36个

显示全部楼层 · 发表于 2007-11-23 17:23:06

漏一个非PE
C:\ABC\样本.rar
C:\ABC\样本.rar\GenProtect.dll
>>> File "C:\ABC\样本.rar\GenProtect.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\样本.rar\MsIMMs32.dll
>>> Virus 'Mal/WOWPWS-A' found in file C:\ABC\样本.rar\MsIMMs32.dll
C:\ABC\样本.rar\WinForm.dll
>>> File "C:\ABC\样本.rar\WinForm.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\样本.rar\x.exe
>>> Virus 'Mal/Generic-A' found in file C:\ABC\样本.rar\x.exe
C:\ABC\样本.rar\zs.exe
>>> Virus 'Mal/Generic-A' found in file C:\ABC\样本.rar\zs.exe
C:\ABC\样本.rar\15.exe
>>> Virus 'Mal/Behav-156' found in file C:\ABC\样本.rar\15.exe
C:\ABC\样本.rar\17.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\17.exe
C:\ABC\样本.rar\21.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\21.exe
C:\ABC\样本.rar\19.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\19.exe
C:\ABC\样本.rar\20.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\20.exe
C:\ABC\样本.rar\12.exe
C:\ABC\样本.rar\12.exe\FILE:0000
>>> Virus 'Mal/Gampass-A' found in file C:\ABC\样本.rar\12.exe\FILE:0000
>>> File "C:\ABC\样本.rar\12.exe" has been identified as suspicious 'Sus/Dropper-R'.
C:\ABC\样本.rar\18.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\18.exe
C:\ABC\样本.rar\6.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\6.exe
C:\ABC\样本.rar\10.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\10.exe
C:\ABC\样本.rar\11.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\11.exe
C:\ABC\样本.rar\13.exe
C:\ABC\样本.rar\13.exe\FILE:0000
>>> Virus 'Mal/GamePSW-C' found in file C:\ABC\样本.rar\13.exe\FILE:0000
C:\ABC\样本.rar\13.exe\FILE:0000
>>> Virus 'Mal/GamePSW-C' found in file C:\ABC\样本.rar\13.exe\FILE:0000
>>> Virus 'Mal/Behav-031' found in file C:\ABC\样本.rar\13.exe
C:\ABC\样本.rar\5.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\5.exe
C:\ABC\样本.rar\7.exe
>>> Virus 'Mal/Behav-156' found in file C:\ABC\样本.rar\7.exe
C:\ABC\样本.rar\8.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\8.exe
C:\ABC\样本.rar\9.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\9.exe
C:\ABC\样本.rar\2.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\2.exe
C:\ABC\样本.rar\3.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\3.exe
C:\ABC\样本.rar\4.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\样本.rar\4.exe
C:\ABC\样本.rar\aeltflrwbhnt.dll
>>> Virus 'Mal/Behav-160' found in file C:\ABC\样本.rar\aeltflrwbhnt.dll
C:\ABC\样本.rar\Sy_Win7k.Jmp
C:\ABC\样本.rar\Wn_Sys8x.Sys
>>> Virus 'Mal/Gampass-A' found in file C:\ABC\样本.rar\Wn_Sys8x.Sys
C:\ABC\样本.rar\608769MM.DLL
>>> Virus 'Mal/GamePSW-C' found in file C:\ABC\样本.rar\608769MM.DLL
C:\ABC\样本.rar\flrxhmsxdioua.dll
>>> Virus 'Mal/Behav-160' found in file C:\ABC\样本.rar\flrxhmsxdioua.dll
C:\ABC\样本.rar\DbgHlp32.dll
>>> File "C:\ABC\样本.rar\DbgHlp32.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\样本.rar\MsPrint32D.dll
>>> File "C:\ABC\样本.rar\MsPrint32D.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\样本.rar\msccrt.dll
>>> File "C:\ABC\样本.rar\msccrt.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\样本.rar\ProcSvr01.dll
>>> Virus 'Mal/DllHook-A' found in file C:\ABC\样本.rar\ProcSvr01.dll
C:\ABC\样本.rar\upxdnd.dll
>>> File "C:\ABC\样本.rar\upxdnd.dll" has been identified as suspicious 'Sus/Zhengtu-A'.
C:\ABC\样本.rar\pubhouyekq.dll
>>> Virus 'Mal/Behav-160' found in file C:\ABC\样本.rar\pubhouyekq.dll
C:\ABC\样本.rar\AVPSrv.dll
>>> File "C:\ABC\样本.rar\AVPSrv.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\样本.rar\cmdbcs.dll
>>> Virus 'Mal/WOWPWS-A' found in file C:\ABC\样本.rar\cmdbcs.dll

[ 本帖最后由 promised 于 2007-11-23 17:25 编辑 ]

显示全部楼层 · 发表于 2007-11-23 17:24:46

Starting the file scan:

Begin scan in 'E:\样本.rar'
E:\样本.rar
  [0] Archive type: RAR
  --> GenProtect.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> MsIMMs32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> WinForm.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.Ifu.3
  --> x.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delf.czb.1
  --> zs.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Losabel.Q
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 17.exe
   [DETECTION] Is the Trojan horse TR/Agent.AFVL
  --> 21.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 19.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 20.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iig
  --> 12.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/PSW.Onlineg.KC.2
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.igx
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bty.34
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.Ifu.3
  --> 3.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aeltflrwbhnt.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.igx
  --> Wn_Sys8x.Sys
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> flrxhmsxdioua.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iig
  --> DbgHlp32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> MsPrint32D.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> msccrt.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> ProcSvr01.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.hyi.3
  --> upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> pubhouyekq.dll
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> AVPSrv.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

End of the scan: 2007年11月23日  17:25
Used time: 00:33 min

The scan has been done completely.

   0 Scanning directories
   37 Files were scanned
   29 viruses and/or unwanted programs were found
   6 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   8 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-11-23 17:34:04

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\26\MsIMMs32.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:25088  MD5:8e1c3eba0da9a7166c1d1c6fa6c702f3

[C:\Documents and Settings\Administrator\桌面\Virus\26\WinForm.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:25600  MD5:f4604d48f8904621738686c717e37e77

[C:\Documents and Settings\Administrator\桌面\Virus\26\15.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16112  MD5:8c6eb4c0ff6b3f52c55237062cb4e80e

[C:\Documents and Settings\Administrator\桌面\Virus\26\17.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:15385  MD5:082b56677bdc0fe8432fe8bc3cb3266d

[C:\Documents and Settings\Administrator\桌面\Virus\26\21.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16208  MD5:4105de3672a9d13aa5a1bd03c5869530

[C:\Documents and Settings\Administrator\桌面\Virus\26\19.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:14680  MD5:9e6123007e4b052c64c8354641d38a5b

[C:\Documents and Settings\Administrator\桌面\Virus\26\20.exe]
                  …………发现Spy！报告:[2] [1] Win32.NkHack.FSG.A
文件信息:  大小:29941  MD5:11a2f6d40552b5d0bc6e1443f5d1ecab

[C:\Documents and Settings\Administrator\桌面\Virus\26\18.exe]
                  …………发现Spy！报告:[2] [1] Win32.F/S.ByDwing
文件信息:  大小:16129  MD5:7aa6272f4038930b7c41fe687840129c

[C:\Documents and Settings\Administrator\桌面\Virus\26\6.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16400  MD5:bd3a50f9d2b930d2168648ca3eb092c9

[C:\Documents and Settings\Administrator\桌面\Virus\26\10.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16604  MD5:abc75c24b98b99fbb552153589b01b12

[C:\Documents and Settings\Administrator\桌面\Virus\26\11.exe]
                  …………发现Spy！报告:[2] [1] Win32.NkHack.FSG.A[5] 下载者
文件信息:  大小:30477  MD5:b68e1154e31958320c0f1f1d328985e1

