小礼一份，查收，30个。

显示全部楼层 · 发表于 2007-8-16 17:18:37

好久没来，薄礼一份送上。[:27:]

显示全部楼层 · 发表于 2007-8-16 17:20:07

6个

显示全部楼层 · 发表于 2007-8-16 17:28:49

Scan performed at: 2007-8-16 17:28:22
Scanning Log
NOD32 version 2465 (20070816) NT
Command line: C:\Documents and Settings\EQ2\桌面\30virus0816.rar
Operating memory - is OK

Date: 16.8.2007 Time: 17:28:29
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\30virus0816.rar
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?msdebug.dll - a variant of Win32/Agent.NIK trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAV00A0.DAT - a variant of Win32/PSW.OnLineGames.NCU trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAV00A0.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVWDMON.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVWLMON.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVZTMON.DAT - a variant of Win32/PSW.OnLineGames.NCU trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVZTMON.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?systemm.exe - Win32/Agent.NEM trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?TIMHost.dll - probably a variant of Win32/PSW.OnLineGames.NBZ trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?TIMHost.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?wddins.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?winow.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?WinSrv32.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?WinSrvGunVrs.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?wmsj.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVDHMON.DAT - a variant of Win32/PSW.OnLineGames.NCU trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVDHMON.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVJZMON.DAT - a variant of Win32/PSW.OnLineGames.NCU trojan
C:\Documents and Settings\EQ2\桌面\30virus0816.rar ?RAR ?RAVZXMON.DAT - a variant of Win32/PSW.OnLineGames.NCU trojan
Number of scanned files: 31
Number of threats found: 20
Number of files cleaned: 1
Time of completion: 17:28:33 Total scanning time: 4 sec (00:00:04)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-8-16 17:34:40

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\30virus0816.rar'
C:\Documents and Settings\Administrator\桌面\
  30virus0816.rar
[0] Archive type: RAR
--> file1.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> file10.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> LYLOADER.EXE
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> LYMANGR.DLL
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> msdebug.dll
--> MSDEG32.DLL
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> RAV00A0.DAT
      [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
      [WARNING] Infected files in archives cannot be repaired!
--> RAV00A0.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWDMON.DAT
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.MQ.54
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWDMON.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.MQ.54
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWLMON.DAT
      [DETECTION] Is the Trojan horse TR/Agent.5906
      [WARNING] Infected files in archives cannot be repaired!
--> RAVWLMON.exe
      [DETECTION] Is the Trojan horse TR/Agent.5906
      [WARNING] Infected files in archives cannot be repaired!
--> RAVZTMON.DAT
      [DETECTION] Is the Trojan horse TR/Agent.7613
      [WARNING] Infected files in archives cannot be repaired!
--> RAVZTMON.exe
      [DETECTION] Is the Trojan horse TR/Agent.7613
      [WARNING] Infected files in archives cannot be repaired!
--> systemm.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.alh.7 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> TIMHost.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> TIMHost.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> video.dll
      [DETECTION] Is the Trojan horse TR/PSW.Steal.35840.7
      [WARNING] Infected files in archives cannot be repaired!
--> WanPacket.dll
--> wdcini.dll
--> wddins.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> winow.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> winow.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
      [WARNING] Infected files in archives cannot be repaired!
--> WinSrv32.EXE
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> WinSrvGunVrs.EXE
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> wmsj.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
      [WARNING] Infected files in archives cannot be repaired!
--> RAVDHMON.DAT
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
      [WARNING] Infected files in archives cannot be repaired!
--> RAVDHMON.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
      [WARNING] Infected files in archives cannot be repaired!
--> RAVJZMON.DAT
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
      [WARNING] Infected files in archives cannot be repaired!
--> RAVZXMON.DAT
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    A backup was created as '473a17c4.qua'  ( QUARANTINE )
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-16 17:45:05

