22个样本地址

显示全部楼层 · 发表于 2007-12-11 13:52:31

显示全部楼层 · 发表于 2007-12-11 13:55:47

19失效，一共21个样本，antivir 20
Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\TDDOWNLOAD.rar'
C:\Users\morgan\Documents\
  TDDOWNLOAD.rar
[0] Archive type: RAR
   --> 22.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 1.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> 2.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> 3.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtg
            [WARNING] Infected files in archives cannot be repaired!
   --> 4.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 5.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jro
            [WARNING] Infected files in archives cannot be repaired!
   --> 6.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 7.exe
      [1] Archive type: Runtime Packed
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
         [WARNING] Infected files in archives cannot be repaired!
   --> 8.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jal
            [WARNING] Infected files in archives cannot be repaired!
   --> 9.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 10.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jpm
            [WARNING] Infected files in archives cannot be repaired!
   --> 11.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 12.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jrd
            [WARNING] Infected files in archives cannot be repaired!
   --> 13.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> 14.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jpd
            [WARNING] Infected files in archives cannot be repaired!
--> 15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.joj.5
      [WARNING] Infected files in archives cannot be repaired!
   --> 16.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 17.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 18.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> 20.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
--> 21.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] Infected files in archives cannot be repaired!
   [WARNING] The file was ignored!

End of the scan: 2007年12月10日  21:54
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   22 Files were scanned
   16 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   19 Archives were scanned
   14 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-11 13:56:50

4.exe应该还是v8的问题，继续反应。。

显示全部楼层 · 发表于 2007-12-11 13:58:05

V7报21个~

Starting the file scan:

Begin scan in 'E:\TDDOWNLOAD.rar'
E:\TDDOWNLOAD.rar
  [0] Archive type: RAR
  --> 22.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jtg
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLi.iiu.1.A
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jro
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.iqw
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jal
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jpm
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jrd
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jpd
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.joj.5
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 17.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> 20.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 21.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [WARNING] The file was ignored!

End of the scan: 2007年12月11日  13:57
Used time: 00:30 min

The scan has been done completely.

   0 Scanning directories
   22 Files were scanned
   21 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-11 13:59:23

你的包包没有0.19.exe?

这个有0.19.exe，一共有２２个

[ 本帖最后由 kato9096 于 2007-12-11 14:13 编辑 ]

显示全部楼层 · 发表于 2007-12-11 14:01:39

Kaspersky Virus Scanner

Scanned file: TDDOWNLOAD.rar - Infected
TDDOWNLOAD.rar/22.exe - infected by Trojan-PSW.Win32.OnLineGames.khm
TDDOWNLOAD.rar/1.exe - infected by Trojan-PSW.Win32.OnLineGames.isb
TDDOWNLOAD.rar/2.exe - infected by Trojan-PSW.Win32.OnLineGames.isb
TDDOWNLOAD.rar/3.exe - infected by Trojan-PSW.Win32.OnLineGames.jtw
TDDOWNLOAD.rar/4.exe - infected by Trojan-PSW.Win32.OnLineGames.kjh
TDDOWNLOAD.rar/5.exe - infected by Trojan-PSW.Win32.OnLineGames.jqt
TDDOWNLOAD.rar/6.exe - infected by Trojan-PSW.Win32.OnLineGames.khm
TDDOWNLOAD.rar/7.exe - infected by Trojan-PSW.Win32.OnLineGames.iyu
TDDOWNLOAD.rar/8.exe - infected by Backdoor.Win32.PcClient.ie
TDDOWNLOAD.rar/9.exe - OK
TDDOWNLOAD.rar/9.exe - OK
TDDOWNLOAD.rar/9.exe - OK
TDDOWNLOAD.rar/10.exe - infected by Trojan-PSW.Win32.OnLineGames.jpn
TDDOWNLOAD.rar/11.exe - infected by Trojan-PSW.Win32.OnLineGames.jyt
TDDOWNLOAD.rar/12.exe - infected by Trojan-PSW.Win32.OnLineGames.jqn
TDDOWNLOAD.rar/13.exe - infected by Trojan-PSW.Win32.OnLineGames.hfr
TDDOWNLOAD.rar/14.exe - infected by Trojan-PSW.Win32.OnLineGames.jpd
TDDOWNLOAD.rar/15.exe - infected by Trojan-PSW.Win32.OnLineGames.joj
TDDOWNLOAD.rar/16.exe - OK
TDDOWNLOAD.rar/16.exe - OK
TDDOWNLOAD.rar/16.exe - OK
TDDOWNLOAD.rar/17.exe - infected by Trojan-PSW.Win32.OnLineGames.kcv
TDDOWNLOAD.rar/18.exe - infected by Trojan-PSW.Win32.OnLineGames.khm
TDDOWNLOAD.rar/20.exe - infected by Trojan-PSW.Win32.QQPass.aon
TDDOWNLOAD.rar/21.exe - infected by Trojan-PSW.Win32.OnLineGames.ilr
TDDOWNLOAD.rar/19.exe - OK

