某贴下得木马群39个

显示全部楼层 · 发表于 2007-11-10 15:23:45

又差一个...气死我也...

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 4.5.0
HC0.rlb = 3.0.0
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\1.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\10.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\11.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\13.exe 检测到 Packed.Unknown.2b6e
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\14.exe 检测到 Packed.Unknown.2b6e
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\15.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\16.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\17.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\19.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\2.exe 检测到 Packed.Generic.UPack
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\20.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\21.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\3.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\4.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\5.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\6.exe 检测到 Packed.Generic.Modified
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769MM.DLL 检测到 Generic.nFile
[扫描] [Level 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WL.DLL 检测到 Trojan.WOW.wu
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WO.DLL 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\7.exe 检测到 Packed.Generic.Modified
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\8.exe 检测到 Packed.Generic.Modified
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\888 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\AVPSrv.dll 检测到 Packed.Unknown.ca53
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\cmdbcs.dll 检测到 Packed.Unknown.ca53
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\DbgHlp32.dll 检测到 Packed.Unknown.ca53
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kaqhiaz.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kaqhizy.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdcaz.exe 检测到 Packed.Generic.UPack
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdczy.dll 检测到 Generic.nFile
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\LotusHlp.dll 检测到 Packed.Unknown.ca53
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\MsPrint32D.dll 检测到 Packed.Unknown.ca53
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\NVDispDrv.dll 检测到 Packed.Unknown.ca53
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\NvSys_4.Sys 检测到 Generic.nFile
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\NvWin_5.Jmp//UPX 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\upxdnd.dll 检测到 Packed.Unknown.ca53
[扫描] [捆绑检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\vise.exe 检测到 Generic.Binder
[扫描] [变形壳检测] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\WinForm.dll 检测到 Packed.Unknown.ca53
[扫描] [nFile Detect 2] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\WSWSleak01.dll 检测到 Generic.nFile
检测到了 37 个未知的恶意程序，请上报。
任务扫描完成。共耗费的时间：0-00-00 00:00:00:0561，共扫描的文件数量：40，共扫描到的威胁数量：38，威胁率：95%，扫描速率： 71.3 文件/秒，扫描速度： 3814.17 千字节/秒，共扫描了 2139.75 千字节。

显示全部楼层 · 发表于 2007-11-10 15:28:12

卡6

已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gub 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\1.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gti 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\10.exe//PE_Patch//UPack//PE_Patch
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.guz 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\11.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.Lmir.boq 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\13.exe//ASPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.fxk 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\14.exe//ASPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gww 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\15.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gyu 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\17.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hcp 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\19.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.WOW.aef 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\2.exe//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gyv 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\21.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hcq 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\3.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hck 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\4.exe//PE_Patch//UPack//PE_Patch
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gth 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\5.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.grr 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\6.exe//PE_Patch//UPack//PE_Patch
已检测: 木马程序 Trojan-PSW.Win32.Lmir.boq 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\608769MM.DLL
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gis 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WL.DLL
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gjp 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WO.DLL
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hdw 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\7.exe//PE_Patch//UPack
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hho 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\8.exe//PE_Patch//UPack//PE_Patch
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gjp 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\888
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hhn 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\AVPSrv.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gsx 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\cmdbcs.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hcw 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\DbgHlp32.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gth 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\GenProtect.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gpx 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdcaz.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gql 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdczy.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hig 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\LotusHlp.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hcv 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\MsPrint32D.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.grr 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\NVDispDrv.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.hcm 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\upxdnd.dll
已检测: 木马程序 Trojan-PSW.Win32.Lmir.bjs 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\vise.exe
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gub 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\WinForm.dll
已检测: 木马程序 Trojan-PSW.Win32.OnLineGames.gyv 文件: C:\Documents and Settings\Administrator\桌面\Virus\YB\WSWSleak01.dll

Vita
MicroVita AntiSpyware
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\YB\1.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15876  MD5:581675e0fd52f740a364c1f4f6322be1

[C:\Documents and Settings\Administrator\桌面\Virus\YB\10.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:16600  MD5:4ee96ffe8c632576a787d6139bcdf7de

[C:\Documents and Settings\Administrator\桌面\Virus\YB\11.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing[5] 下载者
文件信息:  大小:16320  MD5:4f99e84a9d38819591cd833036727349

