[病毒样本] 包

显示全部楼层 · 发表于 2007-11-9 14:12:26

trend pc-cillin found 16 threats

显示全部楼层 · 发表于 2007-11-9 14:27:05

基本是盗号和网游病毒

显示全部楼层 · 发表于 2007-11-9 15:43:49

deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/conime3.exe//PE_Patch//UPack
deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/conimem.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdg File: F:\Virus\xxxx.rar/conime5.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gyu File: F:\Virus\xxxx.rar/conimec.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hee File: F:\Virus\xxxx.rar/conime4.exe//PE_Patch//UPack
deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/LYLOADER.EXE//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bos File: F:\Virus\xxxx.rar/IGM.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdv File: F:\Virus\xxxx.rar/conimel.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hed File: F:\Virus\xxxx.rar/conime2.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.fhz File: F:\Virus\xxxx.rar/conime8.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.fxk File: F:\Virus\xxxx.rar/nk.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gis File: F:\Virus\xxxx.rar/conime7.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.WOW.aeh File: F:\Virus\xxxx.rar/conimeh.exe//PE_Patch//UPack
deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/sqmapi32.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdw File: F:\Virus\xxxx.rar/conime9.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdu File: F:\Virus\xxxx.rar/conimek.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bos File: F:\Virus\xxxx.rar/conime6.exe//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gwp File: F:\Virus\xxxx.rar/conimee.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hde File: F:\Virus\xxxx.rar/conimed.exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.ah File: F:\Virus\xxxx.rar/ntuser.com//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hec File: F:\Virus\xxxx.rar/conime0.exe//UPack
deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/conimef.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gvc File: F:\Virus\xxxx.rar/conime1.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdw File: F:\Virus\xxxx.rar/conimeb.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.bos File: F:\Virus\xxxx.rar/75976MM.DLL
deleted: virus Heur.Invader (modification) File: F:\Virus\xxxx.rar/conimej.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.WOW.aei File: F:\Virus\xxxx.rar/conimei.exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.ah File: F:\Virus\xxxx.rar/pcibus.sys
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.fhz File: F:\Virus\xxxx.rar/wistves.exe
deleted: Trojan program Trojan-PSW.Win32.Lmir.bos File: F:\Virus\xxxx.rar/intest.exe

30

显示全部楼层 · 发表于 2007-11-9 16:29:05

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\CONIME2.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\CONIME3.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\CONIME4.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\CONIME6.EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\INTEST.EXE
2) C:\WINDOWS\IGM.EXE
3) C:\WINDOWS\684745MM.DLL程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\CONIME9.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是否删除木马程序及其衍生物?
木马名称:未知木马

程序:
C:\WINDOWS\SYSTEM32\SQMAPI32.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\LYLOADER.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\LYLOADER.EXE
2) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\LYMANGR.DLL
3) C:\WINDOWS\SYSTEM32\LYMANGR.DLL
4) C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\MSDEG32.DLL
5) C:\WINDOWS\SYSTEM32\MSDEG32.DLL
是否删除木马程序及其衍生物?
程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\新建文件夹\NTUSER.COM
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\DRIVERS\PCIBUS.SYS
是否删除木马程序及其衍生物

[ 本帖最后由 scottxzt 于 2007-11-9 16:30 编辑 ]

