一大包42个！

显示全部楼层 · 发表于 2007-9-14 17:31:05

Start of the scan: 2007年9月14日  17:30

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\42ge.rar'
C:\Documents and Settings\Administrator\桌面\42ge.rar
  [0] Archive type: RAR
  --> 35.exe
   [DETECTION] Is the Trojan horse TR/Lineage.66560.1
  --> 36.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ceu
  --> 37.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cev
  --> 38.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.98893
  --> 39.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cgk.3
  --> 40.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cgk.3
  --> 41.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 42.exe
   [DETECTION] Contains detection pattern of the dropper DR/Cinmus.RJ
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/PSW.19610
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/Hijack.12462.B
  --> 3.exe
   [DETECTION] Contains detection pattern of the dropper DR/Cinmus.RJ
  --> 4.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bjn.1
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cew.1
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Agent.12910
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.ago
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cdb
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.abi.3
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.bov
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cew.2
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Agent.11800
  --> 17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.boy.3
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cmp.1
  --> 19.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Kolmat.B.18 Backdoor server programs
  --> 20.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.32 Backdoor server programs
  --> 21.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.abt
  --> 22.exe
   [DETECTION] Is the Trojan horse TR/Agent.12784
  --> 23.exe
   [DETECTION] Is the Trojan horse TR/Agent.12501.1
  --> 24.exe
   [DETECTION] Is the Trojan horse TR/Agent.12784.1
  --> 25.exe
   [DETECTION] Is the Trojan horse TR/Agent.12321
  --> 26.exe
   [DETECTION] Is the Trojan horse TR/PSW.Agent.PL
  --> 27.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.abq.1
  --> 28.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.37 Backdoor server programs
  --> 29.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 30.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 31.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.blb
  --> 32.exe
   [DETECTION] Is the Trojan horse TR/Spy.Delf.agk
  --> 33.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ciy.1
  --> 34.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年9月14日  17:30
Used time: 00:52 min

The scan has been done completely.

   0 Scanning directories
   44 Files were scanned
   41 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-9-14 17:31:06

AVK全杀42个

显示全部楼层 · 发表于 2007-9-14 17:33:50

扫描进行于：2007-9-14 17:32:59
扫描日志
NOD32版本 2529 (20070913) NT
命令行： C:\Documents and Settings\user\桌面\42ge.rar

日期： 14.9.2007 时间：17:33:01
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\user\桌面\42ge.rar
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>35.exe - Win32/PSW.Lineage.ACN 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>36.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>37.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>39.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>40.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>41.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>42.exe - 可能是 Win32/PSW.OnLineGames.YA 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>2.exe - 可能是 Win32/PSW.OnLineGames.NEN 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>3.exe - 可能是 Win32/PSW.OnLineGames.YA 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>5.exe - Win32/PSW.WOW.UT 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>6.exe - 可能是 Win32/PSW.OnLineGames.NEP 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>7.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>8.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>9.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>10.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>11.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>12.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>13.exe - Win32/PSW.Legendmir.NEP 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>14.exe - 可能是 Win32/AutoRun.Q 蠕虫的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>15.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>16.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>17.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>18.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>19.exe - Win32/Delf.NGD 木马
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>20.exe - Win32/Agent.NEM 木马
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>21.exe - Win32/PSW.Delf.NIY 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>22.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>23.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>24.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>25.exe - 可能是 Win32/PSW.OnLineGames.NEN 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>26.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>27.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>28.exe - Win32/Agent.NEM 木马
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>29.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>30.exe - 未查明的 NewHeur_PE 病毒 [7]
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>31.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>32.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>33.exe - Win32/PSW.OnLineGames.YA 木马的变种
C:\Documents and Settings\user\桌面\42ge.rar >>RAR >>34.exe - Win32/PSW.OnLineGames.YA 木马的变种
已扫描的文件数目：42
已发现的病毒数目：39
完成时间： 17:33:21 总扫描时间：20 秒 (00:00:20)