病毒统计

扫描路径 : D:\病毒库\30virus0816
文件夹 : 1
文件 : 30
内存扫描 : 0
文档 : 0
压缩文件 : 0
确认病毒 : 20
染毒文件 : 23
内存感染 : 0
可疑文件 : 0
警告 : 0
杀毒文件 : 0
删除文件 : 0
移动文件 : 23
I/O 错误 : 0
扫描时间 : 00:00:04
扫描速度 (文件/秒) : 7

病毒定义 : 780121
扫描插件 : 16
文档插件 : 40
解压缩插件 : 6
电子邮件插件 : 6
系统插件 : 5

病毒扫描选项

发现
[ ] 扫描引导区
[ ] 内存
[X] 扫描文档
[X] 扫描压缩文件
[X] 扫描email

文件屏蔽
[ ] 程序
[X] 所有文件
[ ] 用户自定义扩展:
[ ] 排除扩展: ;

操作

感染目标
[ ] 忽略
[X] 杀毒
[ ] 删除
[ ] 移动到隔离区
[ ] 提示用户

另一个操作
[ ] 忽略
[ ] 删除
[X] 移动到隔离区
[ ] 提示用户

病毒扫描选项
[X] 启用警告
[X] 使用启发式
[X] 在日志中显示所有文件
[X] 报告文件: C:\Documents and Settings\Administrator\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1187257351.log

间谍程序扫描选项

[X] 扫描风险程序
[ ] 在扫描中发现拨号器和应用软件
[ ] 注册表键
[ ] Cookies

概要:

