三样本~~~

显示全部楼层 · 发表于 2007-4-14 16:22:34

000000000

显示全部楼层 · 发表于 2007-4-14 16:24:04

Scan performed at: 2007-4-14 16:24:15
Scanning Log
NOD32 version 2187 (20070413) NT
Command line: C:\Documents and Settings\EQ2\桌面\aaaaa.rar C:\Documents and Settings\EQ2\桌面\5809.rar C:\Documents and Settings\EQ2\桌面\AIS_1592_0.rar
Operating memory - is OK

Date: 14.4.2007 Time: 16:24:20
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\aaaaa.rar; C:\Documents and Settings\EQ2\桌面\5809.rar; C:\Documents and Settings\EQ2\桌面\AIS_1592_0.rar
C:\Documents and Settings\EQ2\桌面\aaaaa.rar ?RAR ?aaaaa.exe - Win32/Adware.Toolbar.Baidu application - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\5809.rar ?RAR ?5809.exe - probably a variant of Win32/Agent.NEO trojan
Number of scanned files: 6
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 16:24:20 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-4-14 16:26:35

BitDefender Antivirus Plus v10
5809.rar=>5809.exe Suspect: Dropped:Generic.Malware.dldspg.96CB3543
aaaaa.rar=>aaaaa.exe=>(NSIS o)=>bzip2_solid_nsis0001 Detected: Adware.Baidubar.P
aaaaa.rar=>aaaaa.exe=>(NSIS o)=>bzip2_solid_nsis0003 Detected: Adware.Baidubar.J

显示全部楼层 · 发表于 2007-4-14 16:26:47

红伞AV报了两个病毒江民没有报
AntiVir PersonalEdition Classic
Report file date: 2007年4月14日  16:24

Scanning for 738317 virus strains and unwanted programs.

Licensed to:    Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform:       Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:       swq
Computer name: SWQ-5BF4F52C320

Version information:
BUILD.DAT : 217          12749 Bytes 2006-12-5 17:00:00
AVSCAN.EXE : 7.0.3.5    208936 Bytes 2007-4-13 06:03:20
AVSCAN.DLL : 7.0.3.1    35880 Bytes 2006-12-5 09:00:24
LUKE.DLL    : 7.0.3.2    143400 Bytes  2006-10-31 09:07:48
LUKERES.DLL  : 7.0.2.0       9256 Bytes 2006-12-5 09:00:24
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-5-31 08:30:08
ANTIVIR1.VDF : 6.37.1.151  4303360 Bytes 2007-2-23 06:03:22
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 2007-4-12 08:28:26
ANTIVIR3.VDF : 6.38.0.219 22016 Bytes 2007-4-13 08:11:06
AVEWIN32.DLL : 7.3.1.52 2404864 Bytes 2007-4-14 08:11:06
AVPREF.DLL : 7.0.2.0    23592 Bytes 2006-11-3 03:53:46
AVREP.DLL : 6.38.0.210  1232936 Bytes 2007-4-13 06:03:22
AVRPBASE.DLL : 7.0.0.0    2162728 Bytes 2006-3-30 01:43:32
AVPACK32.DLL : 7.3.0.8    360488 Bytes 2007-4-13 06:03:22
AVREG.DLL : 7.0.1.2    30760 Bytes 2007-4-13 06:03:20
NETNT.DLL : No Information!
RCIMAGE.DLL  : 7.0.1.3    2097192 Bytes 2006-11-8 05:26:28
RCTEXT.DLL : 7.0.12.1    77864 Bytes 2006-12-5 09:00:22

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\swq\LOCALS~1\Temp\0533e3bc.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off

显示全部楼层 · 发表于 2007-4-14 16:28:29

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\AIS_1592_0.rar'
C:\Documents and Settings\morgan\My Documents\
  AIS_1592_0.rar
[0] Archive type: RAR
--> AIS_1592_0.EXE
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Boran.XSS.2
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\5809.rar'
C:\Documents and Settings\morgan\My Documents\
  5809.rar
[0] Archive type: RAR
--> 5809.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\aaaaa.rar'
C:\Documents and Settings\morgan\My Documents\
  aaaaa.rar
[0] Archive type: RAR
--> aaaaa.exe
      [DETECTION] Contains signature of the dropper DR/Click.Agent.IO.1
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-4-14 21:49:50

驱逐舰二个

显示全部楼层 · 发表于 2007-4-15 00:11:40

aaaaa.exe\data001;E:\aaaaa.rar\aaaaa.exe;Adware.Baidu;;
aaaaa.exe;E:\aaaaa.rar;Archive contains infected objects;;
aaaaa.rar;E:\;Archive contains infected objects;;
5809.rar\5809.exe;E:\5809.rar;Trojan.Popwin.origin;;
5809.rar;E:\;Archive contains infected objects;;
AIS_1592_0.EXE\data002;E:\AIS_1592_0.rar\AIS_1592_0.EXE;Adware.Borlander;;
AIS_1592_0.EXE\data004;E:\AIS_1592_0.rar\AIS_1592_0.EXE;Adware.Borlander.origin;;
AIS_1592_0.EXE\data005;E:\AIS_1592_0.rar\AIS_1592_0.EXE;Adware.Borlander;;
AIS_1592_0.EXE;E:\AIS_1592_0.rar;Archive contains infected objects;;
AIS_1592_0.rar;E:\;Archive contains infected objects;;
BETA蜘蛛通杀

显示全部楼层 · 发表于 2007-4-15 00:22:16

没有漏网之鱼

[病毒样本] 三样本~~~

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源