注意：
[7] 该文件可能感染上未知病毒。

显示全部楼层 · 发表于 2007-9-14 17:38:05

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\42ge\35.exe]
                  …………引擎[2]发现病毒:Win32.NkHack.BDX.A
[C:\Documents and Settings\Administrator\桌面\virus\42ge\42.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\1.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\1.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\2.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\3.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\5.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\5.exe]
                  …………引擎[2]发现病毒:Win32.NkHack.FSG.A
[C:\Documents and Settings\Administrator\桌面\virus\42ge\6.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\8.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\8.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\9.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\9.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\10.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\10.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\11.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\11.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\12.exe]
                  …………引擎[3]发现Suspicious file
[C:\Documents and Settings\Administrator\桌面\virus\42ge\12.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\12.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\13.exe]
                  …………引擎[3]发现Suspicious file
[C:\Documents and Settings\Administrator\桌面\virus\42ge\13.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\13.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\14.exe]
                  …………引擎[3]发现Suspicious file
[C:\Documents and Settings\Administrator\桌面\virus\42ge\14.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\15.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\15.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\16.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\16.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\18.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\19.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\20.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\20.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\21.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\22.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\23.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\24.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\25.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\26.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\26.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\27.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\28.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\28.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\29.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\31.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\42ge\32.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\42ge\32.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:42 病毒数:4２  比重:1
OK  扫描完毕！

[ 本帖最后由 FBAV 于 2007-9-14 17:40 编辑 ]

显示全部楼层 · 发表于 2007-9-14 18:08:53

2007-9-14 18:07:16 1189764436 Administrator 2700 Sign of "Win32:Banload-CDJ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\35.exe\[Embedded#TTFZG]\[NsPack]" file.
2007-9-14 18:07:26 1189764446 Administrator 2700 Sign of "Win32:Onlinegames-BBW [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\36.exe\[UPX]" file.
2007-9-14 18:07:28 1189764448 Administrator 2700 Sign of "Win32:Agent-LLN [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\37.exe\[UPX]" file.
2007-9-14 18:07:30 1189764450 Administrator 2700 Sign of "Win32:Delf-DLH [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\38.exe" file.
2007-9-14 18:07:31 1189764451 Administrator 2700 Sign of "Win32:Onlinegames-BBV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\39.exe\[UPX]" file.
2007-9-14 18:07:33 1189764453 Administrator 2700 Sign of "Win32:Onlinegames-BBV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\40.exe\[UPX]" file.
2007-9-14 18:07:36 1189764456 Administrator 2700 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\42.exe\[Embedded#1c60]" file.
2007-9-14 18:07:37 1189764457 Administrator 2700 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\42.exe" file.
2007-9-14 18:07:39 1189764459 Administrator 2700 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\3.exe\[Embedded#1a60]" file.
2007-9-14 18:07:40 1189764460 Administrator 2700 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\3.exe" file.
2007-9-14 18:07:42 1189764462 Administrator 2700 Sign of "Win32:Delf-FKO [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\5.exe\[FSG]\[Embedded#DATEINFO]\[Upack]" file.
2007-9-14 18:07:43 1189764463 Administrator 2700 Sign of "Win32:Onlinegames-AUQ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\6.exe\[Upack]\[Embedded#9060]\[Upack]" file.
2007-9-14 18:07:44 1189764464 Administrator 2700 Sign of "Win32:WOW-IY [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\7.exe\[UPX]" file.
2007-9-14 18:07:46 1189764466 Administrator 2700 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\8.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:07:47 1189764467 Administrator 2700 Sign of "Win32:Onlinegames-BCA [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\9.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:07:48 1189764468 Administrator 2700 Sign of "Win32:Agent-LLM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\10.exe\[Upack]" file.
2007-9-14 18:07:50 1189764470 Administrator 2700 Sign of "Win32:Delf-FNI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\12.exe\[Upack]\[Embedded#MAIN]" file.
2007-9-14 18:07:51 1189764471 Administrator 2700 Sign of "Win32:Onlinegames-ALS [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\13.exe\[Upack]\[Embedded#ABCDE]" file.
2007-9-14 18:07:53 1189764473 Administrator 2700 Sign of "Win32:Autorun-BS [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\14.exe\[UPX]\[Embedded#05ef8]" file.
2007-9-14 18:07:54 1189764474 Administrator 2700 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\15.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:07:55 1189764475 Administrator 2700 Sign of "Win32:Agent-LLK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\16.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:07:57 1189764477 Administrator 2700 Sign of "Win32:Onlinegames-BBR [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\17.exe\[UPX]\[Embedded#1e60]" file.
2007-9-14 18:07:58 1189764478 Administrator 2700 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\18.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:07:59 1189764479 Administrator 2700 Sign of "Win32:Agent-ESW [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\19.exe\[UPX]" file.
2007-9-14 18:08:01 1189764481 Administrator 2700 Sign of "Win32:Agent-JOM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\20.exe\[Upack]\[Embedded#DATEINF5]\[Upack]" file.
2007-9-14 18:08:02 1189764482 Administrator 2700 Sign of "Win32:Delf-FFN [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\21.exe\[UPX]\[Embedded#52f0]" file.
2007-9-14 18:08:03 1189764483 Administrator 2700 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\22.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:08:04 1189764484 Administrator 2700 Sign of "Win32:Delf-FNI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\23.exe\[Upack]" file.
2007-9-14 18:08:06 1189764486 Administrator 2700 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\24.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:08:07 1189764487 Administrator 2700 Sign of "Win32:Agent-LLK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\27.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:08:08 1189764488 Administrator 2700 Sign of "Win32:Agent-HHK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\28.exe\[Upack]\[Embedded#DATEINF5]" file.
2007-9-14 18:08:10 1189764490 Administrator 2700 Sign of "Win32:Onlinegames-BBR [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\29.exe\[Upack]\[Embedded#4068]" file.
2007-9-14 18:08:11 1189764491 Administrator 2700 Sign of "Win32:Crypt-VA" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\30.exe" file.
2007-9-14 18:08:12 1189764492 Administrator 2700 Sign of "Win32:Delf-FNI [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\31.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-14 18:08:13 1189764493 Administrator 2700 Sign of "Win32:Agent-LLL [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\32.exe\[Upack]" file.
2007-9-14 18:08:16 1189764496 Administrator 2700 Sign of "Win32:Onlinegames-BBR [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\33.exe\[UPX]\[Embedded#1e60]" file.
2007-9-14 18:08:18 1189764498 Administrator 2700 Sign of "Win32:Onlinegames-BBY [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\42ge.rar\34.exe\[UPX]\[Embedded#2060]" file.

