另一堆木马群更新35个

显示全部楼层 · 发表于 2007-11-10 08:38:54

日期： 10.11.2007 时间：08:39:31
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\zh\桌面\virus.rar
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>16.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>14.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>10.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>11.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>15.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>3.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>17.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>19.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>0.exe - 是正常的
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>2.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>5.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>6.exe - Win32/PSW.WOW.WU 木马的变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>7.exe - Win32/PSW.WOW.WU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>8.exe - Win32/PSW.WOW.WU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>9.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>intest.exe - 可能是 Win32/PSW.WOW.WU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>nk.exe - Win32/PSW.WOW.WU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>wistves.exe - Win32/PSW.Legendmir.NFI 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>608769WL.DLL - Win32/PSW.OnLineGames.GIS 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>608769WO.DLL - Win32/PSW.Legendmir.NFF 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>IGM.exe - 可能是 Win32/PSW.WOW.WU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>IGW.exe - Win32/PSW.Legendmir.NFI 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>swchost.exe - Win32/PSW.WOW.WU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>608769MM.DLL - Win32/PSW.Legendmir.NFF 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>kapjdaz.exe - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>kapjdzy.dll - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>LYLOADER.EXE - Win32/PSW.Agent.NEC 木马的变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>REGKEY.hiv - 是正常的
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>LYMANGR.DLL - Win32/PSW.OnLineGames.DTR 木马的变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>MSDEG32.DLL - Win32/PSW.OnLineGames.DVV 木马的变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>18.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>12.exe - Win32/PSW.OnLineGames.NGU 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>4.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>13.exe - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\zh\桌面\virus.rar >>RAR >>1.exe - Win32/PSW.Agent.NEC 木马
C:\Documents and Settings\zh\桌面\virus.rar - 多重感染 - 已删除
已扫描的文件数目：36
已发现的病毒数目：33
已清除病毒的文件数目：1
完成时间： 08:39:36 总扫描时间：5 秒 (00:00:05)

显示全部楼层 · 发表于 2007-11-10 08:42:32

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\35mm\16.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:15428  MD5:df92b9497f3a517608a764a33d7f0685

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\14.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:16145  MD5:1ae9eba0379abcb27975870941e5cd03

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\10.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16320  MD5:dcb629be34b15500a9444e8c0cb8c44e

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\11.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing[5] 下载者
文件信息:  大小:16936  MD5:ebe880d4f3e067a50e1491d8cc53ee8c

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\15.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17256  MD5:1a55ab216ec941922d2eb0c567cbbd03

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\3.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:19072  MD5:875216b87ddb300f202a58ba22a30254

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\17.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:20447  MD5:c44f21be5f1485dc07f7c6d943aee8e0

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\19.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:20668  MD5:a967aa3a0c9fe9fdaa155051252b1d6b

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\0.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:20704  MD5:79f1efa17026f419d7a599631313f450

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\2.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:15177  MD5:57bd2b1066757cbcbd320814ed034f38

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\5.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:21352  MD5:af9122996ea272221ee2106f2c81d015

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\6.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:30820  MD5:6a9d55fb4ce8f307f35b483b8655dbdc

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\7.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:39501  MD5:26b5456a1de71cb9222019dacde46bdf

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\8.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:33008  MD5:a16349ebfd5c4beea41eaf34fe1f93a1

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\9.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16860  MD5:08da440e9453f71d6be6ddf84559cca1

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\608769WO.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:46897  MD5:c2f4736eb55535d2f567f970b1b9f865

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\IGM.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:66865  MD5:4dfce0b13e3dc1e09eb5f649a3339fa9

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\swchost.exe]
                  …………发现Spy！报告: [4]
文件信息:  大小:89393  MD5:8b1b098d8260e6a281411eb68f9db009

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\608769MM.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:44849  MD5:a75c06202ffddfcde8c1fdd7f888bc3e

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\kapjdaz.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15023  MD5:a4bfe2405125f7cd2eff865a25e6863a

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\kapjdzy.dll]
                  …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:22354  MD5:d68a0d67fdb0fd845d49dfeb946eccc5

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\LYLOADER.EXE]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:11936  MD5:de807fd0da1230b12ade25f422f09791

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\REGKEY.hiv]
                  …………发现Spy！报告:[2]
文件信息:  大小:8192  MD5:08df90f8caf3ab5e411e9e469255ab57

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\LYMANGR.DLL]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:3496  MD5:244d7ba258ced629c6d36619e370c994

