收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 AD39DB 351EF9 EEBA88 68FF6D 78E19C 46149B 7331A5
返回列表 发新帖
查看: 2007|回复: 8
收起左侧

[病毒样本] AD39DB 351EF9 EEBA88 68FF6D 78E19C 46149B 7331A5

[复制链接]
qqq000@qq.com
头像被屏蔽
发表于 2007-6-6 17:14:31 | 显示全部楼层 |阅读模式
AD39DB 351EF9 EEBA88 68FF6D 78E19C 46149B 7331A5

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1原创 +1 收起 理由
lanvin + 1 谢谢支持

查看全部评分

回复

举报

jlennon
头像被屏蔽
发表于 2007-6-6 17:27:24 | 显示全部楼层
Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-6-6
Start time: 2005-6-6 17:27
Engine(s): KAV engine (AVK 17.5733), BD-Engine (BD 17.5315)
Heuristic: On
Archives: On
System areas: Off

Check selected directories and files...
Object: stream/data0001 data0003
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\lh02.exe
        Status: Virus detected
        Virus: Trojan.Win32.Qhost.ir (KAV engine)
Object: stream/data0001 data0004
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\lh02.exe
        Status: Virus detected
        Virus: Trojan.VBS.RotNet.a (KAV engine)
Object: stream/data0001 data0005
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\lh02.exe
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.AdMedia.k (KAV engine)
Object: (NSIS o)=>lzma_solid_nsis0001=>(NSIS o) lzma_nsis0002
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\lh02.exe
        Status: Virus detected
        Virus: Trojan.QHost.CX (BD-Engine)
Object: (NSIS o)=>lzma_solid_nsis0001=>(NSIS o) lzma_nsis0003
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\lh02.exe
        Status: Virus detected
        Virus: Trojan.Vbs.Rotnet.A (BD-Engine)
Object: lh02.exe
        Path: C:\Documents and Settings\Administrator\桌面\雷之源[1]
        Status: Move file into quarantine
        Virus: Trojan.Win32.Qhost.ir, Trojan.VBS.RotNet.a, not-a-virus:AdWare.Win32.AdMedia.k (KAV engine), Trojan.QHost.CX, Trojan.Vbs.Rotnet.A (BD-Engine)
Object: lservice.exe
        Path: C:\Documents and Settings\Administrator\桌面\雷之源[1]
        Status: Move file into quarantine
        Virus: Trojan-Downloader.Win32.Agent.arm (KAV engine), Trojan.Downloader.Agent.ARM (BD-Engine)
Object: RRToday.dll
        Path: C:\Documents and Settings\Administrator\桌面\雷之源[1]
        Status: Move file into quarantine
        Virus: not-a-virus:AdWare.Win32.Dm.ab (KAV engine)
Object: data0003
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\sms.exe
        Status: Virus detected
        Virus: Trojan.Win32.Qhost.ir (KAV engine)
Object: data0004
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\sms.exe
        Status: Virus detected
        Virus: Trojan.VBS.RotNet.a (KAV engine)
Object: data0005
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\sms.exe
        Status: Virus detected
        Virus: not-a-virus:AdWare.Win32.AdMedia.k (KAV engine)
Object: (NSIS o) lzma_nsis0002
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\sms.exe
        Status: Virus detected
        Virus: Trojan.QHost.CX (BD-Engine)
Object: (NSIS o) lzma_nsis0003
        In archive: C:\Documents and Settings\Administrator\桌面\雷之源[1]\sms.exe
        Status: Virus detected
        Virus: Trojan.Vbs.Rotnet.A (BD-Engine)
Object: sms.exe
        Path: C:\Documents and Settings\Administrator\桌面\雷之源[1]
        Status: Move file into quarantine
        Virus: Trojan.Win32.Qhost.ir, Trojan.VBS.RotNet.a, not-a-virus:AdWare.Win32.AdMedia.k (KAV engine), Trojan.QHost.CX, Trojan.Vbs.Rotnet.A (BD-Engine)
Analysis complete: 2005-6-6 17:28
    6 files checked
    4 infected files detected
    0 suspected files detected
回复

