一包

shaw530

D:\av\zx.zip >>ZIP >>zx.exe - 可能是 Win32/Genetik 木马 的一个变种
D:\av\zx.zip >>ZIP >>2.exe - Win32/PSW.OnLineGames.NEN 木马的变种
D:\av\zx.zip >>ZIP >>arp.exe - Win32/Delf.AWY 木马
D:\av\zx.zip >>ZIP >>cq.exe - 可能是 Win32/PSW.OnLineGames.NEP 木马 的一个变种
D:\av\zx.zip >>ZIP >>dh.exe - Win32/PSW.OnLineGames.NEN 木马的变种
D:\av\zx.zip >>ZIP >>jh.exe - 可能是 Win32/PSW.OnLineGames.NEN 木马 的一个变种
D:\av\zx.zip >>ZIP >>mh.exe - 可能是 Win32/PSW.OnLineGames.NEN 木马 的一个变种
D:\av\zx.zip >>ZIP >>my.exe - 可能是 Win32/Genetik 木马 的一个变种
D:\av\zx.zip >>ZIP >>wl.exe - 可能是 Win32/Genetik 木马 的一个变种
D:\av\zx.zip >>ZIP >>wmgj.exe - 可能是 Win32/PSW.OnLineGames.NEP 木马 的一个变种
D:\av\zx.zip >>ZIP >>wow.exe - 可能是 Win32/PSW.OnLineGames.NEP 木马 的一个变种
D:\av\zx.zip >>ZIP >>zt.exe - 可能是 Win32/PSW.OnLineGames.NEP 木马 的一个变种
已扫描的文件数目：14
已发现的病毒数目：12


NOD32

残缺的唯美

D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » dh.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » cq.exe - probably a variant of Win32/PSW.OnLineGames.NEP trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » arp.exe - Win32/Delf.AWY trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » 2.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » zx.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » wl.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » my.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » mh.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » jh.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip - multiple threats - deleted - quarantined
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » zt.exe - probably a variant of Win32/PSW.OnLineGames.NEP trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » wow.exe - probably a variant of Win32/PSW.OnLineGames.NEP trojan
D:\Documents and Settings\EKINCHENG\桌面\zx.zip » ZIP » wmgj.exe - probably a variant of Win32/PSW.OnLineGames.NEP trojan

motnahp

2007-9-18        phantom22:00:25        1190124025        phantom        3172        Sign of "Win32:Delf-FVM [Trj]" has been found in "G:\Downloads\zx.zip\zx.exe\[Upack]\[Embedded#MUSIC]" file.  
2007-9-18        phantom22:00:30        1190124030        phantom        3172        Sign of "Win32:Agent-LLK [Trj]" has been found in "G:\Downloads\zx.zip\2.exe\[Upack]\[Embedded#MUSIC]" file.  
2007-9-18        phantom22:00:32        1190124032        phantom        3172        Sign of "Win32:Delf-DXA [Trj]" has been found in "G:\Downloads\zx.zip\arp.exe\[NsPack]\[Embedded#MYEXE2]" file.  
2007-9-18        phantom22:00:34        1190124034        phantom        3172        Sign of "Win32:Onlinegames-AUA [Trj]" has been found in "G:\Downloads\zx.zip\cq.exe\[Upack]\[Embedded#9060]\[Upack]" file.  
2007-9-18        phantom22:00:36        1190124036        phantom        3172        Sign of "Win32:Agent-GEO [Trj]" has been found in "G:\Downloads\zx.zip\cqsj.exe\[NsPack]\[Embedded#09120]" file.  
2007-9-18        phantom22:00:37        1190124037        phantom        3172        Sign of "Win32:Delf-FNI [Trj]" has been found in "G:\Downloads\zx.zip\dh.exe\[Upack]" file.  
2007-9-18        phantom22:00:39        1190124039        phantom        3172        Sign of "Win32:Delf-FVM [Trj]" has been found in "G:\Downloads\zx.zip\wl.exe\[Upack]\[Embedded#MUSIC]" file.  
2007-9-18        phantom22:00:40        1190124040        phantom        3172        Sign of "Win32:Onlinegames-BBH [Trj]" has been found in "G:\Downloads\zx.zip\wmgj.exe\[Upack]\[Embedded#5060]\[Upack]" file.  
2007-9-18        phantom22:00:41        1190124041        phantom        3172        Sign of "Win32:Onlinegames-BBH [Trj]" has been found in "G:\Downloads\zx.zip\wow.exe\[Upack]\[Embedded#9060]\[Upack]" file.  



