360的帖子

小邪邪

随便执行了几个，只需用MCAFEE的一般保护（综合规则）就能搞定它了

这即使不杀也能完全防住的啊


2007-10-28 11:22:14 已由访问保护规则禁止 E:\Downloads\test\病毒样本！！！！！！\1.exe
D:\Temp\LYLOADER.EXE
防病毒标准保护:禁止远程创建/修改可执行文件和配置文件
已阻止的操作: 创建

2007-10-28 11:22:56 已由访问保护规则禁止E:\Downloads\test\病毒样本！！！！！！\19.exe
C:\Program Files\provie.exe
通用最大保护:禁止在 Program Files 文件夹中创建新的可执行文件
已阻止的操作: 创建

2007-10-28 11:22:56 已由访问保护规则禁止E:\Downloads\test\病毒样本！！！！！！\19.exe
C:\Deleteme.bat
防病毒标准保护:禁止远程创建/修改可执行文件和配置文件
已阻止的操作: 创建

后台自动防护，整个过程完全无需人工干预


[ 本帖最后由 小邪邪 于 2007-10-28 11:58 编辑 ]

SONGBOWEN

Ewido Antispyware


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\1.exe" result="-1602" restext="Infected!" name="Dropped:Trojan.PWS.OnlineGames.NGW" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\1.exe" result="-1623" restext="Disinfect failed!" name="Dropped:Trojan.PWS.OnlineGames.NGW" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\19.exe" result="-1602" restext="Infected!" name="MemScan:Trojan.PWS.Lmir.ULE" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\19.exe" result="-1623" restext="Disinfect failed!" name="MemScan:Trojan.PWS.Lmir.ULE" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\7.exe" result="-1602" restext="Infected!" name="Generic.PWS.Games.4.1871CF0C" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\7.exe" result="-1623" restext="Disinfect failed!" name="Generic.PWS.Games.4.1871CF0C" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\avwgcst.exe" result="-1602" restext="Infected!" name="Trojan.PWS.OnlineGames.NFZ" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\eeee.exe" result="-1602" restext="Infected!" name="Trojan.Downloader.Delf.OAG" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\eeee.exe" result="-1623" restext="Disinfect failed!" name="Trojan.Downloader.Delf.OAG" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\Logo1_.exe" result="-1602" restext="Infected!" name="Worm.Viking.MC" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\Logo1_.exe" result="-1623" restext="Disinfect failed!" name="Worm.Viking.MC" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\raqjatl.exe" result="-1602" restext="Infected!" name="Trojan.PWS.OnlineGames.NGT" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\S168.exe" result="-1602" restext="Infected!" name="Trojan.PWS.Delf.IFD" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\S168.exe" result="-1623" restext="Disinfect failed!" name="Trojan.PWS.Delf.IFD" cleanresult="1601" cleanrestext="Renamed"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\system22.exe" result="-1602" restext="Infected!" name="Worm.Generic.5231" cleanresult="1621" cleanrestext="Disinfect"


engine="BitDefender" path="C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\system22.exe" result="-1623" restext="Disinfect failed!" name="Worm.Generic.5231" cleanresult="1601" cleanrestext="Renamed"


scanned="13" infected="9" repaired="0" renamed="7" quarantined="0" deleted="2"

SONGBOWEN

已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.dvx        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\1.exe
已检测: 木马程序 Trojan-PSW.Win32.WOW.xp        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\19.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.drk        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\7.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.dgw        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\avwgcst.exe//UPack
已检测: 木马程序 Trojan-Downloader.Win32.Baser.w        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\eeee.exe//PE_Patch.UPX//UPX
已检测: 病毒 Worm.Win32.Viking.mc        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\Logo1_.exe//PE_Patch
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.dte        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\raqjatl.exe//UPack
已检测: 病毒 Virus.Win32.AutoRun.qd        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\S168.exe//UPack
已检测: 病毒 Worm.Win32.Viking.mc        文件: C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\system22.exe//PE_Patch

