新抓来一包

显示全部楼层 · 发表于 2007-7-20 17:49:12

一群木马!!!
[MD5: AB34B0 B0DE42 E57E60 93FC5E 571641 322267 C1E9E1 ED66B2 91E453 C016B9 AC45AE 56FAF1 364B9D 101B12 EBA02C 08899E 8E95B1 28BAAB B32261 FB1329 9F6679 CFA2DB 5CCB03 91D3AD AD105B 4A8952 F308AB 3E3729 50C231 20D148 80951D]

[ 本帖最后由 promised 于 2007-7-20 23:20 编辑 ]

显示全部楼层 · 发表于 2007-7-20 17:50:16

咖啡拦截

显示全部楼层 · 发表于 2007-7-20 17:50:56

detected: Trojan program Trojan-PSW.Win32.OnLineGames.bs File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/tlso0.dll
detected: Trojan program Trojan-PSW.Win32.WOW.qn File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/mhso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/woso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/woso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/ztso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ui File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/jtso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.Nilage.bjp File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/ztso0.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ui File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/jtso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wlso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qo File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wlso0.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ui File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wgso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.abh File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wgso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wmso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ui File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/fyso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.sl File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wmso0.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.abi File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/fyso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/qjso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bs File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/qjso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/rxso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.abv File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/rxso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wdso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bs File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/wdso0.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ui File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/tlso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nw File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/daso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/mhso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nw File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/daso0.dll
detected: Trojan program Trojan-PSW.Win32.Small.cf File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/zxso.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ack File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/M1.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qo File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/zxso0.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fq File: C:\Documents and Settings\Owner\×ÀÃæ\°ü°ü.rar/oKoK.exe//PE_Patch//UPack
30

显示全部楼层 · 发表于 2007-7-20 17:51:56

那个BAT没问题

显示全部楼层 · 发表于 2007-7-20 17:52:13

风暴胜者V2 贺岁精简网络版本
_________您的安全是我们的责任_______________
作者：Sanhuan222@163.com TM:469428271
个人Blog：http://hi.baidu.com/迅者/

===============================================
___________病毒查杀结果__________________

===============================================

2007年5月20日17时53分20秒开始查杀C:\Documents and Settings\Administrator\桌面\virus\包包
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\ztso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\wlso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\wgso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\wmso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\fyso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\qjso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\wdso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\tlso.exe
威胁性文件：C:\Documents and Settings\Administrator\桌面\virus\包包\zxso.exe
****************************
您应该引起注意的文件:

-----------------------------------------

=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

C:\Documents and Settings\Administrator\桌面\virus\包包\M1.exe 带壳文件:UPX加壳
-----------------------------------------

2007年5月20日17时53分20秒收起线程…100% 查杀完毕！
扫描文件：30查杀病毒：9

[ 本帖最后由 FBAV 于 2007-7-20 17:54 编辑 ]

显示全部楼层 · 发表于 2007-7-20 17:53:47

Scan performed at: 2007-7-20 17:53:09
Scanning Log
NOD32 version 2409 (20070720) NT
Command line: C:\Documents and Settings\EQ2\桌面\包包.rar
Operating memory - is OK

Date: 20.7.2007 Time: 17:53:15
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\包包.rar
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?mhso0.dll - a variant of Win32/PSW.OnLineGames.NAT trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?woso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?woso0.dll - a variant of Win32/PSW.WOW.NCD trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?ztso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?jtso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?ztso0.dll - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?wlso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?wlso0.dll - Win32/PSW.OnLineGames.NDB trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?wgso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?wmso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?fyso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?qjso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?qjso0.dll - a variant of Win32/PSW.OnLineGames.NAZ trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?rxso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?rxso0.dll - a variant of Win32/PSW.OnLineGames.NBD trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?wdso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?tlso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?daso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?mhso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?zxso.exe - probably a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\包包.rar ?RAR ?M1.exe - a variant of Win32/PSW.OnLineGames.NBR trojan
Number of scanned files: 32
Number of threats found: 21
Number of files cleaned: 1
Time of completion: 17:53:20 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2007-7-20 17:53:57