D:\病毒库\30virus0816\LYLOADER.EXE 感染: Dropped:Generic.PWS.Games.3.1B03BA89
D:\病毒库\30virus0816\LYLOADER.EXE 杀毒失败
D:\病毒库\30virus0816\LYLOADER.EXE 移动
D:\病毒库\30virus0816\MSDEG32.DLL 感染: Generic.PWS.Games.3.1B03BA89
D:\病毒库\30virus0816\MSDEG32.DLL 杀毒失败
D:\病毒库\30virus0816\MSDEG32.DLL 移动
D:\病毒库\30virus0816\RAV00A0.DAT 感染: DeepScan:Generic.Malware.dld!!gPWS.8DFF408F
D:\病毒库\30virus0816\RAV00A0.DAT 杀毒失败
D:\病毒库\30virus0816\RAV00A0.DAT 移动
D:\病毒库\30virus0816\RAV00A0.exe 感染: BehavesLike:Win32.ExplorerHijack
D:\病毒库\30virus0816\RAV00A0.exe 杀毒失败
D:\病毒库\30virus0816\RAV00A0.exe 移动
D:\病毒库\30virus0816\RAVDHMON.exe 感染: BehavesLike:Win32.ExplorerHijack
D:\病毒库\30virus0816\RAVDHMON.exe 杀毒失败
D:\病毒库\30virus0816\RAVDHMON.exe 移动
D:\病毒库\30virus0816\RAVJZMON.DAT 感染: DeepScan:Generic.Malware.dld!!PWS.CFE114E5
D:\病毒库\30virus0816\RAVJZMON.DAT 杀毒失败
D:\病毒库\30virus0816\RAVJZMON.DAT 移动
D:\病毒库\30virus0816\RAVWDMON.DAT 感染: Generic.Malware.PWS.5F3DD260
D:\病毒库\30virus0816\RAVWDMON.DAT 杀毒失败
D:\病毒库\30virus0816\RAVWDMON.DAT 移动
D:\病毒库\30virus0816\RAVWDMON.exe 感染: Dropped:Generic.Malware.PWS.5F3DD260
D:\病毒库\30virus0816\RAVWDMON.exe 杀毒失败
D:\病毒库\30virus0816\RAVWDMON.exe 移动
D:\病毒库\30virus0816\RAVWLMON.DAT 感染: Generic.Malware.PWS.DD2E70E5
D:\病毒库\30virus0816\RAVWLMON.DAT 杀毒失败
D:\病毒库\30virus0816\RAVWLMON.DAT 移动
D:\病毒库\30virus0816\RAVWLMON.exe 感染: Dropped:Generic.Malware.PWS.DD2E70E5
D:\病毒库\30virus0816\RAVWLMON.exe 杀毒失败
D:\病毒库\30virus0816\RAVWLMON.exe 移动
D:\病毒库\30virus0816\RAVZTMON.DAT 感染: DeepScan:Generic.Malware.dld!!PWS.99F437ED
D:\病毒库\30virus0816\RAVZTMON.DAT 杀毒失败
D:\病毒库\30virus0816\RAVZTMON.DAT 移动
D:\病毒库\30virus0816\RAVZTMON.exe 感染: BehavesLike:Win32.ExplorerHijack
D:\病毒库\30virus0816\RAVZTMON.exe 杀毒失败
D:\病毒库\30virus0816\RAVZTMON.exe 移动
D:\病毒库\30virus0816\RAVZXMON.DAT 感染: DeepScan:Generic.PWS.Games.1.71BA411A
D:\病毒库\30virus0816\RAVZXMON.DAT 杀毒失败
D:\病毒库\30virus0816\RAVZXMON.DAT 移动
D:\病毒库\30virus0816\systemm.exe 感染: Backdoor.Agent.ALH
D:\病毒库\30virus0816\systemm.exe 杀毒失败
D:\病毒库\30virus0816\systemm.exe 移动
D:\病毒库\30virus0816\TIMHost.dll 感染: Generic.Onlinegames.2.D08047EF
D:\病毒库\30virus0816\TIMHost.dll 杀毒失败
D:\病毒库\30virus0816\TIMHost.dll 移动
D:\病毒库\30virus0816\TIMHost.exe 感染: Generic.PWS.Games.4.DC2E4A6C
D:\病毒库\30virus0816\TIMHost.exe 杀毒失败
D:\病毒库\30virus0816\TIMHost.exe 移动
D:\病毒库\30virus0816\video.dll 感染: Generic.PWStealer.FC8576D8
D:\病毒库\30virus0816\video.dll 杀毒失败
D:\病毒库\30virus0816\video.dll 移动
D:\病毒库\30virus0816\wddins.exe 感染: DeepScan:Generic.Dld.Agent.029143D6
D:\病毒库\30virus0816\wddins.exe 杀毒失败
D:\病毒库\30virus0816\wddins.exe 移动
D:\病毒库\30virus0816\winow.dll 感染: Generic.PWS.WoW.A11ECFD4
D:\病毒库\30virus0816\winow.dll 杀毒失败
D:\病毒库\30virus0816\winow.dll 移动
D:\病毒库\30virus0816\winow.exe 感染: Generic.PWS.WoW.24C94D1F
D:\病毒库\30virus0816\winow.exe 杀毒失败
D:\病毒库\30virus0816\winow.exe 移动
D:\病毒库\30virus0816\WinSrv32.EXE 感染: Generic.Malware.FBdld.513A9B9E
D:\病毒库\30virus0816\WinSrv32.EXE 杀毒失败
D:\病毒库\30virus0816\WinSrv32.EXE 移动
D:\病毒库\30virus0816\WinSrvGunVrs.EXE 感染: Generic.Malware.FBdld.513A9B9E
D:\病毒库\30virus0816\WinSrvGunVrs.EXE 杀毒失败
D:\病毒库\30virus0816\WinSrvGunVrs.EXE 移动
D:\病毒库\30virus0816\wmsj.exe 感染: Generic.PWStealer.C1ACFDCA
D:\病毒库\30virus0816\wmsj.exe 杀毒失败
D:\病毒库\30virus0816\wmsj.exe 移动

