某帖挖出来的32个

显示全部楼层 · 发表于 2007-10-14 11:45:34

Scanning Log
Version of virus signature database: 2590 (20071012)
Date: 14.10.2007 Time: 11:44:46
Scanned disks, folders and files: G:\V
G:\V\1630.exe - Win32/PSW.Agent.NEC trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
G:\V\1631.exe - Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
G:\V\1632.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
G:\V\1633.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
G:\V\1634.exe - a variant of Win32/PSW.Legendmir.NEP trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
G:\V\1636.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined [1]
G:\V\1637.exe - is OK
G:\V\1639.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined [1]
G:\V\163a.exe - probably a variant of Win32/AutoRun.Q worm - cleaned by deleting - quarantined [1]
G:\V\163b.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined [1]
G:\V\163d.exe - probably unknown NewHeur_PE virus [7] - deleted - quarantined
G:\V\163e.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined [1]
G:\V\163f.exe - is OK
G:\V\163g.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined [1]
G:\V\163i.exe » ASPack v2.12 - is OK
G:\V\163j.exe - Win32/Agent.NEM trojan - cleaned by deleting - quarantined [1]
G:\V\608769MM.DLL - is OK
G:\V\888 - is OK
G:\V\addrjzhelp.dll - is OK
G:\V\avwgcmn.dll - is OK
G:\V\avwgcst.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
G:\V\avwlcmn.dll - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
G:\V\LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined [1]
G:\V\LYMANGR.DLL - Win32/PSW.OnLineGames.DTR trojan - cleaned by deleting - quarantined [1]
G:\V\mppds.dll - Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined [1]
G:\V\MSDEG32.DLL - a variant of Win32/PSW.OnLineGames.DVV trojan - cleaned by deleting - quarantined [1]
G:\V\nslkupi.exe - Win32/Agent.NEM trojan - cleaned by deleting - quarantined [1]
G:\V\qdshm.dll - is OK
G:\V\sqmapi32.dll - is OK
G:\V\upxdnd.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined [1]
G:\V\WinSys88.Sys - probably a variant of Win32/AutoRun.Q worm - cleaned by deleting - quarantined [1]
G:\V\zxatl.dll - is OK
Number of scanned objects: 32
Number of threats found: 22
Time of completion: 11:45:26 Total scanning time: 40 sec (00:00:40)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-10-14 11:49:20

扫描开始时间: 2007-10-14 11:42:44
扫描日志
NOD32 版本 2591 (20071014) NT
命令行: D:\下载的文件\样本.rar

日期: 2007年10月14日时间: 11:42:46
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: D:\下载的文件\样本.rar
D:\下载的文件\样本.rar ?RAR ?163a.exe<病毒 - 可能是 Win32/AutoRun.Q 蠕虫变种>
D:\下载的文件\样本.rar ?RAR ?163b.exe<病毒 - Win32/PSW.OnLineGames.YA 木马变种>
D:\下载的文件\样本.rar ?RAR ?163d.exe<病毒 - 未知的 NewHeur_PE 病毒 [7]>
D:\下载的文件\样本.rar ?RAR ?163e.exe<病毒 - Win32/PSW.OnLineGames.YA 木马变种>
D:\下载的文件\样本.rar ?RAR ?163g.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马变种>
D:\下载的文件\样本.rar ?RAR ?163j.exe<病毒 - Win32/Agent.NEM 木马>
D:\下载的文件\样本.rar ?RAR ?1630.exe<病毒 - Win32/PSW.Agent.NEC 木马>
D:\下载的文件\样本.rar ?RAR ?1631.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马>
D:\下载的文件\样本.rar ?RAR ?1632.exe<病毒 - 可能是 Win32/Genetik 木马变种>
D:\下载的文件\样本.rar ?RAR ?1633.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马变种>
D:\下载的文件\样本.rar ?RAR ?1634.exe<病毒 - Win32/PSW.Legendmir.NEP 木马变种>
D:\下载的文件\样本.rar ?RAR ?1636.exe<病毒 - Win32/PSW.OnLineGames.YA 木马变种>
D:\下载的文件\样本.rar ?RAR ?MSDEG32.DLL<病毒 - Win32/PSW.OnLineGames.DVV 木马变种>
D:\下载的文件\样本.rar ?RAR ?LYLOADER.EXE<病毒 - Win32/PSW.Agent.NEC 木马变种>
D:\下载的文件\样本.rar ?RAR ?avwgcst.exe<病毒 - 可能是 Win32/Genetik 木马变种>
D:\下载的文件\样本.rar ?RAR ?upxdnd.dll<病毒 - 可能是 Win32/PSW.OnLineGames.NFL 木马变种>
D:\下载的文件\样本.rar ?RAR ?mppds.dll<病毒 - Win32/PSW.OnLineGames.NFL 木马>
D:\下载的文件\样本.rar ?RAR ?avwlcmn.dll<病毒 - 可能是 Win32/Genetik 木马变种>
D:\下载的文件\样本.rar ?RAR ?nslkupi.exe<病毒 - Win32/Agent.NEM 木马>
D:\下载的文件\样本.rar ?RAR ?LYMANGR.DLL<病毒 - Win32/PSW.OnLineGames.DTR 木马>
D:\下载的文件\样本.rar ?RAR ?1639.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NFL 木马变种>
D:\下载的文件\样本.rar ?RAR ?WinSys88.Sys<病毒 - 可能是 Win32/AutoRun.Q 蠕虫变种>
已扫描文件数量: 32
已发现病毒数量: 22
完成时间: 11:42:53 总共扫描时间: 7 秒 (00:00:07)

