22个 (来自美国和阿拉伯大型毒窟)

sam.to

1894b6bb9f6a86a0832e2d7cb2d5da3b  kman.exe0
271562b19ad231ec13ed372a7e7971c1  mr-x4.exe0
b6ea57e72a5cfe1bc34a873711012f8d  SERVER POISON.exe0
333d06fa3f392896ff13387afb134214  server.exe0
99fe2cf0d91aede4b4e484cd2009d9ad  wh_22014489.exe0
d35e03d8e2c540f5dfc49f76af13adad  wh_22051682.exe0
adeb83cc6cabc8e68664c55a805ae1bb  wh_22054477.exe0
e7eca70ee499cdb1af1c14f4d73a63cb  wh_22069117.exe0
09d49bd050eb53215294e57a59bd2340  wh_22085922.exe0
c966c036f3d1eac255a8aaac86ebe5c3  wh_22107148.exe0
43db814aa0119366724970d08727b6d1  wh_22143451.exe0
516e26ce25a8806a6d322ea82d75c727  wh_22175079.exe0
e2f0d3e2781650e7ddf6422f7d4d2534  wh_22196995.exe0
87a61ad8d7e3b605e645c24a68360093  wh_22254098.exe0
8804d4de81207aaa01fffb5ee83fd06b  wh_22289969.exe0
c9c6bb8c8d63fb60512a700bcc68c970  wh_22493689.exe0
d41d8cd98f00b204e9800998ecf8427e  wh_22502924.exe0
4597ee7f0692a5f16be674b2831d3729  wh_22583014.exe0
81c20e67e090d1e36cbbbbfce0a6f5c3  االحياة fm.exe0
1b515db60292e7a4b0adfeb7677f0a84  الحادث.exe0
1aa49cd1d79f465d6f96aed839be5b2b  قلي بربك.exe0
939e408e5d312409a094eed3658a4388  مـــــــــــــــــقطع مرررره روووعه.exe0

卡巴报报大部分(heur)

to kl,ll





Hello,


kman.exe0 - Backdoor.Win32.Bifrose.bzrf
mr-x4.exe0 - Backdoor.Win32.Bifrose.bzrg
SERVER POISON.exe0 - Backdoor.Win32.Poison.bcnt
server.exe0 - Backdoor.Win32.Bifrose.bzrh
wh_22051682.exe0 - Trojan-Dropper.Win32.Clons.ctk
wh_22069117.exe0 - Trojan.Win32.Buzus.cvab
wh_22085922.exe0 - Backdoor.Win32.Bifrose.bzri
wh_22107148.exe0 - Trojan.Win32.Refroso.aapx
wh_22143451.exe0 - Trojan.Win32.Midgare.aiop
wh_22175079.exe0 - Trojan.Win32.Refroso.aapy
wh_22196995.exe0 - Backdoor.Win32.Bifrose.bzrm
wh_22254098.exe0 - Trojan-Downloader.Win32.Pher.dza
wh_22289969.exe0 - Backdoor.Win32.Bifrose.bzrn
wh_22493689.exe0 - Trojan.Win32.Midgare.aioe
wh_22583014.exe0 - Trojan-Dropper.Win32.Stabs.gnk
????????????????????? ?????? ??????.exe0 - Trojan.Win32.Agent.demt

At the moment these files are detected. Please update your antivirus bases.

wh_22014489.exe0, wh_22054477.exe0, ??????? fm.exe0, ??????.exe0, ??? ????.exe0

No malicious code were found in these files.

wh_22502924.exe0

This file has 0 bytes length.

--
Best regards, Sergey Prokudin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

jason_jiang

drweb剩余6, to
kman.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
mr-x4.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
SERVER POISON.exe0 已被病毒感染 ：  BackDoor.Poison.685
server.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
wh_22051682.exe0 已被病毒感染 ：  BackDoor.Nunaks
wh_22069117.exe0 - 发现压缩文件中有被感染的对象
wh_22085922.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
wh_22107148.exe0 已被病毒感染 ：  Trojan.MulDrop.32117
wh_22143451.exe0 可能已被感染了 ：  BackDoor.Bifrost.8
wh_22175079.exe0 已被病毒感染 ：  BackDoor.IRC.Sdbot.5057
wh_22196995.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
wh_22254098.exe0 已被病毒感染 ：  Trojan.MulDrop.34650
wh_22289969.exe0 已被病毒感染 ：  Trojan.MulDrop.35750
wh_22493689.exe0 已被病毒感染 ：  BackDoor.Bifrost.8
wh_22583014.exe0 已被病毒感染 ：  Trojan.DownLoad.38932
8ABF~1.EXE 可能已被感染了 ：  BackDoor.Bifrost.8

悠柚

Begin scan in 'D:\TDDownload\iuhgv'
D:\TDDownload\iuhgv\kman.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\mr-x4.exe0
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\TDDownload\iuhgv\SERVER POISON.exe0
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\TDDownload\iuhgv\server.exe0
    [DETECTION] Contains recognition pattern of the TR.Midgare.adjf virus
D:\TDDownload\iuhgv\wh_22051682.exe0
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\TDDownload\iuhgv\wh_22069117.exe0
  [0] Archive type: RSRC
    --> Object
      [DETECTION] Is the TR/Spy.Agent.AHAC Trojan
D:\TDDownload\iuhgv\wh_22085922.exe0
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\TDDownload\iuhgv\wh_22107148.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22143451.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22175079.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22196995.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22254098.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22289969.exe0
    [DETECTION] Is the TR/VTool.VBInject.157834BH.1 Trojan
D:\TDDownload\iuhgv\wh_22493689.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\wh_22583014.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan
D:\TDDownload\iuhgv\مـــــــــــــــــقطع مرررره روووعه.exe0
    [DETECTION] Is the TR/Dropper.Gen Trojan

