qvod&other[update_629-638][567L]

显示全部楼层 · 发表于 2010-4-25 17:44:19

47-58
ess kill9个

http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar 多个威胁连接中断 - 已隔离通过应用程序访问 web 时检测到威胁: E:\谷歌浏览器\chrome.exe.
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 7467F9AA3491D7AFD514ADC53B36D633 Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 7467F9AA3491D7AFD514ADC53B36D633 > RAR > Server.exe Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > C8A7CA17C5556355C5EBC1CF0E138024 Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > C8A7CA17C5556355C5EBC1CF0E138024 > RAR > Server.exe Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 25781762839D6E4268C62026C795CF98 可能是 Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 25781762839D6E4268C62026C795CF98 > RAR > Server.exe 可能是 Win32/AutoRun.Delf.EP 蠕虫的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 6EB2EE938D8008CC1F67C320150CD26D Win32/Kryptik.DTG 特洛伊木马的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 0149A3FFD62F19BC9D1E86DBBDA5655F Win32/Kryptik.DTG 特洛伊木马的变种
http://tc1.vdisk.cn/file/D1/D1FD ... ECFA9A645?47-58.rar > RAR > 283D4E00840C843AF8024ABEC7572168 Win32/TrojanDropper.Agent.NYS 特洛伊木马

显示全部楼层 · 发表于 2010-4-25 19:33:33

47-58
2x to avast,8x to forti

显示全部楼层 · 发表于 2010-4-26 08:30:31

up to 58

显示全部楼层 · 发表于 2010-4-26 10:30:17

更新

显示全部楼层 · 发表于 2010-4-26 10:33:07

59-62
ess kill2个

http://bbs.kafan.cn/attachment.p ... EFNM3poTmtGVUJVMGc= 多个威胁连接中断 - 已隔离通过应用程序访问 web 时检测到威胁: E:\谷歌浏览器\chrome.exe.
http://bbs.kafan.cn/attachment.p ... EFNM3poTmtGVUJVMGc= > RAR > D0CD19805A17DF9407228B13A1C20CA5 Win32/TrojanDownloader.Agent.PTF 特洛伊木马的变种
http://bbs.kafan.cn/attachment.p ... EFNM3poTmtGVUJVMGc= > RAR > D0CD19805A17DF9407228B13A1C20CA5 > CAB > QVOD播~1.EXE Win32/TrojanDownloader.Agent.PTF 特洛伊木马的变种
http://bbs.kafan.cn/attachment.p ... EFNM3poTmtGVUJVMGc= > RAR > 7BB033A4F27FB89D6CD1CCD449F2DF85 Win32/Kryptik.DTG 特洛伊木马的变种

显示全部楼层 · 发表于 2010-4-26 17:24:26

up to 62

Beginning disinfection:
C:\Users\morgan\Desktop\59-62\D0CD19805A17DF9407228B13A1C20CA5
[DETECTION] Is the TR/Agent.AOMW Trojan
[WARNING] The file was ignored!
C:\Users\morgan\Desktop\59-62\9BFA90FF7FB258F89312D3BC5E26D97E
[DETECTION] Is the TR/Agent.AOMW Trojan
[WARNING] The file was ignored!
C:\Users\morgan\Desktop\59-62\817F955D5AB7AFF0FD0A6A8AD5C684C9
[DETECTION] Contains HEUR/Malware suspicious code
[WARNING] The file was ignored!
C:\Users\morgan\Desktop\59-62\7BB033A4F27FB89D6CD1CCD449F2DF85
[DETECTION] Contains recognition pattern of the DR/MicroJoiner.Gen dropper
[WARNING] The file was ignored!

End of the scan: 2010年4月26日  02:21
Used time: 00:00 Minute(s)

The scan has been done completely.

   1 Scanned directories
   8 Files were scanned
   4 Viruses and/or unwanted programs were found
   1 Files were classified as suspicious
   0 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   2 Archives were scanned
   4 Warnings
   0 Notes

显示全部楼层 · 发表于 2010-4-26 17:25:33

Wirus: MemScan:Trojan.Agent.AOMW (2x) (Engine A), Win32:Downloader-DGG [Trj], Win32:Malware-gen (2x), Win32:Geral [Trj] (5x), Win32:Dogrobot-C [Rtk], Win32:Microjoin-DE [Trj] (Engine B)

Wirus wykryty podczas wczytywania zawartosci strony sieci Web.

Adres: bbs.kafan.cn

显示全部楼层 · 发表于 2010-4-26 19:46:45

59-62
avast kill all,3x to forti

显示全部楼层 · 发表于 2010-4-26 19:51:05

59-62
2x to autovin(panda)

显示全部楼层 · 发表于 2010-4-26 20:00:30

微点 GD 都杀掉了！

[病毒样本] qvod&other[update_629-638][567L]