显示全部楼层 · 发表于 2007-11-9 16:49:56

Trojan.PSW.Win32.YBOnline.bv 未处理    2007-11-09 16:43:08快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conime5.exe>>upack0.36                                                                                     本机
Trojan.PSW.Win32.DJOnline.ao 未处理    2007-11-09 16:43:10快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conimec.exe>>upack0.36                                                                                     本机
Trojan.PSW.Win32.WoWar.uz    未处理    2007-11-09 16:43:15快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>IGM.exe                                                                                                    本机
Trojan.Win32.Agent.zri       未处理    2007-11-09 16:43:18快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conime8.exe>>upack0.34                                                                                     本机
Trojan.PSW.Win32.GameOnline.nm  未处理    2007-11-09 16:43:20快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>nk.exe                                                                                                       本机
Trojan.Win32.Agent.zri       未处理    2007-11-09 16:43:22快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conime7.exe>>upack0.34                                                                                     本机
Trojan.PSW.Win32.SunOnline.ga 未处理    2007-11-09 16:43:24快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conimeh.exe>>upack0.36                                                                                     本机
Trojan.PSW.Win32.QQGame.an    未处理    2007-11-09 16:43:25快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>sqmapi32.dll>>upack0.34                                                                                     本机
Trojan.Win32.Agent.zri       未处理    2007-11-09 16:43:29快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conime6.exe>>upack0.34                                                                                     本机
Trojan.PSW.Win32.QQHX.tru    未处理    2007-11-09 16:43:31快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conimed.exe>>upack0.36                                                                                     本机
Trojan.DL.Win32.Agent.zyg    未处理    2007-11-09 16:43:33快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>ntuser.com>>upack0.39                                                                                        本机
Trojan.PSW.Win32.GameOnline.mv  未处理    2007-11-09 16:43:35快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conime0.exe>>upack0.34                                                                                     本机
Trojan.PSW.Win32.ZeroOnline.ch  未处理    2007-11-09 16:43:39快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>conimei.exe>>upack0.36                                                                                     本机
Trojan.PSW.Win32.LMir.yxj    未处理    2007-11-09 16:43:42快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>wistves.exe                                                                                                 本机
Trojan.PSW.Win32.WoWar.uz    未处理    2007-11-09 16:43:43快捷方式查杀       C:\Documents and Settings\Administrator\桌面                                                                         xxxx.rar>>intest.exe
瑞星15个!

显示全部楼层 · 发表于 2007-11-9 17:10:35

F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2007-11-9, 9:17

Scan name: [Custom Scan]
Path to scan: F:\|

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-11-9, 17:08:35
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive G:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Clean] F:\LFS_S2W_KeyGen.exe
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\INFO2
[Clean] F:\wos5_00006.jpg
[Clean] F:\wos5_00008.jpg
[Clean] F:\wos5_00010.jpg
[Clean] F:\wos5_00011.jpg
[Clean] F:\wos5_00013.jpg
[Clean] F:\wos5_00017.jpg
[Clean] F:\wos5_00022.jpg
[Clean] F:\xxxx.rar->conime3.exe->(UPack)
[Clean] F:\xxxx.rar->conimem.exe->(UPack)
[Clean] F:\xxxx.rar->conime5.exe->(UPack)
[Clean] F:\xxxx.rar->conimec.exe->(UPack)
[Clean] F:\xxxx.rar->conime4.exe->(UPack)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> F:\xxxx.rar->LYLOADER.EXE->(UPack)
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->IGM.exe
[Clean] F:\xxxx.rar->conimel.exe->(UPack)
[Clean] F:\xxxx.rar->conime2.exe->(UPack)
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->conime8.exe->(embedded)
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->nk.exe
[Found password stealer] <W32/Onlinegaming.AIX (exact, not disinfectable)> F:\xxxx.rar->conime7.exe
[Clean] F:\xxxx.rar->conimeh.exe->(UPack)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> F:\xxxx.rar->sqmapi32.dll
[Clean] F:\xxxx.rar->conime9.exe->(UPack)
[Clean] F:\xxxx.rar->conimek.exe->(UPack)
[Clean] F:\xxxx.rar->MSDEG32.DLL->(UPack)
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->conime6.exe->(embedded)
[Clean] F:\xxxx.rar->conimee.exe->(UPack)
[Clean] F:\xxxx.rar->conimed.exe->(UPack)
[Clean] F:\xxxx.rar->ntuser.com->(UPack)
[Clean] F:\xxxx.rar->conime0.exe->(UPack)
[Clean] F:\xxxx.rar->Deleteme.bat
[Clean] F:\xxxx.rar->conimef.exe->(UPack)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> F:\xxxx.rar->conime1.exe->(embedded)->(UPack)
[Clean] F:\xxxx.rar->conimeb.exe->(UPack)
[Clean] F:\xxxx.rar->75976MM.DLL
[Clean] F:\xxxx.rar->conimej.exe->(UPack)
[Clean] F:\xxxx.rar->conimei.exe->(UPack)
[Clean] F:\xxxx.rar->pcibus.sys
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->wistves.exe
[Found possible virus] <W32/Blocker-based!Maximus (not disinfectable)> F:\xxxx.rar->intest.exe
[Contains infected objects] F:\xxxx.rar
[Quarantined] F:\xxxx.rar->intest.exe
[Clean] F:\存档\fdgvd.sav
[Clean] F:\存档\Hroll\playersave\commondt.sav
[Clean] F:\存档\Hroll\playersave\playersave
[Clean] F:\存档\Hroll\playersave2\commondt.sav
[Clean] F:\存档\Hroll\playersave2\playersave