注意:
[7] 文件可能感染了未知病毒。

显示全部楼层 · 发表于 2007-10-14 12:07:40

AVG 30個~費爾16~

显示全部楼层 · 发表于 2007-10-14 12:09:50

31
detected: Trojan program Trojan-PSW.Win32.Lmir.bnm File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/888
detected: virus Virus.Win32.AutoRun.th File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163a.exe//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dkt File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163b.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.Lmir.bnl File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163d.exe//ASPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.doj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163e.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ejj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163f.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbu File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163g.exe//PE_Patch.UPX//UPX
detected: Trojan program Backdoor.Win32.Kolmat.d File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163i.exe//ASPack
detected: Trojan program Backdoor.Win32.Agent.byx File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/163j.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eqh File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1630.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dwc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1631.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eqr File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1632.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fcc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1633.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.cnf File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1634.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bgr File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1636.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fcg File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1637.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.epw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/MSDEG32.DLL//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fcg File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/zxatl.dll//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ejj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/addrjzhelp.dll//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ebp File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/qdshm.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eoo File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/LYLOADER.EXE//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ddw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/avwgcst.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fby File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/upxdnd.dll
detected: Trojan program Trojan-PSW.Win32.Agent.pj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/avwgcmn.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dwo File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/mppds.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eqr File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/avwlcmn.dll
detected: Trojan program Backdoor.Win32.Agent.alh File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/nslkupi.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.epv File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/LYMANGR.DLL//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbo File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/1639.exe
detected: virus Virus.Win32.AutoRun.th File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/WinSys88.Sys
detected: Trojan program Trojan-PSW.Win32.Lmir.bnm File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/608769MM.DLL

显示全部楼层 · 发表于 2007-10-14 12:10:43

--> 888
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 163a.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
  --> 163b.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 163d.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 163e.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.DOJ.3
  --> 163f.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> 163g.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 163i.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Kolmat.D Backdoor server programs
  --> 163j.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
  --> 1630.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 1631.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1632.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr
  --> 1633.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1634.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.cnf.1
  --> 1636.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.bjj.1
  --> 1637.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> MSDEG32.DLL
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.epw
  --> zxatl.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> addrjzhelp.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ejj
  --> qdshm.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> avwgcst.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ddw
  --> upxdnd.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> avwgcmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.PJ.4
  --> mppds.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> avwlcmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr.1
  --> nslkupi.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
  --> LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 1639.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> WinSys88.Sys
   [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen

显示全部楼层 · 发表于 2007-10-14 12:52:29

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\样本.rar'
C:\Users\morgan\Documents\
  样本.rar
  样本.rar:Zone.Identifier
[0] Archive type: RAR
--> 888
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 163a.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
      [WARNING] Infected files in archives cannot be repaired!
--> 163b.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 163d.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 163e.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.DOJ.3
      [WARNING] Infected files in archives cannot be repaired!
--> 163f.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> 163g.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 163i.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Kolmat.D Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> 163j.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> 1630.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
      [WARNING] Infected files in archives cannot be repaired!
--> 1631.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 1632.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr
      [WARNING] Infected files in archives cannot be repaired!
--> 1633.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 1634.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.cnf.1
      [WARNING] Infected files in archives cannot be repaired!
--> 1636.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.bjj.1
      [WARNING] Infected files in archives cannot be repaired!
--> 1637.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> MSDEG32.DLL
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.epw
      [WARNING] Infected files in archives cannot be repaired!
--> zxatl.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> addrjzhelp.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ejj
      [WARNING] Infected files in archives cannot be repaired!
--> qdshm.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> sqmapi32.dll
--> LYLOADER.EXE
      [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
      [WARNING] Infected files in archives cannot be repaired!
--> avwgcst.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ddw
      [WARNING] Infected files in archives cannot be repaired!
--> upxdnd.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> avwgcmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.Agent.PJ.4
      [WARNING] Infected files in archives cannot be repaired!
--> mppds.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> avwlcmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr.1
      [WARNING] Infected files in archives cannot be repaired!
--> nslkupi.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> LYMANGR.DLL
      [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
      [WARNING] Infected files in archives cannot be repaired!
--> 1639.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> WinSys88.Sys
      [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
      [WARNING] Infected files in archives cannot be repaired!
--> 608769MM.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年10月13日  21:52
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   34 Files were scanned
   29 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   1 Archives were scanned
   32 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-14 13:13:31

[扫描路径] C:\Documents and Settings\wangcheng\桌面\样本.rar
>C:\Documents and Settings\wangcheng\桌面\样本.rar\888 已被感染了 :  Trojan.PWS.Legmir.1942
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163a.exe 已被感染了 :  Trojan.PWS.Qqpass.1462
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163b.exe 已被感染了 :  Trojan.PWS.Wsgame.1638
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163d.exe 已被感染了 :  Trojan.PWS.Legmir.1942
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163e.exe 已被感染了 :  Trojan.PWS.Wsgame.1430
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163f.exe 已被感染了 :  Trojan.PWS.Wsgame.1656
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163g.exe 已被感染了 :  Trojan.PWS.Gamania.5177
>>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163i.exe 已被感染了 :  Trojan.Addurl.origin
>>>C:\Documents and Settings\wangcheng\桌面\样本.rar\163j.exe\data004 已被感染了 :  Trojan.Arpspoof
>C:\Documents and Settings\wangcheng\桌面\样本.rar\163j.exe - 发现档案文件中有受感染的对象
>>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1630.exe 已被感染了 :  Trojan.PWS.Wsgame.1649
>C:\Documents and Settings\wangcheng\桌面\样本.rar\1631.exe 已被感染了 :  Trojan.PWS.Wsgame.1457
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1632.exe 已被感染了 :  Trojan.PWS.Gamania.5094
>>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1633.exe 已被感染了 :  Trojan.PWS.Wsgame.1690
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1634.exe 已被感染了 :  Trojan.PWS.Spywoool
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1636.exe 已被感染了 :  Trojan.PWS.Gamania.3716
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\1637.exe 已被感染了 :  Trojan.PWS.Gamania.5191
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\MSDEG32.DLL 已被感染了 :  Trojan.PWS.Wsgame.1649
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\zxatl.dll 已被感染了 :  Trojan.PWS.Gamania.5191
>C:\Documents and Settings\wangcheng\桌面\样本.rar\sqmapi32.dll 已被感染了 :  Trojan.PWS.Gamania.5191
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\LYLOADER.EXE 已被感染了 :  Trojan.PWS.Wsgame.1649
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\avwgcst.exe 已被感染了 :  Trojan.PWS.Gamania.4308
>C:\Documents and Settings\wangcheng\桌面\样本.rar\upxdnd.dll 已被感染了 :  Trojan.PWS.Wsgame.1699
>C:\Documents and Settings\wangcheng\桌面\样本.rar\avwgcmn.dll 已被感染了 :  Trojan.PWS.Gamania.4373
>C:\Documents and Settings\wangcheng\桌面\样本.rar\mppds.dll 已被感染了 :  Trojan.PWS.Wsgame.1457
>C:\Documents and Settings\wangcheng\桌面\样本.rar\avwlcmn.dll 已被感染了 :  Trojan.PWS.Gamania.origin
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\nslkupi.exe 已被感染了 :  Trojan.Arpspoof
>>C:\Documents and Settings\wangcheng\桌面\样本.rar\LYMANGR.DLL 已被感染了 :  Trojan.PWS.Wsgame.1649
>C:\Documents and Settings\wangcheng\桌面\样本.rar\1639.exe 已被感染了 :  Trojan.PWS.Wsgame.1699
>C:\Documents and Settings\wangcheng\桌面\样本.rar\WinSys88.Sys 已被感染了 :  Trojan.PWS.Qqpass.1463
>C:\Documents and Settings\wangcheng\桌面\样本.rar\608769MM.DLL 已被感染了 :  Trojan.PWS.Legmir.1942
C:\Documents and Settings\wangcheng\桌面\样本.rar - 发现档案文件中有受感染的对象