[C:\Documents and Settings\Administrator\桌面\Virus\YB\13.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:40753  MD5:cb8b17a149a820b92629b11c8bb2d9e7

[C:\Documents and Settings\Administrator\桌面\Virus\YB\14.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:51505  MD5:c2678cff66272ea973925c8bf655f65b

[C:\Documents and Settings\Administrator\桌面\Virus\YB\15.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:18067  MD5:205834e144b849b271df2be175d01365

[C:\Documents and Settings\Administrator\桌面\Virus\YB\16.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:14948  MD5:07454a7b1d5c306d5c301b7ebc02d8c7

[C:\Documents and Settings\Administrator\桌面\Virus\YB\17.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:13893  MD5:8ddf84be26b9da04041a19dadfe6147b

[C:\Documents and Settings\Administrator\桌面\Virus\YB\19.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:12660  MD5:0a5f5a9cf80d08ab9135173ac3b77c7b

[C:\Documents and Settings\Administrator\桌面\Virus\YB\2.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:32865  MD5:5f08f7b97a5ee8e67c604a4dfe4c9fcb

[C:\Documents and Settings\Administrator\桌面\Virus\YB\20.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:12936  MD5:6d3044654b2dfaaedd4ea64363a7f597

[C:\Documents and Settings\Administrator\桌面\Virus\YB\21.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:12356  MD5:3c8c4f1cbfa175d9ae718506ad5d8dc7

[C:\Documents and Settings\Administrator\桌面\Virus\YB\3.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15784  MD5:b8b81a8904c80e6ab63fe1e2e2a72faa

[C:\Documents and Settings\Administrator\桌面\Virus\YB\4.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:13248  MD5:0d5dccba1f978f8830479afe6cbcbf07

[C:\Documents and Settings\Administrator\桌面\Virus\YB\5.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:17188  MD5:5c92ea7c76a4464242a5f8e193e18f7b

[C:\Documents and Settings\Administrator\桌面\Virus\YB\6.exe]
                  …………发现Spy！报告:[2] [1] Win32.Unknow
文件信息:  大小:13160  MD5:cb05c4cc879011e42ead6e4aeda4addb

[C:\Documents and Settings\Administrator\桌面\Virus\YB\608769MM.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:43825  MD5:c70cfb90bdb66a7e2e6a7336aec12b02

[C:\Documents and Settings\Administrator\桌面\Virus\YB\608769WO.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:47202  MD5:703883049bcfeeeff4cd741861593e80

[C:\Documents and Settings\Administrator\桌面\Virus\YB\7.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:16957  MD5:a51b32d16937b590143c5c1a15b683d5

[C:\Documents and Settings\Administrator\桌面\Virus\YB\8.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16012  MD5:1c56e5e31b30229cc2370f31c97aff4d

[C:\Documents and Settings\Administrator\桌面\Virus\YB\888]
                  …………发现Spy！报告: [4]
文件信息:  大小:46897  MD5:1982048b9c28c1b9f1810e9ede68f506

[C:\Documents and Settings\Administrator\桌面\Virus\YB\AVPSrv.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:25088  MD5:9d9dccd8f22a76cd4a31d9690b9ae30d

[C:\Documents and Settings\Administrator\桌面\Virus\YB\cmdbcs.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:26112  MD5:1d59c064333cd42596e1c75a9f4d719e

[C:\Documents and Settings\Administrator\桌面\Virus\YB\DbgHlp32.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:24064  MD5:0337323c5d6b561a26d0255604ef57fd

[C:\Documents and Settings\Administrator\桌面\Virus\YB\kaqhiaz.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15058  MD5:2d5eae205734f4b1c8574d7ca185b669

[C:\Documents and Settings\Administrator\桌面\Virus\YB\kaqhizy.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:1069392  MD5:779b34a6d398fc34d24d602faa51394c

[C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdcaz.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:14704  MD5:ab19feeb805335c778a1c29f6341e65c

[C:\Documents and Settings\Administrator\桌面\Virus\YB\kawdczy.dll]
                  …………发现Spy！报告: [4] [6] 注入者[8] HOOK者
文件信息:  大小:20838  MD5:9e622e7cd0d789c89f64f57dc2ed6e03

[C:\Documents and Settings\Administrator\桌面\Virus\YB\LotusHlp.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:19456  MD5:1c45d5ede13e3f8d61ebea932a38bce4

