下载者及其产物18只

显示全部楼层 · 发表于 2007-9-21 20:02:56

[MD5: CF057B 4ACC8E B74DB9 E93F4D 6E8EC8 56AA0A 325D3A E4FECF DCCDFC 725A7F 9C76A0 88075D 348D1C 8E7297 9099EB ACE5B9 EC562A D6CC2C]

显示全部楼层 · 发表于 2007-9-21 20:04:39

D:\download\virusscan\18.rar:\avpzx.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\18.rar:\ravztmon.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\18.rar:\1.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\18.rar:\10.exe - Signature 'Generic.PWS.Games.1' found
D:\download\virusscan\18.rar:\11.exe - Signature 'Virus.Win32.AutoRun.bs' found
D:\download\virusscan\18.rar:\12.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\18.rar:\2.exe - Signature 'Generic.PWS.Games.2' found
D:\download\virusscan\18.rar:\3.exe - Signature 'Trojan-Spy.Win32.Bancos.ha' found
D:\download\virusscan\18.rar:\5.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\virusscan\18.rar:\WinSys64.Sys - Signature 'Trojan-Proxy.Win32.Delf.AN' found
D:\download\virusscan\18.rar:\8.exe - Signature 'Trojan-Spy.Win32.Bancos.ha' found
D:\download\virusscan\18.rar:\9.exe - Signature 'Trojan-Spy.Win32.Bancos.ha' found
D:\download\virusscan\18.rar:\kvdxcma.dll - Signature 'Trojan-Downloader.Agent.YJA' found
D:\download\virusscan\18.rar:\rsmyapm.dll - Signature 'Trojan-Spy.Win32.Delf.uv' found
D:\download\virusscan\18.rar:\avwlamn.dll - Signature 'Trojan-Spy.Win32.Delf.uv' found
D:\download\virusscan\18.rar:\uaulcq.dll - Signature 'Backdoor.Win32.PcClient.LH' found
D:\download\virusscan\18.rar:\uaulcq.sys
D:\download\virusscan\18.rar:\ma.exe - Signature 'Trojan.Win32.KillAV.EX' found
D:\download\virusscan\18.rar

19 Files scanned
(1 Archiv with 18 files)
17 Signatures found
0 Suspect code-parts found
Used time: 0:00.461

level=30 嘿嘿

显示全部楼层 · 发表于 2007-9-21 20:08:11

原帖由 jimmyleo 于 2007-9-21 20:04 发表
D:\download\virusscan\18.rar:\avpzx.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\18.rar:\ravztmon.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\downlo ...

看见阿米了。。。。。。。。。。

Scanning Log
NOD32 version 2543 (20070921) NT
Command line: R:\??.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Date: 21.9.2007  Time: 20:03:42
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\??.rar
R:\??.rar ?RAR ?avpzx.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\??.rar ?RAR ?ravztmon.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\??.rar ?RAR ?1.exe - probably a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?10.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?11.exe - probably a variant of  ?
?Win32/AutoRun.Q worm
R:\??.rar ?RAR ?12.exe - probably a variant of Win32/PSW. ?
?OnLineGames.NEP trojan
R:\??.rar ?RAR ?2.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?3.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?5.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?WinSys64.Sys - probably a variant of  ?
?Win32/AutoRun.Q worm
R:\??.rar ?RAR ?8.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?9.exe - probably a variant of  ?
?Win32/Genetik trojan
R:\??.rar ?RAR ?kvdxcma.dll - a variant of Win32/PSW. ?
?OnLineGames.NEN trojan
R:\??.rar ?RAR ?rsmyapm.dll - probably a variant of  ?
?Win32/PSW.OnLineGames.NEN trojan
R:\??.rar ?RAR ?uaulcq.sys - probably unknown NewHeur_PE  ?
?virus [7]
R:\??.rar ?RAR ?ma.exe - probably unknown NewHeur_PE  ?
?virus [7]
Number of scanned files: 18
Number of threats found: 16
Time of completion: 20:03:45 Total scanning time: 3 sec  ?
?(00:00:03)
Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-9-21 20:08:37

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\655656\avpzx.exe]
                  …………发现Spy！报告: [4] [1]
文件信息:  大小:14164  MD5:cf057bda953d8eeeb5d5b8f3bb892206

[C:\Documents and Settings\Administrator\桌面\virus\655656\ravztmon.exe]
                  …………发现Spy！报告: [4] [2] [1]
文件信息:  大小:17260  MD5:4acc8ed078697e8ab4abf6e5dc3cd4ea

[C:\Documents and Settings\Administrator\桌面\virus\655656\1.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:13156  MD5:b74db91efd859c7213ddfd92cd945fd7

[C:\Documents and Settings\Administrator\桌面\virus\655656\11.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:33388  MD5:6e8ec84fa3b41c9d724f01bea099b6f2

[C:\Documents and Settings\Administrator\桌面\virus\655656\12.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:10788  MD5:56aa0ae25fe0f0a76f11e605f22a95ab

[C:\Documents and Settings\Administrator\桌面\virus\655656\3.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:12806  MD5:e4fecf19d705e0eea745a96a079cb870

