新东西来了

显示全部楼层 · 发表于 2007-9-1 21:40:20

好象是新东西

大家扫扫看红伞杀剩下3个

[ 本帖最后由 gzg 于 2007-9-1 21:45 编辑 ]

显示全部楼层 · 发表于 2007-9-1 21:42:50

Starting the file scan:

Begin scan in 'F:\病毒样本\桌面.part1.rar'
F:\病毒样本\桌面.part1.rar
  [0] Archive type: RAR
  --> 2\C\WINDOWS\SYSTEM32\DHDINS.EXE
   [DETECTION] Is the Trojan horse TR/Agent.11399
  --> 2\C\WINDOWS\SYSTEM32\DHDPRI.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Delf.abi
  --> 3\C\WINDOWS\WINOW.DLL
   [DETECTION] Is the Trojan horse TR/PSW.33792.19
  --> 3\C\WINDOWS\WINOW.EXE
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> 4\C\WINDOWS\SYSTEM32\MYFINS.EXE
   [DETECTION] Is the Trojan horse TR/Agent.12917
  --> 4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Delf.aao.1
  --> 4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 5\C\PROGRAM FILES\NETMEETING\RAVWDMON.DAT
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 6\L\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\K\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\J\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\I\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\H\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\G\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\F\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\E\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\D\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\C\IO.PIF
   [DETECTION] Is the Trojan horse TR/Agent.19968.163
  --> 6\C\WINDOWS\KULIONQJ.EXE
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> 6\C\WINDOWS\WMSJ.EXE
   [DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
  --> 6\C\WINDOWS\SYSTEM32\JHBINS.EXE
   [DETECTION] Is the Trojan horse TR/Spy.Delf.aau
  --> 6\C\WINDOWS\SYSTEM32\MXBSET.EXE
   [DETECTION] Is the Trojan horse TR/Agent.17971.1
  --> 6\C\WINDOWS\SYSTEM32\WLHINS.EXE
   [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.135
  --> 6\C\WINDOWS\SYSTEM32\ZTASET.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Lmir.bla
  --> 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
   [DETECTION] Is the Trojan horse TR/PSW.Steal.47215
  --> 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
   [DETECTION] Is the Trojan horse TR/PSW.Steal.47215
  --> 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Steal.47215
   [INFO]    The file was deleted!
Begin scan in 'F:\病毒样本\桌面.part2.rar'

显示全部楼层 · 发表于 2007-9-1 21:44:27

detected: Trojan program Trojan-Spy.Win32.Delf.aax File: E:\Ñù±¾\4\C\WINDOWS\SYSTEM32\MYFINS.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.aax File: E:\Ñù±¾\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
detected: Trojan program Trojan-Spy.Win32.Delf.xa File: E:\Ñù±¾\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bjd File: E:\Ñù±¾\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.DAT
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bgc File: E:\Ñù±¾\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\L\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\K\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\J\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\I\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\H\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\G\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\F\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\E\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\D\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic File: E:\Ñù±¾\6\C\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bja File: E:\Ñù±¾\6\C\WINDOWS\KULIONQJ.EXE//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bbr File: E:\Ñù±¾\6\C\WINDOWS\WMSJ.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.abi File: E:\Ñù±¾\6\C\WINDOWS\SYSTEM32\JHBINS.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.abi File: E:\Ñù±¾\6\C\WINDOWS\SYSTEM32\MXBSET.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.uv File: E:\Ñù±¾\6\C\WINDOWS\SYSTEM32\WLHINS.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.abi File: E:\Ñù±¾\6\C\WINDOWS\SYSTEM32\ZTASET.EXE
detected: virus Worm.Win32.QQPass.n File: E:\Ñù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP//UPX
detected: virus Worm.Win32.QQPass.n File: E:\Ñù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
detected: virus Worm.Win32.QQPass.n File: E:\Ñù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE//UPX
detected: virus Worm.Win32.QQPass.n File: E:\Ñù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE//UPX
detected: Trojan program Trojan-Spy.Win32.Delf.abi File: E:\Ñù±¾\2\C\WINDOWS\SYSTEM32\DHDINS.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.abi File: E:\Ñù±¾\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL

显示全部楼层 · 发表于 2007-9-1 21:45:03

C:\ABC\桌面\1\ArFile.log
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\2\ArFile.log
C:\ABC\桌面\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - 特征码 'Trojan-Downloader.Agent.YJA' 被发现
C:\ABC\桌面\3\ArFile.log
C:\ABC\桌面\3\C\WINDOWS\WINOW.DLL - 特征码 'Generic.PWS.WoW' 被发现
C:\ABC\桌面\3\C\WINDOWS\WINOW.EXE - 特征码 'Generic.PWS.WoW' 被发现
C:\ABC\桌面\4\ArFile.log
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\DHDINI.DLL
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFINI.DLL
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\桌面\5\ArFile.log
C:\ABC\桌面\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.DAT - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\桌面\6\ArFile.log
C:\ABC\桌面\6\C\AUTORUN.INF
C:\ABC\桌面\6\C\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\C\WINDOWS\KULIONQJ.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\WMSJ.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\D\AUTORUN.INF
C:\ABC\桌面\6\D\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\E\AUTORUN.INF
C:\ABC\桌面\6\E\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\F\AUTORUN.INF
C:\ABC\桌面\6\F\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\G\AUTORUN.INF
C:\ABC\桌面\6\G\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\H\AUTORUN.INF
C:\ABC\桌面\6\H\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\I\AUTORUN.INF
C:\ABC\桌面\6\I\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\J\AUTORUN.INF
C:\ABC\桌面\6\J\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\K\AUTORUN.INF
C:\ABC\桌面\6\K\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\L\AUTORUN.INF
C:\ABC\桌面\6\L\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现

47 文件被扫描
(0 压缩档 0 文件)
29 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.766

显示全部楼层 · 发表于 2007-9-1 21:46:00

Result: 13 malware found
Trojan-Spy.Win32.Delf.abi (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\2\C\WINDOWS\SYSTEM32\DHDINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\JHBINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\MXBSET.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\ZTASET.EXE
Trojan-Spy.Win32.Delf.aax (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\MYFINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
Trojan-Spy.Win32.Delf.xa (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
Trojan-PSW.Win32.OnLineGames.bgc (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
Trojan-PSW.Win32.OnLineGames.bbr (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\WMSJ.EXE
Trojan-Spy.Win32.Delf.uv (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\WLHINS.EXE
Worm.Win32.QQPass.n (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE

显示全部楼层 · 发表于 2007-9-1 21:46:19

好多马

卡巴杀

显示全部楼层 · 发表于 2007-9-1 21:55:05

C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - Suspicious of Win32.Trojan-PSW.QQPass.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\3\C\WINDOWS\WINOW.DLL - Suspicious of Win32.Backdoor.Hupigon.5
C:\Documents and Settings\uhthn\Desktop\New Folder\3\C\WINDOWS\WINOW.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\DHDINI.DLL - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFINI.DLL - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.DAT - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\KULIONQJ.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\WMSJ.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\D\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\E\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\F\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\G\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\H\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\I\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\J\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\K\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\L\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16

显示全部楼层 · 发表于 2007-9-1 21:58:41

Scan performed at: 2007-9-1 21:58:01
Scanning Log
NOD32 version 2495 (20070901) NT
Command line: C:\Documents and Settings\Don johnson\桌面\桌面
Operating memory - is OK

Date: 1.9.2007 Time: 21:58:05
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\桌面\
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\3\C\WINDOWS\WINOW.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\5\C\PROGRAM FILES\NETMEETING\RAVWDMON.EXE - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\KULIONQJ.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\WMSJ.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\D\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\E\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\F\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\G\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\H\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\I\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\J\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\K\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\L\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
Number of scanned files: 47
Number of threats found: 27
Number of files cleaned: 27
Time of completion: 21:58:11 Total scanning time: 6 sec (00:00:06)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-9-1 22:46:44

扫描统计:
  扫描时间: 20
  扫描选项:
  扫描目标: C:\virus\桌面.rar
  计数:
扫描的项目总数: 48
- 文件和目录: 48
- 注册表项: 0
- 进程和启动项目: 0
- 网络和浏览器项目: 0
- 其他: 0

检测到的安全风险总数: 17
已解决的项目总数: 0
需要注意的项目总数: 17

已解决的风险:

未解决的风险:
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[syswin64.jmp] 位于[c:\virus\桌面.rar] - 已感染

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[winsys64.sys] 位于[c:\virus\桌面.rar] - 已感染

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[y93plpll.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[ym1znvhi.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[dhdins.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[dhdpri.dll] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[winow.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[dhdini.dll] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[myfins.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[myfpri.dll] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[ravwdmon.exe] 位于[c:\virus\桌面.rar] - 已感染

W32.Pifio
病毒 ID: 39130
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[io.pif] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[jhbins.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Menghuan
病毒 ID: 18938
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[mxbset.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[wlhins.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[ztaset.exe] 位于[c:\virus\桌面.rar] - 已感染

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 个文件
[wmsj.exe] 位于[c:\virus\桌面.rar] - 已感染

[病毒样本] 新东西来了

本帖子中包含更多资源