29更新

显示全部楼层 · 发表于 2007-12-29 20:32:08

解压缩过程中发现病毒

显示全部楼层 · 发表于 2007-12-29 20:32:54

Starting the file scan:

Begin scan in 'D:\Virus\down.exe'
D:\Virus\down.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\g.exe'
D:\Virus\g.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\InstallerN75New02.exe'
D:\Virus\InstallerN75New02.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\postcard.exe'
D:\Virus\postcard.exe
   [DETECTION] Is the Trojan horse TR/Hidrag.A
   [WARNING] The file was ignored!
D:\Virus\postcard.exe
  [0] Archive type: RAR SFX (self extracting)
  --> control.ini
   [DETECTION] Is the Trojan horse TR/Zapchas.F.1
  --> nicks.txt
   [DETECTION] Is the Trojan horse TR/Mirc.Fizz.A
  --> sup.reg
   [DETECTION] Is the Trojan horse TR/REG.Ircflood.C
  --> svchost.exe
   [DETECTION] Contains code of the Windows virus W32/Hidrag.a
  --> script.ini
   [DETECTION] Contains detection pattern of the IRC virus IRC/Zapchast.16
  --> mirc.ini
   [DETECTION] Is the Trojan horse TR/PSW.Zapchast.845
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\xiaogui.exe'
D:\Virus\xiaogui.exe
   [DETECTION] Is the Trojan horse TR/PSW.Maran.AU
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\aaa.exe'
Begin scan in 'D:\Virus\cq0619_1.exe'
D:\Virus\cq0619_1.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\cs0619_1.exe'
D:\Virus\cs0619_1.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\dh0616_1.exe'
D:\Virus\dh0616_1.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\dh3_1.exe'
D:\Virus\dh3_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\f2b4657b5568d072_1.exe'
D:\Virus\f2b4657b5568d072_1.exe
   [DETECTION] Is the Trojan horse TR/Autorun.CA
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\ff_1.exe'
D:\Virus\ff_1.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.ash
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\jh0619_1.exe'
D:\Virus\jh0619_1.exe
   [DETECTION] Is the Trojan horse TR/PSW.28672.47
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\lin_1.exe'
D:\Virus\lin_1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Magania.bre
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\mh0618_1.exe'
D:\Virus\mh0618_1.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\my0616_1.exe'
D:\Virus\my0616_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\qj0617_1.exe'
D:\Virus\qj0617_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\qqhx0.exe'
D:\Virus\qqhx0.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\qqhx_1.exe'
D:\Virus\qqhx_1.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jyc
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\qqsg_1.exe'
D:\Virus\qqsg_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\rse_1.exe'
D:\Virus\rse_1.exe
   [DETECTION] Is the Trojan horse TR/Copiet.B.1
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\setup.exe'
D:\Virus\setup.exe
   [DETECTION] Contains detection pattern of the dropper DR/RKit.Agent.QW
   [WARNING] The file was ignored!
D:\Virus\setup.exe
  [0] Archive type: RAR SFX (self extracting)
  --> Setup.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.QW
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\sms0s.exe'
D:\Virus\sms0s.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\sms3s.exe'
D:\Virus\sms3s.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lpr
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\sms6s.exe'
D:\Virus\sms6s.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\wd0618_1.exe'
D:\Virus\wd0618_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\wl0618_1.exe'
D:\Virus\wl0618_1.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\wow0617_1.exe'
D:\Virus\wow0617_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!
Begin scan in 'D:\Virus\zt0616_1.exe'
D:\Virus\zt0616_1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [WARNING] The file was ignored!

End of the scan: 2007年12月29日  20:32
Used time: 00:18 min

The scan has been done completely.

