某贴挖的25个木马

显示全部楼层 · 发表于 2007-12-27 15:12:51

某贴挖的25个木马…
不过这25个貌似很老了

显示全部楼层 · 发表于 2007-12-27 15:26:53

我这a1 3 14微点识别正常其他被微点自动清除了

显示全部楼层 · 发表于 2007-12-27 15:32:37

Starting the file scan:

Begin scan in 'K:\F[1]'
K:\F[1]\F\a1.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    The file was moved to '47a15516.qua'!
K:\F[1]\F\a10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jyq
   [INFO]    A backup was created as '47a35516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a11.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    A backup was created as '47a45516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a12.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.23483
   [INFO]    A backup was created as '47a55516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a13.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    A backup was created as '47a65516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLinGame.jfj
   [INFO]    A backup was created as '47a75516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLinGame.jfn
   [INFO]    A backup was created as '47a85516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a16.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lob.2
   [INFO]    A backup was created as '47a95516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lwe.1
   [INFO]    A backup was created as '47aa5516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a18.exe
   [DETECTION] Is the Trojan horse TR/PSW.28672.40
   [INFO]    A backup was created as '47ab5516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a19.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    A backup was created as '47ac5516.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.lgk
   [INFO]    A backup was created as '47a15517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a20.exe
   [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
   [INFO]    A backup was created as '47a35517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a21.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [INFO]    A backup was created as '47a45517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a22.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ltm.1
   [INFO]    A backup was created as '47a55517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a23.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.let
   [INFO]    A backup was created as '47a65517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a24.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.las.2
   [INFO]    A backup was created as '47a75517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a25.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    A backup was created as '47a85517.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a3.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
   [INFO]    A backup was created as '47a15519.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a4.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [INFO]    A backup was created as '47a1551a.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a5.exe
   [DETECTION] Is the Trojan horse TR/PSW.27648.20
   [INFO]    A backup was created as '47a1551b.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a6.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
   [INFO]    A backup was created as '47a1551c.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a7.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.blm.3
   [INFO]    A backup was created as '47a1551d.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a8.exe
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bwa
   [INFO]    A backup was created as '47a1551e.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!
K:\F[1]\F\a9.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.E
   [INFO]    A backup was created as '47a1551f.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: 2007年12月27日  15:31
Used time: 00:03 min

The scan has been done completely.

   2 Scanning directories
   25 Files were scanned
   24 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   24 files were deleted
   0 files were repaired
   25 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-27 15:32:47

木马名称:Trojan-PSW.Win32.OLGames.abr
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A10.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.cua
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A2.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.aje
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A21.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.crh
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A23.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.ckp
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A24.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-Downloader.Win32.Delf.huy
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A4.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-Downloader.Win32.Agent.nme
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A7.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A1.EXE
是可疑程序!
试图修改系统时间!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A5.EXE
木马程序生成以下文件:
1) C:\WINDOWS\UPXDND.EXE
2) C:\WINDOWS\SYSTEM32\UPXDND.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A6.EXE
并生成以下文件:
1) E:\AUTORUN.EXE
2) E:\AUTORUN.INF
3) E:\AUTORUN.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A8.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\CJRYOUBHPV.DLL
2) C:\WINDOWS\SYSTEM32\FTCCOMPRESS.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A9.EXE
1) C:\DFD534750.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A11.EXE
病毒程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\GDWLI32.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A12.EXE
1) C:\DFD564843.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A13.EXE
木马程序生成以下文件:
1) C:\WINDOWS\391231M.EXE
2) C:\WINDOWS\391231MM.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A14.EXE
1) C:\DFD590234.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A15.EXE
1) C:\DFD601562.BAT
是可疑程序!
试图删除文件!
是否阻止该进程继续运行?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A16.EXE
木马程序生成以下文件:
1) C:\WINDOWS\MSIMMS32.EXE
2) C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A17.EXE
木马程序生成以下文件:
1) C:\WINDOWS\MSPRINT32D.EXE
2) C:\WINDOWS\SYSTEM32\MSPRINT32D.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A18.EXE
木马程序生成以下文件:
1) C:\WINDOWS\AVPSRV.EXE
2) C:\WINDOWS\SYSTEM32\AVPSRV.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A20.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMPA.TMP
2) C:\WINDOWS\SYSTEM32\PACKET.DLL
3) C:\WINDOWS\SYSTEM32\WANPACKET.DLL
4) C:\WINDOWS\SYSTEM32\WPCAP.DLL
5) C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A22.EXE
木马程序生成以下文件:
1) C:\WINDOWS\KVSC3.EXE
2) C:\WINDOWS\SYSTEM32\KVSC3.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\F[1]\F\A25.EXE
病毒程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\DRIVERS\MSCONKT.SYS
2) C:\WINDOWS\SYSTEM32\GDJZI32.DLL
3) C:\WINDOWS\SYSTEM32\DRIVERS\MSCONKT.SYS
是否删除木马程序及其衍生物?

