从客户U盘中用小红伞查出的5个病毒样本。

显示全部楼层 · 发表于 2009-10-1 09:01:04

从客户的U盘中用小红伞查获了5个病毒样本。现在将其中4个打包上传。另外一个比较大的样本稍后另行上传。

显示全部楼层 · 发表于 2009-10-1 09:02:04

另外的一个较大的病毒样本上传。

显示全部楼层 · 发表于 2009-10-1 09:06:15

C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar > RAR > 虚拟艺术.exe - Win32/AutoRun.ARX 蠕虫的变种
C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar > RAR > .vbs - VBS/Naiad.L 蠕虫
C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar > RAR > Mourn_Operator1`1.exe - Win32/AutoRun.ARX 蠕虫的变种
C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar > RAR > printer.exe - Win32/VB.NKR 蠕虫的变种C:\Documents and Settings\Administrator\桌面\Recycled.rar > RAR > Recycled.exe - Win32/AutoRun.FlyStudio.PN 蠕虫

显示全部楼层 · 发表于 2009-10-1 09:07:52

Norton AntiVirus

运行Recycled.exe提示错误

显示全部楼层 · 发表于 2009-10-1 09:14:07

2009-10-1 9:12:28 Administrator 2352 Sign of "Win32:AutoRun-JW" has been found in "C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar\虚拟艺术.exe" file.
2009-10-1 9:12:32 Administrator 2352 Sign of "VBS:Agent-BD [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar\.vbs" file.
2009-10-1 9:12:35 Administrator 2352 Sign of "Win32:AutoRun-JW" has been found in "C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar\Mourn_Operator1`1.exe" file.
2009-10-1 9:12:37 Administrator 2352 Sign of "Win32:VB-EXK [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\虚拟艺术.rar\printer.exe" file.
Win32:Rootkit-gen [Rtk]

显示全部楼层 · 发表于 2009-10-1 09:15:10

Avira AntiVir
虚拟艺术.rar
[0] Archive type: RAR
  --> ￐￩ￄ￢ￒￕￊ?.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.73728 worm
--> .vbs
   [DETECTION] Contains recognition pattern of the VBS/Autorun.AL VBS script virus
--> Mourn_Operator1`1.exe
   [DETECTION] Contains recognition pattern of the WORM/Autorun.73728 worm
--> printer.exe
   [DETECTION] Is the TR/VB.BEI Trojan
[NOTE]    A backup was created as '4ae48b38.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
----------------------------------------------------------------------------------------------
Recycled.rar
  [0] Archive type: RAR
--> Recycled.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '4b5f85a9.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-10-1 09:50:34

我的小红伞检测报告：
Avira AntiVir Personal
报告文件日期: 2009-10-01  08:36
开始扫描 'H:\'
H:\.vbs
[检测]       Contains recognition pattern of the VBS/Autorun.AL VBS script virus
H:\printer.exe
[检测]       Contains recognition pattern of the W32/Tufik.B Windows virus
H:\Recycled.exe
[检测]       Is the TR/Dropper.Gen Trojan
H:\Mourn_Operator1`1.exe
[检测]       Contains recognition pattern of the WORM/Autorun.73728 worm
H:\虚拟艺术.exe
[检测]       Contains recognition pattern of the WORM/Autorun.73728 worm

显示全部楼层 · 发表于 2009-10-1 11:26:24

金山4个

显示全部楼层 · 发表于 2009-10-1 11:28:35

Recycled.exe 用电脑的还有不知道这个是啥的么

显示全部楼层 · 发表于 2009-10-1 12:01:21

mcafee kill all

[病毒样本] 从客户U盘中用小红伞查出的5个病毒样本。

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 2楼剑舞江南的帖子

浏览过的版块

[病毒样本] 从客户U盘中用小红伞查出的5个病毒样本。

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 2楼 剑舞江南 的帖子

浏览过的版块

回复 1楼 2楼剑舞江南的帖子