46个

显示全部楼层 · 发表于 2007-12-1 10:20:42

Start of the scan: Saturday, 1 December, 2007  10:20

Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\样本.rar'
C:\Documents and Settings\tim\桌面\样本.rar
  [0] Archive type: RAR
  --> gdwli32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.7
  --> avwggmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
  --> sidjezy.dll
   [DETECTION] Is the Trojan horse TR/FWDisable.22884
  --> avzxjmn.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> kapjezy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
  --> swjqbzc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> wszjbzx.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
  --> aa1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> aa8.exe
   [DETECTION] Is the Trojan horse TR/PSW.28160.2
  --> aa17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.6
  --> aa18.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.1
  --> aa11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
  --> 608769M.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> aa13.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> aa7.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa12.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> aa14.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.22884
  --> aa16.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> aa3.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa4.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa22.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> aa23.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa24.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
  --> aa25.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
  --> aa26.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa27.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ceckno.F Backdoor server programs
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> NvSys_55.Sys
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> AVPSrv.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> DbgHlp32.dll
   [DETECTION] Is the Trojan horse TR/PSW.28160.2
  --> LotusHlp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> MSDEG32.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
  --> NVDispDrv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> MsIMMs32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> GenProtect.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> gdmsi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> gdqqsgi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.2
  --> cd22.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [INFO]    A backup was created as '477f2c05.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: Saturday, 1 December, 2007  10:20
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   47 Files were scanned
   38 viruses and/or unwanted programs were found
   6 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   9 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-1 10:32:43

病毒签名 12/1/2007
开始时间: 12/1/2007 10:31
引擎: KAV 引擎 (AVK 18.1453), BD  引擎 (BD 18.376)
高启发: 开启
文件: 开启
系统区域: 开启

扫描系统区域...
扫描选中目录和文件...
项目: 608769M.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.Lmir.boy (KAV 引擎)
项目: 608769MM.DLL
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ieg (KAV 引擎)
项目: aa1.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixl (KAV 引擎)
项目: aa11.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: aa12.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.QQPass.ana (KAV 引擎)
项目: aa13.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jbt (KAV 引擎)
项目: aa14.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.iys (KAV 引擎)
项目: aa15.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.iuw (KAV 引擎)
项目: aa16.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: DeepScan:Generic.Dld.Agent.E70F96FD (BD  引擎)
项目: aa17.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jbg (KAV 引擎)
项目: aa18.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jbl (KAV 引擎)
项目: aa2.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ism (KAV 引擎)
项目: aa23.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixo (KAV 引擎)
项目: aa24.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Generic.Malware.SBdldg.2B8D1FF6 (BD  引擎)
项目: aa25.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ivs (KAV 引擎)
项目: aa26.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Generic.Malware.SBdldg.63E47605 (BD  引擎)
项目: aa27.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Backdoor.Win32.Ceckno.ff (KAV 引擎)
项目: aa3.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: aa4.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: aa5.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: aa7.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jch (KAV 引擎)
项目: aa8.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: AVPSrv.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jci (KAV 引擎)
项目: avwggmn.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.iuw (KAV 引擎)
项目: avzxjmn.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: BehavesLike:Trojan.WUDisable (BD  引擎)
项目: cd22.exe
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Worm.Win32.Downloader.bi (KAV 引擎)
项目: DbgHlp32.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: DeepScan:Generic.PWS.Games.1.357E89A5 (BD  引擎)
项目: gdqqsgi32.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jbl (KAV 引擎)
项目: gdwli32.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jbg (KAV 引擎)
项目: GenProtect.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
项目: kapjezy.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jck (KAV 引擎)
项目: kaqhkzy.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixq (KAV 引擎)
项目: LotusHlp.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.jch (KAV 引擎)
项目: LYLOADER.EXE
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixl (KAV 引擎)
项目: LYMANGR.DLL
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixj (KAV 引擎)
项目: MSDEG32.DLL
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ixk (KAV 引擎)
项目: MsIMMs32.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: DeepScan:Generic.PWS.Games.1.74ED2D5C (BD  引擎)
项目: NvSys_55.Sys
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.QQPass.ana (KAV 引擎)
项目: sidjezy.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.iyz (KAV 引擎)
项目: swjqbzc.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: BehavesLike:Trojan.WUDisable (BD  引擎)
项目: upxdnd.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: DeepScan:Generic.PWS.Games.4.49F10BA8 (BD  引擎)
项目: wszjbzx.dll
路径: C:\Users\AJUN\Desktop\样本
状态: 病毒,文件删除
病毒: Trojan-PSW.Win32.OnLineGames.ivs (KAV 引擎)
病毒分析完成: 12/1/2007 10:31
46 文件被检查
42 感染文件发现
0 发现可疑文件

显示全部楼层 · 发表于 2007-12-1 10:41:31

卡巴加上迅雷等于无敌，卡巴在下载的时候已发现病毒，禁止了下载！

显示全部楼层 · 发表于 2007-12-1 10:41:53

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOnline.aqn
病毒： Trojan.PSW.Win32.GameOnline.ars
病毒： Trojan.PSW.Win32.QQHX.tsi
病毒： Trojan.PSW.Win32.GameOnline.aqs
病毒： Trojan.PSW.Win32.GameOnline.asm
病毒： Trojan.PSW.Win32.GameOnline.ask
病毒： Trojan.PSW.Win32.GameOnline.asv
病毒： Trojan.PSW.Win32.GameOnline.ans
病毒： Trojan.PSW.Win32.GameOnline.aqo
病毒： Trojan.Win32.Mnless.zqz
病毒： Trojan.PSW.Win32.GameOnline.ars
病毒： Trojan.PSW.Win32.GameOnline.aqa
病毒： Trojan.PSW.Win32.QQHX.tsi
病毒： Trojan.PSW.Win32.GameOnline.aqs
病毒： Backdoor.Win32.cywl.d
病毒： Trojan.PSW.Win32.LMir.yyy
病毒： Trojan.PSW.Win32.GameOnline.aro
病毒： Trojan.PSW.Win32.GameOnline.asc
病毒： Trojan.PSW.Win32.GameOnline.aro
病毒： Trojan.PSW.Win32.GameOnline.aro
病毒： Trojan.PSW.Win32.GameOnline.aqk
病毒： Trojan.PSW.Win32.GameOnline.apo
病毒： Trojan.Win32.Mnless.znc

用户来源：互联网

软件版本：20.20.42

显示全部楼层 · 发表于 2007-12-1 10:52:53

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.rar'
C:\Documents and Settings\Administrator\桌面\样本.rar
  [0] Archive type: RAR
  --> gdwli32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.7
  --> avwggmn.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
  --> sidjezy.dll
   [DETECTION] Is the Trojan horse TR/FWDisable.22884
  --> avzxjmn.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> kapjezy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
  --> swjqbzc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> wszjbzx.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
  --> aa1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> aa8.exe
   [DETECTION] Is the Trojan horse TR/PSW.28160.2
  --> aa17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.6
  --> aa18.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.1
  --> aa11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
  --> 608769M.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> aa13.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> aa7.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa12.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> aa14.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.22884
  --> aa16.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> aa3.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa4.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> aa22.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> aa23.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa24.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
  --> aa25.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
  --> aa26.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> aa27.exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ceckno.F Backdoor server programs
  --> 608769MM.DLL
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> NvSys_55.Sys
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> AVPSrv.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> DbgHlp32.dll
   [DETECTION] Is the Trojan horse TR/PSW.28160.2
  --> LotusHlp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> MSDEG32.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
  --> NVDispDrv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> MsIMMs32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> GenProtect.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> gdmsi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> gdqqsgi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.2
  --> cd22.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [INFO]    A backup was created as '477f32e1.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: 2007年12月1日星期六  10:49
Used time: 04:55 min

The scan has been done completely.

