盗号木马群x 26

显示全部楼层 · 发表于 2007-11-3 10:57:22

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\样本3.rar'
C:\Users\morgan\Documents\
  样本3.rar
[0] Archive type: RAR
--> wow.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
      [WARNING] Infected files in archives cannot be repaired!
--> wmgj.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grj
      [WARNING] Infected files in archives cannot be repaired!
--> wl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqq
      [WARNING] Infected files in archives cannot be repaired!
--> wd.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.20842
      [WARNING] Infected files in archives cannot be repaired!
--> tl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqn
      [WARNING] Infected files in archives cannot be repaired!
--> my.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqg
      [WARNING] Infected files in archives cannot be repaired!
--> mh.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 7.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.21580.4
      [WARNING] Infected files in archives cannot be repaired!
--> 5.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddm.1
      [WARNING] Infected files in archives cannot be repaired!
--> 3.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 2.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grh
      [WARNING] Infected files in archives cannot be repaired!
--> sidjbzy.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grh
      [WARNING] Infected files in archives cannot be repaired!
--> rsztfsp.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.23906
      [WARNING] Infected files in archives cannot be repaired!
--> rsztfpm.dll
      [DETECTION] Is the Trojan horse TR/FWDisable.23906
      [WARNING] Infected files in archives cannot be repaired!
--> rsmygpm.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqg
      [WARNING] Infected files in archives cannot be repaired!
--> ratbgpi.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqn
      [WARNING] Infected files in archives cannot be repaired!
--> kvmxfma.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> kvdxsfma.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> kvdxhma.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> kawdczy.dll
      [DETECTION] Is the Trojan horse TR/FWDisable.20842
      [WARNING] Infected files in archives cannot be repaired!
--> kapjdzy.dll
      [DETECTION] Is the Trojan horse TR/FWDisable.21580.4
      [WARNING] Infected files in archives cannot be repaired!
--> avzxest.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> avzxemn.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> avwldmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gqq
      [WARNING] Infected files in archives cannot be repaired!
--> avwgemn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.grj
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

End of the scan: 2007年11月2日  19:57
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   27 Files were scanned
   22 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   1 Archives were scanned
   26 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-11-3 11:12:16

F:\virus\样本3.rar » RAR » wow.exe - a variant of Win32/PSW.OnLineGames.NFN trojan
F:\virus\样本3.rar » RAR » wmgj.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » wl.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » wd.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » tl.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » my.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » mh.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » 7.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » 5.exe - a variant of Win32/PSW.OnLineGames.NFN trojan
F:\virus\样本3.rar » RAR » 3.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » 2.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » 1.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » sidjbzy.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » rsztfsp.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » rsztfpm.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » rsmygpm.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » ratbgpi.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » kvmxfma.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » kvdxsfma.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » kvdxhma.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » kawdczy.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » kapjdzy.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » avzxest.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » avzxemn.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » avwldmn.dll - Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本3.rar » RAR » avwgemn.dll - Win32/PSW.OnLineGames.FDY trojan

显示全部楼层 · 发表于 2007-11-3 11:43:19

木马名称:Trojan-PSW.Win32.OnLineGames.ufx

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\WOW.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?木马名称:Trojan-PSW.Win32.OnLineGames.ufu

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\WD.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OnLineGames.ubn

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\5.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan-PSW.Win32.OnLineGames.ufy

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\RSZTFSP.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\1.EXE
1) C:\DFD2143892.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\WINDOWS\SYSTEM32\RSMYGSP.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\WL.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\AVWLDMN.DLL
2) C:\WINDOWS\SYSTEM32\AVWLDST.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\WMGJ.EXE
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\WMGJ.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\AVWGEMN.DLL
2) C:\WINDOWS\SYSTEM32\AVWGEST.EXE
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2007-11-3 11:56:32