[C:\Documents and Settings\Administrator\桌面\Virus\26\5.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15132  MD5:9523aff188b6e6d4d38e1f9d0b8fae19

[C:\Documents and Settings\Administrator\桌面\Virus\26\7.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16020  MD5:6a88125551c928ea2d0e4d8f2f315202

[C:\Documents and Settings\Administrator\桌面\Virus\26\8.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15680  MD5:eb508d4da74e70f5bbdeb49ef4199952

[C:\Documents and Settings\Administrator\桌面\Virus\26\9.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17740  MD5:d8870c9195584ca29916e2bf5c59b04d

[C:\Documents and Settings\Administrator\桌面\Virus\26\2.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:16228  MD5:cca2addc37d06cd0ea51d30ba208bdd3

[C:\Documents and Settings\Administrator\桌面\Virus\26\3.exe]
                  …………发现Spy！报告:[2] [1] Win32.NkHack.FSG.A
文件信息:  大小:33433  MD5:c6f161929ab9a8d309edffef0d708c2e

[C:\Documents and Settings\Administrator\桌面\Virus\26\4.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17803  MD5:c1383e0da4a1ada3d878ecbc68dbc6a1

[C:\Documents and Settings\Administrator\桌面\Virus\26\aeltflrwbhnt.dll]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:19241  MD5:790c38da12e6d991632b53f1088fea2f

[C:\Documents and Settings\Administrator\桌面\Virus\26\Wn_Sys8x.Sys]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:48755  MD5:8ed222865563fe1ad43ec2d94f0edd88

[C:\Documents and Settings\Administrator\桌面\Virus\26\608769MM.DLL]
                  …………发现Spy！报告: [4]
文件信息:  大小:44849  MD5:5102c8eb81313bc1e025776adaada3ee

[C:\Documents and Settings\Administrator\桌面\Virus\26\flrxhmsxdioua.dll]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:18845  MD5:03a47ee2d13e5f7cabeb807a24b7858f

[C:\Documents and Settings\Administrator\桌面\Virus\26\DbgHlp32.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:25088  MD5:9c2532b5f43b594e41919b17864dbc43

[C:\Documents and Settings\Administrator\桌面\Virus\26\MsPrint32D.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:23040  MD5:6618dec85b56e3f8c67c8a843e4722b1

[C:\Documents and Settings\Administrator\桌面\Virus\26\msccrt.dll]
                  …………发现Spy！报告:[8] HOOK者
文件信息:  大小:26112  MD5:6ba7cb9de9ca8958a4320b16155fc943

[C:\Documents and Settings\Administrator\桌面\Virus\26\ProcSvr01.dll]
                  …………发现Spy！报告: [4] [8] HOOK者
文件信息:  大小:27136  MD5:917c48a876bac3cb7d34140b8891d5c3

[C:\Documents and Settings\Administrator\桌面\Virus\26\upxdnd.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:24064  MD5:73949821711c6c3c042e77e3df40c319

[C:\Documents and Settings\Administrator\桌面\Virus\26\pubhouyekq.dll]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:21666  MD5:4fd23b272cc603b2955daf7ff0c268af

[C:\Documents and Settings\Administrator\桌面\Virus\26\AVPSrv.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:26112  MD5:012301ac74be46fda0d2c2604787fc41

[C:\Documents and Settings\Administrator\桌面\Virus\26\cmdbcs.dll]
                  …………发现Spy！报告:[1] Win32.Badsoft.RX[8] HOOK者
文件信息:  大小:26112  MD5:4607083c4db261e817a7077605207eaa

文件数:36 病毒数:30  比重:0.8333333333333
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

显示全部楼层 · 发表于 2007-11-23 17:47:07

kv08扫描结果:
               文件数 :37                               病毒体 :28
               删除 :28                                  解毒 :0
扫描速度(千字节/秒) :201                            扫描时间 :00:00:08
扫描文件速度(个/秒) :4

