到底有几个是毒?

显示全部楼层 · 发表于 2007-4-29 00:35:19

朋友机子上的可疑文件,大家看看到底有几个是毒?

显示全部楼层 · 发表于 2007-4-29 00:45:39

已由访问保护规则禁止CSRSS.exe
防病毒标准保护:禁止伪装 Windows 进程已阻止的操作: 创建

已由访问保护规则禁止LSASS.EXE
防病毒标准保护:禁止伪装 Windows 进程已阻止的操作: 创建

已由访问保护规则禁止SERVICES.EXE
防病毒标准保护:禁止伪装 Windows 进程已阻止的操作: 创建

已由访问保护规则禁止SMSS.EXE
防病毒标准保护:禁止伪装 Windows 进程已阻止的操作: 创建

已由访问保护规则禁止SVCHOST.EXE
防病毒标准保护:禁止伪装 Windows 进程已阻止的操作: 创建

显示全部楼层 · 发表于 2007-4-29 00:45:56

Scan performed at: 2007-4-29 0:45:56
Scanning Log
NOD32 version 2225 (20070427) NT
Command line: C:\Documents and Settings\EQ2\桌面\__
Operating memory - is OK

Date: 29.4.2007 Time: 00:46:01
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\__\
C:\Documents and Settings\EQ2\桌面\__\byetmr.exe - Win32/Pacex.Gen virus
C:\Documents and Settings\EQ2\桌面\__\cmdbcs.exe - Win32/PSW.Agent.NCC trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\__\mppds.exe - Win32/PSW.Agent.NCC trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\__\msccrt.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\__\winform.exe - probably a variant of Win32/PSW.Agent.NCC trojan
Number of scanned files: 16
Number of threats found: 5
Number of files cleaned: 5
Time of completion: 00:46:04 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-4-29 01:57:01

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\attachment.rar'
C:\Documents and Settings\morgan\My Documents\
  attachment.rar
[0] Archive type: RAR
--> byetmr.exe
      [DETECTION] Is the Trojan horse TR/PSW.WOW.EC.110
      [WARNING] Infected files in archives cannot be repaired!
--> 10Sy.exe
--> 11Sy.exe
--> 8Sy.exe
--> 9Sy.exe
--> cmdbcs.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> CSRSS.exe
--> LSASS.exe
--> mmvem.exe
--> mppds.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.LM.7
      [WARNING] Infected files in archives cannot be repaired!
--> msccrt.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.59
      [WARNING] Infected files in archives cannot be repaired!
--> RUNDLL32.exe
--> SERVICES.exe
--> SMSS.exe
--> SVCHOST.exe
--> winform.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1497
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年4月28日  10:57
Used time: 00:07 min

The scan has been done completely.

   0 Scanning directories
   17 Files were scanned
   5 viruses and/or unwanted programs were found
   1 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   11 Files not concerned
   1 Archives were scanned
   6 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-4-29 08:53:17

卡巴5个

显示全部楼层 · 发表于 2007-4-29 09:11:47

大蜘蛛

显示全部楼层 · 发表于 2007-4-29 09:28:45

运行后只开了一个dos窗口，其他什么事也没做，不知道想干吗

显示全部楼层 · 发表于 2007-4-29 13:20:43

网页监控提示

显示全部楼层 · 发表于 2007-4-29 13:24:04

5个毒

Starting the file scan:

Begin scan in 'F:\样本\__.rar'
F:\样本\__.rar
  [0] Archive type: RAR
  --> byetmr.exe
   [DETECTION] Is the Trojan horse TR/PSW.WOW.EC.110
  --> cmdbcs.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> mppds.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.LM.7
  --> msccrt.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.IM.59
  --> winform.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1497
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-4-29 13:41:41

江民不错呀！

到底有几个是毒?

本帖子中包含更多资源

好多，MCAFEE先直接阻挡掉5个，又连杀了好几个

本帖子中包含更多资源

nod32只杀了5个

本帖子中包含更多资源

本帖子中包含更多资源

回复 #8 宇宙广博的帖子

到底有几个是毒?

本帖子中包含更多资源

好多，MCAFEE先直接阻挡掉5个，又连杀了好几个

本帖子中包含更多资源

nod32只杀了5个

本帖子中包含更多资源

本帖子中包含更多资源

回复 #8 宇宙广博 的帖子

回复 #8 宇宙广博的帖子