---------------------------------------------------------------------
Scan ended: 2007-11-9, 17:08:57
Duration: 0:00:21

Scan result:

Scanned files:    22
Infected objects:    10
Disinfected objects:    0
Quarantined files:    1

显示全部楼层 · 发表于 2007-11-9 17:37:45

//-----------------------------------------------------------------
//
// 产品BitDefender Antivirus Plus v10
// 产品10.2
//
// 创建: 09/11/2007 17:36:53
//
//-----------------------------------------------------------------

病毒统计

扫描路径 : C:\Documents and Settings\Administrator\桌面\xxxx.rar
文件夹 : 0
文件 : 33
内存扫描 : 0
文档 : 1
压缩文件 : 0
确认病毒 : 6
染毒文件 : 8
内存感染 : 0
可疑文件 : 2
警告 : 0
杀毒文件 : 0
删除文件 : 0
移动文件 : 0
I/O 错误 : 0
扫描时间 : 00:00:10
扫描速度 (文件/秒) : 3

病毒定义 : 938057
扫描插件 : 16
文档插件 : 41
解压缩插件 : 7
电子邮件插件 : 6
系统插件 : 5

病毒扫描选项

发现
[ ] 扫描引导区
[ ] 内存
[X] 扫描文档
[X] 扫描压缩文件
[X] 扫描email

文件屏蔽
[ ] 程序
[X] 所有文件
[ ] 用户自定义扩展:
[ ] 排除扩展: ;

操作

感染目标
[ ] 忽略
[X] 杀毒
[ ] 删除
[ ] 移动到隔离区
[ ] 提示用户

另一个操作
[ ] 忽略
[ ] 删除
[X] 移动到隔离区
[ ] 提示用户

病毒扫描选项
[X] 启用警告
[X] 使用启发式
[X] 在日志中显示所有文件
[X] 报告文件: C:\Documents and Settings\Administrator\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1194601013.log

间谍程序扫描选项

[X] 扫描风险程序
[ ] 在扫描中发现拨号器和应用软件
[ ] 注册表键
[ ] Cookies

概要:

C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 感染: Dropped:Trojan.PWS.Onlinegames.AVH
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 感染: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 感染: Dropped:Trojan.PWS.Onlinegames.NJG
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>nk.exe 可疑: BehavesLike:Win32.Malware
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime7.exe 可疑: BehavesLike:Win32.Malware
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 感染: Generic.PWS.Games.3.36EE62FE
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 感染: DeepScan:Generic.PWS.Games.4.E2F568AC
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 感染: DeepScan:Generic.PWS.Games.2.CA23C875
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 感染: Dropped:Trojan.PWS.Onlinegames.NJG
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 感染: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 移动失败