显示全部楼层 · 发表于 2007-11-23 17:50:28

34

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.iio File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/GenProtect.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.iij File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/MsIMMs32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ifu File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/WinForm.dll
deleted: Trojan program Trojan-Downloader.Win32.Delf.czb File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/x.exe
deleted: Trojan program Trojan-Downloader.Win32.Losabel.q File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/zs.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ikh File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/15.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hqh File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/17.exe
deleted: virus Heur.Trojan.Generic File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/21.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.imv File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/19.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ihv File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/20.exe//FSG
deleted: virus Virus.Win32.AutoRun.afd File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/12.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hqh File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/18.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.imw File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/6.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.icd File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/10.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.igy File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/11.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/13.exe//ASPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ihy File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/5.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ihz File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/7.exe//PE_Patch//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.Nilage.bty File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/8.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hqh File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/9.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ifv File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/2.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.WOW.afl File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/3.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ihx File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/4.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.igx File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/aeltflrwbhnt.dll//UPack//PE_Patch.MaskPE
deleted: virus Virus.Win32.AutoRun.aen File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/Wn_Sys8x.Sys
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/608769MM.DLL
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.iig File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/flrxhmsxdioua.dll//UPack//PE_Patch.MaskPE
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ikh File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/DbgHlp32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.imv File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/MsPrint32D.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.hyi File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/ProcSvr01.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.iii File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/upxdnd.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ikb File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/pubhouyekq.dll//UPack//PE_Patch.MaskPE
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.imw File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/AVPSrv.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.icd File: C:\Documents and Settings\Administrator\×ÀÃæ\Ñù±¾.rar/cmdbcs.dll

显示全部楼层 · 发表于 2007-11-23 18:11:30

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.icd 檔案: C:\Documents and Settings\kato9096\桌面\160758\10.exe//PE_Patch//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.igy 檔案: C:\Documents and Settings\kato9096\桌面\160758\11.exe//FSG
已刪除: 病毒 Virus.Win32.AutoRun.afd 檔案: C:\Documents and Settings\kato9096\桌面\160758\12.exe//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.boy 檔案: C:\Documents and Settings\kato9096\桌面\160758\13.exe//ASPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ikh 檔案: C:\Documents and Settings\kato9096\桌面\160758\15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hqh 檔案: C:\Documents and Settings\kato9096\桌面\160758\17.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hqh 檔案: C:\Documents and Settings\kato9096\桌面\160758\18.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.imv 檔案: C:\Documents and Settings\kato9096\桌面\160758\19.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ifv 檔案: C:\Documents and Settings\kato9096\桌面\160758\2.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ihv 檔案: C:\Documents and Settings\kato9096\桌面\160758\20.exe//FSG
已隔離: 病毒 Heur.Invader (修改) 檔案: C:\Documents and Settings\kato9096\桌面\160758\21.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.WOW.afl 檔案: C:\Documents and Settings\kato9096\桌面\160758\3.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ihx 檔案: C:\Documents and Settings\kato9096\桌面\160758\4.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ihy 檔案: C:\Documents and Settings\kato9096\桌面\160758\5.exe//PE_Patch//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.imw 檔案: C:\Documents and Settings\kato9096\桌面\160758\6.exe//PE_Patch//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.boy 檔案: C:\Documents and Settings\kato9096\桌面\160758\608769MM.DLL
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ihz 檔案: C:\Documents and Settings\kato9096\桌面\160758\7.exe//PE_Patch//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.bty 檔案: C:\Documents and Settings\kato9096\桌面\160758\8.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hqh 檔案: C:\Documents and Settings\kato9096\桌面\160758\9.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.igx 檔案: C:\Documents and Settings\kato9096\桌面\160758\aeltflrwbhnt.dll//UPack//PE_Patch.MaskPE
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.imw 檔案: C:\Documents and Settings\kato9096\桌面\160758\AVPSrv.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.icd 檔案: C:\Documents and Settings\kato9096\桌面\160758\cmdbcs.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ikh 檔案: C:\Documents and Settings\kato9096\桌面\160758\DbgHlp32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iig 檔案: C:\Documents and Settings\kato9096\桌面\160758\flrxhmsxdioua.dll//UPack//PE_Patch.MaskPE
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iio 檔案: C:\Documents and Settings\kato9096\桌面\160758\GenProtect.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iij 檔案: C:\Documents and Settings\kato9096\桌面\160758\MsIMMs32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.imv 檔案: C:\Documents and Settings\kato9096\桌面\160758\MsPrint32D.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hyi 檔案: C:\Documents and Settings\kato9096\桌面\160758\ProcSvr01.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ikb 檔案: C:\Documents and Settings\kato9096\桌面\160758\pubhouyekq.dll//UPack//PE_Patch.MaskPE
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iii 檔案: C:\Documents and Settings\kato9096\桌面\160758\upxdnd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ifu 檔案: C:\Documents and Settings\kato9096\桌面\160758\WinForm.dll
已刪除: 病毒 Virus.Win32.AutoRun.aen 檔案: C:\Documents and Settings\kato9096\桌面\160758\Wn_Sys8x.Sys
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Delf.czb 檔案: C:\Documents and Settings\kato9096\桌面\160758\x.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Losabel.q 檔案: C:\Documents and Settings\kato9096\桌面\160758\zs.exe

