vip产物16个

promised

[MD5: 43DB27 E3619A B4A8A9 6A4445 99FF7B 5EE3E9 4F5CF9 FC3006 5887C0 FDD421 D0809D C371B8 DA9ACC BB1F7C A68B41 45430D]

The EQs

Scan performed at: 2007-8-24 18:05:34
Scanning Log
NOD32 version 2481 (20070823) NT
Command line: C:\Documents and Settings\Don johnson\桌面\样本1.rar
Operating memory - is OK

Date: 24.8.2007  Time: 18:05:45
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\样本1.rar
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?fy.exe - Win32/Delf.NFD trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?jh.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?mh.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?mir.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?my.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?qj.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?qqhx.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?qst.exe - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?tl.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?wd.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?wl.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?wow.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?zt.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?zx.exe - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?cs.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar ?RAR ?dh.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
Number of scanned files: 17
Number of threats found: 16
Number of files cleaned: 1
Time of completion: 18:05:49 Total scanning time: 4 sec (00:00:04)

Notes:
[7] File is probably infected with an unknown virus.

saga3721

小红伞正好响了16声

沸沸

启发了2分半，就这一个文件

[ 本帖最后由 沸沸 于 2007-8-24 18:15 编辑 ]

458506

NOD32都16个了。。我这个就不用扫了

沸沸

首先，卡7 才报了5个文件
其次，如下文件启发了N久！





报告完毕


[ 本帖最后由 沸沸 于 2007-8-24 18:29 编辑 ]

Guanguancan

还有一些在下载过程中被AVG杀了！汗~~~

Guanguancan

还有7个AVG PASS,上报AVG去

碧水寒潭

Start of the scan: 2007年8月24日  19:18

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\样本1.rar
  [0] Archive type: RAR
  --> fy.exe
      [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> jh.exe
      [DETECTION] Is the Trojan horse TR/Agent.11508
  --> mh.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> mir.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
  --> my.exe
      [DETECTION] Is the Trojan horse TR/Agent.12978.1
  --> qj.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> qqhx.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> qst.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> tl.exe
      [DETECTION] Is the Trojan horse TR/Agent.11187
  --> wd.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> wl.exe
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.125
  --> wow.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> zt.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> zx.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Tiny.CK.2
  --> cs.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> dh.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was deleted!


End of the scan: 2007年8月24日  19:18
Used time: 00:17 min

The scan has been done completely.

      1 Scanning directories
     17 Files were scanned
     16 viruses and/or unwanted programs were found
      4 classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -3 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found

微点卫士

微点：
木马名称:Trojan-PSW.Win32.OnLineGames.iyw

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\QQHX.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.iyx

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\ZT.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.iyv

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\ZX.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\JH.EXE
1) C:\DFD1995781.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\JH.EXE
1) C:\DFD1995781.BAT
是否删除可疑程序?
这个东西卡了半天

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MH.EXE
1) C:\DFD2121562.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MH.EXE
1) C:\DFD2121562.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MIR.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\RAVCQMON.EXE
2) C:\PROGRAM FILES\INTERNET EXPLORER\RAVCQMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MY.EXE
1) C:\DFD2143812.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MY.EXE
1) C:\DFD2143812.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\QJ.EXE
1) C:\DFD2156875.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\QJ.EXE
1) C:\DFD2156875.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\QST.EXE
由
E:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) E:\AUTORUN.EXE
2) E:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
E:\AUTORUN.EXE
E:\AUTORUN.EXE

是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\TL.EXE
1) C:\DFD2181546.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\TL.EXE
1) C:\DFD2181546.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WD.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVWDMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WL.EXE
1) C:\DFD2203859.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WL.EXE
1) C:\DFD2203859.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\WOW.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\WINOW.EXE
2) C:\WINDOWS.0\WINOW.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\CS.EXE
1) C:\DFD2225640.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\CS.EXE
1) C:\DFD2225640.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DH.EXE
1) C:\DFD2237156.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DH.EXE
1) C:\DFD2237156.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\FY.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\PACKET.DLL
2) C:\WINDOWS.0\SYSTEM32\WANPACKET.DLL
3) C:\WINDOWS.0\SYSTEM32\WPCAP.DLL
4) C:\WINDOWS.0\SYSTEM32\DRIVERS\SVCHOST.EXE
是否删除木马程序及其衍生物?

全杀