某帖挖的34个

显示全部楼层 · 发表于 2007-10-14 13:02:26

http://bbs.kafan.cn/viewthread.php?tid=143358&extra=page%3D1

显示全部楼层 · 发表于 2007-10-14 13:03:42

30
detected: Trojan program Trojan-PSW.Win32.QQPass.ahk File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/NinSys74.Sys
detected: Trojan program Trojan-PSW.Win32.QQPass.ahk File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/NysWin75.Jmp//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbo File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/upxdnd.exe
detected: Trojan program Trojan-Downloader.Win32.Flux.p File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/81F796CF.EXE
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dxw File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/avpdj.dll//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dxq File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/avpgj.dll//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dxp File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/avpwl.dll//UPack
detected: Trojan program Trojan-PSW.Win32.Lmir.bmz File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/avpzx.dll//UPack
detected: Trojan program Trojan-Downloader.Win32.Flux.p File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/BD7A8357.DLL
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/msatl.dll//UPack
detected: Trojan program Trojan-PSW.Win32.Lmir.bmv File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/msavp.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbo File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/upxdnd.dll
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbn File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/zhjtrx.dll//UPack
detected: virus Heur.Invader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy2.exe//PE_Patch.UPX
detected: Trojan program Trojan.Win32.Agent.bwt File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy4.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbm File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy5.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dok File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy6.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.doj File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy7.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbl File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy8.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbk File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy9.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eop File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy10.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbc File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy11.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eop File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy12.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.dxz File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy13.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eop File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy14.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.czg File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy15.exe//ASPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.eop File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy17.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fbn File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy19.exe//UPack
detected: Trojan program Trojan-Downloader.Win32.Murlo.ht File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysy20.exe//NSPack//PEPatch
detected: virus Worm.Win32.Downloader.b File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾1.rar/ysyupdate.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-10-14 13:04:22

C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » NinSys74.Sys - probably a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » NysWin75.Jmp - probably a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » IGM.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » upxdnd.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 81F796CF.EXE - probably a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » avpdj.dll - Win32/PSW.OnLineGames.DXW trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » avpgj.dll - Win32/PSW.OnLineGames.DXQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » avpwl.dll - Win32/PSW.OnLineGames.DXP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » avpzx.dll - Win32/PSW.OnLineGames.NFK trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » BD7A8357.DLL - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » msavp.dll - Win32/PSW.OnLineGames.NFK trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » upxdnd.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy2.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy6.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy7.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy8.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy9.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy10.exe - Win32/PSW.OnLineGames.DXP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy12.exe - Win32/PSW.OnLineGames.DXW trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy13.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy14.exe - Win32/PSW.OnLineGames.DXQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy15.exe - Win32/PSW.Legendmir.NEP trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysy17.exe - Win32/PSW.OnLineGames.NFK trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ysyupdate.exe - probably unknown NewHeur_PE virus

显示全部楼层 · 发表于 2007-10-14 13:10:11

木马名称:Trojan-Downloader.Win32.Flux.ad

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\81F796CF.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Lmir.chg

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\MSAVP.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.opi

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY6.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.nzw

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY7.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.qjs

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY10.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.qju

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY12.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.nzx

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY13.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.qjt

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY14.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.lzh

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY15.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.Lmir.cik

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY17.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-Downloader.Win32.Murlo.be

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY20.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
蠕虫名称:Worm.Win32.Downloader.r

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSYUPDATE.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\UPXDND.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\UPXDND.EXE
2) C:\WINDOWS.0\SYSTEM32\UPXDND.DLL
是否删除木马程序及其衍生物?
木马名称:未知间谍软件

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\UPXDND.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY4.EXE
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY2.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\GENPROTECT.EXE
2) C:\WINDOWS.0\SYSTEM32\GENPROTECT.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY5.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\CMDBCS.EXE
2) C:\WINDOWS.0\SYSTEM32\CMDBCS.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY8.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\WINFORM.EXE
2) C:\WINDOWS.0\SYSTEM32\WINFORM.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY9.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\NVDISPDRV.EXE
2) C:\WINDOWS.0\SYSTEM32\NVDISPDRV.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\YSY11.EXE
木马程序生成以下文件:
1) C:\WINDOWS.0\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\样本1\SQMAPI32.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

