[C541F4 B79069]多个未知

kp2006

;金山清理专家系统诊断报告
;诊断时间: 2007-6-6
;诊断平台: Windows XP [5.1.2600] Service Pack 2
;IE浏览器版本: Internet Explorer V6.0.2180.2900
;该诊断报告由金山清理专家生成 http://www.duba.net

; 开机自启动程序
38 - D:\Program Files\FlashGet\FlashGet.exe - FlashGet.com - 1.8.6.1008
; 浏览器辅助对象(BHO)
41 - D:\Program Files\FlashGet\getflash.dll - www.flashget.com - 1.8.4.1003
41 - D:\Program Files\FlashGet\jccatch.dll - www.flashget.com - 1.8.4.1007
; 系统服务
60 - D:\WINDOWS\System32\hidserv.dll - (NULL) - 0.0.0.0
; 当前进程
50 - D:\Program Files\Windows Media Player\svchost.exe - (NULL) - 0.0.0.0
    51 - D:\Program Files\Windows Media Player\svchost.exe - (NULL) - 0.0.0.0
    51 - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\94b.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\PDLL.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\zkjjx.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\wfdrd.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\wtrmm.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\wgptl.dll - (NULL) - 0.0.0.0
    51 - D:\WINDOWS\system32\fksdy.dll - (NULL) - 0.0.0.0

卡吧不报

[ 本帖最后由 kp2006 于 2007-6-6 15:59 编辑 ]

dyw1021

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\svchost.rar'
C:\Documents and Settings\Administrator\桌面\svchost.rar
  [0] Archive type: RAR
  --> svchost.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was moved to '46c9689b.qua'!


End of the scan: 2007年6月6日  15:54
Used time: 00:02 min

promised

VIKING
?           Copyright (c) 1993-2007 by VBA Ltd.            ?
酝屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
License expired
License #000000119 Valid till 2006-12-31
Demo mode
Command line options:
/r=susp.rpt /ha=3 /collect_suspects /nc /af+ /ar+ /bt- /mr- /ml+ /rw+ /as-
Ctrl-C will terminate program execution

*:
C:\
C:\ABC\svchost.rar:<RAR>\svchost.exe : infected MalwareScope.Worm.Viking.3
Program execution terminated by user


Directories       : 3       Files in archives:      Files on disks:
Archives:                   - total       : 1       - total       : 11
- scanned         : 1       -  scanned    : 1       - scanned     : 11
- contain viruses : 1       -  infected   : 1       - infected    : 1
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

Startup    : 15:56:34 06-06-2007
End        : 15:56:37 06-06-2007
Total time : 00:00:03
终止批处理操作吗(Y/N)?

jlennon

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-6-6
Start time: 2005-6-6 16:50
Engine(s): KAV engine (AVK 17.5733), BD-Engine (BD 17.5315)
Heuristic: On
Archives: On
System areas: Off

Check selected directories and files...
Object: 94b.dll
        Path: C:\Documents and Settings\Administrator\桌面\h
        Status: Move file into quarantine
        Virus: Trojan.PWS.Onlinegames.AWR (BD-Engine)
Object: PDLL.dll
        Path: C:\Documents and Settings\Administrator\桌面\h
        Status: Move file into quarantine
        Virus: Trojan.PWS.Onlinegames.AWR (BD-Engine)
Object: svchost.exe
        Path: C:\Documents and Settings\Administrator\桌面\svchost
        Status: Move file into quarantine
        Virus: Trojan.PWS.Onlinegames.AWR (BD-Engine)
Analysis complete: 2005-6-6 16:50
    8 files checked
    3 infected files detected
    0 suspected files detected

The EQs

Scan performed at: 2007-6-6 16:54:27
Scanning Log
NOD32 version 2312 (20070606) NT
Command line: C:\Documents and Settings\EQ2\桌面\桌面
Operating memory - is OK

Date: 6.6.2007  Time: 16:54:31
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\桌面\
C:\Documents and Settings\EQ2\桌面\桌面\fksdy.dll - Win32/Delf.NFH trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\桌面\wfdrd.dll - Win32/Delf.NFH trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\桌面\wgptl.dll - Win32/Delf.NFH trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\桌面\wtrmm.dll - Win32/Delf.NFH trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\桌面\zkjjx.dll - Win32/Delf.NFH trojan - quarantined - unable to clean - deleted
Number of scanned files: 8
Number of threats found: 5
Number of files cleaned: 5
Time of completion: 16:54:32 Total scanning time: 1 sec (00:00:01)

tracydk

第一个包是味精,第2个是基因启发还是报壳啊??EQ2??

tracydk

EQ2呢??

The EQs

第二个是报壳。。。鉴定完毕。。。

tracydk

原帖由 EQ2 于 2007-6-6 17:03 发表
第二个是报壳。。。鉴定完毕。。。

AVAST报壳很少见啊

The EQs

avast的潜力还是很大的。。。。一旦启发式发展起来的话。。。