nod32报的病毒

显示全部楼层 · 发表于 2007-2-12 14:28:05

快杀

[ 本帖最后由 kp2006 于 2007-2-12 14:35 编辑 ]

显示全部楼层 · 发表于 2007-2-12 14:34:04

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\8��.rar'
C:\Documents and Settings\Administrator\My Documents\
  8��.rar
[0] Archive type: RAR
--> unx.com
--> unxo.com
--> unxorkhgf.com
      [DETECTION] Is the Trojan horse TR/Agent.205355
      [WARNING] Infected files in archives cannot be repaired!
--> unxorkhgu.com
--> h.com
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> kghg.com
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.83 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> setup.exe
--> u.com
      [DETECTION] Contains signature of the worm WORM/Medbot.GM
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\2��.rar'
C:\Documents and Settings\Administrator\My Documents\
  2��.rar
[0] Archive type: RAR
--> VSSIV7NN.007
--> emb-5.exe

显示全部楼层 · 发表于 2007-2-12 14:43:36

运行之后只有ux开头的两个文件antivir没有报，但是那两个文件貌似什么也没有做的样子，只是驻留内存
而且貌似很多生成物都是相同的
我把生成物也扔上来
Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:File ID    Filename    Size (Byte) Result
205273    virus.rar 619.285 OK

A listing of files contained inside archives alongside their results can be found below:File ID    Filename    Size (Byte) Result
205274    emb-5.exe    219.168    UNDER ANALYSIS
204712    unxorkhgu.com    32.768    UNDER ANALYSIS
204712    unxorkhgu.com    32.768    UNDER ANALYSIS
204743    setup.exe    78.336    UNDER ANALYSIS
205274    emb-5.exe    219.168    UNDER ANALYSIS
205275    VSSIV7NN.007    177.170    UNDER ANALYSIS

Please find a detailed report concerning each individual sample below: Filename Result
emb-5.exe    UNDER ANALYSIS

The file 'emb-5.exe' has been determined to be 'UNDER ANALYSIS'.
Filename Result
unxorkhgu.com    UNDER ANALYSIS

The file 'unxorkhgu.com' has been determined to be 'UNDER ANALYSIS'.
Filename Result
unxorkhgu.com    UNDER ANALYSIS

The file 'unxorkhgu.com' has been determined to be 'UNDER ANALYSIS'.
Filename Result
setup.exe    UNDER ANALYSIS

The file 'setup.exe' has been determined to be 'UNDER ANALYSIS'.
Filename Result
emb-5.exe    UNDER ANALYSIS

The file 'emb-5.exe' has been determined to be 'UNDER ANALYSIS'.
Filename Result
VSSIV7NN.007    UNDER ANALYSIS

The file 'VSSIV7NN.007' has been determined to be 'UNDER ANALYSIS'.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2007-2-12 14:52:30

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\4��.rar'
C:\Documents and Settings\Administrator\My Documents\
  4��.rar
[0] Archive type: RAR
--> unxorugbjk.com
--> unxoruhjh.com
      [DETECTION] Is the Trojan horse TR/Dldr.BHO.BW
      [WARNING] Infected files in archives cannot be repaired!
--> unxorljhu.com
      [DETECTION] Contains signature of the dropper DR/Spy.Delf.PY.18
      [WARNING] Infected files in archives cannot be repaired!
--> unxorlkhgg.com
      [DETECTION] Is the Trojan horse TR/Dldr.BHO.BW
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\2��.rar'
C:\Documents and Settings\Administrator\My Documents\
  2��.rar
[0] Archive type: RAR
--> unxorohhk.com
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.83 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> unxorkv.com
      [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-2-12 14:54:29

下面没报的那两个文件经测试都无法运行
还是上报了
Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:File ID    Filename    Size (Byte) Result
205276    My Documents.rar 323.000 OK

A listing of files contained inside archives alongside their results can be found below:File ID    Filename    Size (Byte) Result
205275    unxorugbjk.com    177.170    UNDER ANALYSIS
205275    unxorugbjk.com    177.170    UNDER ANALYSIS

Please find a detailed report concerning each individual sample below: Filename Result
unxorugbjk.com    UNDER ANALYSIS

The file 'unxorugbjk.com' has been determined to be 'UNDER ANALYSIS'.
Filename Result
unxorugbjk.com    UNDER ANALYSIS

The file 'unxorugbjk.com' has been determined to be 'UNDER ANALYSIS'.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2007-2-12 14:56:53

第一个包包费尔右键扫描时，微点跳了5下。
木马名称:Trojan.Win32.VB.abq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX3\UNXO.COM
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.VB.abq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX3\UNXORKHGU.COM
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Small.ghq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX3\H.COM
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Agent.bqn
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX3\KGHG.COM
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Backdoor.Win32.Medbot.jq
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TWIEX3\U.COM
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-2-12 14:58:08

费尔对两个包包的扫描（右键扫描非动态防御）

[ 本帖最后由 hsjj2005 于 2007-2-12 15:02 编辑 ]

显示全部楼层 · 发表于 2007-2-12 17:56:07

驱逐舰12个

nod32报的病毒

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源