又见盗号木马群33只

欠妳緈諨

我的EAV只查到31个
NVDispDrv.dll这只多引擎上的NOD32也没查到，EQ2你的怎么查到的

[ 本帖最后由 欠你幸福 于 2007-11-2 22:19 编辑 ]

欠妳緈諨

知道了，升级到2634才可以查到

[ 本帖最后由 欠你幸福 于 2007-11-2 23:02 编辑 ]

mofunzone

全灭

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\样本1.rar'
C:\Users\morgan\Documents\
  样本1.rar
    [0] Archive type: RAR
    --> vahnvafkqw.dll
        [DETECTION] Contains suspicious code HEUR/Crypted
        [WARNING]   Infected files in archives cannot be repaired!
    --> wlatl.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fnn
        [WARNING]   Infected files in archives cannot be repaired!
    --> zhjtrx.dll
        [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e1.exe
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e10.exe
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e11.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e13.exe
        [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e14.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giy
        [WARNING]   Infected files in archives cannot be repaired!
    --> e15.exe
        [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e16.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ggo
        [WARNING]   Infected files in archives cannot be repaired!
    --> e17.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fei
        [WARNING]   Infected files in archives cannot be repaired!
    --> e18.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fnn
        [WARNING]   Infected files in archives cannot be repaired!
    --> e19.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ghb
        [WARNING]   Infected files in archives cannot be repaired!
    --> e20.exe
        [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> e2.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e3.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e4.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giz
        [WARNING]   Infected files in archives cannot be repaired!
    --> e5.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e6.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e7.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e8.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> e9.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> NvSys74.Sys
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 608769WL.DLL
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ggo
        [WARNING]   Infected files in archives cannot be repaired!
    --> 608769MM.DLL
        [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> scvhost.exe
        [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> AVPSrv.dll
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> avwgemn.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giy
        [WARNING]   Infected files in archives cannot be repaired!
    --> avzxemn.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giz
        [WARNING]   Infected files in archives cannot be repaired!
    --> djatl.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.feg
        [WARNING]   Infected files in archives cannot be repaired!
    --> NVDispDrv.dll
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> sqmapi32.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
        [WARNING]   Infected files in archives cannot be repaired!
    --> upxdnd.dll
        [DETECTION] Is the Trojan horse TR/Spy.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!


End of the scan: 2007年11月2日  08:04
Used time: 00:06 min

The scan has been done completely.

      0 Scanning directories
     34 Files were scanned
     30 viruses and/or unwanted programs were found
      3 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      1 Archives were scanned
     33 Warnings
      0 Notes

uhthn2002

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\vahnvafkqw.dll : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\wlatl.dll : infected Trojan-PSW.Win32.OnLineGames.fnn
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\zhjtrx.dll : is suspected of Trojan-Spy.Delf.10 (paranoid heuristics)
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\zhjtrx.dll : backup copy created
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e1.exe : infected Trojan-Downloader.Win32.Delf.aas
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e10.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e11.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e13.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e15.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e16.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e17.exe : infected Trojan-PSW.Win32.OnLineGames.fei
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e18.exe : infected Trojan-PSW.Win32.OnLineGames.eop
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e19.exe : infected Trojan-PSW.Win32.OnLineGames.ghb
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e20.exe : is suspected of Embedded.Backdoor.Win32.Delf.awy
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e20.exe : backup copy created
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e2.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e3.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e4.exe : infected Trojan-PSW.Win32.OnLineGames.giv
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e5.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e6.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e7.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e8.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e9.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\NvSys74.Sys : infected MalwareScope.Trojan-PSW.Game.7
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\608769WL.DLL : infected Trojan-PSW.Win32.OnLineGames.ggo
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\scvhost.exe : infected Backdoor.Win32.Delf.awy
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\AVPSrv.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\avzxemn.dll : infected Trojan-PSW.Win32.OnLineGames.giz
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\djatl.dll : infected Trojan-PSW.Win32.OnLineGames.feg
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\NVDispDrv.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\sqmapi32.dll : infected Trojan-PSW.Win32.OnLineGames.fnm
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\upxdnd.dll : infected MalwareScope.Trojan-PSW.Game.12


Directories       : 0       Files in archives:      Files on disks:
Archives:                   - total       : 0       - total       : 33   
- scanned         : 0       -  scanned    : 0       - scanned     : 33   
- contain viruses : 0       -  infected   : 0       - infected    : 28   
- deleted         : 0       -  suspicious : 0       - suspicious  : 2     

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 786
Paranoia Database - 48413
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder (2)

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\vahnvafkqw.dll - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\wlatl.dll - Infected GENERIC.MALWARE.452.1B16 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\zhjtrx.dll - Infected GENERIC.MALWARE.44A.1F296 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e1.exe - Infected WIN32.GENERIC.MALWARE.49F.2400 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e10.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.8
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e11.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e13.exe - Suspected MaliciousScope:GENERIC.MALWARE.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e14.exe - Infected GENERIC.MALWARE.185.3AA8 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e15.exe - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e16.exe - Infected WIN32.TROJAN-PSW.ONLINEGAMES.G - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e17.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e18.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e19.exe - Infected GENERIC.MALWARE.B27.6740 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e20.exe - Infected BACKDOOR.DELF.4 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e2.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e3.exe - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e4.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e5.exe - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e6.exe - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e7.exe - Infected TROJAN-PSW.ONLINEGAMES.76 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e8.exe - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\e9.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\NvSys74.Sys - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\608769WL.DLL - Infected WIN32.TROJAN-PSW.ONLINEGAMES.G - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\608769MM.DLL - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\scvhost.exe - Infected BACKDOOR.DELF.3 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\AVPSrv.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\avwgemn.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\avzxemn.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\djatl.dll - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\NVDispDrv.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\sqmapi32.dll - Infected GENERIC.MALWARE.F97.FF3 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\upxdnd.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted

33 Files scanned
25 Infected files found
8 Suspected files found
0 Files disinfected
25 Files deleted

碧水寒潭

Start of the scan: 2007年11月3日  09:05

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\样本1.rar
  [0] Archive type: RAR
  --> vahnvafkqw.dll
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> wlatl.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fnn
  --> zhjtrx.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> e1.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> e10.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> e11.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> e13.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> e14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giy
  --> e15.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.ajt
  --> e16.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ggo
  --> e17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fei
  --> e18.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fnn
  --> e19.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ghb
  --> e20.exe
      [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> e2.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> e3.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> e4.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giz
  --> e5.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> e6.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> e7.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> e8.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ezx.6
  --> e9.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> NvSys74.Sys
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.ajt
  --> 608769WL.DLL
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ggo
  --> 608769MM.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> scvhost.exe
      [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> AVPSrv.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> avwgemn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giy
  --> avzxemn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giz
  --> djatl.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.feg
  --> NVDispDrv.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> sqmapi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.dmj
  --> upxdnd.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [INFO]      The file was deleted!


End of the scan: 2007年11月3日  09:06
Used time: 00:20 min

The scan has been done completely.

      1 Scanning directories
     34 Files were scanned
     31 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes