23个【MD5略】

显示全部楼层 · 发表于 2007-10-1 14:53:28

茶五个？那就有两个答案，是那个？

显示全部楼层 · 发表于 2007-10-1 15:00:32

原帖由 wangjay1980 于 2007-10-1 16:23 发表
茶五个？那就有两个答案，是那个？

显示全部楼层 · 发表于 2007-10-1 15:01:15

真的是O

显示全部楼层 · 发表于 2007-10-1 15:07:34

是些什么东东，怎么会0呢？

显示全部楼层 · 发表于 2007-10-1 15:38:48

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\2(1)(2).EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\UPXDND.EXE
2) C:\WINDOWS.0\SYSTEM32\UPXDND.DLL
是否删除木马程序及其衍生物?
木马名称:Trojan-PSW.Win32.OnLineGames.oez

程序:
C:\WINDOWS.0\SYSTEM32\MSRAV.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\03MS.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\4(1).EXE
1) C:\DFD6389953.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\6.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MSAVP.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\6.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MSAVP.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\7(1)(2).EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\7(2)(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.ofh

程序:
C:\WINDOWS.0\SYSTEM32\MSAVP.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\11(1)(1).EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\11(1).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\11WD.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\MSRAV.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\12(1)(1).EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN75.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS74.SYS
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\12(2).EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\18(1).EXE
1) C:\DFD6483406.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\MH(1).EXE
1) C:\DFD6491593.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\MH.EXE
1) C:\DFD6501593.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\MOON.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\911F383F.EXE
2) C:\WINDOWS.0\SYSTEM32\86481180.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\MOYU.EXE
1) C:\DFD6548140.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\MS.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\QDSHM.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\QIJI.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\QIJI.DLL
2) C:\WINDOWS.0\SOURRO.EXE
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\WINDOWS.0\SYSTEM32\MSAVP.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\TEMPI.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\TEMPL.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\QQ.EXE
由
E:\AUTORUN.INF
自启动运行!
并生成以下文件:
1) E:\AUTORUN.EXE
2) E:\AUTORUN.INF
以及可由此INF文件引导自启的文件:
E:\AUTORUN.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\23\WXPSETUP204.EXE
木马程序生成以下文件:
1) C:\DWNSETUP\JSHELP.EXE
2) C:\WINDOWS.0\SYSTEM32\JSHELP.EXE
3) C:\WINDOWS.0\SYSTEM32\JSSHOW.DLL
4) C:\WINDOWS.0\SYSTEM32\DRIVERS\JSSHOW.DRV
5) C:\WINDOWS.0\SYSTEM32\DRIVERS\JSHELP.DRV
6) C:\DWNSETUP\JSSHOW.DLL
是否删除木马程序及其衍生物?

上报mminstall.exe

显示全部楼层 · 发表于 2007-10-1 15:55:05

扫描0个，主动防御却全都拦截了
贴个mminstall的图

显示全部楼层 · 发表于 2007-10-1 17:17:07

TrustPort Antivirus On-Demand Scanner

   Status       Quarantined
   Target       G:\v\23.zip
                           Options
                                             , Requested action: Move to quarantine, Excluded extensions
                           disabled, Excluded objects disabled, Heuristics enabled, Sandbox enabled,
                           Scan archives

            Statistics       Details

                                                Files             Boot sectorsRegistry key

                           Scanned             27                      0                            0
                           Infected             5                      0                            0
                           Repaired             0                      0                            0
                           Renamed             0                      -                            -
                        Quarantined             1                      -                            -
                              Deleted             0                      -                            0

显示全部楼层 · 发表于 2007-10-1 20:47:12

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 279
Paranoia Database - 6309
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\tempL.exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\wxpSetup204.txt - Suspicious file
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\2(1)(2).exe - Infected with SDB:Trojan-PSW.OnLineGames.8 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\03ms.exe - Infected with SDB:Trojan-Spy.Delf.2 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\4(1).exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\6.exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\7(1)(2).exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\7(2)(1).exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\11(1)(1).exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\11(1).exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\11wd.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\12(1)(1).exe - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\12(2).exe - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\18(1).exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\mh(1).exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\mh.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\mminstall.exe - Suspicious of Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\moon.exe - Infected with SDB:MalwareSpy.Trojan-Downloader.Agent.3 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\moyu.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ms.exe - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\qiji.exe - Infected with SDB:Trojan-PSW.Delf.3 - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\qq.exe - Infected with SDB:Win32.Trojan-PSW.QQPass.a - Deleted
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\tempI.exe - Infected with SDB:Trojan-PSW.OnLineGames.39 - Deleted