举报

wangjay1980
发表于 2007-6-6 17:29:42 | 显示全部楼层
detected: Trojan program Trojan-Downloader.Win32.Agent.arm        File: E:\Ñù±¾\bingdu\lservice.exe
detected: Trojan program Trojan.Win32.Qhost.ir        File: E:\Ñù±¾\bingdu\lh02.exe//stream//data0001//data0003
detected: Trojan program Trojan.VBS.RotNet.a        File: E:\Ñù±¾\bingdu\lh02.exe//stream//data0001//data0004
detected: adware not-a-virus:AdWare.Win32.AdMedia.k        File: E:\Ñù±¾\bingdu\lh02.exe//stream//data0001//data0005
detected: adware not-a-virus:AdWare.Win32.Dm.ab        File: E:\Ñù±¾\bingdu\RRToday.dll
detected: Trojan program not-a-virus:AdWare.Win32.AdMedia.k        File: E:\Ñù±¾\bingdu\sms.exe
回复

举报

scottxzt
发表于 2007-6-6 17:39:45 | 显示全部楼层
Begin scan in 'D:\Documents and Settings\dell\桌面\新建文件夹 (2)'
D:\Documents and Settings\dell\桌面\新建文件夹 (2)\
D:\Documents and Settings\dell\桌面\新建文件夹 (2)\sms.exe
      [DETECTION] Contains signature of the dropper DR/Qhost.IR.6
      [INFO]      The file was successfully wiped!
      [INFO]      The file was deleted!
D:\Documents and Settings\dell\桌面\新建文件夹 (2)\lservice.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.arm
      [INFO]      The file was successfully wiped!
      [INFO]      The file was deleted!


End of the scan: 2005年6月6日  17:40
Used time: 00:11 min

The scan has been done completely.

      1 Scanning directories
      6 Files were scanned
      2 viruses and/or unwanted programs were found
回复

举报

woai_jolin
发表于 2007-6-6 17:44:37 | 显示全部楼层
ESS

2007/6/6 17:43:57        Scanning Log
2007/6/6 17:43:57        Version of virus signature database: 2312 (20070606)
2007/6/6 17:43:57        Date: 6.6.2007  Time: 17:43:56
2007/6/6 17:43:57        Scanned disks, folders and files: E:\
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar - multiple threats - deleted
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar » RAR » lservice.exe - Win32/TrojanDownloader.Agent.ARM trojan
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar » RAR » lh02.exe - Win32/Qhost.IR trojan
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar » RAR » lh02.exe » NSIS:SFX=32768 » sms.exe - Win32/Qhost.IR trojan
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar » RAR » lh02.exe » NSIS:SFX=32768 » sms.exe » NSIS:SFX=59904 » hosts - Win32/Qhost.IR trojan
2007/6/6 17:44:01        E:\病毒测试\雷之源.part1.rar » RAR » RRToday.dll - next archive volume not found
2007/6/6 17:44:02        Number of scanned files: 10
2007/6/6 17:44:02        Number of threats found: 2
2007/6/6 17:44:02        Time of completion: 17:44:02  Total scanning time: 6 sec (00:00:06)
回复

举报

蓝色牛仔裤
发表于 2007-6-6 17:50:06 | 显示全部楼层
蜘蛛全过了!好家伙。。上报喽
回复

举报

moonsilver
发表于 2007-6-6 18:16:55 | 显示全部楼层
RS 4个
回复

举报

taihuxian
发表于 2007-6-6 18:21:00 | 显示全部楼层
Virus: Trojan-Downloader.Win32.Agent.arm
File: opr000GX.rar
Directory: C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4
Process: Opera.exe
回复

举报

mofunzone
发表于 2007-6-6 23:06:11 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\雷之源'
C:\Documents and Settings\Administrator\My Documents\雷之源\
  lh02.exe
      [DETECTION] Contains signature of the dropper DR/Qhost.IR.7
      [INFO]      The file was deleted!
  lservice.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.arm
      [INFO]      The file was deleted!
  Rar.exe
  RRToday.dll
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Dm.AB
      [INFO]      The file was deleted!
  sms.exe
      [DETECTION] Contains signature of the dropper DR/Qhost.IR.6
      [INFO]      The file was deleted!
  雷之源.exe
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-27 13:13 , Processed in 0.121780 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表