45个

显示全部楼层 · 发表于 2007-11-27 00:09:16

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\样本\00006.EXE
并生成以下文件:
1) E:\AUTORUN.EXE
2) C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WN_SYS8X.SYS
3) E:\AUTORUN.INF
4) E:\AUTORUN.EXE

是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2007-11-27 02:15:24

C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00001.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00002.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00003.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00004.exe - Win32/PSW.OnLineGames.NGU 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00005.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00006.exe - Win32/AutoRun.DP 蠕虫
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00007.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00008.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00009.exe - Win32/PSW.OnLineGames.IMU 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\0001.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00010.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00011.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00012.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00013.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00014.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00015.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00016.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00017.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00018.exe - 可能是 Win32/PSW.OnLineGames.NGU 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00019.exe - 可能是 Win32/PSW.OnLineGames.NGU 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00020.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00022.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\00026.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\avwlemn.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\avzxhmn.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\GenProtect.dll - Win32/PSW.OnLineGames.HCV 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kapjezy.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kaqhjzy.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kawdfzy.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kvdxjma.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kvdxsjma.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\kvmxima.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\LotusHlp.dll - Win32/PSW.OnLineGames.HCV 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\rarjepi.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\ratbkpi.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\rsztlpm.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\swjqbzc.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\swrceac.exe - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\swrcezc.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\Wn_Sys8x.Sys - Win32/AutoRun.DP 蠕虫
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\wsjrfzx.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种
C:\Documents and Settings\wyj\桌面\样本.rar ?RAR ?样本\wszjbzx.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种

显示全部楼层 · 发表于 2007-11-27 13:36:57

趋势提醒了五六十次吧。数不清了。

显示全部楼层 · 发表于 2007-11-27 14:04:56

小红伞 45个
Start of the scan: 2007年11月27日  14:02

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.rar'
C:\Documents and Settings\Administrator\桌面\样本.rar
  [0] Archive type: RAR
  --> Ñù±¾\00001.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ijj
  --> Ñù±¾\00002.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\00003.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ini
  --> Ñù±¾\00004.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> Ñù±¾\00005.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\00006.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.8
  --> Ñù±¾\00007.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iec
  --> Ñù±¾\00008.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\00009.exe
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
  --> Ñù±¾\0001.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.22864
  --> Ñù±¾\00010.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.idh
  --> Ñù±¾\00011.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\00012.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iih
  --> Ñù±¾\00013.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iih
  --> Ñù±¾\00014.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.22864
  --> Ñù±¾\00015.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.inb
  --> Ñù±¾\00016.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\00017.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iiz
  --> Ñù±¾\00018.exe
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
  --> Ñù±¾\00019.exe
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
  --> Ñù±¾\00020.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ing
  --> Ñù±¾\00022.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.24908
  --> Ñù±¾\00026.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\avwlemn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ing
  --> Ñù±¾\avzxhmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iih
  --> Ñù±¾\GenProtect.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iha.3
  --> Ñù±¾\kapjezy.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Ñù±¾\kaqhjzy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iiv.21
  --> Ñù±¾\kawdfzy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.inb
  --> Ñù±¾\kvdxjma.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.idh
  --> Ñù±¾\kvdxsjma.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ini
  --> Ñù±¾\kvmxima.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ijj
  --> Ñù±¾\LotusHlp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Ñù±¾\mhlm.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> Ñù±¾\mylm.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ikf
  --> Ñù±¾\rarjepi.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iec
  --> Ñù±¾\ratbkpi.dll
   [DETECTION] Is the Trojan horse TR/FWDisable.22864
  --> Ñù±¾\rsztlpm.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Ñù±¾\swjqbzc.dll
   [DETECTION] Is the Trojan horse TR/FWDisable.24908
  --> Ñù±¾\swrceac.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Ñù±¾\swrcezc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Ñù±¾\wd.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> Ñù±¾\Wn_Sys8x.Sys
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.8
  --> Ñù±¾\wsjrfzx.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iiz
  --> Ñù±¾\wszjbzx.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

End of the scan: 2007年11月27日  14:03
Used time: 00:09 min

The scan has been done completely.