IGM.exe上报

显示全部楼层 · 发表于 2007-10-14 13:13:42

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\样本1.rar'
C:\Users\morgan\Documents\
  样本1.rar
   [DETECTION] Is the Trojan horse TR/Dldr.Sma.17572.B
   [WARNING] The file was ignored!
  样本1.rar:Zone.Identifier
[0] Archive type: RAR
--> NinSys74.Sys
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> NysWin75.Jmp
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> IGM.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> upxdnd.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 888
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 608769MM.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 81F796CF.EXE
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> avpdj.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxw
      [WARNING] Infected files in archives cannot be repaired!
--> avpgj.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxq.1
      [WARNING] Infected files in archives cannot be repaired!
--> avpwl.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxp
      [WARNING] Infected files in archives cannot be repaired!
--> avpzx.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> BD7A8357.DLL
      [DETECTION] Is the Trojan horse TR/Dldr.SmallAl.fvn
      [WARNING] Infected files in archives cannot be repaired!
--> msatl.dll
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [WARNING] Infected files in archives cannot be repaired!
--> msavp.dll
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bmv
      [WARNING] Infected files in archives cannot be repaired!
--> sqmapi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> upxdnd.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> zhjtrx.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> ysy2.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy4.exe
      [DETECTION] Is the Trojan horse TR/Agent.bwt.1
      [WARNING] Infected files in archives cannot be repaired!
--> ysy5.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy6.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy7.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy8.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy9.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> ysy11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
      [WARNING] Infected files in archives cannot be repaired!
--> ysy12.exe
      [DETECTION] Is the Trojan horse TR/PSW.Wow.YM.2
      [WARNING] Infected files in archives cannot be repaired!
--> ysy13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxz.1
      [WARNING] Infected files in archives cannot be repaired!
--> ysy14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dxq
      [WARNING] Infected files in archives cannot be repaired!
--> ysy15.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysy17.exe
      [DETECTION] Is the Trojan horse TR/PSW.Wow.YM.2
      [WARNING] Infected files in archives cannot be repaired!
--> ysy19.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [WARNING] Infected files in archives cannot be repaired!
--> ysy20.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ysyupdate.exe
      [DETECTION] Contains detection pattern of the worm WORM/Downloader.B.2
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年10月13日  22:13
Used time: 00:09 min

The scan has been done completely.

   0 Scanning directories
   36 Files were scanned
   32 viruses and/or unwanted programs were found
   3 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   35 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-10-14 13:27:51

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 533
Paranoia Database - 10451
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\NinSys74.Sys - Infected Win32.Trojan-PSW.QQPass.a
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\NysWin75.Jmp - Suspected Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\IGM.exe - Suspected MalwareDetector:Win32.Generic.PSW.8
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\upxdnd.exe - Infected Trojan-PSW.OnLineGames.8
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\888 - Infected Win32.Generic.Malware.6
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\608769MM.DLL - Infected Win32.Generic.Malware.6
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\81F796CF.EXE - Infected MalwareDetector:Trojan-Downloader.Agent.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avpdj.dll - Infected Generic.Malware.5907.60d
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avpgj.dll - Infected Generic.Malware.6875.942
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avpwl.dll - Infected Generic.Malware.6755.831
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\avpzx.dll - Infected Generic.Malware.7029.d1b
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\BD7A8357.DLL - Infected Backdoor.Agent.5
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\msatl.dll - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\msavp.dll - Infected Trojan-PSW.OnLineGames.ap
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\sqmapi32.dll - Infected Trojan-PSW.OnLineGames.ap
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\upxdnd.dll - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\zhjtrx.dll - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy2.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy4.exe - OK
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy5.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy6.exe - Infected Generic.Malware.18432.a57
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy7.exe - Infected Trojan-PSW.OnLineGames.42
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy8.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy9.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy10.exe - Infected Trojan-PSW.OnLineGames.39
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy11.exe - Infected Trojan-PSW.OnLineGames.48
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy12.exe - Infected Trojan-PSW.OnLineGames.39
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy13.exe - Infected Trojan-PSW.OnLineGames.43
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy14.exe - Infected Trojan-PSW.OnLineGames.39
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy15.exe - Infected Win32.Trojan-PSW.OnLineGames.f
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy17.exe - Infected Trojan-PSW.OnLineGames.39
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy19.exe - Suspected MalwareDetector:Generic.PSW.3
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysy20.exe - Suspected MalwareDetector:Win32.Trojan-Downloader.Delf.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ysyupdate.exe - Suspected Trojan-PSW.OnLineGames.2

