一小包

显示全部楼层 · 发表于 2007-3-30 04:49:28

里面有五个,瑞星扫出了三个
Trojan.Mnless.hng 忽略 2007-03-30 04:44 快捷扫描 I:\films SVCH0ST.EXE 本机
Trojan.PSW.WorldOnline.av 忽略 2007-03-30 04:44 快捷扫描 I:\films wgs3.exe 本机
Trojan.PSW.WorldOnline.am 忽略 2007-03-30 04:44 快捷扫描 I:\films wms3.exe 本机

显示全部楼层 · 发表于 2007-3-30 04:59:07

令人无语了。。。。上报去了
Scan performed at: 2007-3-30 4:59:03
Scanning Log
NOD32 version 2154 (20070329) NT
Command line: C:\Documents and Settings\EQ2\桌面\wgs3.rar
Operating memory - is OK

Date: 30.3.2007 Time: 04:59:07
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\wgs3.rar
C:\Documents and Settings\EQ2\桌面\wgs3.rar ?RAR ?msccrt.exe - a variant of Win32/PSW.Agent.NCC trojan
Number of scanned files: 6
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 04:59:07 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-3-30 05:38:20

卡巴扫出3.其它两个一运行就被拦截了.

显示全部楼层 · 发表于 2007-3-30 09:46:58

铁壳查出了四个，把包包隔离了。

终于有点信心鸟。

显示全部楼层 · 发表于 2007-3-30 09:49:09

显示全部楼层 · 发表于 2007-3-30 09:52:54

微点通杀，3个已知（不帖图了），2个未知

显示全部楼层 · 发表于 2007-3-30 10:05:50

tarting the file scan:

Begin scan in 'D:\work area\wgs3.rar'
D:\work area\wgs3.rar
  [0] Archive type: RAR
  --> SVCH0ST.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> wgs3.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> wms3.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> wsttrs.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> msccrt.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    A backup was created as '467f70db.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-3-30 10:11:40

卡吧反应真是没话说!!!虽然说了很多次了,还是要PF一个!!

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-3-29
Start time: 2007-3-30 10:08
Engine(s): KAV engine (AVK 17.3611), BD-Engine (BD 17.5838)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: SVCH0ST.EXE
In archive: D:\wgs3.rar
Status: Virus detected
Virus: Backdoor.Win32.Agent.air (KAV engine)
Object: wgs3.exe
In archive: D:\wgs3.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.lg (KAV engine)
Object: wms3.exe
In archive: D:\wgs3.rar
Status: Virus detected
Virus: Trojan.Win32.Pakes (KAV engine)
Object: wsttrs.exe
In archive: D:\wgs3.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.im (KAV engine), Generic.Malware.SdldgPWS.FC113C66 (BD-Engine)
Object: msccrt.exe
In archive: D:\wgs3.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.im (KAV engine), Generic.Malware.SdldgPWS.7C002BC7 (BD-Engine)
Object: wgs3.rar
Path: D:
Status: Virus detected
Virus: Backdoor.Win32.Agent.air, Trojan-PSW.Win32.OnLineGames.lg, Trojan.Win32.Pakes, Trojan-PSW.Win32.OnLineGames.im (2x) (KAV engine), Generic.Malware.SdldgPWS.FC113C66, Generic.Malware.SdldgPWS.7C002BC7 (BD-Engine)
Analysis complete: 2007-3-30 10:08
1 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-3-30 12:13:03

已删除: 木马程序 Backdoor.Win32.Agent.air 文件: F:\wgs3.rar\SVCH0ST.EXE
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lg 文件: F:\wgs3.rar\wgs3.exe
已删除: 木马程序 Trojan.Win32.Pakes 文件: F:\wgs3.rar\wms3.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.im 文件: F:\wgs3.rar\wsttrs.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.im 文件: F:\wgs3.rar\msccrt.exe

显示全部楼层 · 发表于 2007-3-30 12:19:54

FS7.0
Result: 5 malware found
Backdoor.Win32.Agent.air (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\wgs3.rar\SVCH0ST.EXE
Trojan-PSW.Win32.OnLineGames.lg (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\wgs3.rar\wgs3.exe
Trojan.Win32.Pakes (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\wgs3.rar\wms3.exe
Trojan-PSW.Win32.OnLineGames.im (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\wgs3.rar\wsttrs.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\wgs3.rar\msccrt.exe

[病毒样本] 一小包

本帖子中包含更多资源

nod32只扫出一个

本帖子中包含更多资源

本帖子中包含更多资源

回复 #3 dericyeoh 的帖子