[C:\Documents and Settings\Administrator\桌面\Virus\YB\MsPrint32D.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:19456  MD5:01c1ecce8dad2c597172cb7ebfad5b4b

[C:\Documents and Settings\Administrator\桌面\Virus\YB\NVDispDrv.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:18944  MD5:e36c28c38da14c56235b8f104b84af73

[C:\Documents and Settings\Administrator\桌面\Virus\YB\NvSys_4.Sys]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:44141  MD5:b37ba045a87050d84ceee81902b193c6

[C:\Documents and Settings\Administrator\桌面\Virus\YB\NvWin_5.Jmp]
                  …………发现Spy！报告:[2]
文件信息:  大小:30317  MD5:6c7c7deab9fbd4bd1c5d77d9f8c5a08f

[C:\Documents and Settings\Administrator\桌面\Virus\YB\upxdnd.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:20480  MD5:844d7f980d0c6eb4d313e674c91b0094

[C:\Documents and Settings\Administrator\桌面\Virus\YB\WinForm.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:24576  MD5:e623224094ca7c5a01947e532ec8ee30

[C:\Documents and Settings\Administrator\桌面\Virus\YB\WSWSleak01.dll]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:20480  MD5:e188605a00904fd121310c82542db039

文件数:39 病毒数:36  比重:0.9230769230769
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

NY: 0

显示全部楼层 · 发表于 2007-11-10 15:28:40

D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » GenProtect.dll - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » kaqhiaz.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » kaqhizy.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » kawdcaz.exe - Win32/PSW.OnLineGames.FDY trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » kawdczy.dll - Win32/PSW.OnLineGames.FDY trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » LotusHlp.dll - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » MsPrint32D.dll - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » NVDispDrv.dll - Win32/PSW.OnLineGames.GRR trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » upxdnd.dll - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » WinForm.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » vise.exe - Win32/PSW.Legendmir.NFK trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » NvWin_5.Jmp - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 1.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 2.exe - a variant of Win32/PSW.WOW.WU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 4.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 5.exe - a variant of Win32/PSW.OnLineGames.YA trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 7.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 8.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 10.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 11.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 13.exe - Win32/PSW.Legendmir.BOQ trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 14.exe - Win32/PSW.WOW.WU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 15.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 16.exe - Win32/PSW.OnLineGames.NGU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 17.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 19.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 20.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 21.exe - probably a variant of Win32/Genetik trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 608769MM.DLL - Win32/PSW.Legendmir.NFF trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 608769WL.DLL - Win32/PSW.OnLineGames.GIS trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 608769WO.DLL - Win32/PSW.Legendmir.NFF trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » 888 - Win32/PSW.Legendmir.NFF trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » AVPSrv.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » cmdbcs.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\Documents and Settings\Administrator.25374E8C0BE6478\桌面\virus.rar » RAR » DbgHlp32.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan

显示全部楼层 · 发表于 2007-11-10 15:36:43

谀哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪姆
?          VirusBlokAda (Console scanner)          ?
?Vba32 Windows/CL 3.12.2.4 / 2007.11.08 04:29 (Vba32.W) ?
?       Copyright (c) 1993-2007 by VBA Ltd.          ?
酝屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯图
License expired
License #000000119 Valid till 2006-12-31
Demo mode
Computer: PROMISED-1BD18F
System: Windows XP
Command line options:
/r=susp.rpt /ha=3 /collect_suspects /nc /sfx /af+ /fd+ /ar+ /bt- /mr- /ml+ /rw+ /as-
Program settings:
/r=susp.rpt /ha=3 /collect_suspects /nc /sfx /af+ /fd+ /ar+ /qu+ /ml+ /rw+