显示全部楼层 · 发表于 2007-8-16 17:54:30

Found [Possible_Infostl]( 1) in 30.rar,(file1.dll)
Found [Possible_Infostl]( 1) in 30.rar,(file10.dll)
Undet [             ](    ) in 30.rar,(LYLOADER.EXE)
Found [TSPY_INFOSTEA.EH]( 1) in 30.rar,(LYMANGR.DLL)
Undet [             ](    ) in 30.rar,(msdebug.dll)
Undet [             ](    ) in 30.rar,(MSDEG32.DLL)
Undet [             ](    ) in 30.rar,(RAV00A0.DAT)
Undet [             ](    ) in 30.rar,(RAV00A0.exe)
Undet [             ](    ) in 30.rar,(RAVWDMON.DAT)
Undet [             ](    ) in 30.rar,(RAVWDMON.exe)
Undet [             ](    ) in 30.rar,(RAVWLMON.DAT)
Undet [             ](    ) in 30.rar,(RAVWLMON.exe)
Undet [             ](    ) in 30.rar,(RAVZTMON.DAT)
Undet [             ](    ) in 30.rar,(RAVZTMON.exe)
Found [  BKDR_AGENT.MMR]( 1) in 30.rar,(systemm.exe)
Undet [             ](    ) in 30.rar,(TIMHost.dll)
Undet [             ](    ) in 30.rar,(TIMHost.exe)
Found [Possible_Infostl]( 1) in 30.rar,(video.dll)
Undet [             ](    ) in 30.rar,(WanPacket.dll)
Undet [             ](    ) in 30.rar,(wdcini.dll)
Undet [             ](    ) in 30.rar,(wddins.exe)
Found [Possible_Infostl]( 1) in 30.rar,(winow.dll)
Undet [             ](    ) in 30.rar,(winow.exe)
Undet [             ](    ) in 30.rar,(WinSrv32.EXE)
Undet [             ](    ) in 30.rar,(WinSrvGunVrs.EXE)
Undet [             ](    ) in 30.rar,(wmsj.exe)
Undet [             ](    ) in 30.rar,(RAVDHMON.DAT)
Undet [             ](    ) in 30.rar,(RAVDHMON.exe)
Undet [             ](    ) in 30.rar,(RAVJZMON.DAT)
Undet [             ](    ) in 30.rar,(RAVZXMON.DAT)

显示全部楼层 · 发表于 2007-8-16 18:07:47

C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\file1.dll : is suspected of Trojan-PSW.Game.8 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\file10.dll : is suspected of Trojan-PSW.Game.33 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\LYLOADER.EXE : is suspected of Trojan-PSW.Game.32 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\LYMANGR.DLL : is suspected of Trojan-PSW.Game.38 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\MSDEG32.DLL : is suspected of Trojan-PSW.Game.32 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\RAVWDMON.DAT : infected Trojan-PSW.Win32.OnLineGames.mq
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\RAVWDMON.exe : infected Trojan-PSW.Win32.OnLineGames.mq
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\RAVWLMON.exe : infected Trojan-PSW.Win32.OnLineGames.aci
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\RAVZTMON.exe : infected Trojan-PSW.Win32.OnLineGames.aci
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\systemm.exe : infected Trojan.Sniff
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\TIMHost.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\TIMHost.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\video.dll : infected MalwareScope.Trojan-PSW.Game.8
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\WanPacket.dll : is suspected of Trojan-PSW.Game.30 (paranoid heuristics)
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\winow.dll : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\winow.exe : infected MalwareScope.Trojan-PSW.Game.17
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\WinSrv32.EXE : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\WinSrvGunVrs.EXE : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\uhthn\Desktop\30virus0816.rar:<RAR>\wmsj.exe : infected MalwareScope.Trojan-PSW.Game.17

Directories    : 0    Files in archives:    Files on disks:
Archives:                - total    : 30    - total    : 1
- scanned       : 1    -  scanned : 30    - scanned    : 1
- contain viruses : 1    -  infected : 13    - infected : 1
- deleted       : 0    -  suspicious : 6    - suspicious  : 0