杀了３４个，两个不报，一个变种，已上报三个。

[ 本帖最后由 kato9096 于 2007-11-23 18:13 编辑 ]

显示全部楼层 · 发表于 2007-11-23 19:59:25

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOnline.alo
病毒： Trojan.PSW.Win32.GameOnline.alv
病毒： Trojan.PSW.Win32.GameOnline.akt
病毒： Trojan.DL.Win32.Misc.d
病毒： Trojan.DL.Win32.Mnless.bb
病毒： Trojan.PSW.Win32.GameOnline.amc
病毒： Trojan.PSW.Win32.DJOnline.as
病毒： Trojan.PSW.Win32.GameOnline.alu
病毒： Trojan.PSW.Win32.GameOnline.agj
病毒： Trojan.PSW.Win32.GameOnline.ail
病毒： Trojan.PSW.Win32.SunOnline.ha
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Trojan.PSW.Win32.GameOnline.alj
病毒： Trojan.PSW.Win32.GameOnline.alv
病毒： Trojan.PSW.Win32.GameOnline.aen
病毒： Trojan.PSW.Win32.GameOnline.ahj
病毒： Trojan.PSW.Win32.GameOnline.akt
病毒： Trojan.PSW.Win32.Agent.vpu
病毒： Trojan.PSW.Win32.GameOnline.alo
病毒： Trojan.PSW.Win32.SunOnline.ha
病毒： Worm.Win32.PaBug.eb
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Trojan.PSW.Win32.GameOnline.alu
病毒： Trojan.PSW.Win32.GameOnline.amc
病毒： Trojan.PSW.Win32.GameOnline.afs
病毒： Trojan.PSW.Win32.GameOnline.alj
病毒： Trojan.PSW.Win32.Agent.vpu
病毒： Trojan.PSW.Win32.GameOnline.ail

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.19.41

显示全部楼层 · 发表于 2007-11-23 22:57:57

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 977
Paranoia Database - 48989
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\New Folder (2)