23 Files scanned
14 Infected files found
9 Suspicious files found
0 Files cured
14 Files deleted

显示全部楼层 · 发表于 2007-10-1 21:08:06

已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyi 文件　: G:\10.1\23.zip/tempL.exe//PE_Patch//UPack
已删除：木马程序 Trojan.Win32.Agent.btp 文件　: G:\10.1\23.zip/wxpSetup204.txt//data.rar/jshelp.exe
已删除：木马程序 Trojan.Win32.Agent.btp 文件　: G:\10.1\23.zip/wxpSetup204.txt//data.rar/jsshow.dll
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dxx 文件　: G:\10.1\23.zip/2(1)(2).exe
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyb 文件　: G:\10.1\23.zip/03ms.exe
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dxu 文件　: G:\10.1\23.zip/4(1).exe//UPack
已删除：木马程序 Trojan-PSW.Win32.Lmir.bmz 文件　: G:\10.1\23.zip/6.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.Lmir.bmz 文件　: G:\10.1\23.zip/7(1)(2).exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.Lmir.bmz 文件　: G:\10.1\23.zip/7(2)(1).exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dxw 文件　: G:\10.1\23.zip/11(1)(1).exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dxw 文件　: G:\10.1\23.zip/11(1).exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyc 文件　: G:\10.1\23.zip/11wd.exe
已删除：木马程序 Trojan-PSW.Win32.QQPass.afw 文件　: G:\10.1\23.zip/12(1)(1).exe//UPX
已删除：木马程序 Trojan-PSW.Win32.QQPass.afw 文件　: G:\10.1\23.zip/12(2).exe//UPX
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dxu 文件　: G:\10.1\23.zip/18(1).exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyd 文件　: G:\10.1\23.zip/mh(1).exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyd 文件　: G:\10.1\23.zip/mh.exe//UPack
已删除：木马程序 Trojan-Downloader.Win32.Hmir.aw 文件　: G:\10.1\23.zip/mminstall.exe
已删除：木马程序 Backdoor.Win32.Agent.bxm 文件　: G:\10.1\23.zip/moon.exe
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dye 文件　: G:\10.1\23.zip/moyu.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyf 文件　: G:\10.1\23.zip/ms.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.dyg 文件　: G:\10.1\23.zip/qiji.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.QQGame.ai 文件　: G:\10.1\23.zip/qq.exe//UPX
已删除：木马程序 Trojan-PSW.Win32.Lmir.bmz 文件　: G:\10.1\23.zip/tempI.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-10-2 13:03:33

===================================================================================================
On-demand scanner 7.0.0.9

NSE revision 5.91.07
nvcbin.def revision 5.90.00 of 2007/09/28 15:46:54 (967863 variants)
nvcmacro.def revision 5.90.00 of 2007/09/25 15:36:51 (20411 variants)
Total number of variants: 988274
===================================================================================================

   Time  Filename                                                    Virus name
---------------------------------------------------------------------------------------------------

- Scanning drive: G:\
- Scanning system areas of drive: G:\
- Scanning files in the directory: G:\v\
   16 ms G:\v\03ms.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\03ms.exe quarantined.
- File G:\v\03ms.exe deleted.
      0 ms G:\v\11(1)(1).exe                                           Security Risk W32/Suspicious_U.gen ()
- File G:\v\11(1)(1).exe quarantined.
- File G:\v\11(1)(1).exe deleted.
      0 ms G:\v\11(1).exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\11(1).exe quarantined.
- File G:\v\11(1).exe deleted.
      0 ms G:\v\11wd.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\11wd.exe quarantined.
- File G:\v\11wd.exe deleted.
   422 ms G:\v\12(1)(1).exe
   250 ms G:\v\12(2).exe
      0 ms G:\v\18(1).exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\18(1).exe quarantined.
- File G:\v\18(1).exe deleted.
   6797 ms G:\v\2(1)(2).exe
      0 ms G:\v\4(1).exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\4(1).exe quarantined.
- File G:\v\4(1).exe deleted.
   15 ms G:\v\6.exe                                                 Security Risk W32/Suspicious_U.gen ()
- File G:\v\6.exe quarantined.
- File G:\v\6.exe deleted.
      0 ms G:\v\7(1)(2).exe                                           Security Risk W32/Suspicious_U.gen ()
- File G:\v\7(1)(2).exe quarantined.
- File G:\v\7(1)(2).exe deleted.
      0 ms G:\v\7(2)(1).exe                                           Security Risk W32/Suspicious_U.gen ()
- File G:\v\7(2)(1).exe quarantined.
- File G:\v\7(2)(1).exe deleted.
      0 ms G:\v\mh(1).exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\mh(1).exe quarantined.
- File G:\v\mh(1).exe deleted.
      0 ms G:\v\mh.exe                                                 Security Risk W32/Suspicious_U.gen ()
- File G:\v\mh.exe quarantined.
- File G:\v\mh.exe deleted.
   797 ms G:\v\mminstall.exe
   3015 ms G:\v\moon.exe
      0 ms G:\v\moyu.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\moyu.exe quarantined.
- File G:\v\moyu.exe deleted.
      0 ms G:\v\ms.exe                                                 Security Risk W32/Suspicious_U.gen ()
- File G:\v\ms.exe quarantined.
- File G:\v\ms.exe deleted.
      0 ms G:\v\qiji.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\qiji.exe quarantined.
- File G:\v\qiji.exe deleted.
   188 ms G:\v\qq.exe
      0 ms G:\v\tempI.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\tempI.exe quarantined.
- File G:\v\tempI.exe deleted.
      0 ms G:\v\tempL.exe                                              Security Risk W32/Suspicious_U.gen ()
- File G:\v\tempL.exe quarantined.
- File G:\v\tempL.exe deleted.
   8219 ms G:\v\wxpSetup204.txt

===================================================================================================

The scanning started: 2007/10/02 13:03:06
            ended: 2007/10/02 13:03:26
Logged on as       : Administrator
on hostname       : C3EF58622174424

Scanning results:
Total number of files found..............................:    23
Number of files scanned..................................:    23
Number of files/directories skipped due to exclude list..:    0
Number of files that could not be opened.................:    0
Number of archive files unpacked.........................:    0
Number of archive files not unpacked.....................:    0
Number of infections.....................................:    16

Copyright (c) 1993-2005 Norman ASA.

[病毒样本] 23个【MD5略】

回复 8楼 solcroft 的帖子

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块