4个[MD5: 718834 1EE96A 8EA931 AAF0FE]

显示全部楼层 · 发表于 2007-12-7 19:27:47

C:\ABC\1\1.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\1\1.exe
C:\ABC\1\2.exe
>>> Virus 'Mal/Behav-152' found in file C:\ABC\1\2.exe
C:\ABC\1\gdqqhxi32.dll
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\1\gdqqhxi32.dll
C:\ABC\1\kaqhjzy.dll
>>> Virus 'Mal/Behav-001' found in file C:\ABC\1\kaqhjzy.dll

显示全部楼层 · 发表于 2007-12-7 19:28:44

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\4444444444444444\kaqhjzy.dll]
                  …………发现Spy！报告: [4]
文件信息:  大小:2117466  MD5:718834d1eb19030be4782e761a9fa684

[C:\Documents and Settings\Administrator\桌面\Virus\4444444444444444\gdqqhxi32.dll]
                  …………发现Spy！报告: [4] [1] Win32.F/S.ByDwing
文件信息:  大小:11671  MD5:1ee96a580c79146115cb498f17553c92

[C:\Documents and Settings\Administrator\桌面\Virus\4444444444444444\1.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:15064  MD5:8ea931668d1d486283be9323673337cb

[C:\Documents and Settings\Administrator\桌面\Virus\4444444444444444\2.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15139  MD5:aaf0fe1cba6ba7cff67a0aee31cc6163

文件数:4 病毒数:4  比重:1
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

显示全部楼层 · 发表于 2007-12-7 19:29:11

Begin scan in 'D:\Downloads\样本\样本(2).rar'
D:\Downloads\样本\
  样本(2).rar
[0] Archive type: RAR
--> kaqhjzy.dll
--> gdqqhxi32.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jgc
      [WARNING] Infected files in archives cannot be repaired!
--> 1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bpf
      [WARNING] Infected files in archives cannot be repaired!
--> 2.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-12-7 19:30:51

检测到：木马程序 Trojan-PSW.Win32.OnLineGames.irq 文件　: F:\du\样本2.rar/kaqhjzy.dll
检测到：木马程序 Trojan-PSW.Win32.OnLineGames.jgc 文件　: F:\du\样本2.rar/gdqqhxi32.dll//UPack
检测到：木马程序 Trojan-PSW.Win32.Lmir.bpf 文件　: F:\du\样本2.rar/1.exe//PE_Patch//UPack
检测到：木马程序 Trojan-PSW.Win32.OnLineGames.irq 文件　: F:\du\样本2.rar/2.exe//UPack

显示全部楼层 · 发表于 2007-12-7 19:50:53

C:\样本.rar\kaqhjzy.dll - infected with Trojan.PWS.Gamania.5912
C:\样本.rar\gdqqhxi32.dll - infected with Trojan.PWS.Wsgame.2299
C:\样本.rar\1.exe - infected with Trojan.PWS.Wsgame.2295
C:\样本.rar\2.exe - infected with Trojan.MulDrop.9719

Archive contains 4 infected items

DRWEB 4.44 Kill All

显示全部楼层 · 发表于 2007-12-7 19:58:31

The file 'kaqhjzy.dll' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2007-12-7 20:01:48

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\2.EXE
1) C:\DFD835609.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\2.EXE
1) C:\DFD835609.BAT
是否删除可疑程序?

1.exe过了微点

[ 本帖最后由 xxwpk007 于 2007-12-7 20:10 编辑 ]

显示全部楼层 · 发表于 2007-12-7 20:10:07

2007-12-7 20:07:24,TrojanPSW.OnLineGames.irq.hyvp.dll,木马,dell,C:\Documents and Settings\dell\桌面\样本1.rar>>kaqhjzy.dll,Manual scan
2007-12-7 20:07:24,TrojanPSW.QQHX.tsj.dzej.dll,木马,dell,C:\Documents and Settings\dell\桌面\样本1.rar>>gdqqhxi32.dll,Manual scan
2007-12-7 20:07:24,TrojanPSW.OnLineGames.irq.dqdf,木马,dell,C:\Documents and Settings\dell\桌面\样本1.rar>>2.exe,Manual scan
2007-12-7 20:07:24,Heuri.Suspicious.ERNM,启发式扫描,dell,C:\Documents and Settings\dell\桌面\样本1.rar>>1.exe,Manual scan

显示全部楼层 · 发表于 2007-12-7 20:36:29

F:\virus\样本.rar » RAR » kaqhjzy.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
F:\virus\样本.rar » RAR » gdqqhxi32.dll - Win32/PSW.OnLineGames.JGC trojan
F:\virus\样本.rar » RAR » 1.exe - Win32/PSW.OnLineGames.JHS trojan
F:\virus\样本.rar » RAR » 2.exe - a variant of Win32/PSW.OnLineGames.FDY trojan

显示全部楼层 · 发表于 2007-12-7 23:34:31

原帖由 xxwpk007 于 2007-12-7 20:01 发表
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\2.EXE
1) C:\DFD835609.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

1.exe过了微点 ...

有生成文件，无其他程序行为.建议你重新启动计算机看下.

[病毒样本] 4个[MD5: 718834 1EE96A 8EA931 AAF0FE]

本帖子中包含更多资源

回复 3楼无尽藏海的帖子

本帖子中包含更多资源

[病毒样本] 4个[MD5: 718834 1EE96A 8EA931 AAF0FE]

本帖子中包含更多资源

回复 3楼 无尽藏海 的帖子

本帖子中包含更多资源

回复 3楼无尽藏海的帖子