[C:\Documents and Settings\Administrator\桌面\virus\655656\5.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:22666  MD5:dccdfc2644569166c5214c7678b191a7

[C:\Documents and Settings\Administrator\桌面\virus\655656\WinSys64.Sys]
                  …………发现Spy！报告: [4]
文件信息:  大小:47724  MD5:725a7f8bab15b7d1ac2eff739933f6cd

[C:\Documents and Settings\Administrator\桌面\virus\655656\8.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:13216  MD5:9c76a01238f1c1adb2fc57c4d24694ea

[C:\Documents and Settings\Administrator\桌面\virus\655656\9.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:12077  MD5:88075df936c9f3f9383ed887e5c6a5b0

[C:\Documents and Settings\Administrator\桌面\virus\655656\kvdxcma.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:17508  MD5:348d1c2462938f13b192e61b20d01164

[C:\Documents and Settings\Administrator\桌面\virus\655656\rsmyapm.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:21064  MD5:8e729751fd37d3f91065b255937d139a

[C:\Documents and Settings\Administrator\桌面\virus\655656\avwlamn.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:21606  MD5:9099ebaff533538753b0eef82c634de9

文件数:18 病毒数:13  比重:0.7222222222222
OK  扫描完毕！
  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

郁闷

[ 本帖最后由 FBAV 于 2007-9-21 20:10 编辑 ]

显示全部楼层 · 发表于 2007-9-21 20:09:52

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.OnlineGames.yln
病毒： Worm.Win32.PaBug.q
病毒： Trojan.PSW.Win32.NSword.br
病毒： Worm.Win32.PaBug.q
病毒： Trojan.PSW.Win32.RocOnline.ej
病毒： Trojan.PSW.Win32.XYOnline.iq
病毒： Trojan.PSW.Win32.XYOnline.ip
病毒： Trojan.PSW.Win32.RocOnline.ej

MAC地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：19.41.42

显示全部楼层 · 发表于 2007-9-21 20:14:53

呵呵!!!!!!!!!11

显示全部楼层 · 发表于 2007-9-21 20:15:03

样本.rar
  [0] Archive type: RAR
  --> avpzx.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
  --> ravztmon.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.cqb
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/PSW.WOW.XM
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLine.ddm.1
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.czv
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Hijack.Explor.4377
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLine.ddm.1
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.bxi
  --> 5.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> WinSys64.Sys
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.czv
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.dem
  --> 9.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> kvdxcma.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> rsmyapm.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> avwlamn.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> uaulcq.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> ma.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Soael
   [WARNING] The file was ignored!

End of the scan: 2007年9月21日  20:16
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   19 Files were scanned
   12 viruses and/or unwanted programs were found
   5 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-9-21 20:26:26

干嘛啊风野？

显示全部楼层 · 发表于 2007-9-21 20:26:26

卡巴 7.0.1.222 高启发
13个

已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: F:\病毒样本\样本.rar/12.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Downloader.Win32.Small.fsl 文件: F:\病毒样本\样本.rar/ma.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-Dropper.Win32.Agent.bxi 文件: F:\病毒样本\样本.rar/3.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.cqb 文件: F:\病毒样本\样本.rar/ravztmon.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.czj 文件: F:\病毒样本\样本.rar/11.exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.czv 文件: F:\病毒样本\样本.rar/WinSys64.Sys
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.del 文件: F:\病毒样本\样本.rar/avpzx.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.dem 文件: F:\病毒样本\样本.rar/8.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.dem 文件: F:\病毒样本\样本.rar/rsmyapm.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.dfs 文件: F:\病毒样本\样本.rar/9.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.dfs 文件: F:\病毒样本\样本.rar/kvdxcma.dll
已删除: 木马程序 Trojan-PSW.Win32.WOW.xm 文件: F:\病毒样本\样本.rar/1.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Spy.Win32.Delf.aji 文件: F:\病毒样本\样本.rar/avwlamn.dll

显示全部楼层 · 发表于 2007-9-21 20:33:25

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 164
Paranoia Database - 5417
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avpzx.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ravztmon.exe - Infected with PDB:84a Malware program - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\10.exe - Suspicious of Trojan-Downloader.Small.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\11.exe - Infected with SDB:Win32.Trojan-PSW.QQPass.bam - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\12.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\2.exe - Suspicious of Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\3.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\5.exe - Infected with SDB:Trojan-PSW.Delf.abz - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\WinSys64.Sys - Infected with SDB:Win32.Trojan-PSW.QQPass.bam - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\8.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\9.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\kvdxcma.dll - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\rsmyapm.dll - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avwlamn.dll - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\uaulcq.dll - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\uaulcq.sys - OK
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ma.exe - Suspicious of Win32.Trojan-PSW.Game.1

18 Files scanned
4 Infected files found
13 Suspicious files found
0 Files cured
4 Files deleted

[病毒样本] 下载者及其产物18只

本帖子中包含更多资源

31/8

回复 3楼风野胤的帖子

[病毒样本] 下载者及其产物18只

本帖子中包含更多资源

31/8

回复 3楼 风野胤 的帖子

回复 3楼风野胤的帖子