[ 本帖最后由啊弥陀佛于 2007-12-27 15:35 编辑 ]

显示全部楼层 · 发表于 2007-12-27 15:44:07

蜘蛛

显示全部楼层 · 发表于 2007-12-27 16:26:26

反病毒专家 AntiVirusKit 2006 扫描病毒日志记录
版本 16.0.5
双引擎反病毒签名 2007-12-27
开始时间: 2007-12-27 16:19
引擎: KAV 引擎 (AVK 17.6759), BD 引擎 (BD 17.4660)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: F a10.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.isb (KAV 引擎)
对象: F a13.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.Lmir.boy (KAV 引擎)
对象: F a21.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.kcw (KAV 引擎)
对象: F\a10.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.1BC15C9A (BD 引擎)
对象: F\a12.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.DE2C7287 (BD 引擎)
对象: F\a13.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan.Agent.AGBN (BD 引擎)
对象: F\a14.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.C332D404 (BD 引擎)
对象: F\a15.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.5CAB8FEE (BD 引擎)
对象: F\a16.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.2F49B48C (BD 引擎)
对象: F\a17.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.PWS.Games.4.B3720F08 (BD 引擎)
对象: F\a18.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.1E760ED1 (BD 引擎)
对象: F\a2.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.AE389979 (BD 引擎)
对象: F\a20.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 可疑病毒
病毒: BehavesLike:Win32.Malware (BD 引擎)
对象: F\a21.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.PWS.Games.4.BDBB87C9 (BD 引擎)
对象: F\a22.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.7D0CBCA6 (BD 引擎)
对象: F\a23.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.8452FEC5 (BD 引擎)
对象: F\a24.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWS.Games.4.E6DDFEB9 (BD 引擎)
对象: F\a3.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan.Dropper.Agent.TKK (BD 引擎)
对象: F\a4.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan.Downloader.OH (BD 引擎)
对象: F\a5.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.PWS.Games.1.25491E07 (BD 引擎)
对象: F\a6.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Generic.PWStealer.F6D84955 (BD 引擎)
对象: F\a7.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: Trojan.Downloader.Agent.YMX (BD 引擎)
对象: F\a8.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 可疑病毒
病毒: Dropped:Generic.Malware.Fdld.6B6A9684 (BD 引擎)
对象: F\a9.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part1.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.Agent.8B1C5050 (BD 引擎)
对象: F.part1.rar
路径: C:\Documents and Settings\Administrator\My Documents\新建文件夹
Status: 病毒文件已删除
病毒: Trojan-PSW.Win32.OnLineGames.isb, Trojan-PSW.Win32.Lmir.boy, Trojan-PSW.Win32.OnLineGames.kcw (KAV 引擎), Generic.PWS.Games.4.1BC15C9A, DeepScan:Generic.Dld.Agent.DE2C7287, Trojan.Agent.AGBN, DeepScan:Generic.Dld.Agent.C332D404, DeepScan:Generic.Dld.Agent.5CAB8FEE, Generic.PWS.Games.4.2F49B48C, DeepScan:Generic.PWS.Games.4.B3720F08, Generic.PWS.Games.4.1E760ED1, Generic.PWS.Games.4.AE389979, BehavesLike:Win32.Malware, DeepScan:Generic.PWS.Games.4.BDBB87C9, Generic.PWS.Games.4.7D0CBCA6, DeepScan:Generic.Dld.Agent.8452FEC5, Generic.PWS.Games.4.E6DDFEB9, Trojan.Dropper.Agent.TKK, Trojan.Downloader.OH, DeepScan:Generic.PWS.Games.1.25491E07, Generic.PWStealer.F6D84955, Trojan.Downloader.Agent.YMX, Dropped:Generic.Malware.Fdld.6B6A9684, DeepScan:Generic.Dld.Agent.8B1C5050 (BD 引擎)
对象: F a4.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part2.rar
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Delf.aas (KAV 引擎)
对象: F a7.exe
在压缩档案里: C:\Documents and Settings\Administrator\My Documents\新建文件夹\F.part2.rar
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.blm (KAV 引擎)
对象: F.part2.rar
路径: C:\Documents and Settings\Administrator\My Documents\新建文件夹
Status: 病毒文件已删除
病毒: Trojan-Downloader.Win32.Delf.aas, Trojan-Downloader.Win32.Agent.blm (KAV 引擎)
扫描完成: 2007-12-27 16:21
已检查 2 个文件
已发现 2 个染毒文件
发现 0 个可疑文件
AVK全杀了。