C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\GenProtect.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\MsIMMs32.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\WinForm.dll - Infected TROJAN-PSW.ONLINEGAMES.12 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\x.exe - Infected WIN32.TROJAN-DOWNLOADER.AGENT.20 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\zs.exe - Infected WIN32.TROJAN-DOWNLOADER.AGENT.20 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\15.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\17.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\21.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\19.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\20.exe - Infected TROJAN-PSW.ONLINEGAMES.121 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\12.exe - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\18.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\6.exe - Suspected TROJAN-PSW.ONLINEGAMES.2
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\10.exe - Infected TROJAN-PSW.ONLINEGAMES.135 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\11.exe - Infected TROJAN-PSW.ONLINEGAMES.121 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\13.exe - Infected WIN32.TROJAN-PSW.LMIR.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\5.exe - Infected GENERIC.MALWARE.899.3B1C - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\7.exe - Infected GENERIC.MALWARE.162.3E94 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\8.exe - Infected GENERIC.MALWARE.7E2.3D40 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\9.exe - Infected TROJAN-PSW.ONLINEGAMES.48 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\2.exe - Infected TROJAN-PSW.ONLINEGAMES.148 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\3.exe - Infected TROJAN-PSW.ONLINEGAMES.121 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\4.exe - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\aeltflrwbhnt.dll - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\Sy_Win7k.Jmp - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\Wn_Sys8x.Sys - Infected WIN32.TROJAN-PSW.QQPASS.A - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\608769MM.DLL - Infected WIN32.MALWARE.AGENT.6 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\flrxhmsxdioua.dll - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\DbgHlp32.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\MsPrint32D.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\msccrt.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\ProcSvr01.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\upxdnd.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\pubhouyekq.dll - Suspected MaliciousScope:GENERIC.MALWARE.3
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\AVPSrv.dll - Infected TROJAN-PSW.ONLINEGAMES.43 - Deleted
C:\Documents and Settings\Uhthn\Desktop\New Folder (2)\cmdbcs.dll - Infected TROJAN-PSW.ONLINEGAMES.12 - Deleted

36 Files scanned
28 Infected files found
8 Suspected files found
0 Files disinfected
28 Files deleted

显示全部楼层 · 发表于 2007-11-23 23:17:08

Hello,

21.exe, msccrt.dll - Trojan-PSW.Win32.OnLineGames.inm

These files are already detected. Please update your antivirus bases.

Sy_Win7k.Jmp

This file is corrupted.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2007-11-23 23:24:51

E:\Download\样本.rar » RAR » GenProtect.dll - a variant of Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » MsIMMs32.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » WinForm.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » x.exe - Win32/TrojanDownloader.Delf.OAF trojan
E:\Download\样本.rar » RAR » zs.exe - Win32/TrojanDownloader.Delf.OAD trojan
E:\Download\样本.rar » RAR » 15.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 17.exe - Win32/PSW.OnLineGames.NGU trojan
E:\Download\样本.rar » RAR » 21.exe - a variant of Win32/PSW.OnLineGames.YA trojan
E:\Download\样本.rar » RAR » 19.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 20.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » 12.exe - probably a variant of Win32/AutoRun.Q worm
E:\Download\样本.rar » RAR » 18.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
E:\Download\样本.rar » RAR » 6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 10.exe - a variant of Win32/PSW.OnLineGames.YA trojan
E:\Download\样本.rar » RAR » 11.exe - probably a variant of Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » 13.exe - Win32/PSW.WOW.WU trojan
E:\Download\样本.rar » RAR » 5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 7.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 8.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 9.exe - probably a variant of Win32/PSW.OnLineGames.NGU trojan
E:\Download\样本.rar » RAR » 2.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » 3.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » 4.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » aeltflrwbhnt.dll - a variant of Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » Wn_Sys8x.Sys - probably a variant of Win32/AutoRun.Q worm
E:\Download\样本.rar » RAR » 608769MM.DLL - Win32/PSW.Legendmir.NFF trojan
E:\Download\样本.rar » RAR » flrxhmsxdioua.dll - a variant of Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » DbgHlp32.dll - Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » MsPrint32D.dll - Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » msccrt.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » ProcSvr01.dll - Win32/PSW.OnLineGames.NFL trojan
E:\Download\样本.rar » RAR » upxdnd.dll - Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » pubhouyekq.dll - Win32/PSW.OnLineGames.GJV trojan
E:\Download\样本.rar » RAR » AVPSrv.dll - Win32/PSW.OnLineGames.HCV trojan
E:\Download\样本.rar » RAR » cmdbcs.dll - Win32/PSW.OnLineGames.NFL trojan

[病毒样本] 36个

本帖子中包含更多资源

35

58/28

35

浏览过的版块