34 Files scanned
26 Infected files found
7 Suspected files found
0 Files cured
26 Files deleted

显示全部楼层 · 发表于 2007-10-14 13:29:55

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\NinSys74.Sys]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:45179  MD5:afefb79b2e2aeda9ce579a621d6a622a

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\NysWin75.Jmp]
                  …………发现Spy！报告:[2]
文件信息:  大小:32379  MD5:50ba3326a48ba10baa02641ff544e1b8

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\IGM.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:42801  MD5:a39eaaf552273a79a21db5e7d80d1457

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\upxdnd.exe]
                  …………发现Spy！报告:[2] [8] HOOK者
文件信息:  大小:26624  MD5:77ebd50eac3a904ad5c9a3dff86043df

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\888]
                  …………发现Spy！报告: [4]
文件信息:  大小:43313  MD5:d764f925c84f78d542a35ca7d4c1ddfc

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\608769MM.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:45753  MD5:a1e829fc401145178ae0f33478a9abea

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\81F796CF.EXE]
                  …………发现Spy！报告:[1]
文件信息:  大小:16942  MD5:7a5b439c8d7a9b92f68ce39d0b6f7aa9

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\avpdj.dll]
                  …………发现Spy！报告: [4] [2] [1]
文件信息:  大小:5907  MD5:091099db065c474afbe350511e2f929d

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\avpgj.dll]
                  …………发现Spy！报告: [4] [1]
文件信息:  大小:6875  MD5:43dd089b6917b2119cfe3ef8a81e61b2

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\avpwl.dll]
                  …………发现Spy！报告: [4] [2] [1]
文件信息:  大小:6755  MD5:30dc7f780808c84f5f6ce4e59e3e72a1

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\avpzx.dll]
                  …………发现Spy！报告: [4] [2] [1]
文件信息:  大小:7029  MD5:1a17d0951d44479b53194b687523b88b

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\msatl.dll]
                  …………发现Spy！报告: [4] [1]
文件信息:  大小:8109  MD5:c73f997fd9c740be0f2825839a4048ed

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\msavp.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:9286  MD5:d1f0f183376d69b8bc2f34457f5c55b3

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\sqmapi32.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:9282  MD5:0c713e3f6d61a1024aea7b7eed88409d

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\upxdnd.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:19456  MD5:b04e2bf5ed8c7ce1056ead209ca9b1dc

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\zhjtrx.dll]
                  …………发现Spy！报告:[1]
文件信息:  大小:128940  MD5:4f3a83c40d433deb03c20faa15504152

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy10.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:14655  MD5:344c45abb4bd8e0a960760768b4a4e9f

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy11.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:16336  MD5:73d94b7e06602ac5dd33d64ce2f09780

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy12.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:13856  MD5:e468573c23aecdb60cbd2e240a4c5b37

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy14.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:14800  MD5:d0d968fbcc9adad22f759d42bc2c4162

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy15.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:51505  MD5:f8e4441722eda2a5501f7c93908a643e

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy17.exe]
                  …………发现Spy！报告:[2] [1]
文件信息:  大小:14980  MD5:1f2bdbd5c7d3c540072d267dce902d33

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysy19.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:26431  MD5:92d741b11165acb67db45a7cddacece8

[C:\Documents and Settings\Administrator\桌面\Virus\34444444444444444444\ysyupdate.exe]
                  …………发现Spy！报告:[1]
文件信息:  大小:17612  MD5:cb0d4dd10e59650666768f2e199a79bb

文件数:34 病毒数:24  比重:0.7058823529412
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

