再来18个

显示全部楼层 · 发表于 2007-7-19 20:54:02

[MD5: 593243 0F20F9 9DAAFD 4F27F1 864AB5 1C24ED 3250D0 E0E4D1 910107 92B694 AA87FD 8DBF2C C8BFCC 9FBEAE 082E95 0BA728 F2E1D8]

显示全部楼层 · 发表于 2007-7-19 20:55:54

detected: virus Virus.Win32.Drowor.d File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1.exe//UPack
detected: Trojan program Trojan-PSW.Win32.Nilage.bkl File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/2.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.acf File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/3.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan.Win32.Agent.bl File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/4.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ace File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/5.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Agent.bxi File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/7.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/8.exe
detected: Trojan program Trojan-PSW.Win32.Lmir.akw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/9.exe//ASPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/10.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cx File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/11.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/13.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.yn File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/14.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.aal File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/15.exe
detected: Trojan program Trojan-PSW.Win32.Nilage.bjt File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/16.exe

显示全部楼层 · 发表于 2007-7-19 20:57:34

C:\ABC\样本\1(1).exe
C:\ABC\样本\1.exe - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本\10.exe - 特征码 'Trojan-PWS.OnlineGames.AUP' 被发现
C:\ABC\样本\11.exe - 特征码 'Trojan-PWS.Win32.Nilage.bbr' 被发现
C:\ABC\样本\12.exe - 特征码 'Packer.Malware.NSAnti.H' 被发现
C:\ABC\样本\13.exe - 特征码 'Trojan-PWS.WSGame.AV' 被发现
C:\ABC\样本\14.exe - 特征码 'Trojan-PWS.WSGame.AV' 被发现
C:\ABC\样本\15.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\样本\16.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\样本\2.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\样本\3.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\样本\4.exe - 特征码 'Trojan-PWS.WSGame.AV' 被发现
C:\ABC\样本\5.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\样本\6.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\样本\7.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\样本\8.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\样本\9.exe - 特征码 'Trojan.Win32.Agent.abf' 被发现

      17 个文件被扫描
      (0 个压缩档 0 个文件)
      16 个特征码被侦测
      0 个可疑代码段被发现
      耗时: 0:00.531

17个拜托

显示全部楼层 · 发表于 2007-7-19 20:57:40

Scan performed at: 2007-7-19 20:57:22
Scanning Log
NOD32 version 2406 (20070719) NT
Command line: C:\Documents and Settings\EQ2\桌面\样本.rar
Operating memory - is OK

Date: 19.7.2007 Time: 20:57:28
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\样本.rar
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?1.exe - Win32/Drowor.NAC virus - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?1(1).exe - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?3.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?4.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?5.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?6.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?8.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?9.exe - Win32/PSW.Legendmir.NEP trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?10.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?11.exe - Win32/PSW.Agent.NDP trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?12.exe - Win32/Pacex.Gen virus
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?13.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?14.exe - Win32/PSW.OnLineGames.YA trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?15.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\样本.rar ?RAR ?16.exe - a variant of Win32/PSW.OnLineGames.NAG trojan
Number of scanned files: 18
Number of threats found: 15
Number of files cleaned: 1
Time of completion: 20:57:30 Total scanning time: 2 sec (00:00:02)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-7-19 20:57:57

Virus: Win32:Agent-ISZ [Trj], Win32:Lineage-597 [Trj], Win32:Onlinegames-ACD [Trj] (6x), Win32:Onlinegames-AEA [Trj], Win32:Delf-DTT [Trj], Win32:Agent-JCW [Trj], Win32:Onlinegames-ALT [Trj], Win32:Onlinegames-ACS [Trj], Win32:Lineage-545 [Trj], Win32:OnLineGames-ACB [Trj]
File: 样本[1].rar
Directory: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EGMKN5N4
Process: GreenBrowser.exe

显示全部楼层 · 发表于 2007-7-19 20:59:58

1184850128,2007-7-19 21:02:08,W32.Drowor.d.ppnl,病毒,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>1.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.OnLineGames.qw.jxwh,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>10.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.OnLineGames.cx.akzl,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>11.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.GamePass.qye.xbrj,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>12.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.OnLineGames.es.ivlw,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>13.exe,Manual scan
1184850129,2007-7-19 21:02:09,PWSteal.OnLineGames.YA.cbti,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>14.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.OnLineGames.aal.gboy,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>15.exe,Manual scan
1184850129,2007-7-19 21:02:09,W32.SecRisk.ProcessPatcher.Sml.ba.wvtz,病毒,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>16.exe,Manual scan
1184850129,2007-7-19 21:02:09,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>2.exe,Manual scan
1184850129,2007-7-19 21:02:09,Trojan.Agent.bl.zijr,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>4.exe,Manual scan
1184850129,2007-7-19 21:02:09,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>6.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.GamePass.pks.sczo,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>7.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.OnlineGames.cio.mkmf,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>8.exe,Manual scan
1184850129,2007-7-19 21:02:09,TrojanPSW.GamePass.qvl.dsmn,木马,mygood,D:\3\新建文件夹\新建文件夹\样本.rar>>9.exe,Manual scan

费尔

[ 本帖最后由风雪于 2007-7-19 21:01 编辑 ]

显示全部楼层 · 发表于 2007-7-19 21:05:44

16只

显示全部楼层 · 发表于 2007-7-19 21:11:49

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.02
nvcbin.def revision 5.90.00 of 2007/07/19 17:24:52 (812833 variants)
nvcmacro.def revision 5.90.00 of 2007/06/29 06:32:19 (20341 variants)
Total number of variants: 833174
Command line: "@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~OD3E.tmp"
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: F:\v\
   500 ms F:\v\1(1).exe
      0 ms F:\v\1.exe                                                 Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\10.exe                                                 Trojan W32/OnLineGames.HPV ()
   15 ms F:\v\11.exe                                                 Trojan OnlineGames.gen22 ()
   516 ms F:\v\12.exe
   94 ms F:\v\13.exe                                                 Virus W32/Malware ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length:       27136 bytes.