   0 Scanning directories
   42 Files were scanned
   34 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   8 Files not concerned
   2 Archives were scanned
   28 Warnings
   0 Notes

显示全部楼层 · 发表于 2007-12-29 20:36:41

小A阻止了下载。

显示全部楼层 · 发表于 2007-12-29 20:39:05

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.Maran.li
病毒： Malicious Code
病毒： Backdoor.Win32.Agent.yos
病毒： Win32.Hidrag
病毒： Trojan.Win32.Undef.ada
病毒： Trojan.PSW.WoWar.GEN
病毒： Trojan.PSW.Win32.Agent.vqp
病毒： Trojan.PSW.Win32.GamesOnline.cb
病毒： Trojan.PSW.Win32.SunOnline.kk
病毒： Trojan.PSW.Win32.GameOL.gov
病毒： Trojan.PSW.Win32.GameOL.gom
病毒： Trojan.PSW.Win32.GameOL.goh
病毒： Trojan.PSW.Win32.QQSG.bq
病毒： Trojan.PSW.Win32.GameOL.gol
病毒： Trojan.PSW.Win32.GameOL.gop
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Trojan.PSW.Win32.GameOL.au
病毒： Trojan.PSW.Win32.GameOL.goj
病毒： Trojan.PSW.Win32.Woool.c
病毒： Worm.Win32.PaBug.fi
病毒： Trojan.PSW.Win32.GameOL.ggg
病毒： Trojan.PSW.Win32.GameOL.GEN

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.24.52

显示全部楼层 · 发表于 2007-12-29 20:41:34

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2007-12-29, 1:27

Scan name: [Custom Scan]
Path to scan: C:\样本 yangpizhi\1229

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-12-29, 20:41:02
---------------------------------------------------------------------

