2D58CA 83BB9C 3E1C3C......

显示全部楼层 · 发表于 2007-8-30 19:24:36

有一些。有兴趣看看吧

2D58CA 83BB9C 3E1C3C A73707 24B526 AD57FE 4D6AA8 8A1B46 FF022D 2E589F CECA19 8B903A 98B916

显示全部楼层 · 发表于 2007-8-30 19:26:50

Ikarus:
30:08:2007 19:26:04 SEARCHTASK "USER_DEFINED" started...
scan item: C:\Documents and Settings\zhenjia\桌面\N多
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\dhdins.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\jziins.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\LYLOADER.EXE.v - SIGNATURE FOUND "Trojan-Downloader.Win32.Zlob.and"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\mxaset.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\mxbset.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\myfins.exe.v - SIGNATURE FOUND "Trojan-Spy.Win32.Bancos.ha"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\pjaset.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\qjgins.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\ravfymon.dat - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\ravgjmon.dat - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\ravgjmon.exe.v - SIGNATURE FOUND "Trojan-Downloader.Win32.Zlob.and"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\tlvins.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
File scanned: C:\Documents and Settings\zhenjia\桌面\N多\WinFormA6.exe.v - SIGNATURE FOUND "Trojan-Dropper.Win32.Agent.ane"
30:08:2007 19:26:05 SEARCHTASK "USER_DEFINED" FINISHED...
----------------------------------------------------
Directories scanned: 1
Files scanned: 13
Virus found: 13
----------------------------------------------------

显示全部楼层 · 发表于 2007-8-30 19:27:08

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.XYOnline.gp
病毒： Trojan.PSW.Win32.ZeroOnline.ah
病毒： Trojan.PSW.Win32.XYOnline.go
病毒： Trojan.PSW.Win32.XYOnline.gn
病毒： Trojan.PSW.Win32.OnlineGames.ybp
病毒： Trojan.PSW.Win32.OnlineGames.yav
病毒： Trojan.PSW.Win32.FYOnline.ct
病毒： Trojan.PSW.Win32.OnlineGames.ybb
病毒： Trojan.PSW.Win32.OnlineGames.yah
病毒： Trojan.PSW.Win32.OnlineGames.yax
病毒： Trojan.PSW.Win32.OnlineGames.yax
病毒： Trojan.PSW.Win32.OnlineGames.yaz
病毒： Trojan.PSW.Win32.XYOnline.gh

MAC地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：19.38.32

显示全部楼层 · 发表于 2007-8-30 19:27:39

Scan performed at: 2007-8-30 19:27:18
Scanning Log
NOD32 version 2491 (20070830) NT
Command line: C:\Documents and Settings\Don johnson\桌面\N多.rar
Operating memory - is OK

Date: 30.8.2007 Time: 19:27:22
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\N多.rar
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?dhdins.exe.v - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?jziins.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?LYLOADER.EXE.v - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?mxaset.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?mxbset.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?myfins.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?pjaset.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?qjgins.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?ravgjmon.exe.v - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?tlvins.exe.v - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\N多.rar ?RAR ?WinFormA6.exe.v - probably a variant of Win32/Genetik trojan
Number of scanned files: 14
Number of threats found: 11
Number of files cleaned: 1
Time of completion: 19:27:25 Total scanning time: 3 sec (00:00:03)

显示全部楼层 · 发表于 2007-8-30 19:29:09

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\N多\dhdins.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\jziins.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\LYLOADER.EXE.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\mxaset.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\mxbset.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\myfins.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\pjaset.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\qjgins.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravfymon.dat]
                  …………引擎[3]发现Suspicious File
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravfymon.dat]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravgjmon.dat]
                  …………引擎[3]发现Suspicious File
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravgjmon.dat]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravgjmon.exe.v]
                  …………引擎[3]发现Suspicious File
[C:\Documents and Settings\Administrator\桌面\virus\N多\ravgjmon.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\tlvins.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\N多\WinFormA6.exe.v]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:13 病毒数:13  比重:1.230769230769
OK  扫描完毕！

显示全部楼层 · 发表于 2007-8-30 19:33:13

微点：
木马名称:Trojan.Win32.Genetik.bvc

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\JZIINS.EXE.V
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Agent.epd

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\LYLOADER.EXE.V
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.bve

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\MXASET.EXE.V
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.bxc

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\MYFINS.EXE.V
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.bvo

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\WINFORMA6.EXE.V
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\DHDINS.EXE
1) C:\DFD406234.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\DHDINS.EXE
1) C:\DFD406234.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\MXBSET.EXE
1) C:\DFD426906.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\MXBSET.EXE
1) C:\DFD426906.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\QJGINS.EXE
1) C:\DFD442359.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\QJGINS.EXE
1) C:\DFD442359.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\PJASET.EXE
1) C:\DFD457953.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\PJASET.EXE
1) C:\DFD457953.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\TLVINS.EXE
1) C:\DFD474062.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\N多\TLVINS.EXE
1) C:\DFD474062.BAT
是否删除可疑程序?

显示全部楼层 · 发表于 2007-8-30 19:35:15

反正都瞒过卡巴了。

显示全部楼层 · 发表于 2007-8-30 19:45:43

Starting the file scan:

Begin scan in 'F:\病毒样本\N多.rar'
F:\病毒样本\N多.rar
  [0] Archive type: RAR
  --> dhdins.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.11399
  --> jziins.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.11791
  --> LYLOADER.EXE.v
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> mxaset.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.17456
  --> mxbset.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.17971.1
  --> myfins.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.12917
  --> pjaset.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.11338
  --> qjgins.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.12087
  --> ravfymon.dat
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
  --> ravgjmon.dat
   [DETECTION] Contains suspicious code HEUR/Malware
  --> ravgjmon.exe.v
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> tlvins.exe.v
   [DETECTION] Contains suspicious code HEUR/Malware
  --> WinFormA6.exe.v
   [DETECTION] Is the Trojan horse TR/Agent.11606
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-8-30 20:23:26

显示全部楼层 · 发表于 2007-8-30 20:26:37

呵呵，我已经给红伞报了。他们升级真快！

之前红伞大部分启发。

[病毒样本] 2D58CA 83BB9C 3E1C3C......

本帖子中包含更多资源

本帖子中包含更多资源