[病毒样本] x46

显示全部楼层 · 发表于 2009-6-23 15:38:18

1.8M

显示全部楼层 · 发表于 2009-6-23 15:42:48

强烈BS下了不回的..

显示全部楼层 · 发表于 2009-6-23 15:44:51

杀了17个

显示全部楼层 · 发表于 2009-6-23 15:45:10

C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > 360box.exe - Win32/NetTool.Agent.B 潜在的不安全应用程序
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > admin6ver0622.exe - 可能是 Win32/TrojanClicker.Delf.NHU 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > awsygc.exe - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > bdsetup.exe - Win32/Adware.NewWeb 应用程序的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > cfips.exe - Win32/Adware.Agent.NLG 应用程序的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > cn1.exe - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > diante.exe - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > extext15410278t.exe - Win32/TrojanDownloader.Agent.OZH 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > game032.exe - Win32/TrojanDownloader.Agent.OYF 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > paozu.exe - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > setup.exe - Win32/Adware.NewWeb 应用程序的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > 15388797test.dll - Win32/AntiAV.AZQ 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > cRsAQd4hw.dll - Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > dcbdcatys32_090608a.dll - Win32/Spy.Pophot 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > hhnt2pBK.dll - 可能是 Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > iesuper.dll - Win32/Adware.IESuper 应用程序
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > JBn2ypqY23vWX.dll - 可能是 Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > jqsbscr2.1.dll - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > linkinfo.dll - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > sam.dll - 可能是 Win32/Rootkit.Ressdt.NBY 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > tete15397820t.dll - Win32/AntiAV.AZQ 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > ufQCU5.dll - 可能是 Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UnsrA8Hec.dll - Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > winkh.dll - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > xurkh.dll - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > AsyncMac.sys - 可能是 Win32/AntiAV.AZQ 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > atempuser.sys - Win32/PSW.OnLineGames.WBE 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > atempuser.sys.sys - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > dbsa55f.sys - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > nsppv.sys - Win32/TrojanDownloader.Agent.OMQ 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > pcidump.sys - Win32/Agent.ONG 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > 51dd_free_setup - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > bQgc5yHMSD4yd.fon - Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > MqppW9KYn.fon - Win32/PSW.OnLineGames.NRD 特洛伊木马的变种
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > MSGSCR.TLB - Win32/BHO.SFI 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > 3B.tmp - Win32/BHO.SFI 特洛伊木马
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > 3D.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > dll3F.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2dad.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2dc2.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2dea.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2df4.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2dfe.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2e44.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2e58.tmp - 正常
C:\Documents and Settings\Administrator\桌面\新建文件夹\we.rar > RAR > UAC2f20.tmp - 正常

miss21，上报

显示全部楼层 · 发表于 2009-6-23 15:45:58

msse扫出来了17个样本，不知道其他杀软如何？

[ 本帖最后由 star1025 于 2009-6-23 15:47 编辑 ]

显示全部楼层 · 发表于 2009-6-23 15:46:02

Avira
Starting the file scan:

Begin scan in 'D:\kafan\kafan'
D:\kafan\kafan\360box.exe
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\admin6ver0622.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\cn1.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\diante.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\extext15410278t.exe
[DETECTION] Contains recognition pattern of the DIAL/Generic dialer
[NOTE]    The file was deleted!
D:\kafan\kafan\game032.exe
[DETECTION] Is the TR/Dldr.Small.jsc.2 Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\paozu.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\15388797test.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\cRsAQd4hw.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\dcbdcatys32_090608a.dll
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\hhnt2pBK.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\JBn2ypqY23vWX.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\jqsbscr2.1.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\sam.dll
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\tete15397820t.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\ufQCU5.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UnsrA8Hec.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\winkh.dll
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE]    The detection was classified as suspicious.
[NOTE]    The file was moved to '4aae8881.qua'!
D:\kafan\kafan\xurkh.dll
[DETECTION] Is the TR/Kaba.73278 Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\dbsa55f.sys
[DETECTION] Contains recognition pattern of the RKIT/Otlard.A.5 root kit
[NOTE]    The file was deleted!
D:\kafan\kafan\nsppv.sys
[DETECTION] Contains recognition pattern of the RKIT/Small.LE.12 root kit
[NOTE]    The file was deleted!
D:\kafan\kafan\pcidump.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\51dd_free_setup
[DETECTION] Is the TR/Dldr.Agent.bxhi Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\bQgc5yHMSD4yd.fon
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\MqppW9KYn.fon
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\MSGSCR.TLB
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\3B.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\dll3F.tmp
[DETECTION] Is the TR/Dldr.Geral.add Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2dad.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2dc2.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2dea.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2df4.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2dfe.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2e44.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2e58.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    The file was deleted!
D:\kafan\kafan\UAC2f20.tmp
[DETECTION] Is the TR/Alureon.BP.9 Trojan
[NOTE]    The file was deleted!

