c:\windows\system32\explorer.exe

显示全部楼层 · 发表于 2007-4-15 10:29:04

Antivirus	Version	Update	Result
AhnLab-V3	2007.4.14.0	04.13.2007 [td]no virus found
AntiVir	7.3.1.52	04.14.2007	TR/Crypt.XPACK.Gen
Authentium	4.93.8	04.14.2007 [td]no virus found
Avast	4.7.936.0	04.14.2007 [td]no virus found
AVG	7.5.0.447	04.15.2007 [td]no virus found
BitDefender	7.2	04.15.2007	DeepScan:Generic.Malware.Sdld!!g.AEA22B91
CAT-QuickHeal	9.00	04.14.2007 [td]no virus found
ClamAV	devel-20070312	04.15.2007 [td]no virus found
DrWeb	4.33	04.14.2007 [td]no virus found
eSafe	7.0.15.0	04.12.2007 [td]no virus found
eTrust-Vet	30.7.3567	04.14.2007 [td]no virus found
Ewido	4.0	04.14.2007 [td]no virus found
FileAdvisor	1	04.15.2007 [td]no virus found
Fortinet	2.85.0.0	04.14.2007	suspicious
F-Prot	4.3.2.48	04.13.2007	W32/SecRisk-ProcessPatcher-Sml-based!Maximus
F-Secure	6.70.13030.0	04.14.2007 [td]no virus found
Ikarus	T3.1.1.5	04.14.2007	Win32.SuspectCrc
Kaspersky	4.0.2.24	04.15.2007 [td]no virus found
McAfee	5009	04.13.2007 [td]no virus found
Microsoft	1.2405	04.15.2007 [td]no virus found
NOD32v2	2187	04.13.2007	probably unknown NewHeur_PE virus
Norman	5.80.02	04.14.2007 [td]no virus found
Panda	9.0.0.4	04.14.2007	Suspicious file
Prevx1	V2	04.15.2007 [td]no virus found
Sophos	4.16.0	04.12.2007 [td]no virus found
Sunbelt	2.2.907.0	04.14.2007 [td]no virus found
Symantec	10	04.15.2007 [td]no virus found
TheHacker	6.1.6.094	04.14.2007 [td]no virus found
VBA32	3.11.3	04.14.2007 [td]no virus found
VirusBuster	4.3.7:9	04.14.2007 [td]no virus found
Webwasher-Gateway	6.0.1	04.14.2007	Trojan.Crypt.XPACK.Gen

可以替代系统shell

显示全部楼层 · 发表于 2007-4-15 10:31:16

Scan performed at: 2007-4-15 10:30:37
Scanning Log
NOD32 version 2190 (20070415) NT
Command line: C:\Documents and Settings\EQ2\桌面\virus.zip
Operating memory - is OK

Date: 15.4.2007 Time: 10:30:42
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\virus.zip
C:\Documents and Settings\EQ2\桌面\virus.zip ?ZIP ?expleror.exe.重命名 - probably unknown NewHeur_PE virus [7]
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 10:30:42 Total scanning time: 0 sec (00:00:00)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-4-15 10:31:53

看这个路径就知道不是什么好东西了吧...

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-4-13
Start time: 2007-4-15 10:32
Engine(s): KAV engine (AVK 17.3590), BD-Engine (BD 17.2635)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: expleror.exe.重命名
In archive: C:\Documents and Settings\Administrator\桌面\virus(2).zip
Status: Virus detected
Virus: DeepScan:Generic.Malware.Sdld!!g.AEA22B91 (BD-Engine)
Object: virus(2).zip
Path: C:\Documents and Settings\Administrator\桌面
Status: Virus, file deleted
Virus: DeepScan:Generic.Malware.Sdld!!g.AEA22B91 (BD-Engine)
Analysis complete: 2007-4-15 10:32
1 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-4-15 12:27:15

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\virus.zip'
C:\Documents and Settings\morgan\My Documents\
  virus.zip
[0] Archive type: ZIP
--> expleror.exe.ÖØÃüÃû
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-4-15 14:36:18

[Scan Report]
GGreat Virus Scan Version=Q8.0
Date=星期日, 四月 15 2007
Time=02:32:22 下午
Path=C:\Do<.???</BOOT
---Dir-------=1
---Files-----=2
---Infected--=1
---Cleaned---=0
[Rabbit/Worm]=C:\Documents and Settings\Administrator\桌面\virus\virus7.zip\expleror.exe.笭韜靡

显示全部楼层 · 发表于 2007-4-15 15:19:29

McAfee VirusScan for Win32 v5.10.0
Copyright (c) 1992-2005 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832  LICENSED COPY - May 26 2006

Scan engine v5.1.00 for Win32.
Virus data file v4100 created Apr 14 2007
Scanning for 248655 viruses, trojans and variants.
Using c:\Documents and Settings\小飞侠.net\桌面\桌面\McAfee VirusScan\EXTRA.DAT to scan for 0 additional virus(es).

04/15/2007  15:19:17

Options:
"V:\VIRUSDOC20070415\AAA盘V样本\010" /MIME /SUB /UNZIP /ALL /RPTALL /STREAMS /REPORT C:\DOCUME~1\小飞侠.NET\LOCALS~1\TEMP\SCAN.TXT

Scanning V: [V盘]
Scanning V:\VIRUSDOC20070415\AAA盘V样本\010\*.*
V:\VIRUSDOC20070415\AAA盘V样本\010\virus.zip ... is OK.
V:\VIRUSDOC20070415\AAA盘V样本\010\virus.zip\EXPLEROR.EXE.重命名 ... is OK.
V:\VIRUSDOC20070415\AAA盘V样本\010\virus.zip:Zone.Identifier ... is OK.

Summary report on V:\VIRUSDOC20070415\AAA盘V样本\010\*.*
File(s)
      Total files: ...........    3
      Clean: .................    3
      Possibly Infected: .....    0

Time: 00:00.00

显示全部楼层 · 发表于 2007-4-15 15:49:22

这个是不是网银大盗
咔吧怎么不报

显示全部楼层 · 发表于 2007-4-15 19:48:51

驱逐舰不报

显示全部楼层 · 发表于 2007-4-15 19:51:54

KIS 已经可以杀了
已删除: 木马程序 Trojan.Win32.Agent.ajl 文件: D:\Downloads\virus.zip\expleror.exe.重命名

显示全部楼层 · 发表于 2007-4-15 20:35:19

已检测到: 木马程序 Trojan.Win32.Agent.ajl URL: http://bbs.kafan.cn/attachment.php?aid=55358\expleror.exe.重命名 KAV6.0在报

c:\windows\system32\explorer.exe

本帖子中包含更多资源

nod32直接报未知的PE病毒，已上报

多一个中文滴不报？