[ Process/window information ]
* Creates an event called 29437264.
* Attempts to access service "Norton AntiVirus Server".
* Attempts to access service "DefWatch".
* Attempts to access service "KWatchSvc".
* Attempts to access service "KPfwSvc".
* Attempts to access service "kvsrvxp".
* Attempts to access service "McAfeeFramework".
* Attempts to access service "McShield".
* Disables security related services.

)
   31 ms F:\v\14.exe                                                 Trojan W32/OnLineGames.HUX ()
      0 ms F:\v\15.exe                                                 Trojan W32/OnLineGames.HUI ()
      0 ms F:\v\16.exe                                                 Backdoor W32/Lineage.AUBA ()
      0 ms F:\v\2.exe                                                 Security Risk W32/Suspicious_U.gen ()
   9313 ms F:\v\3.exe
   15 ms F:\v\4.exe                                                 Trojan W32/Agent.BVPV ()
   9485 ms F:\v\5.exe
   15 ms F:\v\6.exe                                                 Security Risk W32/Suspicious_U.gen ()
      0 ms F:\v\7.exe                                                 Security Risk W32/Suspicious_U.gen ()
   32 ms F:\v\8.exe                                                 Trojan W32/Malware.XCX ()
      0 ms F:\v\9.exe                                                 Trojan W32/Lmir.ILX ()
- File F:\v\2.exe quarantined.
- File F:\v\2.exe deleted.
- File F:\v\1.exe quarantined.
- File F:\v\1.exe deleted.
- File F:\v\10.exe quarantined.
- File F:\v\10.exe deleted.
- File F:\v\11.exe quarantined.
- File F:\v\11.exe deleted.
- File F:\v\13.exe quarantined.
- File F:\v\13.exe deleted.
- File F:\v\14.exe quarantined.
- File F:\v\14.exe deleted.
- File F:\v\15.exe quarantined.
- File F:\v\15.exe deleted.
- File F:\v\16.exe quarantined.
- File F:\v\16.exe deleted.
- File F:\v\4.exe quarantined.
- File F:\v\4.exe deleted.
- File F:\v\6.exe quarantined.
- File F:\v\6.exe deleted.
- File F:\v\7.exe quarantined.
- File F:\v\7.exe deleted.
- File F:\v\8.exe quarantined.
- File F:\v\8.exe deleted.
- File F:\v\9.exe quarantined.
- File F:\v\9.exe deleted.

===================================================================================================

The scanning started: 2007/07/19 21:11:14
            ended: 2007/07/19 21:11:34
Logged on as       : Administrator
on hostname       : BE29C0E1C4C9406

Scanning results:
Total number of files found..............................:    17
Number of files scanned..................................:    17
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    13

Copyright (c) 1993-2005 Norman ASA.

显示全部楼层 · 发表于 2007-7-19 21:16:25

kv2007灭15个。

北京江民新科技术有限公司

扫描引擎 10.00.650
病毒库日期 2007-07-19
更新日期 2007-07-19

扫描目标 C:\Documents and Settings\Administrator\桌面\样本.rar

开始时间 2007-07-19 21:15:36

在 C:\Documents and Settings\Administrator\桌面\样本.rar->1.exe 中发现 TrojanDownloader.Agent.lhi 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->2.exe 中发现 Trojan/PSW.GamePass.pfo 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->3.exe 中发现 Trojan/PSW.Agent.dnq 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->4.exe 中发现 Trojan/PSW.GamePass.sgs 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->5.exe 中发现 Trojan/PSW.Agent.dno 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->7.exe 中发现 Trojan/PSW.OnLineGames.dln 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->8.exe 中发现 Trojan/PSW.GamePass.oan 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->9.exe 中发现 Trojan/PSW.GamePass.qvl 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->10.exe 中发现 Trojan/PSW.OnLineGames.cun 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->11.exe 中发现 Trojan/PSW.OnLineGames.dem 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->12.exe 中发现 Trojan/PSW.GamePass.qye 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->13.exe 中发现 Trojan/PSW.GamePass.qjl 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->14.exe 中发现 Trojan/PSW.GamePass.rcn 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->15.exe 中发现 Trojan/PSW.OnLineGames.das 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\样本.rar->16.exe 中发现 Trojan/PSW.GamePass.hzh 病毒, 已删除
正常结束。

扫描结果:
               文件数 :569                               病毒体 :15
               删除 :15                                  解毒 :0
扫描速度(千字节/秒) :6918                            扫描时间 :00:00:25
扫描文件速度(个/秒) :22

== == ==       == == == == == == == == == == == == == == == == == == == == == == ==    == == == == == ==

显示全部楼层 · 发表于 2007-7-19 21:22:23

Begin scan in 'C:\ABC\样本.rar'
C:\ABC\样本.rar
  [0] Archive type: RAR
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Zhidao
  --> 1(1).exe
   [DETECTION] Is the Trojan horse TR/Agent.22016.B
  --> 2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.LB.3
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/Agent.18432.59
  --> 9.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/Agent.34708.B
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bjt.5
   [WARNING] The file was ignored!

End of the scan: 2007年7月19日  21:22
Used time: 00:12 min

The scan has been done completely.

   0 Scanning directories
   19 Files were scanned
   17 viruses and/or unwanted programs were found
   1 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes
   0 Hidden objects were found

[病毒样本] 再来18个

本帖子中包含更多资源

本帖子中包含更多资源