显示全部楼层 · 发表于 2007-9-14 18:28:02

已删除：木马程序 Trojan.Win32.Agent.bkw 文件　: D:\病毒库\42ge\1.exe//UPack
已删除：木马程序 Trojan-Spy.Win32.Delf.ago 文件　: D:\病毒库\42ge\10.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cdb 文件　: D:\病毒库\42ge\11.exe//UPack
已删除：木马程序 Trojan-Spy.Win32.Delf.abi 文件　: D:\病毒库\42ge\12.exe
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.bov 文件　: D:\病毒库\42ge\14.exe//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cew 文件　: D:\病毒库\42ge\15.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.bou 文件　: D:\病毒库\42ge\16.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.bwr 文件　: D:\病毒库\42ge\17.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cmp 文件　: D:\病毒库\42ge\18.exe//UPack
已删除：木马程序 Backdoor.Win32.Kolmat.b 文件　: D:\病毒库\42ge\19.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cnz 文件　: D:\病毒库\42ge\2.exe//UPack
已删除：木马程序 Trojan-Dropper.Win32.Agent.bvb 文件　: D:\病毒库\42ge\20.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.Delf.abt 文件　: D:\病毒库\42ge\21.exe//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cvb 文件　: D:\病毒库\42ge\22.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cmo 文件　: D:\病毒库\42ge\23.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cvn 文件　: D:\病毒库\42ge\25.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.Agent.pl 文件　: D:\病毒库\42ge\26.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.Delf.abq 文件　: D:\病毒库\42ge\27.exe//UPack
已删除：木马程序 Trojan-Dropper.Win32.Agent.bvb 文件　: D:\病毒库\42ge\28.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.bwr 文件　: D:\病毒库\42ge\29.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cfq 文件　: D:\病毒库\42ge\3.exe
已删除：木马程序 Trojan-Downloader.Win32.Small.czl 文件　: D:\病毒库\42ge\30.exe//NSPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.blb 文件　: D:\病毒库\42ge\31.exe
已删除：木马程序 Trojan-Spy.Win32.Delf.agk 文件　: D:\病毒库\42ge\32.exe//UPack
已删除：木马程序 Trojan-Dropper.Win32.Killav.f 文件　: D:\病毒库\42ge\33.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cul 文件　: D:\病毒库\42ge\34.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.Maran.kh 文件　: D:\病毒库\42ge\35.exe//#
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.ceu 文件　: D:\病毒库\42ge\36.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cev 文件　: D:\病毒库\42ge\37.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cgj 文件　: D:\病毒库\42ge\39.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.Lmir.bmi 文件　: D:\病毒库\42ge\4.exe//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cgj 文件　: D:\病毒库\42ge\40.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cur 文件　: D:\病毒库\42ge\41.exe
已删除：病毒 Heur.Invader (修改) 文件　: D:\病毒库\42ge\42.exe
已删除：木马程序 Trojan-PSW.Win32.WOW.vq 文件　: D:\病毒库\42ge\5.exe//FSG
已删除：病毒 Heur.Trojan.Generic (修改) 文件　: D:\病毒库\42ge\6.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.bjn 文件　: D:\病毒库\42ge\7.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cew 文件　: D:\病毒库\42ge\8.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.cey 文件　: D:\病毒库\42ge\9.exe//UPack