*:
C:\
C:\ABC\virus.rar:<RAR>\GenProtect.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\kawdcaz.exe : infected Trojan-PSW.Win32.OnLineGames.gpx
C:\ABC\virus.rar:<RAR>\kawdczy.dll : infected Trojan-PSW.Win32.OnLineGames.gql
C:\ABC\virus.rar:<RAR>\LotusHlp.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\MsPrint32D.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\NVDispDrv.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\ABC\virus.rar:<RAR>\upxdnd.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\ABC\virus.rar:<RAR>\WinForm.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\WSWSleak01.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\vise.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\virus.rar:<RAR>\NvSys_4.Sys : infected MalwareScope.Trojan-PSW.Game.7
C:\ABC\virus.rar:<RAR>\NvWin_5.Jmp : infected MalwareScope.Trojan-PSW.Game.7
C:\ABC\virus.rar:<RAR>\1.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\2.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\virus.rar:<RAR>\3.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\4.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\5.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\6.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\7.exe : is suspected of Backdoor.XiaoBird.25 (paranoid heuristics)
C:\ABC\virus.rar:<RAR>\8.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\10.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\11.exe : is suspected of Backdoor.XiaoBird.25 (paranoid heuristics)
C:\ABC\virus.rar:<RAR>\13.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\virus.rar:<RAR>\14.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\virus.rar:<RAR>\15.exe : is suspected of Backdoor.XiaoBird.25 (paranoid heuristics)
C:\ABC\virus.rar:<RAR>\16.exe : infected Trojan.Win32.PSW.OnLineGames.NGU
C:\ABC\virus.rar:<RAR>\17.exe : is suspected of Backdoor.XiaoBird.25 (paranoid heuristics)
C:\ABC\virus.rar:<RAR>\19.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\20.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\virus.rar:<RAR>\608769MM.DLL : infected Trojan-PSW.Win32.Lmir.boq
C:\ABC\virus.rar:<RAR>\608769WL.DLL : is suspected of Trojan-PSW.Game.80 (paranoid heuristics)
C:\ABC\virus.rar:<RAR>\608769WO.DLL : infected Trojan-PSW.Win32.OnLineGames.gjp
C:\ABC\virus.rar:<RAR>\888 : infected Trojan-PSW.Win32.OnLineGames.gjp
C:\ABC\virus.rar:<RAR>\AVPSrv.dll : infected MalwareScope.Trojan-PSW.Game.1
C:\ABC\virus.rar:<RAR>\cmdbcs.dll : infected MalwareScope.Trojan-PSW.Game.12
C:\ABC\virus.rar:<RAR>\DbgHlp32.dll : infected MalwareScope.Trojan-PSW.Game.1
Program execution terminated by user

Directories    : 3    Files in archives:    Files on disks:
Archives:                - total    : 39    - total    : 10
- scanned       : 1    -  scanned : 39    - scanned    : 9
- contain viruses : 1    -  infected : 31    - infected : 1
- deleted       : 0    -  suspicious : 5    - suspicious  : 0

Startup : 15:36:07 10-11-2007
End       : 15:36:21 10-11-2007
Total time : 00:00:14

显示全部楼层 · 发表于 2007-11-10 15:39:52

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!B
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\DbgHlp32.dll
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!B
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\cmdbcs.dll
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!B
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\AVPSrv.dll
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMO
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\888
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMO
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\608769WO.DLL
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/OnLineGames.E.dll
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\608769WL.DLL
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMR
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\608769MM.DLL
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\20.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\19.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/Meredrop
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\16.exe
Threat Severity:	Severe
Threat Category:	Trojan
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMP
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\14.exe->(Aspack v2.12)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Aspack v2.12)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/Lmir.BMN
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\13.exe->(Aspack v2.12)
Threat Severity:	Severe
Threat Category:	Trojan
Contained Object:	(Aspack v2.12)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\10.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\8.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\6.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMQ
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\5.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\4.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\3.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMO
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\2.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!D
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\1.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Password Stealer
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/QQGame.B.dll
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\NvSys_4.Sys
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMP
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\vise.exe
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Frethog.gen!B
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\WinForm.dll
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/Delf.AT!dll
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\kawdczy.dll
Threat Severity:	Severe
Threat Category:	Trojan
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/SystemHijack.gen
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\kawdcaz.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Trojan
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/Delf.AT!dll
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\kaqhizy.dll
Threat Severity:	Severe
Threat Category:	Trojan
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	Trojan:Win32/SystemHijack.gen
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\kaqhiaz.exe->(Upack)
Threat Severity:	Severe
Threat Category:	Trojan
Contained Object:	(Upack)
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name:	PWS:Win32/Lmir.BMQ
Detection Date and Time:	2007-11-10 15:37
File Name:	C:\ABC\virus\GenProtect.dll
Threat Severity:	Severe
Threat Category:	Password Stealer
Virus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)
Threat Status:	Detected

