三样本

显示全部楼层 · 发表于 2007-4-8 23:02:51

33333333333333333

显示全部楼层 · 发表于 2007-4-8 23:06:07

Scan performed at: 2007-4-8 23:06:03
Scanning Log
NOD32 version 2173 (20070407) NT
Command line: C:\Documents and Settings\EQ2\桌面\setup.rar C:\Documents and Settings\EQ2\桌面\serve.rar C:\Documents and Settings\EQ2\桌面\server.rar
Operating memory - is OK

Date: 8.4.2007 Time: 23:06:06
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\setup.rar; C:\Documents and Settings\EQ2\桌面\serve.rar; C:\Documents and Settings\EQ2\桌面\server.rar
C:\Documents and Settings\EQ2\桌面\setup.rar ?RAR ?setup.exe - Win32/TrojanDownloader.Delf.NOW trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\serve.rar ?RAR ?server.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\server.rar ?RAR ?server.exe - probably a variant of Win32/Genetik trojan
Number of scanned files: 6
Number of threats found: 3
Number of files cleaned: 3
Time of completion: 23:06:07 Total scanning time: 1 sec (00:00:01)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-4-8 23:07:15

AVK通杀

显示全部楼层 · 发表于 2007-4-8 23:39:31

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.3.1
Virus signature file from: 2007-4-5, 2:50

Scan name: [Custom Scan]
Path to scan: C:\Documents and Settings\Administrator\桌面\setup.rar|C:\Documents and Settings\Administrator\桌面\serve.rar|C:\Documents and Settings\Administrator\桌面\server.rar

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-4-8, 23:39:23
---------------------------------------------------------------------

[Found possible virus] <W32/Rootkit-Backdoor-based!Maximus (not disinfectable)> C:\Documents and Settings\Administrator\桌面\setup.rar->setup.exe
[Contains infected objects] C:\Documents and Settings\Administrator\桌面\setup.rar
[Quarantined] C:\Documents and Settings\Administrator\桌面\setup.rar->setup.exe
[Found Trojan] <W32/Trojan.HQI (exact, not disinfectable)> C:\Documents and Settings\Administrator\桌面\serve.rar->server.exe
[Contains infected objects] C:\Documents and Settings\Administrator\桌面\serve.rar
[Quarantined] C:\Documents and Settings\Administrator\桌面\serve.rar->server.exe

---------------------------------------------------------------------
Scan ended: 2007-4-8, 23:39:25
Duration: 0:00:02

Scan result:

Scanned files:    3
Infected objects:    2
Disinfected objects:    0
Quarantined files:    2
---------------------------------------------------------------------

显示全部楼层 · 发表于 2007-4-9 00:00:18

费尔通杀，特征库报两个，动态防御拦截一个。

显示全部楼层 · 发表于 2007-4-9 00:02:43

卡巴报了，第一个是Trojan.Win32.VB.ajz
第三个是：Trojan-Downloader.Win32.Small.dzu
第二个，打包成*.zip有反应。

[ 本帖最后由 chenpatrick 于 2007-4-9 00:06 编辑 ]

显示全部楼层 · 发表于 2007-4-9 01:36:42

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\setup.rar'
C:\Documents and Settings\morgan\My Documents\
  setup.rar
[0] Archive type: RAR
--> setup.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\serve.rar'
C:\Documents and Settings\morgan\My Documents\
  serve.rar
[0] Archive type: RAR
--> server.exe
      [DETECTION] Is the Trojan horse TR/VB.ajz
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\server.rar'
C:\Documents and Settings\morgan\My Documents\
  server.rar
[0] Archive type: RAR
--> server.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

[病毒样本] 三样本

本帖子中包含更多资源

nod32两个启发，一个已知