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\MSDEG32.DLL]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:5954  MD5:c4f6652437804f6c4d6ad53b49df7fb1

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\18.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:13285  MD5:7a320ebb9d031626995f132c48e99c5a

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\12.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:13893  MD5:b77985c900c3c4f227a82d2c3baa6155

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\4.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:14628  MD5:a509072c029930d72ec963bebf978238

[C:\Documents and Settings\Administrator\桌面\Virus\35mm\13.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15023  MD5:a4bfe2405125f7cd2eff865a25e6863a

文件数:35 病毒数:29  比重:0.8285714285714
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

显示全部楼层 · 发表于 2007-11-10 13:57:44

AVAST发现36个
2007-11-10 13:50:57 3328 Sign of "Win32:Agent-KMX [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\16.exe\[Upack]\[Embedded#6090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BBH [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\11.exe\[Upack]\[Embedded#7090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-AUT [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\15.exe\[Upack]\[Embedded#7090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BEI [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\3.exe\[Upack]\[Embedded#8090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Hupigon-CYX [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\17.exe\[Upack]\[Embedded#60e0]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Agent-KKN [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\19.exe\[Upack]\[Embedded#9778]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Agent-LNC [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\0.exe\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Agent-IYU [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\5.exe\[Upack]\[Embedded#60e0]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\6.exe\[Upack]\[Embedded#DATEINFO]\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\7.exe\[Upack]\[Embedded#DATEINFO]\[Embedded#ABCDE]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\8.exe\[Upack]\[Embedded#DATEINFO]\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-AUU [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\9.exe\[Upack]\[Embedded#7090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\intest.exe\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\intest.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\nk.exe\[Embedded#ABCDE]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings桌面\virus.rar\nk.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\wistves.exe\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\wistves.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\608769WL.DLL" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\608769WO.DLL" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\IGM.exe\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\IGM.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\IGW.exe\[Embedded#J999666]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\IGW.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\swchost.exe\[Embedded#ABCDE]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ALS [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\swchost.exe" file.
2007-11-10 13:51:15 3328 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\608769MM.DLL" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\kapjdaz.exe\[Upack]\[Embedded#MUSIC]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\kapjdzy.dll" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ST [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\LYLOADER.EXE\[Upack]\[Embedded#5158]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ST [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\LYMANGR.DLL\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BEG [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\12.exe\[Upack]\[Embedded#5090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-AUQ [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\4.exe\[Upack]\[Embedded#6090]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\13.exe\[Upack]\[Embedded#MUSIC]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-ST [Trj]" has been found in "C:\Documents and Settings\\桌面\virus.rar\1.exe\[Embedded#0c80]\[Upack]\[Embedded#5158]\[Upack]" file.
2007-11-10 13:51:15 3328 Sign of "Win32:OnLineGames-SR [Trj]" has been found in "C:\Documents and Settings\桌面\virus.rar\1.exe" file.

显示全部楼层 · 发表于 2007-11-10 14:06:19

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.5.0
HC0.rlb = 3.0.0
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\0.exe 检测到 Packed.Generic.UPack
[扫描] [Level 1] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\1.exe//Crypt3 检测到 Generic.Virus
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\10.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\11.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\12.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\13.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\14.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\15.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\16.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\17.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\18.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\19.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\2.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\3.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\4.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\5.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\6.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769MM.DLL 检测到 Generic.nFile
[扫描] [Level 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WL.DLL 检测到 Trojan.WOW.wu
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WO.DLL 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\7.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\8.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\9.exe 检测到 Packed.Generic.Modified
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\IGM.exe 检测到 Generic.nFile
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\IGW.exe 检测到 Generic.Binder
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\intest.exe 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kapjdaz.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kapjdzy.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\LYLOADER.EXE 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\LYMANGR.DLL 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\MSDEG32.DLL 检测到 Packed.Generic.UPack
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\nk.exe 检测到 Generic.Binder
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\swchost.exe 检测到 Generic.nFile
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\wistves.exe 检测到 Generic.Binder
检测到了 33 个未知的恶意程序，请上报。
任务扫描完成。共耗费的时间：0-00-00 00:00:00:0220，共扫描的文件数量：36，共扫描到的威胁数量：34，威胁率：94.44%，扫描速率： 163.64 文件/秒，扫描速度： 4714.84 千字节/秒，共扫描了 1037.26 千字节。