   0 Scanning directories
   47 Files were scanned
   38 viruses and/or unwanted programs were found
   6 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   9 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-1 10:54:34

pc-cillin2007 扫出20个

显示全部楼层 · 发表于 2007-12-1 10:56:42

扫描进行于：2007-12-1 10:56:27
扫描日志
NOD32版本 2696 (20071130) NT
命令行： F:\virus\样本1.rar

日期： 1.12.2007 时间：10:56:28
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：F:\virus\样本1.rar
F:\virus\样本1.rar >>RAR >>gdwli32.dll - 可能是 Win32/PSW.OnLineGames.NHF 木马的一个变种
F:\virus\样本1.rar >>RAR >>avwggmn.dll - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>sidjezy.dll - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>avzxjmn.dll - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>kaqhkzy.dll - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>kapjezy.dll - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>swjqbzc.dll - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>wszjbzx.dll - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>aa1.exe - Win32/PSW.Agent.NEC 木马
F:\virus\样本1.rar >>RAR >>aa8.exe - Win32/PSW.OnLineGames.NFL 木马
F:\virus\样本1.rar >>RAR >>aa17.exe - 可能是 Win32/PSW.OnLineGames.NHF 木马的一个变种
F:\virus\样本1.rar >>RAR >>aa11.exe - Win32/PSW.OnLineGames.NFL 木马
F:\virus\样本1.rar >>RAR >>aa15.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>608769M.exe - Win32/PSW.WOW.WU 木马
F:\virus\样本1.rar >>RAR >>aa13.exe - 可能是 Win32/PSW.OnLineGames.NHF 木马的一个变种
F:\virus\样本1.rar >>RAR >>aa7.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
F:\virus\样本1.rar >>RAR >>aa12.exe - 可能是 Win32/Genetik 木马的一个变种
F:\virus\样本1.rar >>RAR >>aa14.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>aa16.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>aa2.exe - Win32/PSW.OnLineGames.NFL 木马
F:\virus\样本1.rar >>RAR >>aa3.exe - Win32/PSW.OnLineGames.NFL 木马的变种
F:\virus\样本1.rar >>RAR >>aa4.exe - Win32/PSW.OnLineGames.NFL 木马的变种
F:\virus\样本1.rar >>RAR >>aa5.exe - Win32/PSW.OnLineGames.NFL 木马的变种
F:\virus\样本1.rar >>RAR >>aa23.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\样本1.rar >>RAR >>aa24.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>aa25.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>aa26.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\样本1.rar >>RAR >>aa27.exe - Win32/Ceckno.DL 木马
F:\virus\样本1.rar >>RAR >>608769MM.DLL - Win32/PSW.Legendmir.NFF 木马
F:\virus\样本1.rar >>RAR >>LYLOADER.EXE - Win32/PSW.Agent.NEC 木马
F:\virus\样本1.rar >>RAR >>AVPSrv.dll - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
F:\virus\样本1.rar >>RAR >>DbgHlp32.dll - Win32/PSW.OnLineGames.HCV 木马
F:\virus\样本1.rar >>RAR >>LotusHlp.dll - Win32/PSW.OnLineGames.HCV 木马的变种
F:\virus\样本1.rar >>RAR >>LYMANGR.DLL - Win32/PSW.OnLineGames.DTR 木马
F:\virus\样本1.rar >>RAR >>MSDEG32.DLL - Win32/PSW.OnLineGames.DVV 木马
F:\virus\样本1.rar >>RAR >>NVDispDrv.dll - Win32/PSW.OnLineGames.HCV 木马
F:\virus\样本1.rar >>RAR >>upxdnd.dll - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
F:\virus\样本1.rar >>RAR >>MsIMMs32.dll - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
F:\virus\样本1.rar >>RAR >>GenProtect.dll - Win32/PSW.OnLineGames.HCV 木马
F:\virus\样本1.rar >>RAR >>gdmsi32.dll - 可能是 Win32/PSW.OnLineGames.NHF 木马的一个变种
F:\virus\样本1.rar >>RAR >>cd22.exe - Win32/Jalous.O 蠕虫
已扫描的文件数目：46
已发现的病毒数目：41
完成时间： 10:56:32 总扫描时间：4 秒 (00:00:04)

显示全部楼层 · 发表于 2007-12-1 11:04:40

C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » gdwli32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » avwggmn.dll - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » sidjezy.dll - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » avzxjmn.dll - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » kaqhkzy.dll - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » kapjezy.dll - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » swjqbzc.dll - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » wszjbzx.dll - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa1.exe - Win32/PSW.Agent.NEC trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa8.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa17.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa11.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa15.exe - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » 608769M.exe - Win32/PSW.WOW.WU trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa13.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa7.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa12.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa14.exe - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa16.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa2.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa4.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa23.exe - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa24.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa25.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa26.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » aa27.exe - Win32/Ceckno.DL trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » 608769MM.DLL - Win32/PSW.Legendmir.NFF trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » LYLOADER.EXE - Win32/PSW.Agent.NEC trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » AVPSrv.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » DbgHlp32.dll - Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » LotusHlp.dll - a variant of Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » LYMANGR.DLL - Win32/PSW.OnLineGames.DTR trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » MSDEG32.DLL - Win32/PSW.OnLineGames.DVV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » NVDispDrv.dll - Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » upxdnd.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » MsIMMs32.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » GenProtect.dll - Win32/PSW.OnLineGames.HCV trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » gdmsi32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar » RAR » cd22.exe - Win32/Jalous.O worm - was a part of the deleted object
C:\Documents and Settings\Administrator\桌面\样本.rar - multiple threats - deleted - quarantined

显示全部楼层 · 发表于 2007-12-1 11:11:54

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\��.rar'
C:\Users\morgan\Documents\
  ��.rar
[0] Archive type: RAR
--> gdwli32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.7
      [WARNING] Infected files in archives cannot be repaired!
--> avwggmn.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
      [WARNING] Infected files in archives cannot be repaired!
--> sidjezy.dll
      [DETECTION] Is the Trojan horse TR/FWDisable.22884
      [WARNING] Infected files in archives cannot be repaired!
--> avzxjmn.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> kaqhkzy.dll
--> kapjezy.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
      [WARNING] Infected files in archives cannot be repaired!
--> swjqbzc.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> wszjbzx.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
      [WARNING] Infected files in archives cannot be repaired!
   --> aa1.exe
      [1] Archive type: RSRC
      --> Object
   --> aa8.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.28160.2
            [WARNING] Infected files in archives cannot be repaired!
--> aa17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbg.6
      [WARNING] Infected files in archives cannot be repaired!
--> aa18.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.1
      [WARNING] Infected files in archives cannot be repaired!
   --> aa11.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> aa15.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.iuw
            [WARNING] Infected files in archives cannot be repaired!
   --> 608769M.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> aa13.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> aa7.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> aa12.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> aa14.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/FWDisable.22884
            [WARNING] Infected files in archives cannot be repaired!
   --> aa16.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> aa2.exe
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
         [WARNING] Infected files in archives cannot be repaired!
   --> aa3.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> aa4.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> aa5.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> aa22.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> aa23.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> aa24.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGam.htk
            [WARNING] Infected files in archives cannot be repaired!
   --> aa25.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ivs
            [WARNING] Infected files in archives cannot be repaired!
   --> aa26.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
--> aa27.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ceckno.F Backdoor server programs
      [WARNING] Infected files in archives cannot be repaired!
--> 608769MM.DLL
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> NvSys_55.Sys
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
   --> LYLOADER.EXE
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
--> AVPSrv.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> DbgHlp32.dll
      [DETECTION] Is the Trojan horse TR/PSW.28160.2
      [WARNING] Infected files in archives cannot be repaired!
--> LotusHlp.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
   --> LYMANGR.DLL
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
         [WARNING] Infected files in archives cannot be repaired!
   --> MSDEG32.DLL
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
         [WARNING] Infected files in archives cannot be repaired!
--> NVDispDrv.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> upxdnd.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> MsIMMs32.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> GenProtect.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
      [WARNING] Infected files in archives cannot be repaired!
   --> gdjzi32.dll
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
   --> gdmsi32.dll
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
         [WARNING] Infected files in archives cannot be repaired!
--> gdqqsgi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jbl.2
      [WARNING] Infected files in archives cannot be repaired!
   --> cd22.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: OVL
      --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
            [WARNING] Infected files in archives cannot be repaired!
   [WARNING] The file was ignored!

End of the scan: 2007年11月30日  19:11
Used time: 00:07 min

The scan has been done completely.

   0 Scanning directories
   47 Files were scanned
   30 viruses and/or unwanted programs were found
   14 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   17 Files not concerned
   22 Archives were scanned
   41 Warnings
   0 Notes

[病毒样本] 46个

本帖子中包含更多资源

avira 44个