一包

tonger2003

zcm6

D:\桌面.rar/111.exe -> Trojan.OnLineGames.dwe : 已清除并备份(已隔离).
D:\桌面.rar/102.exe -> Trojan.OnLineGames.dxo : 已清除并备份(已隔离).
D:\桌面.rar/110.exe -> Trojan.QQPass.ban : 已清除并备份(已隔离).

avg anti-spyware 7.5报毒并清除。

BING126

扫描开始时间: 2007-10-10 11:31:51
扫描日志
NOD32 版本 2582 (20071009) NT
命令行: C:\Documents and Settings\Administrator\桌面\桌面.rar

日期: 2007年10月10日  时间: 11:31:52
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Administrator\桌面\桌面.rar
C:\Documents and Settings\Administrator\桌面\桌面.rar ?RAR ?108.exe<病毒 - Win32/PSW.OnLineGames.EJA 木马>
C:\Documents and Settings\Administrator\桌面\桌面.rar ?RAR ?111.exe<病毒 - 可能是 Win32/Genetik 木马 变种>
C:\Documents and Settings\Administrator\桌面\桌面.rar ?RAR ?119.exe<病毒 - Win32/PSW.OnLineGames.NGA 木马>
C:\Documents and Settings\Administrator\桌面\桌面.rar ?RAR ?110.exe<病毒 - 可能是 Win32/AutoRun.Q 蠕虫 变种>
C:\Documents and Settings\Administrator\桌面\桌面.rar ?RAR ?102.exe<病毒 - Win32/PSW.OnLineGames.DXO 木马>
已扫描文件数量: 10
已发现病毒数量: 5
完成时间: 11:31:54 总共扫描时间: 2 秒 (00:00:02)

scottxzt

Begin scan in 'C:\Documents and Settings\dell\桌面\桌面.rar'
C:\Documents and Settings\dell\桌面\桌面.rar
  [0] Archive type: RAR
  --> 107.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Zlob.dfw
  --> 108.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eja
  --> 111.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 112.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> 116.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> 119.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> 110.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.agj
  --> 102.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxo
  --> 103.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 105.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [INFO]      The file was successfully wiped!
      [INFO]      The file was deleted!

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\桌面.rar'
C:\Users\morgan\Documents\
  桌面.rar
  桌面.rar:Zone.Identifier
    [0] Archive type: RAR
    --> 107.exe
        [DETECTION] Is the Trojan horse TR/Dldr.Zlob.dfw
        [WARNING]   Infected files in archives cannot be repaired!
    --> 108.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eja
        [WARNING]   Infected files in archives cannot be repaired!
    --> 111.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 112.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
        [WARNING]   Infected files in archives cannot be repaired!
    --> 116.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
        [WARNING]   Infected files in archives cannot be repaired!
    --> 119.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
        [WARNING]   Infected files in archives cannot be repaired!
    --> 110.exe
        [DETECTION] Is the Trojan horse TR/PSW.QQpass.agj
        [WARNING]   Infected files in archives cannot be repaired!
    --> 102.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxo
        [WARNING]   Infected files in archives cannot be repaired!
    --> 103.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 105.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年10月9日  20:45
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
     12 Files were scanned
      8 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      1 Archives were scanned
     11 Warnings
      0 Notes

欠妳緈諨

杀了7个

傻猪猪米走鸡

2007-9-9 12:07:10        Real-time file system protection        file        C:\Documents and Settings\Administrator\桌面\桌面\102.exe        Win32/PSW.OnLineGames.DXO trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: f:\Program Files\WinRAR\WinRAR.exe.
2007-9-9 12:07:07        Real-time file system protection        file        C:\Documents and Settings\Administrator\桌面\桌面\110.exe        probably a variant of Win32/AutoRun.Q worm        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: f:\Program Files\WinRAR\WinRAR.exe.
2007-9-9 12:07:04        Real-time file system protection        file        C:\Documents and Settings\Administrator\桌面\桌面\119.exe        Win32/PSW.OnLineGames.NGA trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: f:\Program Files\WinRAR\WinRAR.exe.
2007-9-9 12:07:00        Real-time file system protection        file        C:\Documents and Settings\Administrator\桌面\桌面\111.exe        probably a variant of Win32/Genetik trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: f:\Program Files\WinRAR\WinRAR.exe.
2007-9-9 12:06:53        Real-time file system protection        file        C:\Documents and Settings\Administrator\桌面\桌面\108.exe        Win32/PSW.OnLineGames.EJA trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: f:\Program Files\WinRAR\WinRAR.exe.

micetai

NIS2008 7个Scan Stats:
  Scan Time: 8 seconds
  Scan Options:
  Scan Targets: C:\Users\m\Desktop\a.rar
  Counts:
   Total items scanned: 11
   - Files & Directories: 11
   - Registry Entries: 0
   - Processes & Start-up Items: 0
   - Network & Browser Items: 0
   - Other: 0

   Total security risks detected: 7
   Total items resolved: 0
   Total items that require attention: 7

wangjay1980

deleted: Trojan program Trojan-Downloader.Win32.Zlob.dfw        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/107.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.eja        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/108.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.eof        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/111.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.eob        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/112.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.emp        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/116.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ena        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/119.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.QQPass.agj        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/110.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.dxo        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/102.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.WOW.zm        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/103.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.eoc        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\×&Agrave;&Atilde;&aelig;.rar/105.exe

啊弥陀佛

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\102.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\MSRAV.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\103.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\105.EXE
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\107.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\108.EXE
1) C:\DFD2619437.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\110.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN78.JMP
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS88.SYS
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\111.EXE
1) C:\DFD2663453.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\112.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?


程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\桌面\116.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\QDSHM.DLL
是否删除木马程序及其衍生物?