   0 Scanning directories
   47 Files were scanned
   40 viruses and/or unwanted programs were found
   5 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-11-27 15:32:38

看看星星 23 号和 26 号的表现。。。

显示全部楼层 · 发表于 2007-12-3 08:52:48

金山毒霸报毒45个

显示全部楼层 · 发表于 2007-12-3 20:58:40

Started scanning at 2007-12-3 20:59:07. Engine Ver: 31.1.0. Sig Ver:5340. Sig Date: 2007-12-1. ArcLib Ver: 7.3.0.9.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00001.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00002.exe> - Win32/Frethog!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00003.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00004.exe> - Win32/Zuten!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00005.exe> - Win32/Frethog!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00006.exe> - Win32/QQPass!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00007.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00008.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00009.exe> - Win32/Zuten!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\0001.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00010.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00011.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00012.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00013.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00014.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00015.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00016.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00017.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00018.exe> - Win32/Zuten!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00019.exe> - Win32/Zuten!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00020.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00022.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\00026.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\avwlemn.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\avzxhmn.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\GenProtect.dll> - Win32/Frethog!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\kapjezy.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\kawdfzy.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\kvdxjma.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\kvdxsjma.dll> - Win32/Storark.DK trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\kvmxima.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\LotusHlp.dll> - Win32/Frethog!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\rarjepi.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\ratbkpi.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\rsztlpm.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\swjqbzc.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\swrceac.exe> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\swrcezc.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\wsjrfzx.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar <样本\wszjbzx.dll> - Win32/Storark!generic trojan. Quarantined.
C:\Documents and Settings\Administrator\桌面\样本.rar - Could not open the file.

Files Scanned: 46
Files Infected: 40
Files Cleaned \ Deleted: 0
Files Quarantined: 1
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

显示全部楼层 · 发表于 2007-12-3 23:53:25

14

G:\Security\VirusTest\Collection\scan\00003.exe >>>>> Trojan-PSW.Win32.OnLineGames.ini  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00004.exe >>>>> Trojan-PSW.Win32.OnLineGames.iit  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00006.exe >>> suspicion for Trojan-PSW.Win32.OnLineGames.iro ( 0A9C1E54 046C18DF 00216C22 0020FFD8 33920)
G:\Security\VirusTest\Collection\scan\00007.exe >>>>> Trojan-PSW.Win32.OnLineGames.ifs  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00009.exe - Suspicion for Virus.Win32.PE_Type1(danger level 75%)
G:\Security\VirusTest\Collection\scan\0001.exe >>>>> Trojan-PSW.Win32.OnLineGames.inp  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00010.exe >>>>> Trojan-PSW.Win32.OnLineGames.idh  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00011.exe >>>>> Trojan-PSW.Win32.OnLineGames.iod  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00015.exe >>>>> Trojan-PSW.Win32.OnLineGames.inp  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00017.exe >>>>> Trojan-PSW.Win32.OnLineGames.iiz  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00018.exe - Suspicion for Virus.Win32.PE_Type1(danger level 75%)
G:\Security\VirusTest\Collection\scan\00019.exe >>>>> Trojan-PSW.Win32.OnLineGames.ihg  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00020.exe >>>>> Trojan-PSW.Win32.OnLineGames.ing  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00022.exe >>>>> Trojan-PSW.Win32.OnLineGames.ipb  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\00026.exe >>>>> Trojan-PSW.Win32.OnLineGames.iof  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\swrceac.exe >>>>> Trojan-PSW.Win32.OnLineGames.ioi  deletion disabled by settings
G:\Security\VirusTest\Collection\scan\wd.exe >>>>> Trojan-PSW.Win32.Nilage.bup  deletion disabled by settings

[病毒样本] 45个

拦截一个,其它全部扫描报

本帖子中包含更多资源

浏览过的版块