显示全部楼层 · 发表于 2007-10-14 13:36:12

突然发现YSY19运行后要蓝屏的，也上报

显示全部楼层 · 发表于 2007-10-14 19:55:20

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Worm.Win32.PaBug.ay
病毒： Trojan.PSW.Win32.QQPass.ysy
病毒： Trojan.PSW.Win32.OnlineGames.zyr
病毒： Trojan.PSW.Win32.LMir.yxd
病毒： Trojan.Win32.Agent.zpc
病毒： Trojan.PSW.Win32.DJOnline.i
病毒： Trojan.PSW.Win32.OnlineGames.zfc
病毒： Trojan.PSW.Win32.WLOnline.jir
病毒： Trojan.PSW.Win32.ZhuXian.cm
病毒： Trojan.IMMSG.Win32.TBMSG.yhf
病毒： Trojan.PSW.Win32.WoWar.abt
病毒： Trojan.PSW.Win32.OnlineGames.zof
病毒： Trojan.PSW.Win32.OnlineGames.zxh
病毒： Trojan.PSW.Win32.OnlineGames.zye
病毒： Trojan.PSW.Win32.OnlineGames.zzm
病毒： Trojan.PSW.Win32.OnlineGames.zzp
病毒： Trojan.PSW.Win32.Shanda.aa
病毒： Trojan.PSW.Win32.Shanda.ab
病毒： Trojan.PSW.Win32.OnlineGames.zzq
病毒： Trojan.PSW.Win32.OnlineGames.zzr
病毒： Trojan.PSW.Win32.OnlineGames.dxp
病毒： Trojan.PSW.Win32.WoWar.abt
病毒： Trojan.PSW.Win32.DJOnline.i
病毒： Trojan.PSW.Win32.OnlineGames.dxz
病毒： Trojan.PSW.Win32.OnlineGames.dxq
病毒： Trojan.PSW.Win32.Shanda.w
病毒： Trojan.PSW.Win32.OnlineGames.zof
病毒： Trojan.DL.Win32.Agent.zmq
病毒： Backdoor.Win32.Agent.yjy

MAC地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：19.44.62

显示全部楼层 · 发表于 2007-10-14 19:59:47

Result: 29 malware found
Trojan-PSW.Win32.QQPass.ahk (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\NinSys74.Sys
C:\Users\Administrator\Desktop\Ñù±¾1.rar\NysWin75.Jmp
Trojan-PSW.Win32.OnLineGames.fbo (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\upxdnd.exe
C:\Users\Administrator\Desktop\Ñù±¾1.rar\upxdnd.dll
Trojan-Downloader.Win32.Flux.p (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\81F796CF.EXE
C:\Users\Administrator\Desktop\Ñù±¾1.rar\BD7A8357.DLL
Trojan-PSW.Win32.OnLineGames.dxw (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\avpdj.dll
Trojan-PSW.Win32.OnLineGames.dxq (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\avpgj.dll
Trojan-PSW.Win32.OnLineGames.dxp (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\avpwl.dll
Trojan-PSW.Win32.Lmir.bmz (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\avpzx.dll
Trojan-PSW.Win32.OnLineGames.fbc (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\msatl.dll
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy11.exe
Trojan-PSW.Win32.Lmir.bmv (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\msavp.dll
Trojan-PSW.Win32.OnLineGames.fbn (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\zhjtrx.dll
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy19.exe
Trojan.Win32.Agent.bwt (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy4.exe
Trojan-PSW.Win32.OnLineGames.fbm (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy5.exe
Trojan-PSW.Win32.OnLineGames.dok (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy6.exe
Trojan-PSW.Win32.OnLineGames.doj (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy7.exe
Trojan-PSW.Win32.OnLineGames.fbl (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy8.exe
Trojan-PSW.Win32.OnLineGames.fbk (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy9.exe
Trojan-PSW.Win32.OnLineGames.eop (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy10.exe
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy12.exe
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy14.exe
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy17.exe
Trojan-PSW.Win32.OnLineGames.dxz (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy13.exe
Trojan-PSW.Win32.OnLineGames.czg (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy15.exe
Trojan-Downloader.Win32.Murlo.ht (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysy20.exe
Worm.Win32.Downloader.b (virus)
C:\Users\Administrator\Desktop\Ñù±¾1.rar\ysyupdate.exe

[病毒样本] 某帖挖的34个

本帖子中包含更多资源

继续挖吧

56/30

浏览过的版块