1

killloop

Scanners

	2009-06-16 Found nothing		2009-06-16 Found nothing
	2009-06-16 Virus.Win32.Agent!IK		2009-06-16 Virus.Win32.Agent
	2009-06-16 Found nothing		2009-06-16 Found nothing
	2009-06-16 SHeur2.ALKV.dropper		2009-06-16 Win32/PSW.Small.NBE
	2009-06-16 TR/Dropper.Gen		2009-06-16 Found nothing
	2009-06-16 Gen:Trojan.Packed.Heur.91A15E7070		2009-06-16 Found nothing
	2009-06-16 Found nothing		2009-06-16 Found nothing
	2009-06-16 Troj.PSW.W32.Magania.jm		2009-06-16 Mal/EncPk-BW
	2009-06-16 Found nothing		2009-06-15 HackTool.Delf.13 (paranoid heuristics)
	2009-06-15 W32/Agent.L.gen!Eldorado		2009-06-16 Found nothing

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.1	20090616223118	2009-06-16	Virus.Win32.Agent!IK	2.719
AntiVir	8.2.0.187	7.1.4.100	2009-06-16	TR/Crypt.UPKM.Gen	0.451
Arcavir	2009	200906161348	2009-06-16	-	0.288
Authentium	5.1.1	200906151603	2009-06-15	W32/Agent.L.gen!Eldorado (Possible)	6.800
AVAST!	4.7.4	090615-0	2009-06-15	-	0.144
AVG	8.5.286	270.12.73/2180	2009-06-16	SHeur2.ALKV.dropper	3.682
BitDefender	7.81008.3349117	7.26016	2009-06-17	Gen:Trojan.Packed.Heur.91A15E7070	3.262
CA (VET)	9.0.0.143	31.6.6560	2009-06-16	-	7.194
ClamAV	0.95.1	9469	2009-06-16	-	1.022
Comodo	3.9	1341	2009-06-16	-	0.758
CP Secure	1.1.0.715	2009.06.16	2009-06-16	Troj.PSW.W32.Magania.jm	10.184
Dr.Web	4.44.0.9170	2009.06.16	2009-06-16	-	5.258
F-Prot	4.4.4.56	20090615	2009-06-15	W32/Agent.L.gen!Eldorado (generic, not disinfectable)	6.216
F-Secure	5.51.6100	2009.06.16.04	2009-06-16	-	0.623
GData	19.5858/19.365	20090616	2009-06-16	-	3.636
Ikarus	T3.1.01.59	2009.06.16.72875	2009-06-16	-	3.666
Microsoft	1.4701	2009.06.16	2009-06-16	VirTool:Win32/Obfuscator.C(Suspicious)	4.939
mks_vir	2.01	2009.06.15	2009-06-15	-	3.473
Norman	6.01.09	6.01.00	2009-06-16	-	4.009
nProtect	20090616.03	4261430	2009-06-16	Gen:Trojan.Packed.Heur.91A15E7070	5.844
Quick Heal	10.00	2009.06.16	2009-06-16	-	1.456
Sophos	2.87.1	4.42	2009-06-16	Mal/EncPk-BW	2.919
Sunbelt	5191	5191	2009-06-15	-	9.012
The Hacker	6.3.4.3	v00345	2009-06-15	-	0.851
VBA32	3.12.10.7	20090615.1405	2009-06-15	HackTool.Delf.13 (paranoid heuristics) (suspicious)	4.974
ViRobot	20090616	2009.06.16	2009-06-16	-	0.425
VirusBuster	4.5.11.10	10.107.15/1636796	2009-06-16	-	3.034
卡巴斯基	5.5.10	2009.06.16	2009-06-16	-	0.604
安博士V3	2009.06.17.00	2009.06.17	2009-06-17	-	0.855
安天	2.0.18	20090616.2549523	2009-06-16	-	0.273
江民杀毒	11.0.706	2009.06.16	2009-06-16	-	2.300
熊猫卫士	9.05.01	2009.06.16	2009-06-16	-	1.736
瑞星	20.0	21.34.13.00	2009-06-16	Trojan.PSW.Win32.DNFOnLine.al	1.474
赛门铁克	1.3.0.24	20090615.003	2009-06-15	-	0.100
趋势科技	8.700-1004	6.197.00	2009-06-16	-	0.055
迈克菲	5.3.00	5648	2009-06-16	New Malware.je	3.823
金山毒霸	2009.2.5.15	2009.6.16.18	2009-06-16	-	0.707
飞塔	2.81-3.117	10.502	2009-06-16	-	0.658

