三个，貌似internet，txt，

显示全部楼层 · 发表于 2007-3-29 05:02:32

csrss.exe 这个瑞星没扫出来
Kernel32 灰鸽子

显示全部楼层 · 发表于 2007-3-29 05:04:32

显示全部楼层 · 发表于 2007-3-29 06:25:18

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\SERVICES.rar'
C:\Documents and Settings\morgan\My Documents\
  SERVICES.rar
[0] Archive type: RAR
--> SERVICES.EXE
      [DETECTION] Is the Trojan horse TR/Drop.Delf.aom
      [WARNING] Infected files in archives cannot be repaired!
      [1] Archive type: RAR SFX (self extracting)
      --> systemt.exe
         [DETECTION] Is the Trojan horse TR/Spy.Agent.QP.1
         [WARNING] Infected files in archives cannot be repaired!
      --> drivers\npf.sys
      --> Packet.dll
      --> WanPacket.dll
      --> wpcap.dll
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\csrss.rar'
C:\Documents and Settings\morgan\My Documents\
  csrss.rar
[0] Archive type: RAR
--> csrss.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\Kernel32.rar'
C:\Documents and Settings\morgan\My Documents\
  Kernel32.rar
[0] Archive type: RAR
--> Kernel32.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Way.2002.B.1 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-3-29 06:25:25

扫描报告
2007年3月29日 6:24:56 - 6:24:59
计算机名称: 0553A719C5644CE
扫描类型: 扫描目标
目标: C:\Documents and Settings\Administrator\桌面\csrss.rar C:\Documents and Settings\Administrator\桌面\Kernel32.rar C:\Documents and Settings\Administrator\桌面\SERVICES.rar

--------------------------------------------------------------------------------

结果: 发现 3 恶意软件
Trojan-Downloader.Win32.Agent.awi (病毒)
C:\Documents and Settings\Administrator\桌面\csrss.rar\csrss.exe
Backdoor.Win32.Way.2002.b (病毒)
C:\Documents and Settings\Administrator\桌面\Kernel32.rar\Kernel32.exe
Backdoor.Win32.Agent.alh (病毒)
C:\Documents and Settings\Administrator\桌面\SERVICES.rar\SERVICES.EXE

--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 6
尚未扫描: 0
结果:
病毒: 3
间谍软件: 0
可疑项目: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
已删除邮件: 0
已隔离: 0
失败: 0
启动扇区:
已扫描: 0
已感染: 0
可疑项目: 0
已杀毒: 0

--------------------------------------------------------------------------------

选项
定义版本:
病毒: 2007-03-29_01
间谍软件: 2007-03-29_01
扫描引擎:
F-Secure AVP: 7.00.171, 2007-03-29
F-Secure Libra: 2.04.01, 2007-03-24
F-Secure Orion: 1.02.37, 2007-03-28
F-Secure Draco: 1.00.35, 2007-03-26
扫描选项:
扫描所有文件
扫描内部存档
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

--------------------------------------------------------------------------------

版权 © 1998-2007 产品支持 | 发送病毒样本到 F-Secure

显示全部楼层 · 发表于 2007-3-29 08:01:53

deleted: Trojan program Trojan-Downloader.Win32.Agent.awi File: C:\Documents and Settings\Deric Yeoh\桌面\csrss.exe//NSPack
deleted: Trojan program Trojan-Downloader.Win32.Agent.awi File: C:\Documents and Settings\Deric Yeoh\桌面\csrss.rar/csrss.exe//NSPack
deleted: Trojan program Backdoor.Win32.Way.2002.b File: C:\Documents and Settings\Deric Yeoh\桌面\Kernel32.exe//PECompact
deleted: Trojan program Backdoor.Win32.Agent.alh File: C:\Documents and Settings\Deric Yeoh\桌面\SERVICES.EXE//data.rar/systemt.exe//UPack

显示全部楼层 · 发表于 2007-3-29 08:23:15

kis 杀了...

显示全部楼层 · 发表于 2007-3-29 14:56:50

刚尝试了英国行为阻拦Prevx，功能繁多，但最基本的防范能力远逊微点+Cyberhawk，这三个样本它便漏了两个

[ 本帖最后由 solcroft 于 2007-3-29 14:57 编辑 ]

显示全部楼层 · 发表于 2007-3-29 15:15:11

Scan performed at: 2007-3-29 15:14:41
Scanning Log
NOD32 version 2152 (20070328) NT
Command line: C:\Documents and Settings\EQ2\桌面\Kernel32.rar C:\Documents and Settings\EQ2\桌面\csrss.rar C:\Documents and Settings\EQ2\桌面\SERVICES.rar
Operating memory - is OK

Date: 29.3.2007 Time: 15:14:45
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\Kernel32.rar; C:\Documents and Settings\EQ2\桌面\csrss.rar; C:\Documents and Settings\EQ2\桌面\SERVICES.rar
C:\Documents and Settings\EQ2\桌面\Kernel32.rar ?RAR ?Kernel32.exe - Win32/Delf.BV trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\csrss.rar ?RAR ?csrss.exe - a variant of Win32/TrojanDownloader.Banload.NMP trojan
Number of scanned files: 10
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 15:14:48 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-3-29 15:25:25

原帖由 solcroft 于 2007-3-29 14:56 发表
刚尝试了英国行为阻拦Prevx，功能繁多，但最基本的防范能力远逊微点+Cyberhawk，这三个样本它便漏了两个

凡是在样本区表现抢眼的，基本都是误报王，微点是当之无魁的NO-1，基本上什么都要去报未知木马或者未知间谍

包括很多正常软件和一些游戏，费尔的情况好象也好不到哪去

费尔：
Date,Virus Name,Virus Type,User,Filename,Scan Type
2007-3-29 15:23:22,Backdoor.Way.2002.b.lte,后门,BEYOND,C:\Documents and Settings\BEYOND\桌面\Kernel32.rar>>Kernel32.exe,Manual scan
2007-3-29 15:23:03,TrojanDropper.zmzu.arc,木马,BEYOND,C:\Documents and Settings\BEYOND\桌面\SERVICES.rar>>SERVICES.EXE,Manual scan

显示全部楼层 · 发表于 2007-3-29 15:49:03

原帖由 aoyang 于 2007-3-29 15:25 发表

凡是在样本区表现抢眼的，基本都是误报王，微点是当之无魁的NO-1，基本上什么都要去报未知木马或者未知间谍包括很多正常软件和一些游戏，费尔的情况好象也好不到哪去
费尔：
Date,Virus Name ...

貌似木有你说的那么严重，微点我用过两个月，感觉还好啦，误报也一直在努力的弥补完善。

[病毒样本] 三个，貌似internet，txt，

本帖子中包含更多资源

还有

本帖子中包含更多资源

本帖子中包含更多资源