扫描文件

C:\Documents and Settings\Administrator\桌面\xxxx.rar 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime3.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimem.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime5.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimec.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime4.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 感染: Dropped:Trojan.PWS.Onlinegames.AVH
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>LYLOADER.EXE 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 感染: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>IGM.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimel.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime2.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 感染: Dropped:Trojan.PWS.Onlinegames.NJG
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime8.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>nk.exe 可疑: BehavesLike:Win32.Malware
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime7.exe 可疑: BehavesLike:Win32.Malware
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimeh.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>sqmapi32.dll 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime9.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimek.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 感染: Generic.PWS.Games.3.36EE62FE
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>MSDEG32.DLL 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 感染: DeepScan:Generic.PWS.Games.4.E2F568AC
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime6.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimee.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimed.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>ntuser.com 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 感染: DeepScan:Generic.PWS.Games.2.CA23C875
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime0.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>Deleteme.bat 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimef.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conime1.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimeb.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>75976MM.DLL 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimej.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>conimei.exe 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>pcibus.sys 确定
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 感染: Dropped:Trojan.PWS.Onlinegames.NJG
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>wistves.exe 移动失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 感染: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 杀毒失败
C:\Documents and Settings\Administrator\桌面\xxxx.rar=>intest.exe 移动失败

显示全部楼层 · 发表于 2007-11-9 18:36:04

D:\download\virusscan\conime1.exe - Signature 'Trojan-PWS.Win32.OnLineGames.gvc' found
D:\download\virusscan\conime2.exe - Signature 'Trojan-PWS.Win32.OnLineGames.hed' found
D:\download\virusscan\conime3.exe - Signature 'Trojan-PWS.Win32.Small.br' found
D:\download\virusscan\conime4.exe - Signature 'Trojan-PWS.Win32.OnLineGames.hee' found
D:\download\virusscan\conime5.exe - Signature 'Virus.Win32.Agent.KKN' found
D:\download\virusscan\conime6.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\virusscan\conime7.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\virusscan\conime8.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\virusscan\conime9.exe - Signature 'Trojan-PWS.Win32.OnLineGames.hdw' found
D:\download\virusscan\conimeb.exe - Signature 'Trojan-PWS.Win32.OnLineGames.hdw' found
D:\download\virusscan\conimec.exe - Signature 'Trojan-Downloader.Win32.Pux.d' found
D:\download\virusscan\conimed.exe - Signature 'Trojan-Downloader.Win32.Pux.d' found
D:\download\virusscan\conimee.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
D:\download\virusscan\conimef.exe - Suspect code-parts found (Level: 45)
D:\download\virusscan\conimeh.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
D:\download\virusscan\conimei.exe - Signature 'Trojan-PWS.Win32.Small.br' found
D:\download\virusscan\conimej.exe - Signature 'Trojan-Downloader.Win32.Pux.d' found
D:\download\virusscan\conimek.exe - Signature 'Trojan-Downloader.Win32.Pux.d' found
D:\download\virusscan\conimel.exe - Signature 'Trojan-PWS.Win32.OnLineGames.hdv' found
D:\download\virusscan\conimem.exe - Signature 'Trojan-Downloader.Win32.Pux.d' found
D:\download\virusscan\Deleteme.bat
D:\download\virusscan\IGM.exe - Signature 'Trojan-PWS.Win32.WOW.vd' found
D:\download\virusscan\intest.exe - Signature 'Trojan-PWS.Win32.WOW.vd' found
D:\download\virusscan\LYLOADER.EXE - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\MSDEG32.DLL - Signature 'Generic.PWS.Games.3' found
D:\download\virusscan\nk.exe - Signature 'Trojan-PWS.Win32.OnLineGames.fxk' found
D:\download\virusscan\ntuser.com - Signature 'Trojan-Downloader.Win32.Zlob.and' found
D:\download\virusscan\pcibus.sys - Timeout
D:\download\virusscan\sqmapi32.dll - Signature 'Trojan-Dropper.Win32.Agent.ane' found
D:\download\virusscan\wistves.exe - Signature 'Trojan-PWS.Win32.WOW.vd' found
D:\download\virusscan\75976MM.DLL - Signature 'Trojan-PWS.Win32.Lmir.bos' found
D:\download\virusscan\conime0.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found

