下载者及产物共23

显示全部楼层 · 发表于 2007-12-9 10:05:52

Starting the file scan:

Begin scan in 'E:\样本.rar'
E:\样本.rar
  [0] Archive type: RAR
  --> gdzxi32.dll
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> Kvsc3.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> pps.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
  --> soft00.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> soft02.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jqp
  --> soft04.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> soft07.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jqp
  --> soft08.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.joj.5
  --> soft09.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtq.3
  --> soft10.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> LYMANGR.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> MSDEG32.DLL
   [DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
  --> LYLOADER.EXE
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> gdwli32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
  --> mppds.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> soft15.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdjzi32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.joj.24
  --> gdgji32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLiGames.jrs
  --> gdzhtui32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtq.4
  --> 608769WL.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> gdqqhxi32.dll
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> gdqqsgi32.dll
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!

End of the scan: 2007年12月9日  10:06
Used time: 00:31 min

The scan has been done completely.

   0 Scanning directories
   24 Files were scanned
   22 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-9 10:05:57

FS:
结果: 发现13个恶意软件
Trojan-PSW.Win32.OnLineGames.jyb (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\Kvsc3.dll
Worm.Win32.Downloader.bd (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\pps.exe
Trojan-PSW.Win32.OnLineGames.jpx (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\soft00.exe
Trojan-PSW.Win32.OnLineGames.jqp (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\soft02.exe
C:\Documents and Settings\GUNDAM\桌面\样本.rar\soft07.exe
Trojan-PSW.Win32.OnLineGames.joj (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\soft08.exe
Trojan-PSW.Win32.OnLineGames.jtq (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\soft09.exe
C:\Documents and Settings\GUNDAM\桌面\样本.rar\gdzhtui32.dll
Trojan-PSW.Win32.OnLineGames.joy (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\LYMANGR.DLL
C:\Documents and Settings\GUNDAM\桌面\样本.rar\MSDEG32.DLL
Trojan-PSW.Win32.OnLineGames.jpa (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\LYLOADER.EXE
Trojan-PSW.Win32.OnLineGames.jrk (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\gdwli32.dll
Trojan-PSW.Win32.OnLineGames.jyd (病毒)
C:\Documents and Settings\GUNDAM\桌面\样本.rar\mppds.dll

--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 24
未扫描: 0
结果:
病毒: 13
间谍软件: 0
可疑对象: 0
危险软件: 0

显示全部楼层 · 发表于 2007-12-9 10:12:27

detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/Kvsc3.dll
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/pps.exe//
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft00.exe
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft02.exe////
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft07.exe////
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft08.exe////
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft09.exe////
detected: virus File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/soft10.exe////
detected: virus êÔ’|ÿ

显示全部楼层 · 发表于 2007-12-9 10:14:42

G:\Users\Administrator\Desktop\样本.rar » RAR » gdzxi32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » Kvsc3.dll - probably a variant of Win32/PSW.OnLineGames.HCV trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » pps.exe - Win32/Jalous.N worm
G:\Users\Administrator\Desktop\样本.rar » RAR » soft00.exe - Win32/PSW.Agent.NEC trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft02.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft04.exe - probably a variant of Win32/PSW.WOW.WU trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft07.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft08.exe - Win32/PSW.OnLineGames.JOJ trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft09.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » LYMANGR.DLL - Win32/PSW.OnLineGames.DTR trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » MSDEG32.DLL - a variant of Win32/PSW.OnLineGames.DVV trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » gdwli32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » mppds.dll - a variant of Win32/PSW.OnLineGames.NFL trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » soft15.exe - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » gdjzi32.dll - Win32/PSW.OnLineGames.NJP trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » gdgji32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » gdzhtui32.dll - probably a variant of Win32/PSW.OnLineGames.NHF trojan
G:\Users\Administrator\Desktop\样本.rar » RAR » cmdbcs.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan

显示全部楼层 · 发表于 2007-12-9 10:57:53

Hello,

608769WL.DLL, soft04.exe_ - Trojan-PSW.Win32.OnLineGames.kcw,
gdgji32.dll - Trojan-PSW.Win32.OnLineGames.kcx,
gdqqhxi32.dll - Trojan-PSW.Win32.OnLineGames.kct,
gdzxi32.dll, soft15.exe_ - Trojan-PSW.Win32.OnLineGames.kcv

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Yury Nesmachny
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2007-12-9 10:59:53

信息 2007-12-09  10:59:32 您此次查毒共查出21个病毒以及危险代码
信息 2007-12-09  10:59:32 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件41个
信息 2007-12-09  10:59:32 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdqqsgi32.dll Win32.Troj.OnlineGamesT.ty.102400 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdqqhxi32.dll Win32.PSWTroj.QQHX.102428 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\cmdbcs.dll Win32.Troj.OnlineGamesT.ip.28160 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\608769WL.DLL Win32.Troj.OnlineGamesT.xy.44337 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdzhtui32.dll Win32.Troj.OnLimeGamesT.gs.73779 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdgji32.dll Win32.Troj.OnlineGamesT.ty.102400 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdjzi32.dll Win32.Troj.OnlineGames.yf.73728 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft15.exe Trash.OnlineGamesT.aq.2615 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\mppds.dll Win32.Troj.OnlineGamesT.ip.28160 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdwli32.dll Win32.Troj.OnlineGamesT.ty.102400 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\MSDEG32.DLL Win32.Troj.OnlineGamesT.ty.135168 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\LYMANGR.DLL Win32.Troj.OnlineGames.jx.61440 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft10.exe Win32.Troj.OnLineGamesT.or.258048 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft09.exe Win32.Troj.OnLineGamesT.or.258048 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft08.exe Win32.Troj.OnLineGamesT.or.258048 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft07.exe Win32.Troj.OnLineGamesT.or.258048 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft04.exe Win32.Troj.OnlineGamesT.zy.123185 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft02.exe Win32.Troj.OnLineGamesT.or.258048 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\soft00.exe Win32.VirInstaller.Small.15360 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\pps.exe Win32.Troj.DownArpT.xo.135168 跳过，未处理
病毒 2007-12-09  10:59:32 C:\Documents and Settings\Norways Winter\桌面\样本.rar\gdzxi32.dll Win32.Troj.OnlineGamesT.ty.102400 跳过，未处理

