还是5PCS

自由

saga3721

--> 20.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 12.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 8.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 11.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was moved to '47a31548.qua'!

1688388728

已删除：病毒 Heur.Trojan.Generic        文件: C:\Documents and Settings\Administrator\桌面\桌面\11.exe//UPack
已删除：病毒 Heur.Trojan.Generic        文件: C:\Documents and Settings\Administrator\桌面\桌面\12.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.lyr        文件: C:\Documents and Settings\Administrator\桌面\桌面\6.exe//UPack//PE_Patch
已删除：病毒 Heur.Trojan.Generic        文件: C:\Documents and Settings\Administrator\桌面\桌面\8.exe//UPack

leonfg

ESET全咔嚓
C:\Documents and Settings\GUNDAM\桌面\桌面.rar » RAR » 20.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\桌面.rar » RAR » 6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\桌面.rar » RAR » 12.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\桌面.rar » RAR » 8.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\桌面.rar » RAR » 11.exe - a variant of Win32/PSW.OnLineGames.NFL trojan

zhr5898

江民杀俩个 6和12

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\����.rar'
C:\Documents and Settings\Administrator\My Documents\
  ����.rar
    [0] Archive type: RAR
      --> 20.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Contains suspicious code HEUR/Malware
              [WARNING]   Infected files in archives cannot be repaired!
      --> 6.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Contains suspicious code HEUR/Malware
              [WARNING]   Infected files in archives cannot be repaired!
      --> 12.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Contains suspicious code HEUR/Malware
              [WARNING]   Infected files in archives cannot be repaired!
      --> 8.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Contains suspicious code HEUR/Malware
              [WARNING]   Infected files in archives cannot be repaired!
      --> 11.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: RSRC
          --> Object
              [DETECTION] Contains suspicious code HEUR/Malware
              [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!


End of the scan: 2007年12月27日  22:41
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      6 Files were scanned
      0 viruses and/or unwanted programs were found
      5 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      6 Archives were scanned
      5 Warnings
      0 Notes

lic

f-port 4隻
[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\Owner\桌面\abc\11.exe->(UPack)
[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\Owner\桌面\abc\12.exe->(UPack)
[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\Owner\桌面\abc\6.exe->(UPack)
[Found possible security risk]         <W32/Heuristic-162!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\Owner\桌面\abc\8.exe->(UPack)

norman 5隻 其中1隻 Sandbox
========================================================
Norman Message [2007/12/28 15:13:15]
--------------------------------------------------------
Application: NVC On-demand Scanner
Node address: 218.254.243.114
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Viking.EQ'
Norman Scanner Engine Information
Engine version: 5.91.08
Binary definition file: 5.90 of 2007/12/27
Macro definition file: 5.90 of 2007/12/21
Login information: User 'Owner' on host 'LIC'.
File infected: C:/Documents and Settings/Owner/桌面/abc/11.exe

========================================================
Norman Message [2007/12/28 15:13:15]
--------------------------------------------------------
Application: NVC On-demand Scanner
Node address: 218.254.243.114
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Viking.EQ'
Norman Scanner Engine Information
Engine version: 5.91.08
Binary definition file: 5.90 of 2007/12/27
Macro definition file: 5.90 of 2007/12/21
Login information: User 'Owner' on host 'LIC'.
File infected: C:/Documents and Settings/Owner/桌面/abc/12.exe

========================================================
Norman Message [2007/12/28 15:13:19]
--------------------------------------------------------
Application: NVC On-demand Scanner
Node address: 218.254.243.114
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Viking.EQ'
Norman Scanner Engine Information
Engine version: 5.91.08
Binary definition file: 5.90 of 2007/12/27
Macro definition file: 5.90 of 2007/12/21
Login information: User 'Owner' on host 'LIC'.
File infected: C:/Documents and Settings/Owner/桌面/abc/6.exe

========================================================
Norman Message [2007/12/28 15:13:19]
--------------------------------------------------------
Application: NVC On-demand Scanner
Node address: 218.254.243.114
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Malware' [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * Accesses executable file from resource section.
    * **Locates window "NaleN_bsazideq [class NULL]" on desktop.
    * **Locates window "Joaa_rniJaomuq [class NULL]" on desktop.
    * File length:        30841 bytes.

[ Changes to filesystem ]
    * Deletes file C:/Program Files/Internet Explorer/PLUGINS/NvWin_5.Jmp.
    * Creates file C:/Program Files/
Norman Scanner Engine Information
Engine version: 5.91.08
Binary definition file: 5.90 of 2007/12/27
Macro definition file: 5.90 of 2007/12/21
Login information: User 'Owner' on host 'LIC'.
File infected: C:/Documents and Settings/Owner/桌面/abc/20.exe

========================================================
Norman Message [2007/12/28 15:13:19]
--------------------------------------------------------
Application: NVC On-demand Scanner
Node address: 218.254.243.114
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Viking.EQ'
Norman Scanner Engine Information
Engine version: 5.91.08
Binary definition file: 5.90 of 2007/12/27
Macro definition file: 5.90 of 2007/12/21
Login information: User 'Owner' on host 'LIC'.
File infected: C:/Documents and Settings/Owner/桌面/abc/8.exe

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.QQPass.zak
病毒： Trojan.PSW.Win32.GameOL.gmn

用户来源：互联网

软件版本：20.24.40

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.QQPass.zak
病毒： Trojan.PSW.Win32.GameOL.gmn
病毒： Trojan.PSW.Win32.GameOL.goh
病毒： Trojan.PSW.Win32.SunOnline.kk
病毒： Trojan.PSW.Win32.GameOL.gor

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.24.42

will

Win32:OnLineGames-BMZ [Trj]     11.exe
Win32:Delf-FZG [Trj]            20.exe
Win32:OnLineGames-BPD [Trj]     8.exe