16pcs

显示全部楼层 · 发表于 2007-12-30 18:57:22

第一个飘……

Begin scan in 'D:\Downloads\样本\15.rar'
D:\Downloads\样本\15.rar
  [0] Archive type: RAR
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 1.EXE
   [DETECTION] Is the Trojan horse TR/Autorun.CA
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
  --> 6.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Autorun.CA
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.25015
  --> 2.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/Autorun.CA
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/Agent.16184
  --> 9.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen

16 Files were scanned
   12 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:

显示全部楼层 · 发表于 2007-12-30 18:58:48

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GamesOnline.db
病毒： Packer.Win32.VmpPacker.a
病毒： Trojan.PSW.Win32.SunGame.h
病毒： Trojan.PSW.Win32.GameOL.gpe
病毒： Malicious Code
病毒： Trojan.PSW.Win32.GameOL.gmv
病毒： Trojan.Win32.Undef.asp
病毒： Trojan.PSW.Win32.QQSG.br

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.24.60

显示全部楼层 · 发表于 2007-12-30 19:04:59

Trojan/PSW.OnLineGames.hnz“网游窃贼”变种hnz运行后，在后台秘密监视用户键盘操作，当用户登陆网络游戏页面时，窃取玩家游戏帐号和密码，并发送到黑客指定邮箱里。

显示全部楼层 · 发表于 2007-12-30 19:07:17

蜘蛛

显示全部楼层 · 发表于 2007-12-30 19:14:56

Win32:AutoRun-IC                            1.EXE
Win32:OnLineGames-BKU [Trj]          3.exe
Win32:OnLineGames-SR [Trj]             4.exe
Win32:Agent-LSI [Trj]                         5.exe
Win32:AutoRun-IC                               10.exe
Win32:AutoRun-IC                               11.exe
Win32:OnLineGames-BKU [Trj]          12.exe
Win32:Baidubar-B [Trj]                         13.exe(这个就是1.rar里面的)
Win32:OnLineGames-SR [Trj]             14.exe
Win32:OnLineGames-BOA [Trj]          15.exe
Win32:OnLineGames-BGD [Trj]          16.exe

显示全部楼层 · 发表于 2007-12-30 19:23:43

C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 14.exe - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 1.EXE - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 4.exe - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 6.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 10.exe - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 15.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 2.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 5.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 11.exe - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 16.exe - a variant of Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 3.exe - a variant of Win32/PSW.OnLineGames.JOJ trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 8.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\wangcheng\桌面\15.rar » RAR » 12.exe - a variant of Win32/PSW.OnLineGames.JOJ trojan

显示全部楼层 · 发表于 2007-12-30 19:39:12

第一个F-Prot挂。。。
-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2007-12-30, 0:17

Scan name: [Custom Scan]
Path to scan: C:\样本 yangpizhi\15.rar

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-12-30, 19:38:49
---------------------------------------------------------------------

[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\样本 yangpizhi\15.rar->14.exe->(embedded)->(UPack)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\15.rar->1.EXE->(UPack)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\样本 yangpizhi\15.rar->4.exe->(embedded)->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->6.exe->(Klone.AF)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\15.rar->10.exe->(UPack)
[Found security risk] <W32/OnlineGames.A.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\15.rar->15.exe->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->2.exe->(FSG)
[Clean] C:\样本 yangpizhi\15.rar->5.exe->(embedded)
[Clean] C:\样本 yangpizhi\15.rar->5.exe->(embedded)
[Found possible virus] <W32/SecRisk-ProcessPatcher-Sml-based!Maximus (not disinfectable)> C:\样本 yangpizhi\15.rar->5.exe->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->7.exe
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\样本 yangpizhi\15.rar->11.exe->(UPack)
[Found security risk] <W32/OnlineGames.A.gen!GSA (not disinfectable, generic)> C:\样本 yangpizhi\15.rar->16.exe->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->3.exe->(embedded)->(embedded)
[Clean] C:\样本 yangpizhi\15.rar->3.exe->(embedded)->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->3.exe->(UPack)
[Found virus] <W32/InfoStealer!Generic (not disinfectable)> C:\样本 yangpizhi\15.rar->8.exe->(embedded)
[Clean] C:\样本 yangpizhi\15.rar->9.exe->(PecBundle)->(PECompact)
[Clean] C:\样本 yangpizhi\15.rar->12.exe->(embedded)->(embedded)
[Clean] C:\样本 yangpizhi\15.rar->12.exe->(embedded)->(UPack)
[Clean] C:\样本 yangpizhi\15.rar->12.exe->(UPack)
[Contains infected objects] C:\样本 yangpizhi\15.rar
[Quarantined] C:\样本 yangpizhi\15.rar->12.exe->(embedded)->(embedded)

---------------------------------------------------------------------
Scan ended: 2007-12-30, 19:39:01
Duration: 0:00:12

Scan result:

Scanned files:    1
Infected objects:    9
Disinfected objects:    0
Quarantined files:    1
---------------------------------------------------------------------

显示全部楼层 · 发表于 2007-12-30 20:00:13

用卡巴的扫一下，我下午4点的病毒库，一个都不认识

懒得上报发这里，自有高人上报。用卡巴的扫一下，告诉结果就可以。

显示全部楼层 · 发表于 2007-12-30 20:19:24

木马名称:未知后门程序

程序:
C:\WINDOWS\SYSTEM32\ZPFOYGLQWZZDC.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

[病毒样本] 16pcs

本帖子中包含更多资源

31/9

本帖子中包含更多资源

avast! 11