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.18	2009.06.16	-
AhnLab-V3	5.0.0.2	2009.06.16	-
AntiVir	7.9.0.187	2009.06.16	TR/Dropper.Gen
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.16	W32/Agent.L.gen!Eldorado
Avast	4.8.1335.0	2009.06.16	-
AVG	8.5.0.339	2009.06.16	SHeur2.ALKV.dropper
BitDefender	7.2	2009.06.16	Gen:Trojan.Packed.Heur.91A15E7070
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	-
eSafe	7.0.17.0	2009.06.16	-
eTrust-Vet	31.6.6563	2009.06.16	-
F-Prot	4.4.4.56	2009.06.15	W32/Agent.L.gen!Eldorado
F-Secure	8.0.14470.0	2009.06.16	W32/Packed_Upack.H
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	Gen:Trojan.Packed.Heur.91A15E7070
Ikarus	T3.1.1.59.0	2009.06.16	Virus.Win32.Agent
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.765	2009.06.16	Trojan-Dropper.Win32.Agent.hvj
Kaspersky	7.0.0.125	2009.06.16	-
McAfee	5648	2009.06.16	New Malware.je
McAfee+Artemis	5648	2009.06.16	Artemis!F4B88E94F0DA
McAfee-GW-Edition	6.7.6	2009.06.16	Trojan.Dropper.Gen
Microsoft	1.4701	2009.06.16	VirTool:Win32/Obfuscator.C
NOD32	4160	2009.06.16	Win32/PSW.Small.NBE
Norman	6.01.09	2009.06.16	W32/Smalltroj.OMAV.dropper
nProtect	2009.1.8.0	2009.06.16	-
Panda	10.0.0.14	2009.06.16	-
Prevx	3.0	2009.06.16	-
Rising	21.34.13.00	2009.06.16	Trojan.PSW.Win32.DNFOnLine.al
Sophos	4.42.0	2009.06.16	Mal/EncPk-BW
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
VirusBuster	4.6.5.0	2009.06.16	-

hddu

009-06-17 06:51:08    创建注册表值      操作:阻止
进程路径:E:\1\dnf\1.EXE
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
注册表名称:wextract_cleanup0
触发规则:所有程序规则->自动运行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*

2009-06-17 06:51:15    运行应用程序      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\THUNDE~1.EXE
文件路径:C:\WINDOWS\system32\rundll32.exe
命令行:Unamds1.dll,D2dsaj1j23j C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\THUNDE~1.EXE/del
触发规则:所有程序规则->系统程序_黑名单->%windir%\system32\rundll32.exe

hddu

电影结束了

"Infections"
"File";"Infection";"Result"
"E:\收集区\1.rar";"Trojan horse SHeur2.ALKV.dropper";"Infected"
"E:\收集区\1.rar:\dnf\1.EXE";"Trojan horse SHeur2.ALKV.dropper";"Infected"

左手

2009-06-17 09:50:47    创建文件      操作:阻止并结束进程
进程路径:E:\test\dnf\1.EXE
文件路径:C:\Documents and Settings\cc\Local Settings\Temp\IXP000.TMP\THUNDE~1.EXE
触发规则:所有程序规则->FD:01…系统文件组->%SystemDrive%\*.exe

luxiao200888

mp heur

kingsheet

卡巴不报

taihuxian

[size=1.5em]BitDefender 2009
此网页已被 BitDefender 反病毒实时防护拦截！
被拦截的网页包含（可能）已被病毒感染的对象。您的系统 未被 感染。

xyao

自动防护 已检测到 Infostealer.Gampass

sam.to

to kl