2007-11-10 15:37

Virus and spyware monitoring was turned on

2007-11-10 14:38

Virus and spyware scan was completed[/td][tr]
Scanned Items:	C:\ABC\fn-virus
Scan Type:	Custom Scan
Scan StartTime:	2007-11-10 14:38
Scan EndTime:	2007-11-10 14:38
Total Number of Files Scanned:	32
Total Number of Files Not Scanned:	0
Total Number of Threats Found:	0
Total Number of Threats Cleaned:	0
Total Number of Threats Removed:	0
Total Number of Threats Quarantined:	0
Total Number of Threats Still Present But Suspended:	0

2007-11-10 14:37

显示全部楼层 · 发表于 2007-11-10 16:06:51

也差一个。。

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\virus.rar'
C:\Users\morgan\Documents\
  virus.rar
[0] Archive type: RAR
--> GenProtect.dll
      [DETECTION] Is the Trojan horse TR/PSW.Online.gth.2
      [WARNING] Infected files in archives cannot be repaired!
--> kaqhiaz.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> kaqhizy.dll
--> kawdcaz.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.20842
      [WARNING] Infected files in archives cannot be repaired!
--> kawdczy.dll
      [DETECTION] Is the Trojan horse TR/FWDisable.20842
      [WARNING] Infected files in archives cannot be repaired!
--> LotusHlp.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> MsPrint32D.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.hcv
      [WARNING] Infected files in archives cannot be repaired!
--> NVDispDrv.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> upxdnd.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> WinForm.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> WSWSleak01.dll
      [DETECTION] Is the Trojan horse TR/Spy.Agent.ajz
      [WARNING] Infected files in archives cannot be repaired!
--> vise.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> NvSys_4.Sys
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> NvWin_5.Jmp
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 1.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 2.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.hcw
      [WARNING] Infected files in archives cannot be repaired!
--> 4.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 5.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.gth.2
      [WARNING] Infected files in archives cannot be repaired!
--> 6.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 7.exe
      [DETECTION] Is the Trojan horse TR/PSW.Onlineg.KC.2
      [WARNING] Infected files in archives cannot be repaired!
--> 8.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 10.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 11.exe
      [DETECTION] Is the Trojan horse TR/CrashSystem.C
      [WARNING] Infected files in archives cannot be repaired!
--> 13.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gis
      [WARNING] Infected files in archives cannot be repaired!
--> 15.exe
      [DETECTION] Is the Trojan horse TR/CrashSystem.C
      [WARNING] Infected files in archives cannot be repaired!
--> 16.exe
      [DETECTION] Is the Trojan horse TR/PSW.Onlineg.KC.2
      [WARNING] Infected files in archives cannot be repaired!
--> 17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gyu
      [WARNING] Infected files in archives cannot be repaired!
--> 19.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.hcv
      [WARNING] Infected files in archives cannot be repaired!
--> 20.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 21.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gyv.1
      [WARNING] Infected files in archives cannot be repaired!
--> 608769MM.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 608769WL.DLL
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gis
      [WARNING] Infected files in archives cannot be repaired!
--> 608769WO.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 888
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> AVPSrv.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> cmdbcs.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> DbgHlp32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.hcw
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年11月10日  00:06
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   40 Files were scanned
   34 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   1 Archives were scanned
   39 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-11-10 16:10:28