显示全部楼层 · 发表于 2007-12-27 17:29:27

卡巴 7.0.1.321 高启发 22个

已隔离: 病毒 Heur.Trojan.Generic （变种）文件: F:\病毒样本\F[1]\F\a20.exe//FSG//PEPatch
已隔离: 病毒 Heur.Trojan.Generic （变种）文件: F:\病毒样本\F[1]\F\a6.exe
已删除: 木马程序 Trojan-Downloader.Win32.Agent.blm 文件: F:\病毒样本\F[1]\F\a7.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.aas 文件: F:\病毒样本\F[1]\F\a4.exe
已删除: 木马程序 Trojan-PSW.Win32.Lmir.boy 文件: F:\病毒样本\F[1]\F\a13.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.Nilage.bwf 文件: F:\病毒样本\F[1]\F\a8.exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.isb 文件: F:\病毒样本\F[1]\F\a10.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.kcw 文件: F:\病毒样本\F[1]\F\a21.exe//ASPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.kzy 文件: F:\病毒样本\F[1]\F\a24.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.let 文件: F:\病毒样本\F[1]\F\a23.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lgp 文件: F:\病毒样本\F[1]\F\a2.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lnx 文件: F:\病毒样本\F[1]\F\a9.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.loc 文件: F:\病毒样本\F[1]\F\a16.exe//UPack//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lqe 文件: F:\病毒样本\F[1]\F\a19.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.ltm 文件: F:\病毒样本\F[1]\F\a22.exe//UPack//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.ltt 文件: F:\病毒样本\F[1]\F\a12.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lue 文件: F:\病毒样本\F[1]\F\a17.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lyr 文件: F:\病毒样本\F[1]\F\a18.exe//UPack//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.lys 文件: F:\病毒样本\F[1]\F\a5.exe//UPack//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.mal 文件: F:\病毒样本\F[1]\F\a3.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.mbw 文件: F:\病毒样本\F[1]\F\a11.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.mbw 文件: F:\病毒样本\F[1]\F\a25.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-12-27 17:31:58

还是AVK厉害。

显示全部楼层 · 发表于 2007-12-27 17:35:32

费尔扫描加启发共25个，全杀

显示全部楼层 · 发表于 2007-12-27 17:36:28

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a1.exe]
                  …………发现Spy！报告:[1] Win32.NkHack.FSG.A
文件信息:  大小:44693  MD5:20bed4168a375f7fb797db17691d76b0

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a10.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:17292  MD5:20a9e467dc8c4231d2c691c80f4cd3d3

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a11.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17992  MD5:6775d781b400dd60e3f25e8832e176db

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a12.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15487  MD5:d77b58cf5efcb8e25c41729825e95b12

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a13.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:29537  MD5:c84708c1fb8a0ffd2ef224e85926a64a

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a14.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16514  MD5:1f0cf45a2e551250b326da845237f722

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a15.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15542  MD5:994344d5b02a50642774e5770a3497a0

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a16.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17827  MD5:bc4cc64c0d20ca05418b23add1612128

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a17.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16223  MD5:bc5eafa9bca51a843e8e69ce404966c9

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a18.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17424  MD5:d0e45e865215a5aba29135780fb427b3

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a19.exe]
                  …………发现Spy！报告:[1] Win32.Unknow
文件信息:  大小:18084  MD5:d789c5abc3835d7d70ce0495f4ad0d9d

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a2.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:18488  MD5:e05023d0fba651494a2ec7e76d8efe70

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a20.exe]
                  …………发现Spy！报告:[2] [1] Win32.NkHack.FSG.A
文件信息:  大小:177425  MD5:e82dfa9913ef19f6a07539e5cbe33051

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a21.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:52529  MD5:6c8d5a014d1f11fe3677fba992e37e7f

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a22.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17968  MD5:1c6185bbc094e0c2fb6f9c8a10fd0966

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a23.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16747  MD5:ffbb99bc1251ea99a25b8a392ed240e7

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a24.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15616  MD5:e1789059071dd11975e2bd1568170908

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a25.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:17100  MD5:97175853ccf77d86ef24e39de67c9fb6

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a5.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:16924  MD5:033ef2e53bd94270a2cd5f34a3df0670

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a7.exe]
                  …………发现Spy！报告:[2]
文件信息:  大小:49152  MD5:f0f748488c3e079ac4288f738ff1aafc

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a8.exe]
                  …………发现Spy！报告:[2] [1] Win32.NkHack.FSG.A
文件信息:  大小:32401  MD5:8cc0614017ffe4e19da2a115b6031c7d

[C:\Documents and Settings\Administrator\桌面\Virus\F\F\a9.exe]
                  …………发现Spy！报告:[1] Win32.F/S.ByDwing
文件信息:  大小:15769  MD5:ed2ea83b404882d162d756a1e700f5ff

文件数:25 病毒数:22  比重:0.88
OK  扫描完毕！

  ***日志解释
[4] 集中有害分析引擎
[3] 全局系统判断引擎
[2] 文件特征码引擎
[1] 文件启发式引擎

好几天没来管住了

[ 本帖最后由 FBAV 于 2007-12-27 17:40 编辑 ]

[病毒样本] 某贴挖的25个木马

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源