干掉29个··
F:\包包\tlso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\tlso0.dll : deleted
F:\包包\mhso0.dll : infected MalwareScope.Trojan-PSW.Game.2
F:\包包\mhso0.dll : deleted
F:\包包\woso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\woso.exe : deleted
F:\包包\ztso.exe : infected Trojan.PWS.Wsgame
F:\包包\ztso.exe : deleted
F:\包包\jtso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\jtso.exe : deleted
F:\包包\ztso0.dll : infected Trojan-PSW.Win32.Nilage.bjp
F:\包包\ztso0.dll : deleted
F:\包包\jtso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\jtso0.dll : deleted
F:\包包\wlso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\wlso.exe : deleted
F:\包包\wlso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\wlso0.dll : deleted
F:\包包\wgso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\wgso.exe : deleted
F:\包包\wgso0.dll : is suspected of Trojan-PSW.Game.58 (paranoid heuristics)
F:\包包\wmso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\wmso.exe : deleted
F:\包包\fyso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\fyso.exe : deleted
F:\包包\wmso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\wmso0.dll : deleted
F:\包包\fyso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\fyso0.dll : deleted
F:\包包\qjso.exe : infected Trojan.PWS.Wsgame
F:\包包\qjso.exe : deleted
F:\包包\qjso0.dll : infected Trojan-PSW.Win32.OnLineGames.bs
F:\包包\qjso0.dll : deleted
F:\包包\rxso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\rxso.exe : deleted
F:\包包\rxso0.dll : is suspected of Trojan-PSW.Game.58 (paranoid heuristics)
F:\包包\wdso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\wdso.exe : deleted
F:\包包\wdso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\wdso0.dll : deleted
F:\包包\tlso.exe : infected Trojan-PSW.Win32.OnLineGames.ui
F:\包包\tlso.exe : deleted
F:\包包\daso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\daso.exe : deleted
F:\包包\mhso.exe : infected Trojan.PWS.Wsgame
F:\包包\mhso.exe : deleted
F:\包包\daso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\daso0.dll : deleted
F:\包包\zxso.exe : infected MalwareScope.Trojan-PSW.Game.1
F:\包包\zxso.exe : deleted
F:\包包\M1.exe : is suspected of Trojan-PSW.Game.18 (paranoid heuristics)
F:\包包\zxso0.dll : infected MalwareScope.Trojan-PSW.Game.10
F:\包包\zxso0.dll : deleted
F:\包包\oKoK.exe : is suspected of Embedded.Trojan.Sniff

显示全部楼层 · 发表于 2007-7-20 17:55:09

vba32可以杀原生的dll？？？。。。。

显示全部楼层 · 发表于 2007-7-20 18:03:21

Starting the file scan:

Begin scan in 'F:\病毒样本\包包.rar'
F:\病毒样本\包包.rar
  [0] Archive type: RAR
  --> tlso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> mhso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> woso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> woso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> ztso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> jtso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> ztso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> jtso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wlso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wlso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wgso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wgso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wmso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> fyso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wmso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> fyso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> qjso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> qjso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> rxso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> rxso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wdso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> wdso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> tlso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> daso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> mhso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> daso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> zxso.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> M1.exe
   [DETECTION] Is the Trojan horse TR/Autorun.BK
  --> zxso0.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> oKoK.exe
   [DETECTION] Is the Trojan horse TR/Onlinegames.FQ
   [INFO]    The file was deleted!

End of the scan: 2007年7月20日  18:03
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   33 Files were scanned
   30 viruses and/or unwanted programs were found
   0 classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-7-20 18:37:19

2007/7/20 18:31:56 Scanning Log
2007/7/20 18:31:56 Version of virus signature database: 2409 (20070720)
2007/7/20 18:31:56 Date: 20.7.2007 Time: 18:31:56
2007/7/20 18:31:56 Scanned disks, folders and files: F:\v\包包.rar
2007/7/20 18:32:02 Number of scanned files: 32
2007/7/20 18:32:02 Number of threats found: 21
2007/7/20 18:32:02 Time of completion: 18:32:02 Total scanning time: 6 sec (00:00:06)

[病毒样本] 新抓来一包

本帖子中包含更多资源

30个