[Clean] C:\样本 yangpizhi\1229\aaa.exe
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\cq0619.exe
[Quarantined] C:\样本 yangpizhi\1229\cq0619.exe
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\cs0619.exe
[Quarantined] C:\样本 yangpizhi\1229\cs0619.exe
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\dh0616.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\dh0616.exe->(UPack)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\dh3.exe
[Quarantined] C:\样本 yangpizhi\1229\dh3.exe
[Found security risk] <W32/AutoRun.B.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\down.exe->(UPX)
[Quarantined] C:\样本 yangpizhi\1229\down.exe->(UPX)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\f2b4657b5568d072.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\f2b4657b5568d072.exe->(UPack)
[Found virus] <W32/Downloader.gen10> C:\样本 yangpizhi\1229\ff.exe
[Failed to disinfect] ff.exe
[Quarantined] C:\样本 yangpizhi\1229\ff.exe
[Clean] C:\样本 yangpizhi\1229\g.exe->(NSPack)->(PE_Patch)
[Found possible virus] <W32/Veil-MSBP-based!Maximus> C:\样本 yangpizhi\1229\InstallerN75New02.exe->(Cryptocrack)
[Failed to disinfect] InstallerN75New02.exe->(Cryptocrack)
[Quarantined] C:\样本 yangpizhi\1229\InstallerN75New02.exe->(Cryptocrack)
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\jh0619.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\jh0619.exe->(UPack)
[Found password stealer] <W32/Magania.RN (exact)> C:\样本 yangpizhi\1229\lin.exe
[Deleted] C:\样本 yangpizhi\1229\lin.exe
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\样本 yangpizhi\1229\mh0618.exe->(embedded)->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\mh0618.exe->(embedded)->(UPack)
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\my0616.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\my0616.exe->(UPack)
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(UPX)
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->aliases.ini
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->control.ini
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->mirc.ico
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->nicks.txt
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->remote.ini
[Found virus] <BAT/Zapchast.S (exact, component, not disinfectable)> C:\样本 yangpizhi\1229\postcard.exe->(RAR)->sup.bat
[Found Trojan] <REG/Zapchast.G (exact, component, not disinfectable)> C:\样本 yangpizhi\1229\postcard.exe->(RAR)->sup.reg
[Found virus] <W32/Jeefo.A (exact, not disinfectable)> C:\样本 yangpizhi\1229\postcard.exe->(RAR)->svchost.exe
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->users.ini
[Clean] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->servers.ini
[Found backdoor] <IRC/Zapchast.Q (exact, not disinfectable)> C:\样本 yangpizhi\1229\postcard.exe->(RAR)->script.ini
[Found backdoor] <IRC/Zapchast.Q (exact, not disinfectable)> C:\样本 yangpizhi\1229\postcard.exe->(RAR)->mirc.ini
[Contains infected objects] C:\样本 yangpizhi\1229\postcard.exe
[Quarantined] C:\样本 yangpizhi\1229\postcard.exe->(RAR)->mirc.ini
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\qj0617.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\qj0617.exe->(UPack)
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\qqhx.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\qqhx.exe->(UPack)
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\qqhx0.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\qqhx0.exe->(UPack)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\qqsg.exe
[Quarantined] C:\样本 yangpizhi\1229\qqsg.exe
[Clean] C:\样本 yangpizhi\1229\rse.exe->(UPX)
[Found virus] <W32/Downloader.gen10> C:\样本 yangpizhi\1229\rse.exe
[Failed to disinfect] rse.exe
[Quarantined] C:\样本 yangpizhi\1229\rse.exe
[Clean] C:\样本 yangpizhi\1229\setup.exe->(UPX)
[Found security risk] <W32/BadBHO.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\setup.exe->(RAR)->Setup.exe->(UPX)
[Contains infected objects] C:\样本 yangpizhi\1229\setup.exe
[Quarantined] C:\样本 yangpizhi\1229\setup.exe->(RAR)->Setup.exe->(UPX)
[Clean] C:\样本 yangpizhi\1229\sms0s.exe->(UPX)
[Found possible virus] <W32/Document-disguised-based!Maximus> C:\样本 yangpizhi\1229\sms0s.exe
[Failed to disinfect] sms0s.exe
[Quarantined] C:\样本 yangpizhi\1229\sms0s.exe
[Found security risk] <W32/OnlineGames.A.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\sms3s.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\sms3s.exe->(UPack)
[Clean] C:\样本 yangpizhi\1229\sms6s.exe->(embedded)->(embedded)
[Clean] C:\样本 yangpizhi\1229\sms6s.exe->(embedded)->(embedded)
[Clean] C:\样本 yangpizhi\1229\sms6s.exe->(embedded)->(UPack)
[Clean] C:\样本 yangpizhi\1229\sms6s.exe->(UPack)
[Found security risk] <W32/OnlineGames.F.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\1229\wd0618.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\wd0618.exe->(UPack)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\wl0618.exe
[Quarantined] C:\样本 yangpizhi\1229\wl0618.exe
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\wow0617.exe->(UPack)
[Quarantined] C:\样本 yangpizhi\1229\wow0617.exe->(UPack)
[Found password stealer] <W32/Maran.ACJ (exact)> C:\样本 yangpizhi\1229\xiaogui.exe
[Deleted] C:\样本 yangpizhi\1229\xiaogui.exe
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\1229\zt0616.exe
[Quarantined] C:\样本 yangpizhi\1229\zt0616.exe

---------------------------------------------------------------------
Scan ended: 2007-12-29, 20:41:28
Duration: 0:00:25

Scan result:

Scanned files:    29
Infected objects:    30
Disinfected objects:    2
Quarantined files:    24
---------------------------------------------------------------------

