5.7第三包

显示全部楼层 · 发表于 2007-5-7 20:04:35

.......................................少拿我的样本加壳或者改变

转剑盟

mi：virus

[ 本帖最后由 sdbsky 于 2007-5-7 20:05 编辑 ]

显示全部楼层 · 发表于 2007-5-7 20:06:12

风暴胜者V2 测试版本(http://www.v0day.com)
_________您的安全是我们的责任_______________
载入病毒库…进行整理…分配内存…可以使用
蜜罐检测:正常 OK!

===============================================
___________病毒查杀结果__________________

===============================================

2007年5月7日20时7分13秒开始查杀C:\Documents and Settings\Administrator\桌面\virus0507\01
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\3.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\4.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\nwizmhxy.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\servet.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\love[1].exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\rising900.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\rising210.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\gogo.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\Administrator\桌面\virus0507\01\42qso.dll 操作:阻止运行
=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

C:\Documents and Settings\Administrator\桌面\virus0507\01\love[1].exe 带壳文件:UPX加壳
C:\Documents and Settings\Administrator\桌面\virus0507\01\rising900.exe 带壳文件:UPX加壳
C:\Documents and Settings\Administrator\桌面\virus0507\01\rising210.exe 带壳文件:UPX加壳
-----------------------------------------

2007年5月7日20时7分15秒收起线程…100% 查杀完毕！
扫描文件：18查杀病毒：10

[ 本帖最后由金剑于 2007-5-7 20:07 编辑 ]

显示全部楼层 · 发表于 2007-5-7 20:08:42

Scan performed at: 2007-5-7 20:08:00
Scanning Log
NOD32 version 2246 (20070507) NT
Command line: C:\Documents and Settings\EQ2\桌面\virus0507\PLUGINS C:\Documents and Settings\EQ2\桌面\virus0507\system32 C:\Documents and Settings\EQ2\桌面\virus0507\virus C:\Documents and Settings\EQ2\桌面\virus0507\virus1 C:\Documents and Settings\EQ2\桌面\virus0507\01 C:\Documents and Settings\EQ2\桌面\virus0507\msccrt
Operating memory - is OK

Date: 7.5.2007 Time: 20:08:07
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\virus0507\PLUGINS\; C:\Documents and Settings\EQ2\桌面\virus0507\system32\; C:\Documents and Settings\EQ2\桌面\virus0507\virus\; C:\Documents and Settings\EQ2\桌面\virus0507\virus1\; C:\Documents and Settings\EQ2\桌面\virus0507\01\; C:\Documents and Settings\EQ2\桌面\virus0507\msccrt\
C:\Documents and Settings\EQ2\桌面\virus0507\PLUGINS\system2.jmp - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\EQ2\桌面\virus0507\PLUGINS\SystemKb.sys - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\EQ2\桌面\virus0507\system32\1.exe - Win32/Small.OO trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\virus0507\system32\2.exe - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\EQ2\桌面\virus0507\system32\5.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\virus0507\system32\servet.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
C:\Documents and Settings\EQ2\桌面\virus0507\virus\1.exe - Win32/Small.OO trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\virus0507\virus\2.exe - probably a variant of Win32/PSW.QQPass.VD trojan
C:\Documents and Settings\EQ2\桌面\virus0507\virus\5.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\virus0507\virus1\12[1].exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\virus0507\virus1\gogo.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
C:\Documents and Settings\EQ2\桌面\virus0507\msccrt\msccrt.exe - a variant of Win32/PSW.Agent.NCC trojan
Number of scanned files: 25
Number of threats found: 12
Number of files cleaned: 12
Time of completion: 20:08:11 Total scanning time: 4 sec (00:00:04)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-5-7 20:20:27

avast!漏杀不少，可是看来有好几个是重复的

显示全部楼层 · 发表于 2007-5-7 21:40:57

detected: Trojan program Trojan-PSW.Win32.QQPass.hn File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/PLUGINS.rar/SystemKb.sys//UPX
detected: Trojan program Trojan-PSW.Win32.QQPass.hn File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/PLUGINS.rar/system2.jmp//UPX
detected: virus Downloader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus1.rar/love[1].exe
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus1.rar/12[1].exe
detected: virus Downloader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus1.rar/rising900.exe
detected: virus Downloader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus1.rar/rising210.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bho File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus1.rar/gogo.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nb File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus.rar/5.exe
detected: Trojan program Trojan-Downloader.Win32.Small.ens File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus.rar/1.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.hn File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus.rar/2.exe//UPX
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/virus.rar/3.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.QQPass.hn File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/2.exe//UPX
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/3.exe//PE_Patch//UPack
detected: Trojan program Trojan-Downloader.Win32.Small.ens File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/1.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nb File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/5.exe
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/nwizmhxy.exe//PE_Patch//UPack
detected: Trojan program Trojan-Downloader.Win32.Delf.bho File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/servet.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ql File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/system32.rar/nwizmhxy.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nb File: C:\Documents and Settings\Owner\×ÀÃæ\virus0507.zip/msccrt.rar/msccrt.exe