-----------------------------------------------------------------------------
扫描统计
-----------------------------------------------------------------------------
已扫描对象: 39
发现受感染对象: 30

显示全部楼层 · 发表于 2007-10-14 13:21:34

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 533
Paranoia Database - 10451
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\888 - Infected Win32.Generic.Malware.6
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163a.exe - Infected Win32.Trojan-PSW.QQPass.a
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163b.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163d.exe - Infected Win32.Trojan-PSW.lmir.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163e.exe - Infected Trojan-PSW.OnLineGames.42
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163f.exe - Infected Trojan-PSW.OnLineGames.48
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163g.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163i.exe - Suspected MalwareDetector:Win32.Generic.PSW.8
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\163j.exe - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1630.exe - Infected Trojan-PSW.OnLineGames.u
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1631.exe - Infected Trojan-PSW.OnLineGames.12
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1632.exe - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1633.exe - Suspected MalwareDetector:Generic.PSW.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1634.exe - Infected Generic.Malware.43389.d07
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1636.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1637.exe - Infected Trojan-PSW.OnLineGames.48
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\MSDEG32.DLL - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\zxatl.dll - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\addrjzhelp.dll - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\qdshm.dll - Infected Trojan-PSW.OnLineGames.ap
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\sqmapi32.dll - Infected Trojan-PSW.OnLineGames.ap
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\LYLOADER.EXE - Suspected Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avwgcst.exe - Infected Trojan-PSW.OnLineGames.25
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\upxdnd.dll - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avwgcmn.dll - Infected Win32.Trojan-PSW.OnLineGames.af
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\mppds.dll - Infected Trojan-PSW.OnLineGames.12
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avwlcmn.dll - Infected Win32.Trojan-PSW.OnLineGames.af
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\nslkupi.exe - Infected Generic.Malware.27764.474
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\LYMANGR.DLL - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\1639.exe - Infected Trojan-PSW.OnLineGames.8
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\WinSys88.Sys - Infected Win32.Trojan-PSW.QQPass.a
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\608769MM.DLL - Infected Win32.Generic.Malware.6

32 Files scanned
23 Infected files found
9 Suspected files found
0 Files cured
23 Files deleted

显示全部楼层 · 发表于 2007-10-14 13:26:58

Start of the scan: Sunday, 14 October, 2007  13:26

Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\样本.rar'
C:\Documents and Settings\tim\桌面\样本.rar
  [0] Archive type: RAR
  --> 888
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 163a.exe
   [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
  --> 163b.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 163d.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 163e.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.DOJ.3
  --> 163f.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> 163g.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 163i.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Kolmat.D Backdoor server programs
  --> 163j.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
  --> 1630.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 1631.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1632.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr
  --> 1633.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1634.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.cnf.1
  --> 1636.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.bjj.1
  --> 1637.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> MSDEG32.DLL
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.epw
  --> zxatl.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> addrjzhelp.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ejj
  --> qdshm.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> avwgcst.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ddw
  --> upxdnd.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> avwgcmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.PJ.4
  --> mppds.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> avwlcmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.eqr.1
  --> nslkupi.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alh.38 Backdoor server programs
  --> LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 1639.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> WinSys88.Sys
   [DETECTION] Is the Trojan horse TR/PSW.Steal.45190.1
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    A backup was created as '47400fbb.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: Sunday, 14 October, 2007  13:26
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   33 Files were scanned
   29 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

[病毒样本] 某帖挖出来的32个

本帖子中包含更多资源

浏览过的版块