显示全部楼层 · 发表于 2007-12-29 20:46:05

C:\Documents and Settings\Don johnson\桌面\1229\cq0619.exe - probably a variant of Win32/PSW.WOW.WU trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\cs0619.exe - Win32/PSW.WOW.WU trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\dh0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\dh3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\down.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\f2b4657b5568d072.exe - a variant of Win32/TrojanDownloader.Flux trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\g.exe - Win32/Jalous.N worm - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\InstallerN75New02.exe - probably unknown NewHeur_PE virus - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\jh0619.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\lin.exe - Win32/PSW.Gamania.BR trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\mh0618.exe - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\my0616.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » nicks.txt - IRC/Cloner.AU trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » sup.bat - IRC/Zapchast.H trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » sup.reg - IRC/Cloner.AS trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » svchost.exe - Win32/Jeefo.A virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » script.ini - IRC/Cloner.AX trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 » RAR » mirc.ini - IRC/Zapchast trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » nicks.txt - IRC/Cloner.AU trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » sup.bat - IRC/Zapchast.H trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » sup.reg - IRC/Cloner.AS trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » svchost.exe - Win32/Jeefo.A virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » script.ini - IRC/Cloner.AX trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » RAR » mirc.ini - IRC/Zapchast trojan - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe » UPX v12_m2 - multiple threats - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\postcard.exe - multiple threats - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\qj0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\qqhx.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\qqhx0.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\qqsg.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\rse.exe - a variant of Win32/PSW.OnLineGames.FCJ trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\setup.exe » UPX v12_m2 » RAR » Setup.exe - a variant of Win32/Xorer virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\setup.exe » RAR » Setup.exe - a variant of Win32/Xorer virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\setup.exe » UPX v12_m2 - a variant of Win32/Xorer virus - was a part of the deleted object
C:\Documents and Settings\Don johnson\桌面\1229\setup.exe - a variant of Win32/Xorer virus - deleted - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\sms0s.exe - probably a variant of Win32/AutoRun.Q worm - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\sms3s.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\sms6s.exe - Win32/PSW.OnLineGames.KWH trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\wd0618.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\wl0618.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\wow0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\xiaogui.exe - Win32/PSW.Maran.FF trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don johnson\桌面\1229\zt0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined

显示全部楼层 · 发表于 2007-12-29 20:46:24

C:\Users\Wesley\Downloads\1229\cq0619.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Users\Wesley\Downloads\1229\cs0619.exe - Win32/PSW.WOW.WU trojan
C:\Users\Wesley\Downloads\1229\dh0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\dh3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\down.exe - probably a variant of Win32/Genetik trojan
C:\Users\Wesley\Downloads\1229\f2b4657b5568d072.exe - a variant of Win32/TrojanDownloader.Flux trojan
C:\Users\Wesley\Downloads\1229\g.exe - Win32/Jalous.N worm
C:\Users\Wesley\Downloads\1229\InstallerN75New02.exe - probably unknown NewHeur_PE virus
C:\Users\Wesley\Downloads\1229\jh0619.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Users\Wesley\Downloads\1229\lin.exe - Win32/PSW.Gamania.BR trojan
C:\Users\Wesley\Downloads\1229\mh0618.exe - a variant of Win32/PSW.Agent.NEC trojan
C:\Users\Wesley\Downloads\1229\my0616.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » nicks.txt - IRC/Cloner.AU trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » sup.bat - IRC/Zapchast.H trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » sup.reg - IRC/Cloner.AS trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » svchost.exe - Win32/Jeefo.A virus
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » script.ini - IRC/Cloner.AX trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » UPX v12_m2 » RAR » mirc.ini - IRC/Zapchast trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » nicks.txt - IRC/Cloner.AU trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » sup.bat - IRC/Zapchast.H trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » sup.reg - IRC/Cloner.AS trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » svchost.exe - Win32/Jeefo.A virus
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » script.ini - IRC/Cloner.AX trojan
C:\Users\Wesley\Downloads\1229\postcard.exe » RAR » mirc.ini - IRC/Zapchast trojan
C:\Users\Wesley\Downloads\1229\qj0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\qqhx.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\qqhx0.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\qqsg.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\rse.exe - a variant of Win32/PSW.OnLineGames.FCJ trojan
C:\Users\Wesley\Downloads\1229\setup.exe » UPX v12_m2 » RAR » Setup.exe - a variant of Win32/Xorer virus
C:\Users\Wesley\Downloads\1229\setup.exe » RAR » Setup.exe - a variant of Win32/Xorer virus
C:\Users\Wesley\Downloads\1229\sms0s.exe - probably a variant of Win32/AutoRun.Q worm
C:\Users\Wesley\Downloads\1229\sms3s.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Users\Wesley\Downloads\1229\sms6s.exe - Win32/PSW.OnLineGames.KWH trojan
C:\Users\Wesley\Downloads\1229\wd0618.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\wl0618.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Users\Wesley\Downloads\1229\wow0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Users\Wesley\Downloads\1229\xiaogui.exe - Win32/PSW.Maran.FF trojan
C:\Users\Wesley\Downloads\1229\zt0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan

显示全部楼层 · 发表于 2007-12-29 20:53:38

F:\virus\1229\cq0619.exe - probably a variant of Win32/PSW.WOW.WU trojan - cleaned by deleting - quarantined
F:\virus\1229\cs0619.exe - Win32/PSW.WOW.WU trojan - cleaned by deleting - quarantined
F:\virus\1229\dh0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\dh3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\down.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined
F:\virus\1229\f2b4657b5568d072.exe - a variant of Win32/TrojanDownloader.Flux trojan - cleaned by deleting - quarantined
F:\virus\1229\g.exe - Win32/Jalous.N worm - cleaned by deleting - quarantined
F:\virus\1229\InstallerN75New02.exe - probably unknown NewHeur_PE virus - deleted - quarantined
F:\virus\1229\jh0619.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
F:\virus\1229\lin.exe - Win32/PSW.Gamania.BR trojan - cleaned by deleting - quarantined
F:\virus\1229\mh0618.exe - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined
F:\virus\1229\my0616.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » nicks.txt - IRC/Cloner.AU trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » sup.bat - IRC/Zapchast.H trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » sup.reg - IRC/Cloner.AS trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » svchost.exe - Win32/Jeefo.A virus - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » script.ini - IRC/Cloner.AX trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 » RAR » mirc.ini - IRC/Zapchast trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » nicks.txt - IRC/Cloner.AU trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » sup.bat - IRC/Zapchast.H trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » sup.reg - IRC/Cloner.AS trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » svchost.exe - Win32/Jeefo.A virus - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » script.ini - IRC/Cloner.AX trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » RAR » mirc.ini - IRC/Zapchast trojan - was a part of the deleted object
F:\virus\1229\postcard.exe » UPX v12_m2 - multiple threats - was a part of the deleted object
F:\virus\1229\postcard.exe - multiple threats - deleted - quarantined
F:\virus\1229\qj0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\qqhx.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\qqhx0.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\qqsg.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\rse.exe - a variant of Win32/PSW.OnLineGames.FCJ trojan - cleaned by deleting - quarantined
F:\virus\1229\setup.exe » UPX v12_m2 » RAR » Setup.exe - a variant of Win32/Xorer virus - was a part of the deleted object
F:\virus\1229\setup.exe » RAR » Setup.exe - a variant of Win32/Xorer virus - was a part of the deleted object
F:\virus\1229\setup.exe » UPX v12_m2 - a variant of Win32/Xorer virus - was a part of the deleted object
F:\virus\1229\setup.exe - a variant of Win32/Xorer virus - deleted - quarantined
F:\virus\1229\sms0s.exe - probably a variant of Win32/AutoRun.Q worm - cleaned by deleting - quarantined
F:\virus\1229\sms3s.exe - a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
F:\virus\1229\sms6s.exe - Win32/PSW.OnLineGames.KWH trojan - cleaned by deleting - quarantined
F:\virus\1229\wd0618.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\wl0618.exe - a variant of Win32/PSW.OnLineGames.YA trojan - cleaned by deleting - quarantined
F:\virus\1229\wow0617.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
F:\virus\1229\xiaogui.exe - Win32/PSW.Maran.FF trojan - cleaned by deleting - quarantined
F:\virus\1229\zt0616.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined

显示全部楼层 · 发表于 2007-12-29 21:03:41

蜘蛛

[病毒样本] 29更新

本帖子中包含更多资源

66/23

39个

ENA 39个

本帖子中包含更多资源