沒报的上报給卡巴

显示全部楼层 · 发表于 2007-12-11 14:12:36

A listing of files alongside their results can be found below:File ID    Filename    Size (Byte) Result
204679    19.exe    1.28 KB    CLEAN

Please find a detailed report concerning each individual sample below: Filename Result
19.exe    CLEAN

The file '19.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

显示全部楼层 · 发表于 2007-12-11 14:19:28

19不能下了，包的19.exe 不过是 404 NOT FOUND信息

CA 19
C:\A\TDDOWNLOAD.rar<22.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<1.exe> Win32/Frethog!generic
C:\A\TDDOWNLOAD.rar<2.exe> Win32/Frethog!generic
C:\A\TDDOWNLOAD.rar<3.exe> Win32/Storark!generic
C:\A\TDDOWNLOAD.rar<5.exe> Win32/Storark!generic
C:\A\TDDOWNLOAD.rar<6.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<7.exe> Win32/Frethog!generic
C:\A\TDDOWNLOAD.rar<8.exe> Win32/Storark!generic
C:\A\TDDOWNLOAD.rar<9.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<10.exe> Win32/Storark!generic
C:\A\TDDOWNLOAD.rar<11.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<12.exe> Win32/Storark!generic
C:\A\TDDOWNLOAD.rar<13.exe> Win32/Zuten.AQ
C:\A\TDDOWNLOAD.rar<15.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<16.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<17.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<18.exe> Win32/Zuten!generic
C:\A\TDDOWNLOAD.rar<20.exe> Win32/QQPass!generic
C:\A\TDDOWNLOAD.rar<21.exe> Win32/Veslorn.GB

显示全部楼层 · 发表于 2007-12-11 14:29:49

扫描开始时间: 2007-12-11 14:29:34
扫描日志
NOD32 版本 2713 (20071210) NT
命令行: C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar

日期: 2007年12月11日时间: 14:29:42
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?22.exe<病毒 - Win32/PSW.OnLineGames.NJW 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?1.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?2.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?3.exe<病毒 - Win32/PSW.OnLineGames.FDY 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?4.exe<病毒 - 可能是 Win32/Genetik 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?5.exe<病毒 - Win32/PSW.OnLineGames.FDY 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?6.exe<病毒 - 可能是 Win32/PSW.OnLineGames.NHF 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?7.exe<病毒 - Win32/PSW.OnLineGames.NFL 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?8.exe<病毒 - Win32/PSW.OnLineGames.FDY 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?10.exe<病毒 - Win32/PSW.OnLineGames.FDY 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?12.exe<病毒 - Win32/PSW.OnLineGames.FDY 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?13.exe<病毒 - Win32/PSW.WOW.WU 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?14.exe<病毒 - Win32/PSW.OnLineGames.NGU 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?15.exe<病毒 - Win32/PSW.OnLineGames.JOJ 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?16.exe<病毒 - 可能是 Win32/Genetik 木马变种>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?18.exe<病毒 - Win32/PSW.OnLineGames.NJZ 木马>
C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar ?RAR ?20.exe<病毒 - 可能是 Win32/Genetik 木马变种>
已扫描文件数量: 21
已发现病毒数量: 17
完成时间: 14:29:54 总共扫描时间: 12 秒 (00:00:12)

显示全部楼层 · 发表于 2007-12-11 14:31:06

Hello,

16.exek, 9.exek - Trojan-PSW.Win32.OnLineGames.kjv

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[病毒样本] 22个样本地址

本帖子中包含更多资源

回复 2楼 mofunzone 的帖子

回复 2楼 mofunzone 的帖子

本帖子中包含更多资源

浏览过的版块