显示全部楼层 · 发表于 2007-8-16 18:33:32

BD 23~~~~~~~

C:\Documents and Settings\同同\桌面\30virus0816.rar=>LYLOADER.EXE Infected: Dropped:Generic.PWS.Games.3.1B03BA89
C:\Documents and Settings\同同\桌面\30virus0816.rar=>LYLOADER.EXE Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>LYLOADER.EXE Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>MSDEG32.DLL Infected: Generic.PWS.Games.3.1B03BA89
C:\Documents and Settings\同同\桌面\30virus0816.rar=>MSDEG32.DLL Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>MSDEG32.DLL Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.DAT Infected: DeepScan:Generic.Malware.dld!!gPWS.8DFF408F
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.DAT Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.exe Infected: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAV00A0.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.DAT Infected: Generic.Malware.PWS.5F3DD260
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.DAT Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.exe Infected: Dropped:Generic.Malware.PWS.5F3DD260
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWDMON.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.DAT Infected: Generic.Malware.PWS.DD2E70E5
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.DAT Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.exe Infected: Dropped:Generic.Malware.PWS.DD2E70E5
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVWLMON.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.DAT Infected: DeepScan:Generic.Malware.dld!!PWS.99F437ED
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.DAT Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.exe Infected: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZTMON.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>systemm.exe Infected: Backdoor.Agent.ALH
C:\Documents and Settings\同同\桌面\30virus0816.rar=>systemm.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>systemm.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.dll Infected: Generic.Onlinegames.2.D08047EF
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.dll Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.dll Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.exe Infected: Generic.PWS.Games.4.DC2E4A6C
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>TIMHost.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>video.dll Infected: Generic.PWStealer.FC8576D8
C:\Documents and Settings\同同\桌面\30virus0816.rar=>video.dll Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>video.dll Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wddins.exe Infected: DeepScan:Generic.Dld.Agent.029143D6
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wddins.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wddins.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.dll Infected: Generic.PWS.WoW.A11ECFD4
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.dll Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.dll Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.exe Infected: Generic.PWS.WoW.24C94D1F
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>winow.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrv32.EXE Infected: Generic.Malware.FBdld.513A9B9E
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrv32.EXE Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrv32.EXE Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrvGunVrs.EXE Infected: Generic.Malware.FBdld.513A9B9E
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrvGunVrs.EXE Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>WinSrvGunVrs.EXE Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wmsj.exe Infected: Generic.PWStealer.C1ACFDCA
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wmsj.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>wmsj.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVDHMON.exe Infected: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVDHMON.exe Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVDHMON.exe Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVJZMON.DAT Infected: DeepScan:Generic.Malware.dld!!PWS.CFE114E5
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVJZMON.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVJZMON.DAT Move failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZXMON.DAT Infected: DeepScan:Generic.PWS.Games.1.71BA411A
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZXMON.DAT Disinfection failed
C:\Documents and Settings\同同\桌面\30virus0816.rar=>RAVZXMON.DAT Move failed

