownload\P1.rar/110.dll 已检测: Trojan-Spy.XUW!IK
D:\TDDownload\P1.rar/Autorun.inf.exe 已检测: Riskware.AdWare.Win32.Agent!IK
D:\TDDownload\P1.rar/bad.exe 已检测: Trojan-Dropper.Agent!IK
D:\TDDownload\P1.rar/media[1].htm 已检测: Trojan-Downloader.JS.Agent!IK
D:\TDDownload\P2.rar/jah35521.exe 已检测: Worm.Win32.AutoRun!IK
D:\TDDownload\P2.rar/bd.exe 已检测: Trojan-Dropper.Agent!IK
D:\TDDownload\P2.rar/KillE.exe 已检测: Trojan-Dropper.Cingo!IK
D:\TDDownload\P2.rar/Setup.exe 已检测: Trojan-Downloader.Win32.Small!IK
D:\TDDownload\P3.rar/C.exe 已检测: Trojan-Dropper.Win32.Delf!IK
D:\TDDownload\P3.rar/DRIVER.exe 已检测: Riskware.AdWare.Win32.Agent!IK
D:\TDDownload\P3.rar/LT-RUNNER.EXE 已检测: Virus.Win32.Spyware!IK
D:\TDDownload\P3.rar/PnpWmkDrv.sys 已检测: Virus.Win32.AdWare!IK
D:\TDDownload\P3.rar/Setup.exe 已检测: Trojan-Downloader.Win32.Small!IK

显示全部楼层 · 发表于 2009-6-7 21:19:13

McAfee 报了11个。。

[病毒样本] 【5+5+5】

本帖子中包含更多资源

评分

KAV6.0 6月7日

本帖子中包含更多资源

本帖子中包含更多资源