SONGBOWEN

Start of the scan: 2007年10月28日  11:59

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！'
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\19.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\7.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.drk.1
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\avwgcst.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.NEP.2
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\eeee.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Baser.W.2
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\Logo1_.exe
      [DETECTION] Contains detection pattern of the worm WORM/Viking.DLL.2
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\raqjatl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dte
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\S168.exe
      [DETECTION] Is the Trojan horse TR/Autorun.BK
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！\system22.exe
      [DETECTION] Contains detection pattern of the worm WORM/Viking.DLL.2
      [WARNING]   The file was ignored!


End of the scan: 2007年10月28日  11:59
Used time: 00:04 min

SONGBOWEN

原帖由 SONGBOWEN 于 2007-10-28 11:39 发表
是那个Ring3级别的病毒吗？

谁能回答一下我的这个问题啊？
这个病毒包里边有没有那个Ring3级别的病毒啊？

mox

www.suxunyou.cnsz.net.cn现在好像没什么反应了

SONGBOWEN

原帖由 mox 于 2007-10-28 12:08 发表
www.suxunyou.cnsz.net.cn现在好像没什么反应了
145287

可能是之前被别有用心之人挂了马，现在已经修好啦？

yclidong

AntiVir PersonalEdition Classic
Report file date: 2007年10月28日 星期日  11:59

Scanning for 904194 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Administrator
Computer name:    4B2BF2164F8D404

Version information:
BUILD.DAT    : 270           15603 Bytes   2007-9-19 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   2007-8-23 06:16:30
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   2007-8-16 05:23:52
LUKE.DLL     : 7.0.5.3      147496 Bytes   2007-8-14 08:32:48
LUKERES.DLL  : 7.0.6.1       10280 Bytes   2007-8-21 05:35:22
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes   2007-7-18 07:27:16
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes   2007-9-13 07:26:56
ANTIVIR2.VDF : 7.0.0.140    940544 Bytes  2007-10-26 02:47:12
ANTIVIR3.VDF : 7.0.0.142      3072 Bytes  2007-10-26 02:47:12
AVEWIN32.DLL : 7.6.0.30    3056128 Bytes  2007-10-28 02:47:14
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2007-2-26 03:36:28
AVPREF.DLL   : 7.0.2.2       25640 Bytes   2007-7-18 00:39:18
AVREP.DLL    : 7.0.0.1      155688 Bytes   2007-4-16 06:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes    2007-8-3 01:46:02
AVREG.DLL    : 7.0.1.6       30760 Bytes   2007-7-18 00:17:08
AVARKT.DLL   : 1.0.0.20     278568 Bytes   2007-8-28 05:26:34
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   2007-7-18 00:10:20
NETNT.DLL    : 7.0.0.0        7720 Bytes    2007-3-8 04:09:44
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes    2007-8-7 05:38:14
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   2007-8-21 05:50:38
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   2007-7-23 02:37:22

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a318157a.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007年10月28日 星期日  11:59

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！.rar'
C:\Documents and Settings\Administrator\桌面\病毒样本！！！！！！.rar
  [0] Archive type: RAR
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 19.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> eeee.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Baser.W.2
  --> Logo1_.exe
      [DETECTION] Contains detection pattern of the worm WORM/Viking.DLL.2
  --> S168.exe
      [DETECTION] Is the Trojan horse TR/Autorun.BK
  --> system22.exe
      [DETECTION] Contains detection pattern of the worm WORM/Viking.DLL.2
  --> 7.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.drk.1
  --> avwgcst.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.NEP.2
  --> raqjatl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.dte
      [INFO]      The file was moved to 'af5b74e4.qua'!


End of the scan: 2007年10月28日 星期日  11:59
Used time: 00:16 min

The scan has been done completely.

      0 Scanning directories
     11 Files were scanned
      9 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes