别人机子上的17个[没有毒的已经去掉]

显示全部楼层 · 发表于 2007-11-24 17:34:26

抓错8个已经去掉

[ 本帖最后由 qianwenxiang 于 2007-11-24 17:50 编辑 ]

显示全部楼层 · 发表于 2007-11-24 17:34:51

样本补上了

[ 本帖最后由 qianwenxiang 于 2007-11-24 17:36 编辑 ]

显示全部楼层 · 发表于 2007-11-24 17:37:04

那啥
怎么又变成25了
11
R:\system32.rar » RAR » LYMANGR.DLL - Win32/PSW.OnLineGames.DTR trojan
R:\system32.rar » RAR » videodevice.dll - Win32/PSW.OnLineGames.NHF trojan
R:\system32.rar » RAR » dthxatl.dll - Win32/PSW.OnLineGames.NHF trojan
R:\system32.rar » RAR » gdjzi32.dll - Win32/PSW.OnLineGames.NHF trojan
R:\system32.rar » RAR » gdwmi32.dll - Win32/PSW.OnLineGames.NHF trojan
R:\system32.rar » RAR » gdzhtui32.dll - Win32/PSW.OnLineGames.NHF trojan
R:\system32.rar » RAR » MsPrint32D.dll - a variant of Win32/PSW.OnLineGames.HCV trojan
R:\system32.rar » RAR » NVDispDrv.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan
R:\system32.rar » RAR » LotusHlp.dll - Win32/PSW.OnLineGames.HCV trojan
R:\system32.rar » RAR » DbgHlp32.dll - Win32/PSW.OnLineGames.HCV trojan
R:\system32.rar » RAR » qqsetupt.log » NSIS » 66.exe - error reading archive
R:\system32.rar » RAR » GenProtect.dll - a variant of Win32/PSW.OnLineGames.HCV trojan

显示全部楼层 · 发表于 2007-11-24 17:37:42

C:\ABC\system32\3389.EXE - 特征码 'Packed.Win32.Klone.af' 被发现
C:\ABC\system32\acadminidump.dmp
C:\ABC\system32\DbgHlp32.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.ikh' 被发现
C:\ABC\system32\devcon.exe
C:\ABC\system32\dthxatl.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\system32\gdjzi32.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\system32\gdwmi32.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\system32\gdzhtui32.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\system32\GenProtect.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\system32\japi.dll
C:\ABC\system32\japi2.dll
C:\ABC\system32\lasse.exe - 特征码 'Backdoor.Win32.Hupigon.dkl' 被发现
C:\ABC\system32\LoginUsers.ibk
C:\ABC\system32\LoginUsers.idx
C:\ABC\system32\LotusHlp.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.hzt' 被发现
C:\ABC\system32\LYMANGR.DLL - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\system32\MsPrint32D.dll - 特征码 'Virus.Win32.OnLineGames.BHW' 被发现
C:\ABC\system32\NVDispDrv.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\system32\qqsetupe.log - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\system32\qqsetups.log
C:\ABC\system32\qqsetupt.log
C:\ABC\system32\Setup1.exe
C:\ABC\system32\SHQ.DLL - 特征码 'Generic.PWS.Games.3' 被发现
C:\ABC\system32\Status.MPF
C:\ABC\system32\videodevice.dll - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现

25 文件被扫描
(0 压缩档 0 文件)
15 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.532

显示全部楼层 · 发表于 2007-11-24 17:38:28

F-PROT Antivirus version 6.2.1
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.2.54
Virus signatures: 20071122184866b62b5a5b1eef67c243c48343d337ee
(C:\Documents and Settings\All Users.WINDOWS\Application Data\FRISK Software\F-PROT Antivirus for Windows\antivir.def)

[Found possible security risk] <W32/Heuristic-162!Eldorado (not disinfectable)> C:\ABC\system32\3389.EXE->(NSPack)->(PE_Patch)
[Clean] C:\ABC\system32\acadminidump.dmp
[Found password stealer] <W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\DbgHlp32.dll
[Clean] C:\ABC\system32\devcon.exe
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\dthxatl.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\gdjzi32.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\gdwmi32.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\gdzhtui32.dll->(UPack)
[Found password stealer] <W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\GenProtect.dll
[Clean] C:\ABC\system32\japi.dll
[Clean] C:\ABC\system32\japi2.dll
[Found possible security risk] <W32/Heuristic-162!Eldorado (not disinfectable)> C:\ABC\system32\lasse.exe->(Klone.AF)
[Clean] C:\ABC\system32\LoginUsers.ibk
[Clean] C:\ABC\system32\LoginUsers.idx
[Found password stealer] <W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\LotusHlp.dll
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\LYMANGR.DLL->(UPack)
[Found password stealer] <W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\MsPrint32D.dll
[Found password stealer] <W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\NVDispDrv.dll
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\qqsetupe.log->(UPack)
[Found downloader] <W32/Downloader.D.gen!Eldorado (generic, not disinfectable)> C:\ABC\system32\qqsetups.log
[Clean] C:\ABC\system32\qqsetupt.log
[Clean] C:\ABC\system32\Setup1.exe
[Clean] C:\ABC\system32\SHQ.DLL
[Clean] C:\ABC\system32\Status.MPF
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\ABC\system32\videodevice.dll->(UPack)

Results:

Files: 25
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 25
Infected objects: 15
Files with errors: 0
Disinfected: 0

Running time: 00:02

显示全部楼层 · 发表于 2007-11-24 17:38:30

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ikh 檔案: C:\Documents and Settings\kato9096\桌面\161242\DbgHlp32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hqo 檔案: C:\Documents and Settings\kato9096\桌面\161242\dthxatl.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hql 檔案: C:\Documents and Settings\kato9096\桌面\161242\gdjzi32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.iox 檔案: C:\Documents and Settings\kato9096\桌面\161242\gdwmi32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.igh 檔案: C:\Documents and Settings\kato9096\桌面\161242\gdzhtui32.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hzt 檔案: C:\Documents and Settings\kato9096\桌面\161242\LotusHlp.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.hpo 檔案: C:\Documents and Settings\kato9096\桌面\161242\LYMANGR.DLL//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ihi 檔案: C:\Documents and Settings\kato9096\桌面\161242\NVDispDrv.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ipo 檔案: C:\Documents and Settings\kato9096\桌面\161242\videodevice.dll//UPack

Kis 7 ,９个，没报的已上报

显示全部楼层 · 发表于 2007-11-24 17:39:03

Begin scan in 'C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25'
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\3389.EXE
   [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/NSPack). Please verify the origin of the file
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\DbgHlp32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ikh.3
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\dthxatl.dll
   [DETECTION] Is the Trojan horse TR/Gendal.7624
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\gdjzi32.dll
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\gdwmi32.dll
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\gdzhtui32.dll
   [DETECTION] Is the Trojan horse TR/CrashSystem.C
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\GenProtect.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '47b5f188.qua'!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\lasse.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\LotusHlp.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.hzt.7
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\MsPrint32D.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.hcv
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\NVDispDrv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '478bf181.qua'!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\qqsetupe.log
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '47baf19e.qua'!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\SHQ.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!
C:\Documents and Settings\Administrator\Desktop\Sample\Copy of 25\videodevice.dll
   [DETECTION] Is the Trojan horse TR/PSW.Wow.adu.2
   [INFO]    The file was successfully wiped!
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-11-24 17:42:10

Quick Scanning

C:\ABC\system32\3389.EXE
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\3389.EXE
C:\ABC\system32\acadminidump.dmp
C:\ABC\system32\DbgHlp32.dll
>>> File "C:\ABC\system32\DbgHlp32.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\system32\devcon.exe
C:\ABC\system32\dthxatl.dll
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\dthxatl.dll
C:\ABC\system32\gdjzi32.dll
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\gdjzi32.dll
C:\ABC\system32\gdwmi32.dll
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\gdwmi32.dll
C:\ABC\system32\gdzhtui32.dll
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\gdzhtui32.dll
C:\ABC\system32\GenProtect.dll
>>> File "C:\ABC\system32\GenProtect.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\system32\japi.dll
C:\ABC\system32\japi2.dll
C:\ABC\system32\lasse.exe
>>> Virus 'Mal/EncPk-BN' found in file C:\ABC\system32\lasse.exe
C:\ABC\system32\LoginUsers.ibk
C:\ABC\system32\LoginUsers.idx
C:\ABC\system32\LotusHlp.dll
>>> File "C:\ABC\system32\LotusHlp.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\system32\LYMANGR.DLL
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\LYMANGR.DLL
C:\ABC\system32\MsPrint32D.dll
>>> File "C:\ABC\system32\MsPrint32D.dll" has been identified as suspicious 'Sus/Malware-A'.
C:\ABC\system32\NVDispDrv.dll
>>> File "C:\ABC\system32\NVDispDrv.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\system32\qqsetupe.log
C:\ABC\system32\qqsetupe.log\FILE:0000
C:\ABC\system32\qqsetupe.log\FILE:0001
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\qqsetupe.log\FILE:0001
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\qqsetupe.log
C:\ABC\system32\qqsetups.log
C:\ABC\system32\qqsetupt.log
C:\ABC\system32\qqsetupt.log\FILE:0000
C:\ABC\system32\qqsetupt.log\FILE:0001
C:\ABC\system32\Setup1.exe
C:\ABC\system32\SHQ.DLL
>>> File "C:\ABC\system32\SHQ.DLL" has been identified as suspicious 'Sus/Behav-1010'.
C:\ABC\system32\Status.MPF
C:\ABC\system32\videodevice.dll
>>> Virus 'Mal/Packer' found in file C:\ABC\system32\videodevice.dll

25 files swept in 12 seconds.
10 viruses were discovered.
6 suspicious files were discovered.
15 files out of 25 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.

显示全部楼层 · 发表于 2007-11-24 17:42:36

acadminidump.dmp
devcon.exe
japi.dll
japi2.dll
LoginUsers.ibk
LoginUsers.idx
Setup1.exe
Status.MPF
这几个应该不是病毒

[ 本帖最后由 yimike 于 2007-11-24 17:44 编辑 ]

显示全部楼层 · 发表于 2007-11-24 17:42:42

原帖由 风野胤 于 2007-11-24 17:37 发表
那啥
怎么又变成25了

补了两个

[病毒样本] 别人机子上的17个[没有毒的已经去掉]

本帖子中包含更多资源

AntiVir 15