反病毒专家 AntiVirusKit 2006 扫描病毒日志记录
版本 16.0.7
双引擎反病毒签名 2007-9-18
开始时间: 2007-9-18 phantom22:02
引擎: KAV 引擎 (AVK 17.7845), BD 引擎 (BD 17.5161)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: 2.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.QQPass.bau (KAV 引擎), DeepScan:Generic.Dld.Agent.6943524C (BD 引擎)
对象: arp.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Backdoor.Win32.Delf.bmo (KAV 引擎), MemScan:Trojan.Spy.Pcapbased.A (BD 引擎)
对象: dh.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.OnLineGames.czm (KAV 引擎), DeepScan:Generic.Dld.Agent.0E02279A (BD 引擎)
对象: jh.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.Delf.bak (KAV 引擎), DeepScan:Generic.Dld.Agent.6F994153 (BD 引擎)
对象: mh.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.OnLineGames.cnz (KAV 引擎), DeepScan:Generic.Dld.Agent.4289B265 (BD 引擎)
对象: wl.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.OnLineGames.cvy (KAV 引擎), Generic.Malware.SBdldg.157D8608 (BD 引擎)
对象: zt.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Trojan.Win32.Obfuscated.hv (KAV 引擎), BehavesLike:Win32.ExplorerHijack (BD 引擎)
对象: zx.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: Generic.Malware.SBdldg.B53B98A7 (BD 引擎)
对象: cq.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: BehavesLike:Win32.ExplorerHijack (BD 引擎)
对象: cqsj.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: GenPack:Trojan.Dldr.Agent.AWZ (BD 引擎)
对象: my.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: DeepScan:Generic.Dld.Agent.8C36A49F (BD 引擎)
对象: qj.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: DeepScan:Generic.PWS.Games.1.964FC6C7 (BD 引擎)
对象: wmgj.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: BehavesLike:Win32.ExplorerHijack (BD 引擎)
对象: wow.exe
        在压缩档案里: G:\Downloads\zx.zip
        Status: 已发现病毒
        病毒: BehavesLike:Win32.ExplorerHijack (BD 引擎)
对象: zx.zip
        路径: G:\Downloads
        Status: 病毒文件已删除
        病毒: Trojan-PSW.Win32.QQPass.bau, Backdoor.Win32.Delf.bmo, Trojan-PSW.Win32.OnLineGames.czm, Trojan-PSW.Win32.Delf.bak, Trojan-PSW.Win32.OnLineGames.cnz, Trojan-PSW.Win32.OnLineGames.cvy, Trojan.Win32.Obfuscated.hv (KAV 引擎), Generic.Malware.SBdldg.B53B98A7, DeepScan:Generic.Dld.Agent.6943524C, MemScan:Trojan.Spy.Pcapbased.A, BehavesLike:Win32.ExplorerHijack (4x), GenPack:Trojan.Dldr.Agent.AWZ, DeepScan:Generic.Dld.Agent.0E02279A, DeepScan:Generic.Dld.Agent.6F994153, DeepScan:Generic.Dld.Agent.4289B265, DeepScan:Generic.Dld.Agent.8C36A49F, DeepScan:Generic.PWS.Games.1.964FC6C7, Generic.Malware.SBdldg.157D8608 (BD 引擎)
扫描完成: 2007-9-18 phantom22:02
    已检查 1 个文件
    已发现 1 个染毒文件

欠妳緈諨

杀13

rest1min

KV2007杀掉8个。

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\zx.zip'
C:\Documents and Settings\Administrator\My Documents\
  zx.zip
    [0] Archive type: ZIP
    --> zx.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 2.exe
        [DETECTION] Is the Trojan horse TR/PSW.QQPass.bau
        [WARNING]   Infected files in archives cannot be repaired!
    --> arp.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> cq.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> cqsj.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> dh.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.czm
        [WARNING]   Infected files in archives cannot be repaired!
    --> jh.exe
        [DETECTION] Is the Trojan horse TR/PSW.Delf.bak
        [WARNING]   Infected files in archives cannot be repaired!
    --> mh.exe
        [DETECTION] Is the Trojan horse TR/Hijack.12462.B
        [WARNING]   Infected files in archives cannot be repaired!
    --> my.exe
        [DETECTION] Is the Trojan horse TR/Agent.13191
        [WARNING]   Infected files in archives cannot be repaired!
    --> qj.exe
        [DETECTION] Is the Trojan horse TR/PSW.10528
        [WARNING]   Infected files in archives cannot be repaired!
    --> wl.exe
        [DETECTION] Is the Trojan horse TR/Agent.12716.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> wmgj.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> wow.exe
        [DETECTION] Is the Trojan horse TR/Hijack.Explor.4376
        [WARNING]   Infected files in archives cannot be repaired!
    --> zt.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年9月18日  07:54
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
     15 Files were scanned
     12 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
     15 Warnings
      0 Notes

motnahp

你怎么杀的比我多，难道是因为我这两天没更新啊

yurius

铁壳12个

Infostealer,不操作,1,zt.exe
Infostealer,不操作,1,wow.exe
Infostealer,不操作,1,wmgj.exe
Infostealer.Gampass,不操作,1,wl.exe
Infostealer.Gampass,不操作,1,my.exe
Infostealer.Gampass,不操作,1,mh.exe
Infostealer.Gampass,不操作,1,jh.exe
Infostealer.Gampass,不操作,1,dh.exe
Infostealer,不操作,1,cq.exe
Trojan Horse,不操作,1,arp.exe
Infostealer.Gampass,不操作,1,2.exe
Infostealer.Gampass,不操作,1,zx.exe

gordon168

小飞侠.net

试试新版费尔查杀结果