显示全部楼层 · 发表于 2007-8-16 18:40:31

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-8-15
开始时间: 2007-8-16 18:38
引擎: KAV 引擎 (AVK 17.6876), BD  引擎 (BD 17.4738)
启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: LYLOADER.EXE
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.agb (KAV 引擎), Dropped:Generic.PWS.Games.3.1B03BA89 (BD  引擎)
对象: LYMANGR.DLL
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.agb (KAV 引擎)
对象: MSDEG32.DLL
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.agb (KAV 引擎), Generic.PWS.Games.3.1B03BA89 (BD  引擎)
对象: RAV00A0.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: DeepScan:Generic.Malware.dld!!gPWS.8DFF408F (BD  引擎)
对象: RAV00A0.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: RAVWDMON.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.mq (KAV 引擎), Generic.Malware.PWS.5F3DD260 (BD  引擎)
对象: RAVWDMON.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.mq (KAV 引擎), Dropped:Generic.Malware.PWS.5F3DD260 (BD  引擎)
对象: RAVWLMON.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.Malware.PWS.DD2E70E5 (BD  引擎)
对象: RAVWLMON.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎), Dropped:Generic.Malware.PWS.DD2E70E5 (BD  引擎)
对象: RAVZTMON.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: DeepScan:Generic.Malware.dld!!PWS.99F437ED (BD  引擎)
对象: RAVZTMON.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎), BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: systemm.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Backdoor.Win32.Agent.alh (KAV 引擎), Backdoor.Agent.ALH (BD  引擎)
对象: TIMHost.dll
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.Onlinegames.2.D08047EF (BD  引擎)
对象: TIMHost.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.PWS.Games.4.DC2E4A6C (BD  引擎)
对象: video.dll
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.PWStealer.FC8576D8 (BD  引擎)
对象: wddins.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.029143D6 (BD  引擎)
对象: winow.dll
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.PWS.WoW.A11ECFD4 (BD  引擎)
对象: winow.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.PWS.WoW.24C94D1F (BD  引擎)
对象: WinSrv32.EXE
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.Malware.FBdld.513A9B9E (BD  引擎)
对象: WinSrvGunVrs.EXE
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Generic.Malware.FBdld.513A9B9E (BD  引擎)
对象: wmsj.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.afx (KAV 引擎), Generic.PWStealer.C1ACFDCA (BD  引擎)
对象: RAVDHMON.exe
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: RAVJZMON.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: DeepScan:Generic.Malware.dld!!PWS.CFE114E5 (BD  引擎)
对象: RAVZXMON.DAT
路径: G:\样本\30virus0816
Status: 已发现病毒
病毒: DeepScan:Generic.PWS.Games.1.71BA411A (BD  引擎)
分析完毕: 2007-8-16 18:38
已检查 30 个文件
已发现 24 个染毒文件
发现 0 个可疑文件

显示全部楼层 · 发表于 2007-8-16 18:41:51

12
[Scan path] G:\样本\30virus0816
G:\样本\30virus0816\file1.dll - Ok
G:\样本\30virus0816\file10.dll - Ok
>G:\样本\30virus0816\LYLOADER.EXE infected with Trojan.Inject.364
>G:\样本\30virus0816\LYMANGR.DLL infected with Trojan.PWS.Gamania.3387
>G:\样本\30virus0816\msdebug.dll - Ok
>G:\样本\30virus0816\MSDEG32.DLL infected with Trojan.Goner.65
>G:\样本\30virus0816\RAV00A0.DAT - Ok
>G:\样本\30virus0816\RAV00A0.exe probably infected with MULDROP.Trojan
>G:\样本\30virus0816\RAVWDMON.DAT - Ok
>G:\样本\30virus0816\RAVWDMON.exe infected with Trojan.PWS.Wsgame
>G:\样本\30virus0816\RAVWLMON.DAT infected with Trojan.PWS.Gamania.3403
>G:\样本\30virus0816\RAVWLMON.exe infected with Trojan.PWS.Wsgame.1066
>G:\样本\30virus0816\RAVZTMON.DAT - Ok
>G:\样本\30virus0816\RAVZTMON.exe probably infected with MULDROP.Trojan
>G:\样本\30virus0816\systemm.exe infected with Trojan.Sniff
G:\样本\30virus0816\TIMHost.dll - Ok
>G:\样本\30virus0816\TIMHost.exe probably infected with MULDROP.Trojan
G:\样本\30virus0816\video.dll - Ok
G:\样本\30virus0816\WanPacket.dll - Ok
G:\样本\30virus0816\wdcini.dll - Ok
>>G:\样本\30virus0816\wddins.exe - Ok
G:\样本\30virus0816\winow.dll - Ok
>>G:\样本\30virus0816\winow.exe - Ok
>G:\样本\30virus0816\WinSrv32.EXE - Ok
>G:\样本\30virus0816\WinSrvGunVrs.EXE - Ok
>G:\样本\30virus0816\wmsj.exe infected with Trojan.PWS.Gamania.3302
>G:\样本\30virus0816\RAVDHMON.DAT - Ok
>G:\样本\30virus0816\RAVDHMON.exe probably infected with BACKDOOR.Trojan
>G:\样本\30virus0816\RAVJZMON.DAT - Ok
>G:\样本\30virus0816\RAVZXMON.DAT - Ok

[病毒样本] 小礼一份，查收，30个。

本帖子中包含更多资源

本帖子中包含更多资源