AVAST24

显示全部楼层 · 发表于 2007-11-3 13:20:15

D:\样本3.rar\wow.exe - infected with Trojan.DownLoader.origin
D:\样本3.rar\wmgj.exe - infected with Trojan.PWS.Gamania.5448
D:\样本3.rar\wl.exe - infected with Trojan.PWS.Gamania.5448
D:\样本3.rar\wd.exe - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\tl.exe - infected with Trojan.MulDrop.9496
D:\样本3.rar\my.exe - infected with Trojan.MulDrop.9491
D:\样本3.rar\mh.exe - infected with Trojan.MulDrop.9491
D:\样本3.rar\7.exe - infected with Trojan.PWS.Gamania.5287
D:\样本3.rar\5.exe - infected with Trojan.DownLoader.origin
D:\样本3.rar\3.exe - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\2.exe - infected with Trojan.MulDrop.9491
D:\样本3.rar\1.exe - infected with Trojan.MulDrop.9495
D:\样本3.rar\sidjbzy.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\rsztfsp.exe - infected with Trojan.PWS.Gamania.5482
D:\样本3.rar\rsztfpm.dll - infected with Trojan.PWS.Gamania.5451
D:\样本3.rar\rsmygpm.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\ratbgpi.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\kvmxfma.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\kvdxsfma.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\kvdxhma.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\kawdczy.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\kapjdzy.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\avzxest.exe - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\avzxemn.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\avwldmn.dll - infected with Trojan.PWS.Gamania.origin
D:\样本3.rar\avwgemn.dll - infected with Trojan.PWS.Gamania.origin

Archive contains 26 infected items

DRWEB 4.44 Kill All

显示全部楼层 · 发表于 2007-11-3 13:31:09

Found [TSPY_ONLINEG.LIO]( 1) in D:\download\virusscan\样本3.rar,(wow.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(wmgj.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(wl.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(wd.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(tl.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(my.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(mh.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(7.exe)
Found [TSPY_ONLINEG.LID]( 1) in D:\download\virusscan\样本3.rar,(5.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(3.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(2.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(1.exe)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(sidjbzy.dll)
Found [TROJ_DROPPER.CVW]( 1) in D:\download\virusscan\样本3.rar,(rsztfsp.exe)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(rsztfpm.dll)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(rsmygpm.dll)
Found [TSPY_ONLINEG.IRZ]( 1) in D:\download\virusscan\样本3.rar,(ratbgpi.dll)
Found [TSPY_ONLINEG.IRZ]( 1) in D:\download\virusscan\样本3.rar,(kvmxfma.dll)
Found [TSPY_ONLINEG.IRZ]( 1) in D:\download\virusscan\样本3.rar,(kvdxsfma.dll)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(kvdxhma.dll)
Found [TSPY_ONLINEG.IRZ]( 1) in D:\download\virusscan\样本3.rar,(kawdczy.dll)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(kapjdzy.dll)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(avzxest.exe)
Undet [             ](    ) in D:\download\virusscan\样本3.rar,(avzxemn.dll)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(avwldmn.dll)
Found [TSPY_ONLINEG.LKC]( 1) in D:\download\virusscan\样本3.rar,(avwgemn.dll)
1 files have been read.
1 files have been checked.
1 files have been scanned.
26 files have been scanned. (including files in archived)
1 files containing viruses.
Found 13 viruses totally.

