木马群 x22

显示全部楼层 · 发表于 2008-5-30 18:46:10

质量如何就不知道了

显示全部楼层 · 发表于 2008-5-30 18:47:17

IK
I:\样本\1.zip:\1.exe - Signature 'Trojan-PWS.Win32.OnLineGames.ajsw' found
I:\样本\1.zip:\13.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\19.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip:\5.exe - Suspect code-parts found (Level: 140)
I:\样本\1.zip:\7.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\10.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip:\14.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\8.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\11.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\3.exe - Suspect code-parts found (Level: 140)
I:\样本\1.zip:\9.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\2.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\15.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\16.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip:\21.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\17.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip:\4.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\20.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip:\22.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\样本\1.zip:\18.exe - Signature 'Trojan-PWS.Win32.Lmir.awg' found
I:\样本\1.zip:\6.exe - Signature 'Trojan-PWS.Win32.Lmir.awg' found
I:\样本\1.zip:\12.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\样本\1.zip

23 Files scanned
(1 Archiv with 22 files)
20 Signatures found
2 Suspect code-parts found
Used time: 0:00.109

显示全部楼层 · 发表于 2008-5-30 18:48:12

Starting the file scan:

Begin scan in 'E:\AV\新建文件夹'
E:\AV\新建文件夹\12.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\1.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajus
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\13.exe
   [DETECTION] Is the Trojan horse TR/Downloader.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\19.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\5.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajtg
   --> Object
      [DETECTION] Contains detection pattern of the worm WORM/Downloader.MM
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\7.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\10.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\14.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\8.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\11.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\3.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\9.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\2.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\15.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\16.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\21.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\17.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\4.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\20.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\22.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
E:\AV\新建文件夹\18.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '486ddc33.qua'!

End of the scan: 2008年5月30日  18:50
Used time: 00:17 min

The scan has been done completely.

   1 Scanning directories
   22 Files were scanned
   21 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   20 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   21 Notes

25032382  6.exe  16.25 KB  DAMAGED FILE (UNKNOWN)
25032383  18.exe  18.87 KB  DAMAGED FILE (UNKNOWN)

[ 本帖最后由 Exia 于 2008-5-30 20:30 编辑 ]

显示全部楼层 · 发表于 2008-5-30 18:50:11

太壮观了，一批zlob...

显示全部楼层 · 发表于 2008-5-30 18:52:41

不晓得是否乱报

显示全部楼层 · 发表于 2008-5-30 18:59:05

IK的zloband报法根本不是报zlob
纯粹的乱报无视她吧...

显示全部楼层 · 发表于 2008-5-30 19:05:13

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： RootKit.Win32.RESSDT.au
病毒： Trojan.PSW.Win32.SunOnline.oq
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.ntd
病毒： Trojan.PSW.Win32.SunGame.u
病毒： Trojan.PSW.Win32.GameOL.nsq

MAC 地址：00:17:31:40:A3:57

用户来源：局域网

软件版本：20.46.42

显示全部楼层 · 发表于 2008-5-30 19:08:33

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:1.exe <- Trojan.Psw.Onlinegames.Ajsw : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:1.exe<FSG>:1.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Ajus : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:13.exe<UPack>:13.exe<DLLRES>:res0.exe <- Trojan.Psw.Agent.Amb : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:19.exe <- Trojan.Psw.Onlinegames.Ajqb : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:19.exe<UPack>:19.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Ajqb : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:5.exe <- Trojan.Psw.Onlinegames.Ajtf : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:5.exe<FSG>:5.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Ajtg : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:5.exe<FSG>:5.exe<DLLRES>:res1.exe <- Worm.Downloader.Mm : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:10.exe <- Trojan.Psw.Onlinegames.Ajod : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:10.exe<UPack>:10.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Affc : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:3.exe <- Trojan.Psw.Onlinegames.Ajtr : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:16.exe <- Trojan.Psw.Onlinegames.Ajod : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:16.exe<UPack>:16.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Ajod : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:17.exe<UPack>:17.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Ahvx : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:20.exe <- Trojan.Psw.Onlinegames.Ajpx : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:20.exe<UPack>:20.exe <- Trojan.Psw.Onlinegames.Aejc : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:20.exe<UPack>:20.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Aeox : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:18.exe <- Trojan.Psw.Onlinegames.Ajsr : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:12.exe <- Trojan.Psw.Onlinegames.Ajpz : No action
C:\Documents and Settings\All Users\Documents\Test\1.zip<ZIP>:12.exe<UPack>:12.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Ajqc : No action

Scanned objects : 58

Infected objects : 20

显示全部楼层 · 发表于 2008-5-30 19:09:58

[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->1.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->13.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->19.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->5.exe->(embedded)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->7.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->10.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->14.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->8.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->11.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->9.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->2.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->15.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->16.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->21.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->17.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->4.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->20.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->22.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\1.zip->12.exe->(UPack)

---------------------------------------------------------------------
Scan ended: 2008-5-30, 19:09:10
Duration: 0:00:23

Scan result:

Scanned files:    6
Infected objects:    19
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-5-30 19:12:08

剩俩
2008-5-30 19:10:16 F:\virus\1\4.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:16 F:\virus\1\17.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajoi
2008-5-30 19:10:16 F:\virus\1\21.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.akxt
2008-5-30 19:10:14 F:\virus\1\15.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:14 F:\virus\1\16.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajod
2008-5-30 19:10:11 F:\virus\1\2.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:11 F:\virus\1\9.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:09 F:\virus\1\3.exe/FSG Detected: Trojan-PSW.Win32.OnLineGames.ajtr
2008-5-30 19:10:09 F:\virus\1\11.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.akxt
2008-5-30 19:10:09 F:\virus\1\8.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:09 F:\virus\1\14.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:10:09 F:\virus\1\10.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajod
2008-5-30 19:09:38 F:\virus\1\7.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:09:36 F:\virus\1\5.exe/FSG Detected: Trojan-PSW.Win32.OnLineGames.ajtf
2008-5-30 19:09:35 F:\virus\1\13.exe Detected: Trojan-PSW.Win32.Agent.amp
2008-5-30 19:09:35 F:\virus\1\19.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajqb
2008-5-30 19:09:35 F:\virus\1\1.exe/FSG Detected: Trojan-PSW.Win32.OnLineGames.ajsw
2008-5-30 19:09:28 F:\virus\1\12.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajpz
2008-5-30 19:09:26 F:\virus\1\22.exe/PE_Patch/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajys
2008-5-30 19:09:20 F:\virus\1\20.exe/UPack Detected: Trojan-PSW.Win32.OnLineGames.ajpx

[病毒样本] 木马群 x22

本帖子中包含更多资源

回复 2楼冷冷的帖子

回复 4楼 solcroft 的帖子

本帖子中包含更多资源

46/21

ArcaVir2008

F-Prot 4.4.4

[病毒样本] 木马群 x22

本帖子中包含更多资源

回复 2楼 冷冷 的帖子

回复 4楼 solcroft 的帖子

本帖子中包含更多资源

46/21

ArcaVir2008

F-Prot 4.4.4

回复 2楼冷冷的帖子