来一包

显示全部楼层 · 发表于 2007-5-5 19:42:26

..............................

显示全部楼层 · 发表于 2007-5-5 19:43:57

风暴胜者V2 测试版本(http://www.v0day.com)
_________您的安全是我们的责任_______________
载入病毒库…进行整理…分配内存…可以使用

===============================================
___________病毒查杀结果__________________

===============================================

2007年5月5日19时43分47秒开始查杀C:\Documents and Settings\Administrator\桌面\1222
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\1222\virus\4.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\1222\virus\3.exe 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\1222\virus\2.exe 为可疑文件
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\1222\virus\RemoteDbg.dll 操作:阻止运行
=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

C:\Documents and Settings\Administrator\桌面\1222\virus\5.exe 带壳文件:UPX加壳
C:\Documents and Settings\Administrator\桌面\1222\virus\1r.exe 带壳文件:Aspack加壳
C:\Documents and Settings\Administrator\桌面\1222\virus\gtg.dll 带壳文件:UPX加壳
-----------------------------------------

2007年5月5日19时43分48秒收起线程…100% 查杀完毕！
扫描文件：7查杀病毒：4

显示全部楼层 · 发表于 2007-5-5 19:51:35

Check system areas...
Check selected directories and files...
Object: 1r.exe
Path: C:\Documents and Settings\Administrator\桌面\1222\virus
Status: Virus detected
Virus: Spyware.Dldr.MTW (BD-Engine)
Object: 3.exe
Path: C:\Documents and Settings\Administrator\桌面\1222\virus
Status: Virus detected
Virus: Trojan.PWS.Onlinegames.EU (BD-Engine)
Object: 4.exe
Path: C:\Documents and Settings\Administrator\桌面\1222\virus
Status: Virus detected
Virus: Trojan-PSW.Win32.WOW.qu (KAV engine), Generic.PWS.WoW.E7F936BA (BD-Engine)
Object: RemoteDbg.dll
Path: C:\Documents and Settings\Administrator\桌面\1222\virus
Status: Virus detected
Virus: Trojan-Proxy.Win32.Small.du (KAV engine)
Object: windhcp.ocx
Path: C:\Documents and Settings\Administrator\桌面\1222\virus
Status: Virus detected
Virus: Trojan-Proxy.Win32.Small.du (KAV engine)
Analysis complete: 2007-5-5 19:51
8 files checked
5 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-5-5 19:52:44

已删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: C:\TDDOWNLOAD\virus\windhcp.ocx//PE_Patch.PECompact//PecBundle//PECompact
已删除: 木马程序 Trojan-PSW.Win32.WOW.qu 文件: C:\TDDOWNLOAD\virus\4.exe//FSG
已删除: 木马程序 Trojan-Proxy.Win32.Small.du 文件: C:\TDDOWNLOAD\virus\RemoteDbg.dll//PE_Patch.PECompact//PecBundle//PECompact
已隔离: 病毒 Trojan.Generic (修改) 文件: C:\TDDOWNLOAD\virus\2.exe//ASPack
已隔离: 病毒 Trojan.Generic (修改) 文件: C:\TDDOWNLOAD\virus\1r.exe//ASPack
启发总感觉不安全。

[ 本帖最后由 shenrenrenren 于 2007-5-5 19:56 编辑 ]

显示全部楼层 · 发表于 2007-5-5 20:01:15

detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part1.rar/virus\windhcp.ocx//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.WOW.qu File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part1.rar/virus\4.exe//FSG
detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part1.rar/virus\RemoteDbg.dll//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part1.rar/virus\2.exe//ASPack
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part1.rar/virus\1r.exe//ASPack
detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar/virus\windhcp.ocx//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.WOW.qu File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar/virus\4.exe//FSG
detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar/virus\RemoteDbg.dll//PE_Patch.PECompact//PecBundle//PECompact
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar/virus\2.exe//ASPack
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar/virus\1r.exe//ASPack
detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\1222.part2.rar
其实是5个，因为没解压。。。

显示全部楼层 · 发表于 2007-5-5 20:46:48

Starting the file scan:

Begin scan in 'F:\样本\1222.part2.rar'
Begin scan in 'F:\样本\1222.part1.rar'
F:\样本\1222.part1.rar
  [0] Archive type: RAR
  --> virus\4.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> virus\5.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> virus\gtg.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> virus\3.exe
   [DETECTION] Is the Trojan horse TR/PSW.Onlinegames.EU.9
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-5-6 00:34:03

bd库

2007-5-6 0:38:24 Safe'n'Sec Scan report

2007-5-6 0:38:24 Scan start time: 2007-5-6 0:38:24

2007-5-6 0:38:24 Action applied to detected malware:
2007-5-6 0:38:24 Scan level: Full

2007-5-6 0:38:45 C:\Documents and Settings\Wao\桌面\1222\virus\3.exe Infected Trojan.PWS.Onlinegames.EU Moved to quarantine
2007-5-6 0:38:45 C:\Documents and Settings\Wao\桌面\1222\virus\4.exe Infected Generic.PWS.WoW.E7F936BA Moved to quarantine
2007-5-6 0:38:46 Scan area:

2007-5-6 0:38:46 C:\Documents and Settings\Wao\桌面\1222
2007-5-6 0:38:46
2007-5-6 0:38:46 Objects scanned: 8
2007-5-6 0:38:46 Malicious objects detected: 2
2007-5-6 0:38:46 Malicious objects deleted / removed: 2

2007-5-6 0:38:46 Scan completion time: 2007-5-6 0:38:46

显示全部楼层 · 发表于 2007-5-6 01:53:46

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\1222'
C:\Documents and Settings\morgan\My Documents\1222\virus\
  1r.exe
   [DETECTION] Contains signature of the SPR/Dldr.MTW.4 program
   [INFO]    The file was deleted!
  2.exe
  3.exe
   [DETECTION] Is the Trojan horse TR/PSW.Onlinegames.EU.9
   [INFO]    The file was deleted!
  4.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
   [INFO]    The file was deleted!
  5.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '46a1c509.qua'!
  gtg.dll
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!
  RemoteDbg.dll
  windhcp.ocx

End of the scan: 2007年5月5日  10:54
Used time: 00:09 min

The scan has been done completely.

   2 Scanning directories
   8 Files were scanned
   5 viruses and/or unwanted programs were found
   1 classified as suspicious:
   4 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-5-6 06:37:01

原帖由 tracydk 于 2007-5-5 20:46 发表
Starting the file scan:

Begin scan in 'F:\样本\1222.part2.rar'
Begin scan in 'F:\样本\1222.part1.rar'
F:\样本\1222.part1.rar
  [0] Archive type: RAR
  --> virus\4.exe
   [DETECTION] Co ...

这位仁兄到底懂不懂怎么扫描啊。。。。。分割的压缩包要解压后再扫

显示全部楼层 · 发表于 2007-5-6 06:59:24

不用吧，用卡巴查头一个压缩文件就查出有病毒了

[病毒样本] 来一包

本帖子中包含更多资源