一包13个!

显示全部楼层 · 发表于 2007-9-19 22:56:52

D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 4.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 3.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 2.exe - a variant of Win32/PSW.OnLineGames.YA trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 1.exe - probably a variant of Win32/AutoRun.Q worm
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 8.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 7.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 6.exe - a variant of Win32/PSW.OnLineGames.YA trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 5.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip - multiple threats - deleted - quarantined
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 13.exe - Win32/TrojanDownloader.SMW.A trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 12.exe - Win32/Delf.NFD trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 11.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 10.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
D:\Documents and Settings\EKINCHENG\桌面\13.zip » ZIP » 9.exe » FSG v2.0 - internal error

显示全部楼层 · 发表于 2007-9-19 22:57:23

Result: 12 malware found
Trojan-PSW.Win32.OnLineGames.czj (virus)
I:\13.zip\1.exe
Trojan-PSW.Win32.OnLineGames.dbw (virus)
I:\13.zip\2.exe
Trojan-PSW.Win32.OnLineGames.dcz (virus)
I:\13.zip\3.exe
Trojan-PSW.Win32.Delf.bao (virus)
I:\13.zip\4.exe
Trojan-PSW.Win32.OnLineGames.cwa (virus)
I:\13.zip\5.exe
Trojan-PSW.Win32.OnLineGames.cav (virus)
I:\13.zip\6.exe
Trojan-PSW.Win32.Delf.bap (virus)
I:\13.zip\7.exe
Trojan-PSW.Win32.OnLineGames.dbq (virus)
I:\13.zip\8.exe
Trojan-PSW.Win32.OnLineGames.czk (virus)
I:\13.zip\10.exe
Trojan-PSW.Win32.OnLineGames.dcu (virus)
I:\13.zip\11.exe
Backdoor.Win32.Delf.awy (virus)
I:\13.zip\12.exe
Trojan-Downloader.Win32.Delf.aas (virus)
I:\13.zip\13.exe

显示全部楼层 · 发表于 2007-9-19 22:57:49

13个

显示全部楼层 · 发表于 2007-9-19 22:58:42

Scan performed at: 2007-9-19 22:58:32
Scanning Log
NOD32 version 2540 (20070919) NT
Command line: C:\Documents and Settings\Don johnson\桌面\13.zip
Operating memory - is OK

Date: 19.9.2007 Time: 22:58:36
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\13.zip
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?1.exe - probably a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?2.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?3.exe - probably a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?4.exe - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?5.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?6.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?7.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?8.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?10.exe - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?11.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?12.exe - Win32/Delf.NFD trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\13.zip ?ZIP ?13.exe - Win32/TrojanDownloader.SMW.A trojan - was a part of the deleted object
Number of scanned files: 14
Number of threats found: 12
Number of files cleaned: 1
Time of completion: 22:58:38 Total scanning time: 2 sec (00:00:02)

显示全部楼层 · 发表于 2007-9-19 22:59:24

13
detected: Trojan program Trojan-PSW.Win32.OnLineGames.czj File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/1.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dbw File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/2.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dcz File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/3.exe
detected: Trojan program Trojan-PSW.Win32.Delf.bao File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/4.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cwa File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/5.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cav File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/6.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.Delf.bap File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/7.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dbq File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/8.exe//UPack
detected: Trojan program Trojan-PSW.Win32.WOW.xj File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/9.exe//FSG//#//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.czk File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/10.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dcu File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/11.exe//UPack
detected: Trojan program Backdoor.Win32.Delf.awy File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/12.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.aas File: C:\Documents and Settings\Owner\×ÀÃæ\13.zip/13.exe//UPX

显示全部楼层 · 发表于 2007-9-19 23:50:02

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 132
Paranoia Database - 5370
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\1.exe - Infected with SDB:Win32.Trojan-PSW.QQPass.bam - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\2.exe - Infected with SDB:Trojan-PSW.OnLineGames.dbw - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\3.exe - Infected with SDB:Trojan-PSW.OnLineGames.wt - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder\4.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\5.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\6.exe - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\7.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\8.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\9.exe - Suspicious of Trojan-PSW.Game.2
C:\Documents and Settings\uhthn\Desktop\New Folder\10.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\11.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\12.exe - Suspicious of Win32.Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder\13.exe - Infected with PDB:Win32.60a Malware program - Deleted

13 Files scanned
4 Infected files found
9 Suspicious files found
0 Files cured
4 Files deleted

显示全部楼层 · 发表于 2007-9-20 01:47:25

symantec 9

Hacktool.Spoofer,不操作,1,12.exe
Infostealer.Gampass,不操作,1,11.exe
Infostealer.Gampass,不操作,1,10.exe
Infostealer.Gampass,不操作,1,8.exe
Infostealer.Gampass,不操作,1,7.exe
Infostealer.Gampass,不操作,1,6.exe
Infostealer.Gampass,不操作,1,5.exe
Infostealer.Gampass,不操作,1,4.exe
Infostealer.QQRob.A,不操作,1,1.exe

显示全部楼层 · 发表于 2007-9-20 01:51:08

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\13.zip'
C:\Documents and Settings\Administrator\桌面\13.zip
  [0] Archive type: ZIP
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.czv
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 3.exe
   [DETECTION] Contains detection pattern of the dropper DR/Cinmus.RJ
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.bao
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Agent.12784.1
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/PSW.Delf.bap
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/Agent.11574
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.czk
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.dcu
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    The file was deleted!

End of the scan: 2007年9月20日  01:51
Used time: 00:23 min

The scan has been done completely.

显示全部楼层 · 发表于 2007-9-20 08:29:03

2007-9-20 8:28:22 1190248102 Administrator 264 Sign of "Win32:Autorun-BS [Wrm]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\1.exe\[UPX]\[Embedded#05ef8]" file.
2007-9-20 8:28:27 1190248107 Administrator 264 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\3.exe\[Embedded#1c60]" file.
2007-9-20 8:28:27 1190248107 Administrator 264 Sign of "Win32:Onlinegames-BBZ [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\3.exe" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\4.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\5.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Onlinegames-BBY [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\6.exe\[UPX]\[Embedded#1e60]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\7.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\8.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Delf-CSK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\9.exe" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Onlinegames-BCC [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\10.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Delf-FVM [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\11.exe\[Upack]\[Embedded#MUSIC]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Delf-DXA [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\12.exe\[Embedded#EXE]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\12.exe\[Embedded#DLL]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Small-GXN [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\12.exe\[Embedded#DLL]" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Delf-FWD [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\12.exe" file.
2007-9-20 8:28:28 1190248108 Administrator 264 Sign of "Win32:Downloader-LL [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\13.zip\13.exe" file.

小a报12个漏掉一个2.exe

[病毒样本] 一包13个!

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块