End of the scan: 2009年6月23日  15:45
Used time: 00:08 Minute(s)

The scan has been done completely.

   1 Scanned directories
   46 Files were scanned
   35 Viruses and/or unwanted programs were found
   1 Files were classified as suspicious
   35 files were deleted
   0 Viruses and unwanted programs were repaired
   1 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   0 Archives were scanned
   0 Warnings
   36 Notes

显示全部楼层 · 发表于 2009-6-23 15:47:59

avira miss 10x,heur 1x ,to kill

kaba miss 18x,to kill

显示全部楼层 · 发表于 2009-6-23 15:51:08

avira miss 10

显示全部楼层 · 发表于 2009-6-23 15:54:08

mpav 21号库 miss 20

显示全部楼层 · 发表于 2009-6-23 16:03:26

病毒发现 : C:\Users\Acer\Desktop\we\15388797test.dll
病毒发现 : C:\Users\Acer\Desktop\we\360box.exe
病毒发现 : C:\Users\Acer\Desktop\we\3B.tmp
病毒发现 : C:\Users\Acer\Desktop\we\3D.tmp
病毒发现 : C:\Users\Acer\Desktop\we\51dd_free_setup
病毒发现 : C:\Users\Acer\Desktop\we\admin6ver0622.exe
病毒发现 : C:\Users\Acer\Desktop\we\AsyncMac.sys
病毒发现 : C:\Users\Acer\Desktop\we\atempuser.sys
病毒发现 : C:\Users\Acer\Desktop\we\atempuser.sys.sys
病毒发现 : C:\Users\Acer\Desktop\we\awsygc.exe
病毒发现 : C:\Users\Acer\Desktop\we\bdsetup.exe
病毒发现 : C:\Users\Acer\Desktop\we\bQgc5yHMSD4yd.fon
病毒发现 : C:\Users\Acer\Desktop\we\cfips.exe
病毒发现 : C:\Users\Acer\Desktop\we\cn1.exe
病毒发现 : C:\Users\Acer\Desktop\we\cRsAQd4hw.dll
病毒发现 : C:\Users\Acer\Desktop\we\dbsa55f.sys
病毒发现 : C:\Users\Acer\Desktop\we\dcbdcatys32_090608a.dll
病毒发现 : C:\Users\Acer\Desktop\we\diante.exe
病毒发现 : C:\Users\Acer\Desktop\we\dll3F.tmp
病毒发现 : C:\Users\Acer\Desktop\we\extext15410278t.exe
病毒发现 : C:\Users\Acer\Desktop\we\game032.exe
病毒发现 : C:\Users\Acer\Desktop\we\hhnt2pBK.dll
病毒发现 : C:\Users\Acer\Desktop\we\iesuper.dll
病毒发现 : C:\Users\Acer\Desktop\we\JBn2ypqY23vWX.dll
病毒发现 : C:\Users\Acer\Desktop\we\jqsbscr2.1.dll
病毒发现 : C:\Users\Acer\Desktop\we\linkinfo.dll
病毒发现 : C:\Users\Acer\Desktop\we\MqppW9KYn.fon
病毒发现 : C:\Users\Acer\Desktop\we\MSGSCR.TLB
病毒发现 : C:\Users\Acer\Desktop\we\nsppv.sys
病毒发现 : C:\Users\Acer\Desktop\we\paozu.exe
病毒发现 : C:\Users\Acer\Desktop\we\pcidump.sys
病毒发现 : C:\Users\Acer\Desktop\we\sam.dll
病毒发现 : C:\Users\Acer\Desktop\we\setup.exe
病毒发现 : C:\Users\Acer\Desktop\we\tete15397820t.dll
病毒发现 : C:\Users\Acer\Desktop\we\UAC2dad.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2dc2.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2dea.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2df4.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2dfe.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2e44.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2e58.tmp
病毒发现 : C:\Users\Acer\Desktop\we\UAC2f20.tmp
病毒发现 : C:\Users\Acer\Desktop\we\ufQCU5.dll
病毒发现 : C:\Users\Acer\Desktop\we\UnsrA8Hec.dll
病毒发现 : C:\Users\Acer\Desktop\we\winkh.dll
病毒发现 : C:\Users\Acer\Desktop\we\xurkh.dll

[ 本帖最后由微星杀毒于 2009-6-23 16:04 编辑 ]

[病毒样本] x46

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 gankeyu 的帖子