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gth File: C:\Users\Jack Jones\Desktop\virus.rar/GenProtect.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hix File: C:\Users\Jack Jones\Desktop\virus.rar/kaqhiaz.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hix File: C:\Users\Jack Jones\Desktop\virus.rar/kaqhizy.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gpx File: C:\Users\Jack Jones\Desktop\virus.rar/kawdcaz.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gql File: C:\Users\Jack Jones\Desktop\virus.rar/kawdczy.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hig File: C:\Users\Jack Jones\Desktop\virus.rar/LotusHlp.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hcv File: C:\Users\Jack Jones\Desktop\virus.rar/MsPrint32D.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.grr File: C:\Users\Jack Jones\Desktop\virus.rar/NVDispDrv.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hcm File: C:\Users\Jack Jones\Desktop\virus.rar/upxdnd.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gub File: C:\Users\Jack Jones\Desktop\virus.rar/WinForm.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gyv File: C:\Users\Jack Jones\Desktop\virus.rar/WSWSleak01.dll
deleted: Trojan program Trojan-PSW.Win32.Lmir.bjs File: C:\Users\Jack Jones\Desktop\virus.rar/vise.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gub File: C:\Users\Jack Jones\Desktop\virus.rar/1.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.WOW.aef File: C:\Users\Jack Jones\Desktop\virus.rar/2.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hcq File: C:\Users\Jack Jones\Desktop\virus.rar/3.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hck File: C:\Users\Jack Jones\Desktop\virus.rar/4.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gth File: C:\Users\Jack Jones\Desktop\virus.rar/5.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.grr File: C:\Users\Jack Jones\Desktop\virus.rar/6.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hdw File: C:\Users\Jack Jones\Desktop\virus.rar/7.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hho File: C:\Users\Jack Jones\Desktop\virus.rar/8.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gti File: C:\Users\Jack Jones\Desktop\virus.rar/10.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.guz File: C:\Users\Jack Jones\Desktop\virus.rar/11.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boq File: C:\Users\Jack Jones\Desktop\virus.rar/13.exe//ASPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.fxk File: C:\Users\Jack Jones\Desktop\virus.rar/14.exe//ASPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gww File: C:\Users\Jack Jones\Desktop\virus.rar/15.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gyu File: C:\Users\Jack Jones\Desktop\virus.rar/17.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hcp File: C:\Users\Jack Jones\Desktop\virus.rar/19.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hig File: C:\Users\Jack Jones\Desktop\virus.rar/20.exe//PE_Patch//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gyv File: C:\Users\Jack Jones\Desktop\virus.rar/21.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boq File: C:\Users\Jack Jones\Desktop\virus.rar/608769MM.DLL
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gis File: C:\Users\Jack Jones\Desktop\virus.rar/608769WL.DLL
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gjp File: C:\Users\Jack Jones\Desktop\virus.rar/608769WO.DLL
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gjp File: C:\Users\Jack Jones\Desktop\virus.rar/888
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hhn File: C:\Users\Jack Jones\Desktop\virus.rar/AVPSrv.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.gsx File: C:\Users\Jack Jones\Desktop\virus.rar/cmdbcs.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hcw File: C:\Users\Jack Jones\Desktop\virus.rar/DbgHlp32.dll

显示全部楼层 · 发表于 2007-11-10 16:14:50

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOnline.wl
病毒： Trojan.PSW.Win32.XYOnline.qe
病毒： Trojan.PSW.Win32.GameOnline.tk
病毒： Trojan.PSW.Win32.QQSG.z
病毒： Trojan.PSW.Win32.GameOnline.se
病毒： Trojan.PSW.Win32.GameOnline.xe
病毒： Trojan.PSW.Win32.XYOnline.qr
病毒： Trojan.PSW.Win32.JROnline.c
病毒： Trojan.PSW.Win32.LMir.yye
病毒： Trojan.PSW.Win32.XYOnline.qr
病毒： Trojan.Win32.Agent.zri
病毒： Trojan.PSW.Win32.GameOnline.ww
病毒： Trojan.PSW.Win32.GameOnline.xe
病毒： Trojan.PSW.Win32.GameOnline.sd
病毒： Trojan.PSW.Win32.GameOnline.se
病毒： Trojan.PSW.Win32.RBLand.bp
病毒： Trojan.PSW.Win32.SunOnline.fy
病毒： Trojan.PSW.Win32.LMir.yyf
病毒： Trojan.PSW.Win32.GameOnline.nm
病毒： Trojan.PSW.Win32.GameOnline.td
病毒： Trojan.PSW.Win32.GameOnline.sx
病毒： Trojan.PSW.Win32.DJOnline.ao
病毒： Trojan.PSW.Win32.QQSG.z
病毒： Trojan.PSW.Win32.LMir.yyf
病毒： Trojan.PSW.Win32.GameOnline.nm
病毒： Trojan.PSW.Win32.LMir.yye
病毒： Trojan.PSW.Win32.GameOnline.tw
病毒： Trojan.PSW.Win32.GameOnline.xc