显示全部楼层 · 发表于 2007-9-14 20:01:44

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 4814
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\35.exe - Suspicious of MalwareSpy.Win32.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder\36.exe - Infected with PDB-614 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\37.exe - Infected with PDB-b38 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\38.exe - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder\39.exe - Infected with PDB-f6c Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\40.exe - Infected with PDB-f6c Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\41.exe - Suspicious of Trojan-PSW.OnLineGames.1
C:\Documents and Settings\uhthn\Desktop\New Folder\42.exe - Suspicious of Trojan-PSW.OnLineGames.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\2.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\3.exe - Infected with PDB-4a0 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\4.exe - Infected with PDB-191 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\5.exe - Infected with PDB-418 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\6.exe - Infected with PDB-792 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\7.exe - Infected with PDB-7a2 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\8.exe - Infected with PDB-aa5 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\9.exe - Infected with PDB-abd Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\10.exe - Infected with PDB-176 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\11.exe - Infected with PDB-9cd Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\12.exe - Infected with PDB-443 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\13.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\14.exe - Infected with Win32.PDB-16e Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\15.exe - Infected with PDB-82e Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\16.exe - Infected with PDB-684 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\17.exe - Infected with PDB-3be Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\18.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\19.exe - Infected with Win32.PDB-a89 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\20.exe - Infected with PDB-aa5 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\21.exe - Infected with Win32.PDB-bfd Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\22.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\23.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\24.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\25.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\26.exe - Infected with PDB-b42 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\27.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\28.exe - Infected with PDB-50c Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\29.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\30.exe - Infected with MalwareSpy.PDB-a43 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\31.exe - Infected with PDB-035 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\32.exe - Infected with PDB-e99 Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\33.exe - Infected with PDB-61d Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\34.exe - Infected with PDB-bb4 Malware program - Deleted

42 Files scanned
28 Infected files found
14 Suspicious files found
0 Files cured
28 Files deleted

显示全部楼层 · 发表于 2007-9-14 20:05:36

已知的不贴了
微点：
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\4.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DAT9.TMP
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\6.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\NETMEETING\RAVWDMON.EXE
2) C:\PROGRAM FILES\NETMEETING\RAVWDMON.DAT
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\10.EXE
1) C:\DFD776125.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\10.EXE
1) C:\DFD776125.BAT
是否删除可疑程序?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\35.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MUPDATE.EXE
2) C:\WINDOWS.0\MSDATA.DLL
是否删除木马程序及其衍生物?
程序:
C:\WINDOWS.0\SYSTEM32\CRSSS.EXE
由
C:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\CRSSS.EXE
2) C:\GHO.EXE
3) C:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
C:\GHO.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\38.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\41.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\MPPDS.EXE
2) C:\WINDOWS.0\SYSTEM32\MPPDS.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\42GE\42.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\UPXDND.EXE
2) C:\WINDOWS.0\SYSTEM32\UPXDND.DLL
是否删除木马程序及其衍生物?

1是不是死的捏

显示全部楼层 · 发表于 2007-9-14 20:06:11

[病毒样本] 一大包42个！

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源