显示全部楼层 · 发表于 2007-12-9 11:11:34

Win32:OnLineGames-ALS [Trj] 608769WL.DLL
Win32:OnLineGames-BKU [Trj] gdgji32.dll\[Upack]
Win32:OnLineGames-BLD [Trj] gdjzi32.dll\[Upack]
Win32:OnLineGames-BKU [Trj] gdqqsgi32.dll\[Upack]
Win32:OnLineGames-BKU [Trj] gdwli32.dll\[Upack]
Win32:OnLineGames-BKU [Trj] gdzhtui32.dll\[Upack]
Win32:OnLineGames-BKU [Trj] gdzxi32.dll\[Upack]
Win32:OnLineGames-ST [Trj]  LYLOADER.EXE\[Upack]\[Embedded#5158]\[Upack]
Win32:OnLineGames-ST [Trj]  LYMANGR.DLL\[Upack]
Win32:OnLineGames-BMZ [Trj] mppds.dll
Win32:OnLineGames-BKV [Trj] MSDEG32.DLL\[Upack]
Win32:Downloader-RR [Wrm] pps.exe\[NsPack]\[Embedded#03008]\[Embedded#08008]
Win32:OnLineGames-ST [Trj]  soft00.exe\[Embedded#0c80]\[Upack]\[Embedded#5158]\[Upack]
Win32:OnLineGames-BKU [Trj] soft02.exe\[Upack]\[Embedded#6060]\[Upack]
Win32:OnLineGames-ALS [Trj] soft04.exe\[ASPack]\[Embedded#ABCDE]
Win32:OnLineGames-BKU [Trj] soft07.exe\[Upack]\[Embedded#6060]\[Upack]
Win32:OnLineGames-BLD [Trj] soft08.exe\[Upack]\[Embedded#4060]\[Upack]
Win32:OnLineGames-BKU [Trj] soft09.exe\[Upack]\[Embedded#6060]\[Upack]
Win32:OnLineGames-BKU [Trj] soft10.exe\[Upack]\[Embedded#6060]\[Upack]
Win32:OnLineGames-BKU [Trj] soft15.exe\[Upack]\[Embedded#6060]\[Upack]

显示全部楼层 · 发表于 2007-12-9 11:14:36

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jyb File: I:\hanxiaojun\Ñù±¾(16).rar/Kvsc3.dll
deleted: virus Worm.Win32.Downloader.bd File: I:\hanxiaojun\Ñù±¾(16).rar/pps.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jpx File: I:\hanxiaojun\Ñù±¾(16).rar/soft00.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jqp File: I:\hanxiaojun\Ñù±¾(16).rar/soft02.exe//PE_Patch//UPack
deleted: virus Heur.Trojan.Generic (modification) File: I:\hanxiaojun\Ñù±¾(16).rar/soft04.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jqp File: I:\hanxiaojun\Ñù±¾(16).rar/soft07.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.joj File: I:\hanxiaojun\Ñù±¾(16).rar/soft08.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jtq File: I:\hanxiaojun\Ñù±¾(16).rar/soft09.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jyt File: I:\hanxiaojun\Ñù±¾(16).rar/soft10.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.joy File: I:\hanxiaojun\Ñù±¾(16).rar/LYMANGR.DLL//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.joy File: I:\hanxiaojun\Ñù±¾(16).rar/MSDEG32.DLL//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jpa File: I:\hanxiaojun\Ñù±¾(16).rar/LYLOADER.EXE//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jrr File: I:\hanxiaojun\Ñù±¾(16).rar/gdwli32.dll//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jyd File: I:\hanxiaojun\Ñù±¾(16).rar/mppds.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.kcb File: I:\hanxiaojun\Ñù±¾(16).rar/gdjzi32.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jrr File: I:\hanxiaojun\Ñù±¾(16).rar/gdgji32.dll//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jzz File: I:\hanxiaojun\Ñù±¾(16).rar/gdzhtui32.dll//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jyq File: I:\hanxiaojun\Ñù±¾(16).rar/cmdbcs.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jza File: I:\hanxiaojun\Ñù±¾(16).rar/gdqqsgi32.dll//UPack//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jrk File: I:\hanxiaojun\Ñù±¾(16).rar/gdwli32.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jtq File: I:\hanxiaojun\Ñù±¾(16).rar/gdzhtui32.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.jyt File: I:\hanxiaojun\Ñù±¾(16).rar/gdqqsgi32.dll//UPack

显示全部楼层 · 发表于 2007-12-9 11:15:52

mcafee 检测16个

[病毒样本] 下载者及产物共23

本帖子中包含更多资源

23

avast! 20

浏览过的版块