悠柚

25528569          wh_22014489.exe0          1.86 MB          UNDER ANALYSIS
25528570          ####### fm.exe0          20 KB          UNDER ANALYSIS
25528571          ######.exe0          1.7 MB          UNDER ANALYSIS
25528572          ### ####.exe0          835.19 KB          UNDER ANALYSIS
7449911          wh_22054477.exe0          133.54 KB          KNOWN CLEAN
4039214          wh_22502924.exe0          0 Byte          KNOWN CLEAN

The file 'wh_22054477.exe0' has been determined to be 'KNOWN CLEAN'.In particular this means that we could not find any maliciouscontent. Please note that the file is part of 'Aoao Video to PictureConverter 1.3'.
The file 'wh_22502924.exe0' has been determined to be 'KNOWN CLEAN'.In particular this means that we could not find any maliciouscontent. Please note that the file is part of 'Microworld Technologiesmailscan administrator 4.0.1.0'.

adad2008

在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\mr-x4.exe0 中发现 Backdoor/Bifrose.qcw 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\server.exe0 中发现 Backdoor/Bifrose.qcw 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\kman.exe0 中发现 Backdoor/Bifrose.qcw 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\SERVER POISON.exe0 中发现 Backdoor/Poison.m 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22069117.exe0 中发现 TrojanSpy.OnLineGames.jds 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22051682.exe0 中发现 Trojan/Buzus.kpf 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22107148.exe0 中发现 Backdoor/Bifrose.mnu 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22143451.exe0 中发现 Trojan/Agent.ctft 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22085922.exe0 中发现 Backdoor/Bifrose.qcw 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22175079.exe0 中发现 Trojan/Refroso.fs 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22254098.exe0 中发现 Backdoor/Poison.bya 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22196995.exe0 中发现 Backdoor/Bifrose.qcw 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22493689.exe0 中发现 Backdoor/Bifrose.psf 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22289969.exe0 中发现 Trojan/VB.pid 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\wh_22583014.exe0 中发现 TrojanDropper.Stabs.fn 病毒, 已删除
在 E:\Documents and Settings\Administrator.2659D33C369A4DD\桌面\iuhgv[1]\iuhgv\????????????????????? ?????? ??????.exe0 中发现 Trojan/Agent.ctft 病毒, 已删除
正常结束。

扫描结果:
                 文件数 :471                                 病毒体 :16        
                   删除 :16


不报的测试主防kv


wh_22014489.exe  非病毒                  是一个视频教学
wh_22054477.exe  非病毒                  不可加载内存退出
wh_22502924.exe  非病毒                  不是合法的win32程序
االحياة fm.exe             非病毒                  是一个连网的音频程序
الحادث.exe                非病毒                   没有对系统的危险
قلي بربك.exe              非病毒                   没有对系统的危险

jordanpchome

我的天,原來TPAV不支援任何unicode...

改成英文一下...囧死

kingmuro

avast                    18个
2009-12-22 18:36:00        GXF        744        Sign of "Win32:Trojan-gen" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\????????????????????? ?????? ??????.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\kman.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\mr-x4.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Agent-ACII [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\SERVER POISON.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\server.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Buzus-AAW [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22051682.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Turkojan-BZ [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22069117.exe0\[Embedded_Rx#146dc]\[Embedded_R#DENEME]" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Turkojan-CC [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22069117.exe0\[Embedded_Rx#146dc]\[Embedded_R#ROOTKIT]" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Turkojan-B [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22069117.exe0\[Embedded_Rx#146dc]" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22085922.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Trojan-gen" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22107148.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Malware-gen" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22143451.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Zbot-LWU [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22175079.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22196995.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Sdbot-5642 [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22254098.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Trojan-gen" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22289969.exe0" file.  
2009-12-22 18:36:05        GXF        744        Sign of "Win32:Midgare-VB [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22493689.exe0" file.  
2009-12-22 18:36:06        GXF        744        Sign of "Win32:Crypt-EQS [Trj]" has been found in "D:\My Documents\桌面\test\iuhgv\iuhgv\wh_22583014.exe0" file.

失落的手链

瑞星2010

wsc47621

ESET
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\kman.exe0 - Win32/Injector.ADK 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\mr-x4.exe0 - Win32/Injector.ADK 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\SERVER POISON.exe0 - Win32/Poison 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\server.exe0 - Win32/Injector.ADK 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22051682.exe0 - Win32/Agent.NZK 木馬
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22085922.exe0 - Win32/Injector.ADK 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22107148.exe0 - Win32/Bifrose.NGK 木馬
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22143451.exe0 - Win32/Injector.RI 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22175079.exe0 - Win32/Injector.AKZ 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22196995.exe0 - Win32/Bifrose.NEL 木馬
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22254098.exe0 - Win32/Injector.AAV 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22493689.exe0 - Win32/Injector.ADK 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\wh_22583014.exe0 - Win32/Injector.TW 木馬 的一個變種
C:\Documents and Settings\Administrator\桌面\未處理\iuhgv.rar > RAR > iuhgv\????????????????????? ?????? ??????.exe0 - Win32/Injector.RI 木馬 的一個變種

Dirk

missed 6