用户来源：互联网

软件版本：20.17.50

日期： 10.11.2007  时间：16:15:52
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\virus.rar
C:\virus.rar >>RAR >>GenProtect.dll - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>kaqhiaz.exe - Win32/PSW.OnLineGames.FDY 木马的变种
C:\virus.rar >>RAR >>kaqhizy.dll - Win32/PSW.OnLineGames.FDY 木马的变种
C:\virus.rar >>RAR >>kawdcaz.exe - Win32/PSW.OnLineGames.FDY 木马
C:\virus.rar >>RAR >>kawdczy.dll - Win32/PSW.OnLineGames.FDY 木马
C:\virus.rar >>RAR >>LotusHlp.dll - Win32/PSW.OnLineGames.HCV 木马的变种
C:\virus.rar >>RAR >>MsPrint32D.dll - Win32/PSW.OnLineGames.HCV 木马
C:\virus.rar >>RAR >>NVDispDrv.dll - Win32/PSW.OnLineGames.GRR 木马
C:\virus.rar >>RAR >>upxdnd.dll - Win32/PSW.OnLineGames.HCM 木马
C:\virus.rar >>RAR >>WinForm.dll - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>WSWSleak01.dll - Win32/PSW.OnLineGames.NHZ 木马
C:\virus.rar >>RAR >>vise.exe - Win32/PSW.Legendmir.NFK 木马
C:\virus.rar >>RAR >>NvSys_4.Sys - 是正常的
C:\virus.rar >>RAR >>NvWin_5.Jmp - 可能是 Win32/Genetik 木马的一个变种
C:\virus.rar >>RAR >>1.exe - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>2.exe - Win32/PSW.WOW.WU 木马
C:\virus.rar >>RAR >>3.exe - Win32/PSW.OnLineGames.NFL 木马的变种
C:\virus.rar >>RAR >>4.exe - Win32/PSW.OnLineGames.NFL 木马的变种
C:\virus.rar >>RAR >>5.exe - Win32/PSW.OnLineGames.YA 木马
C:\virus.rar >>RAR >>6.exe - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>7.exe - Win32/PSW.OnLineGames.NGU 木马
C:\virus.rar >>RAR >>8.exe - Win32/PSW.OnLineGames.NFL 木马的变种
C:\virus.rar >>RAR >>10.exe - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>11.exe - Win32/PSW.OnLineGames.NGU 木马
C:\virus.rar >>RAR >>13.exe - Win32/PSW.Legendmir.BOQ 木马
C:\virus.rar >>RAR >>14.exe - Win32/PSW.WOW.WU 木马
C:\virus.rar >>RAR >>15.exe - Win32/PSW.OnLineGames.NGU 木马
C:\virus.rar >>RAR >>16.exe - Win32/PSW.OnLineGames.NGU 木马
C:\virus.rar >>RAR >>17.exe - Win32/PSW.OnLineGames.NGU 木马
C:\virus.rar >>RAR >>19.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\virus.rar >>RAR >>20.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\virus.rar >>RAR >>21.exe - 可能是 Win32/Genetik 木马的一个变种
C:\virus.rar >>RAR >>608769MM.DLL - Win32/PSW.Legendmir.NFF 木马
C:\virus.rar >>RAR >>608769WL.DLL - Win32/PSW.OnLineGames.GIS 木马
C:\virus.rar >>RAR >>608769WO.DLL - Win32/PSW.Legendmir.NFF 木马
C:\virus.rar >>RAR >>888 - Win32/PSW.Legendmir.NFF 木马
C:\virus.rar >>RAR >>AVPSrv.dll - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
C:\virus.rar >>RAR >>cmdbcs.dll - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar >>RAR >>DbgHlp32.dll - Win32/PSW.OnLineGames.NFL 木马
C:\virus.rar - 多重感染 - 已删除
已扫描的文件数目：40
已发现的病毒数目：38
已清除病毒的文件数目：1
完成时间： 16:15:56 总扫描时间：4 秒 (00:00:04)

显示全部楼层 · 发表于 2007-11-10 16:45:39

Hello,

16.exe_ - Trojan-PSW.Win32.OnLineGames.hjn,
NvSys_4.Sys - Trojan-PSW.Win32.QQPass.alh,
NvWin_5.Jmp - Trojan-PSW.Win32.QQPass.ali

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Alexander Romanenko
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: virus.rar

[病毒样本] 某贴下得木马群39个

本帖子中包含更多资源

36

上报解决剩下的三个