显示全部楼层 · 发表于 2007-11-3 14:41:39

全部杀掉

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.5.0
HC0.rlb = 3.0.0
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\1.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\2.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\3.exe 检测到 Packed.Generic.UPack
[扫描] [捆绑检测] 在 F:\Users\Administrator\Desktop\新建文件夹\5.exe//UPX 检测到 Generic.Binder
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\7.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\avwgemn.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\avwldmn.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\avzxemn.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\avzxest.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\kapjdzy.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\kawdczy.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\kvdxhma.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\kvdxsfma.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\kvmxfma.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\mh.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\my.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\ratbgpi.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\rsmygpm.dll 检测到 Generic.nFile
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\rsztfpm.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\rsztfsp.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 F:\Users\Administrator\Desktop\新建文件夹\sidjbzy.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\tl.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\wd.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\wl.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 F:\Users\Administrator\Desktop\新建文件夹\wmgj.exe 检测到 Packed.Generic.UPack
[扫描] [捆绑检测] 在 F:\Users\Administrator\Desktop\新建文件夹\wow.exe//UPX 检测到 Generic.Binder
检测到了 26 个未知的恶意程序，请上报。
任务扫描完成。共耗费的时间：0-00-00 00:00:00:0203，共扫描的文件数量：28，共扫描到的威胁数量：26，威胁率：92.86%，扫描速率： 137.93 文件/秒，扫描速度： 2587.78 千字节/秒，共扫描了 525.32 千字节。

显示全部楼层 · 发表于 2007-11-3 15:09:08

KIS6.0全灭了！
已检测: 木马程序 Trojan-PSW.Win32.WOW.adh 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/wow.exe//UPX
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/wmgj.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/wl.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/wd.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqn 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/tl.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/my.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gtb 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/mh.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gsz 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/7.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpy 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/5.exe//UPX
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gsy 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/3.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqo 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/2.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/1.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.grh 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/sidjbzy.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/rsztfsp.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqm 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/rsztfpm.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqg 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/rsmygpm.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqn 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/ratbgpi.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gtb 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/kvmxfma.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gsy 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/kvdxsfma.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gtc 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/kvdxhma.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gql 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/kawdczy.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gsz 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/kapjdzy.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gta 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/avzxest.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gta 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/avzxemn.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gqq 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/avwldmn.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.grj 文件: C:\Documents and Settings\Administrator\桌面\样本3.rar/avwgemn.dll

显示全部楼层 · 发表于 2007-11-3 21:33:43

C:\Documents and Settings\Uhthn\Desktop\New Folder\wow.exe : is suspected of MalwareScope.Trojan-PSW.Game.4 (paranoid heuristics)
C:\Documents and Settings\Uhthn\Desktop\New Folder\wow.exe : backup copy created
C:\Documents and Settings\Uhthn\Desktop\New Folder\5.exe : is suspected of MalwareScope.Trojan-PSW.Game.4 (paranoid heuristics)
C:\Documents and Settings\Uhthn\Desktop\New Folder\5.exe : backup copy created

Directories    : 0    Files in archives:    Files on disks:
Archives:                - total    : 0    - total    : 26
- scanned       : 0    -  scanned : 0    - scanned    : 26
- contain viruses : 0    -  infected : 0    - infected : 0
- deleted       : 0    -  suspicious : 0    - suspicious  : 2

显示全部楼层 · 发表于 2007-11-3 21:34:29

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 803
Paranoia Database - 48490
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder

C:\Documents and Settings\Uhthn\Desktop\New Folder\wow.exe - Infected GENERIC.MALWARE.ECC.3A00 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\wmgj.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\wl.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\wd.exe - Infected GENERIC.MALWARE.6E1.3A86 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\tl.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\my.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\mh.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\7.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\5.exe - Infected TROJAN-PSW.ONLINEGAMES.54 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\3.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\2.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\1.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\sidjbzy.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\rsztfsp.exe - Infected GENERIC.MALWARE.1EF.3F53 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\rsztfpm.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\rsmygpm.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\ratbgpi.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\kvmxfma.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\kvdxsfma.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\kvdxhma.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\kawdczy.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\kapjdzy.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\avzxest.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder\avzxemn.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\avwldmn.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder\avwgemn.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted

26 Files scanned
16 Infected files found
10 Suspected files found
0 Files disinfected
16 Files deleted

[病毒样本] 盗号木马群x 26

ENA ALL

全灭EXE

本帖子中包含更多资源

vba32