显示全部楼层 · 发表于 2007-5-7 21:54:27

msccrt.rar\msccrt.exe;C:\Documents and Settings\Administrator\桌面\msccrt.rar;Trojan.PWS.Wsgame;;
msccrt.rar;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;
PLUGINS.rar\SystemKb.sys;C:\Documents and Settings\Administrator\桌面\PLUGINS.rar;Trojan.PWS.Wow.origin;;
PLUGINS.rar\system2.jmp;C:\Documents and Settings\Administrator\桌面\PLUGINS.rar;Trojan.PWS.Qqpass.origin;;
PLUGINS.rar;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;
system32.rar\42qso.dll;C:\Documents and Settings\Administrator\桌面\system32.rar;Probably DLOADER.Trojan;;
system32.rar\2.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Trojan.PWS.Qqpass.origin;;
system32.rar\3.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Probably MULDROP.Trojan;;
system32.rar\4.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Probably DLOADER.Trojan;;
system32.rar\5.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Trojan.PWS.Wsgame;;
system32.rar\nwizmhxy.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Probably MULDROP.Trojan;;
system32.rar\servet.exe;C:\Documents and Settings\Administrator\桌面\system32.rar;Win32.HLLW.Creater;;
system32.rar\msccrt.dll;C:\Documents and Settings\Administrator\桌面\system32.rar;Trojan.PWS.Wsgame;;
system32.rar\nwizmhxy.dll;C:\Documents and Settings\Administrator\桌面\system32.rar;Trojan.DownLoader.21785;;
system32.rar;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;
virus.rar\5.exe;C:\Documents and Settings\Administrator\桌面\virus.rar;Trojan.PWS.Wsgame;;
virus.rar\2.exe;C:\Documents and Settings\Administrator\桌面\virus.rar;Trojan.PWS.Qqpass.origin;;
virus.rar\3.exe;C:\Documents and Settings\Administrator\桌面\virus.rar;Probably MULDROP.Trojan;;
virus.rar\4.exe;C:\Documents and Settings\Administrator\桌面\virus.rar;Probably DLOADER.Trojan;;
virus.rar;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;
大蜘蛛查处

显示全部楼层 · 发表于 2007-5-7 21:55:44

AVG Anti-Spyware - 扫描报告
---------------------------------------------------------

+ 创建时间: 21:55:09 2007-5-7

+ 扫描结果:

C:\Documents and Settings\Administrator\桌面\system32.rar/1.exe -> Backdoor.Small.oo : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus.rar/1.exe -> Backdoor.Small.oo : 未进行操作.
C:\Documents and Settings\Administrator\桌面\system32.rar/servet.exe -> Downloader.Delf.bho : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus1.rar/gogo.exe -> Downloader.Delf.bho : 未进行操作.
C:\Documents and Settings\Administrator\桌面\PLUGINS.rar/SystemKb.sys -> Downloader.Delf.bjc : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus1.rar/love[1].exe -> Trojan.Delf.qc : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus1.rar/rising210.exe -> Trojan.Delf.qc : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus1.rar/rising900.exe -> Trojan.Delf.qc : 未进行操作.
C:\Documents and Settings\Administrator\桌面\system32.rar/42qso.dll -> Trojan.OnLineGames.dz : 未进行操作.
C:\Documents and Settings\Administrator\桌面\msccrt.rar/msccrt.exe -> Trojan.OnLineGames.es : 未进行操作.
C:\Documents and Settings\Administrator\桌面\system32.rar/5.exe -> Trojan.OnLineGames.es : 未进行操作.
C:\Documents and Settings\Administrator\桌面\virus.rar/5.exe -> Trojan.OnLineGames.e

显示全部楼层 · 发表于 2007-5-7 22:28:37

究竟有多少病毒??

显示全部楼层 · 发表于 2007-5-7 22:30:28

江民金山卡巴3个总杀17个~

显示全部楼层 · 发表于 2007-5-7 22:44:00

AVAST杀了11个

[病毒样本] 5.7第三包

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源