24只，全部过卡6扫描，15个过卡7扫描.MD5不扫了

wangjay1980

如题，偶已经上报卡巴

[ 本帖最后由 wangjay1980 于 2007-9-19 10:36 编辑 ]

lsyer

--> qjsj.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 1(1)(3).exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
  --> 1(2)(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 1(3).exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
  --> 01mh.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 2.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 3(2)(1).exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
  --> 5(1)(1).exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 5(1)(2)(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 5(1)(2).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 5(3).exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 5.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 05gj.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
  --> 8(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 8(3).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 10(2).exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 10.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 12.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 15(1).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 15(2).exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 15.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> Chajian_005.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> hx2.exe
      [DETECTION] Contains suspicious code HEUR/Malware

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\24.zip'
C:\Documents and Settings\Administrator\My Documents\
  24.zip
    [0] Archive type: ZIP
    --> mminstall.exe
    --> qjsj.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1(1)(3).exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1(2)(1).exe
        [DETECTION] Is the Trojan horse TR/PSW.19634
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1(3).exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
        [WARNING]   Infected files in archives cannot be repaired!
    --> 01mh.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 2.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 3(2)(1).exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLine.agb.2
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5(1)(1).exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5(1)(2)(1).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5(1)(2).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5(3).exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 05gj.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> 8(1).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 8(3).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 10(2).exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 10.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> 12.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 15(1).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 15(2).exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 15.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> Chajian_005.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> hx2.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年9月18日  19:27
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
     25 Files were scanned
     10 viruses and/or unwanted programs were found
     13 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     15 Files not concerned
      1 Archives were scanned
     24 Warnings
      0 Notes

七少

费尔报

kp2006

  !删除本帖

[ 本帖最后由 kp2006 于 2007-9-19 10:43 编辑 ]

miss100

2007-9-19 10:32:28    Scanning Log
2007-9-19 10:32:28    Version of virus signature database: 2539 (20070918)
2007-9-19 10:32:28    Date: 19.9.2007  Time: 10:32:28
2007-9-19 10:32:28    Scanned disks, folders and files: F:\virus\24
2007-9-19 10:32:47    F:\virus\24\01mh.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:32:54    F:\virus\24\05gj.exe - probably a variant of Win32/PSW.OnLineGames.NEP trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:02    F:\virus\24\1(1)(3).exe - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:07    F:\virus\24\1(3).exe - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:10    F:\virus\24\10(2).exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:13    F:\virus\24\10.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:17    F:\virus\24\12.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:24    F:\virus\24\15(1).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:33    F:\virus\24\15(2).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:36    F:\virus\24\15.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:40    F:\virus\24\2.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:46    F:\virus\24\3(2)(1).exe - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:33:47    F:\virus\24\5(1)(1).exe » FSG v2.0 - internal error
2007-9-19 10:33:55    F:\virus\24\5(1)(2)(1).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:01    F:\virus\24\5(1)(2).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:02    F:\virus\24\5(3).exe » FSG v2.0 - internal error
2007-9-19 10:34:06    F:\virus\24\8(1).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:09    F:\virus\24\8(3).exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:15    F:\virus\24\hx2.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:20    F:\virus\24\mminstall.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007-9-19 10:34:21    Number of scanned objects: 24
2007-9-19 10:34:21    Number of threats found: 18
2007-9-19 10:34:21    Time of completion: 10:34:21  Total scanning time: 113 sec (00:01:53)
2007-9-19 10:34:21   
2007-9-19 10:34:21    Notes:
2007-9-19 10:34:21    [1] Object has been deleted as it contained only the virus body.

xiaotuzi

微点只漏杀一个

kp2006

avast!报19

欠妳緈諨

我来点具体的

wangjay1980

Win32/Genetik 真的好强啊，多开发几个就可以和红伞较劲了

卡巴多会也来几个

Hello,

01mh.exe_,
8(1).exe_,
8(3).exe_ - Trojan-PSW.Win32.OnLineGames.ddi,

05gj.exe_ - Trojan-PSW.Win32.OnLineGames.ddj,

1(2)(1).exe_ - Trojan.Win32.Agent.bnz,

12.exe_ - Trojan-PSW.Win32.OnLineGames.ddk,

15(1).exe_,
15(2).exe_,
15.exe_,
hx2.exe_ - Trojan-PSW.Win32.OnLineGames.ddl,

2.exe_ - Trojan-PSW.Win32.OnLineGames.ddm,

5(1)(1).exe_,
5(3).exe_ - Trojan-PSW.Win32.WOW.xj,

5(1)(2)(1).exe_,
5(1)(2).exe_ - Trojan-PSW.Win32.OnLineGames.ddp,

5.exe_ - Trojan-PSW.Win32.Agent.qw,

Chajian_005.exe_ - Trojan-Downloader.Win32.Satray.o,

mminstall.exe_ - Trojan.Win32.Agent.boa,

qjsj.exe_ - Trojan-PSW.Win32.Delf.abz

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

1(1)(3).exe_,
1(3).exe_,
3(2)(1).exe_ - Trojan-PSW.Win32.OnLineGames.ddd,

10(2).exe_,
10.exe_ - Trojan-PSW.Win32.OnLineGames.dbw

These files are already detected. Please update your antivirus bases.

Please quote all when answering.

--
Best regards, Dmitry Shvetsov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: 24.zip


[ 本帖最后由 wangjay1980 于 2007-9-19 12:24 编辑 ]