32 Files scanned
(0 Archives with 0 files)
29 Signatures found
1 Suspect code-part found
Used time: 0:38.495

剩下的那个超时了……

显示全部楼层 · 发表于 2007-11-9 18:50:19

Found [TSPY_ONLINEG.LPE]( 1) in D:\download\virusscan\conime1.exe
Found [TSPY_ONLINEG.KYM]( 1) in D:\download\virusscan\conime2.exe
Undet [             ](    ) in D:\download\virusscan\conime3.exe
Found [TSPY_ONLINEG.LDU]( 1) in D:\download\virusscan\conime4.exe
Found [TROJ_CRASHSYST.L]( 1) in D:\download\virusscan\conime5.exe
Undet [             ](    ) in D:\download\virusscan\conime6.exe
Undet [             ](    ) in D:\download\virusscan\conime7.exe
Undet [             ](    ) in D:\download\virusscan\conime8.exe
Found [TSPY_ONLINEG.KYV]( 1) in D:\download\virusscan\conime9.exe
Found [TSPY_ONLINEG.KXU]( 1) in D:\download\virusscan\conimeb.exe
Found [TSPY_ONLINEG.KXV]( 1) in D:\download\virusscan\conimec.exe
Found [TSPY_ONLINEG.KXX]( 1) in D:\download\virusscan\conimed.exe
Found [TSPY_ONLINEG.KXY]( 1) in D:\download\virusscan\conimee.exe
Found [TROJ_CRASHSYST.O]( 1) in D:\download\virusscan\conimef.exe
Found [TROJ_CRASHSYST.J]( 1) in D:\download\virusscan\conimeh.exe
Found [TSPY_ONLINEG.KYB]( 1) in D:\download\virusscan\conimei.exe
Undet [             ](    ) in D:\download\virusscan\conimej.exe
Undet [             ](    ) in D:\download\virusscan\conimek.exe
Found [TSPY_ONLINEG.LJC]( 1) in D:\download\virusscan\conimel.exe
Undet [             ](    ) in D:\download\virusscan\conimem.exe
Undet [             ](    ) in D:\download\virusscan\Deleteme.bat
Undet [             ](    ) in D:\download\virusscan\IGM.exe
Undet [             ](    ) in D:\download\virusscan\intest.exe
Undet [             ](    ) in D:\download\virusscan\LYLOADER.EXE
Undet [             ](    ) in D:\download\virusscan\MSDEG32.DLL
Found [TSPY_ONLINEG.KNM]( 1) in D:\download\virusscan\nk.exe
Undet [             ](    ) in D:\download\virusscan\ntuser.com
Undet [             ](    ) in D:\download\virusscan\pcibus.sys
Undet [             ](    ) in D:\download\virusscan\sqmapi32.dll
Found [TSPY_ONLINEG.KGM]( 1) in D:\download\virusscan\wistves.exe
Undet [             ](    ) in D:\download\virusscan\75976MM.DLL
Found [TSPY_ONLINEG.LDT]( 1) in D:\download\virusscan\conime0.exe
32 files have been read.
32 files have been checked.
32 files have been scanned.
32 files have been scanned. (including files in archived)
16 files containing viruses.
Found 16 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/9/2007 18:41:44 13 seconds (12.85 seconds) has elapsed.

显示全部楼层 · 发表于 2007-11-9 19:27:44

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.TLOnline.jjk
病毒： Trojan.PSW.Win32.YBOnline.bv
病毒： Trojan.PSW.Win32.DJOnline.ao
病毒： Trojan.PSW.Win32.WoWar.uz
病毒： Trojan.Win32.Agent.zri
病毒： Trojan.PSW.Win32.GameOnline.nm
病毒： Trojan.PSW.Win32.SunOnline.ga
病毒： Trojan.PSW.Win32.QQGame.an
病毒： Trojan.PSW.Win32.QQHX.tru
病毒： Trojan.DL.Win32.Agent.zyg
病毒： Trojan.PSW.Win32.GameOnline.mv
病毒： Trojan.PSW.Win32.ZhengTu.ylt
病毒： Trojan.PSW.Win32.ZeroOnline.ch
病毒： Trojan.PSW.Win32.LMir.yxj

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.17.41

[病毒样本] 包

很多相同的.有个没动作.conime0.exe

57/17

浏览过的版块