显示全部楼层 · 发表于 2007-11-10 20:32:57

卡巴7.0查出34个。EAV3.0查出33个。咖啡8.5查出45个（查了两次都一样，我不知什么为事？？）诺顿10.200查出26个不提示就删了（晕啊！）

显示全部楼层 · 发表于 2007-11-10 20:37:02

C:\Users\Administrator\Desktop\virus.rar » RAR » 16.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 14.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 10.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 11.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 15.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 3.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 17.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 19.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 2.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 5.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 6.exe - a variant of Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 7.exe - Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 8.exe - Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 9.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » intest.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » nk.exe - Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » wistves.exe - Win32/PSW.Legendmir.NFI trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 608769WL.DLL - Win32/PSW.OnLineGames.GIS trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 608769WO.DLL - Win32/PSW.Legendmir.NFF trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » IGM.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » IGW.exe - Win32/PSW.Legendmir.NFI trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » swchost.exe - Win32/PSW.WOW.WU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 608769MM.DLL - Win32/PSW.Legendmir.NFF trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » kapjdaz.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » kapjdzy.dll - Win32/PSW.OnLineGames.FDY trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » LYMANGR.DLL - a variant of Win32/PSW.OnLineGames.DTR trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » MSDEG32.DLL - a variant of Win32/PSW.OnLineGames.DVV trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 18.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 12.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 4.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 13.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » 1.exe - Win32/PSW.Agent.NEC trojan

显示全部楼层 · 发表于 2007-11-10 20:41:59

红伞36个！

显示全部楼层 · 发表于 2007-11-10 22:29:02

Scan Log
Version of virus signature database: 2651 (20071110)
Date: 2007-11-10 Time: 22:29:06
Scanned disks, folders and files: G:\V\virus.rar
Number of scanned objects: 36
Number of threats found: 33
Time of completion: 22:29:11 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2007-11-11 02:21:56

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 814
Paranoia Database - 48608
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\virus(2)

C:\Documents and Settings\Uhthn\Desktop\virus(2)\16.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\14.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\10.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\11.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\15.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\3.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\17.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\19.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\0.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\virus(2)\2.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\5.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\6.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\virus(2)\7.exe - Infected TROJAN-PSW.ONLINEGAMES.77 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\8.exe - Infected TROJAN-PSW.ONLINEGAMES.62 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\9.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\intest.exe - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\nk.exe - Infected WIN32.TROJAN-PSW.ONLINEGAMES.G - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\wistves.exe - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\608769WL.DLL - Infected WIN32.TROJAN-PSW.ONLINEGAMES.G - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\608769WO.DLL - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\IGM.exe - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\IGW.exe - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\swchost.exe - Infected WIN32.TROJAN-PSW.ONLINEGAMES.G - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\608769MM.DLL - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\kapjdaz.exe - Infected GENERIC.MALWARE.1AA.3AAF - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\kapjdzy.dll - Infected WIN32.TROJAN-PSW.ONLINEGAMES.AF - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\LYLOADER.EXE - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\virus(2)\REGKEY.hiv - Infected GENERIC.MALWARE.A07.2000 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\LYMANGR.DLL - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\virus(2)\MSDEG32.DLL - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\virus(2)\18.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\12.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\4.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\13.exe - Infected GENERIC.MALWARE.1AA.3AAF - Deleted
C:\Documents and Settings\Uhthn\Desktop\virus(2)\1.exe - Infected TROJAN-PSW.ONLINEGAMES.U - Deleted

35 Files scanned
30 Infected files found
5 Suspected files found
0 Files disinfected
30 Files deleted

显示全部楼层 · 发表于 2007-11-11 04:19:17

ESS 3.0.563.0 病毒特征库2651
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 16.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 14.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 10.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 11.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 15.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 3.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 17.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 19.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 2.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 5.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 6.exe - a variant of Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 7.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 8.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 9.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » intest.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » nk.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » wistves.exe - Win32/PSW.Legendmir.NFI trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 608769WL.DLL - Win32/PSW.OnLineGames.GIS trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 608769WO.DLL - Win32/PSW.Legendmir.NFF trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » IGM.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » IGW.exe - Win32/PSW.Legendmir.NFI trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » swchost.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 608769MM.DLL - Win32/PSW.Legendmir.NFF trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » kapjdaz.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » kapjdzy.dll - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » LYMANGR.DLL - a variant of Win32/PSW.OnLineGames.DTR trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » MSDEG32.DLL - a variant of Win32/PSW.OnLineGames.DVV trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 18.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 12.exe - Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 4.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 13.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\N!NE\桌面\virus.rar » RAR » 1.exe - Win32/PSW.Agent.NEC trojan

[病毒样本] 另一堆木马群更新35个