一包病毒，过驱逐舰，卡巴报；不扫MD5了，会晕的

显示全部楼层 · 发表于 2007-7-10 20:42:02

体积很小，精致的病毒，卡巴会报，

过了我的驱逐舰

显示全部楼层 · 发表于 2007-7-10 20:42:47

Scan performed at: 2007-7-10 20:42:33
Scanning Log
NOD32 version 2389 (20070710) NT
Command line: C:\Documents and Settings\EQ2\桌面\RAV008C.zip
Operating memory - is OK

Date: 10.7.2007 Time: 20:42:38
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\RAV008C.zip
C:\Documents and Settings\EQ2\桌面\RAV008C.zip ?ZIP ?RAV008C.exe - a variant of Win32/PSW.OnLineGames.NCU trojan
C:\Documents and Settings\EQ2\桌面\RAV008C.zip ?ZIP ?LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan
Number of scanned files: 5
Number of threats found: 2
Number of files cleaned: 1
Time of completion: 20:42:39 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2007-7-10 20:43:33

病毒: Win32:Onlinegames-ACS [Trj], Win32:OnLineGames-ST [Trj], Win32:OnLineGames-SS [Trj]
文件: RAV008C[1].zip
目录: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODE3GLQZ
进程: GreenBrowser.exe

显示全部楼层 · 发表于 2007-7-10 20:44:47

detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\RAV008C.zip/RAV008C.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nn File: C:\Documents and Settings\Owner\×ÀÃæ\RAV008C.zip/LYLOADER.EXE//PE_Patch//UPack

显示全部楼层 · 发表于 2007-7-10 20:45:52

费尔三个。

显示全部楼层 · 发表于 2007-7-10 20:47:54

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\RAV008C.zip'
C:\Documents and Settings\Administrator\桌面\
  RAV008C.zip
[0] Archive type: ZIP
--> RAV008C.DAT
      [DETECTION] Is the Trojan horse TR/Agent.4832.1
      [WARNING] Infected files in archives cannot be repaired!
--> RAV008C.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> LYMANGR.DLL
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> LYLOADER.EXE
      [DETECTION] Is the Trojan horse TR/PSW.Onlinega.L.2
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    A backup was created as '46e98035.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-7-10 20:59:06

Starting the file scan:

Begin scan in 'F:\病毒样本\RAV008C.zip'
F:\病毒样本\RAV008C.zip
  [0] Archive type: ZIP
  --> RAV008C.DAT
   [DETECTION] Is the Trojan horse TR/Agent.4832.1
  --> RAV008C.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> LYMANGR.DLL
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Onlinega.L.2
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-7-10 21:01:28

又见费尔的启发

显示全部楼层 · 发表于 2007-7-10 21:03:54

全启发
F:\RAV008C.zip:<ZIP>\RAV008C.exe : is suspected of Trojan-PSW.Game.3 (paranoid heuristics)
F:\RAV008C.zip:<ZIP>\LYMANGR.DLL : is suspected of Trojan-PSW.Game.38 (paranoid heuristics)
F:\RAV008C.zip:<ZIP>\LYLOADER.EXE : is suspected of Trojan-PSW.Game.32 (paranoid heuristics)

显示全部楼层 · 发表于 2007-7-10 21:09:42

c:\ABC\RAV008C.zip:\RAV008C.DAT - Signature 'Trojan-Dropper.Win32.Agent.ane' found
c:\ABC\RAV008C.zip:\RAV008C.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
c:\ABC\RAV008C.zip:\LYMANGR.DLL - Signature 'Trojan-Dropper.Win32.Agent.ane' found
c:\ABC\RAV008C.zip:\LYLOADER.EXE - Signature 'Trojan-Downloader.Win32.Zlob.and' found

[病毒样本] 一包病毒，过驱逐舰，卡巴报；不扫MD5了，会晕的

本帖子中包含更多资源

哇咔咔，费尔的启发

本帖子中包含更多资源

[病毒样本] 一包病毒，过 驱逐舰，卡巴报；不扫MD5了，会晕的

本帖子中包含更多资源

哇咔咔，费尔的启发

本帖子中包含更多资源

[病毒样本] 一包病毒，过驱逐舰，卡巴报；不扫MD5了，会晕的