22pcs

显示全部楼层 · 发表于 2008-1-6 00:39:31

某贴下的，去了一个机器狗，微点报了，不发。

更正第一包21个，12.exe失效了，没下到。第二包1个，微点报。

[ 本帖最后由自由于 2008-1-6 12:43 编辑 ]

显示全部楼层 · 发表于 2008-1-6 00:40:51

C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 24.exe » RAR » Rml.exe - Win32/NetTool.Agent.B application
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\1.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\10.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\11.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\13.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\14.exe - probably a variant of Win32/PSW.WOW.WU trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\15.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\16.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\17.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\18.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\19.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\2.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\20.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\21.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\22.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\4.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\7.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\8.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\新建文件夹a.rar » RAR » 新建文件夹a\9.exe - a variant of Win32/PSW.OnLineGames.NFL trojan

显示全部楼层 · 发表于 2008-1-6 00:46:30

eq2有没有上报自己检测剩下的啊？

显示全部楼层 · 发表于 2008-1-6 00:47:50

全杀了。。。没有剩的

显示全部楼层 · 发表于 2008-1-6 00:59:44

Begin scan in 'C:\Documents and Settings\T\桌面\新建文件夹a.rar'
C:\Documents and Settings\T\桌面\新建文件夹a.rar
  [0] Archive type: RAR
  --> ÐÂ½¨ÎÄ¼þ¼Ða\1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\10.exe
   [DETECTION] Is the Trojan horse TR/PSW.19766
  --> ÐÂ½¨ÎÄ¼þ¼Ða\11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\13.exe
   [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\14.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\15.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\16.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVC
  --> ÐÂ½¨ÎÄ¼þ¼Ða\17.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\18.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\19.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\2.exe
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bwn
  --> ÐÂ½¨ÎÄ¼þ¼Ða\20.exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\21.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\22.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\3.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\4.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\5.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\6.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\7.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\8.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ða\9.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [INFO]    The file was moved to 'ad0714ac.qua'!

End of the scan: 2008年1月6日  00:52
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   23 Files were scanned
   21 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

Begin scan in 'C:\Documents and Settings\T\桌面\24.rar'
C:\Documents and Settings\T\桌面\24.rar
  [0] Archive type: RAR
  --> 24.exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.318861
   [1] Archive type: RAR SFX (self extracting)
   --> Rml.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was moved to '47adb62d.qua'!

End of the scan: 2008年1月6日  00:53
Used time: 00:01 min

The scan has been done completely.

   0 Scanning directories
   11 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   9 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-6 01:10:27

显示全部楼层 · 发表于 2008-1-6 01:54:17

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\新建文件夹a.rar'
C:\Documents and Settings\Administrator\My Documents\
  新建文件夹a.rar
[0] Archive type: RAR
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\1.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\10.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.19766
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\11.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\13.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\14.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\15.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\16.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVC
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\17.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\18.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\19.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Spy.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\2.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.Nilage.bwn
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\20.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\21.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\22.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\3.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\4.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\5.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\6.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\7.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\8.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   --> ￐ￂﾽﾨￎￄﾼﾼ￐a\9.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\24.rar'
C:\Documents and Settings\Administrator\My Documents\
  24.rar
[0] Archive type: RAR
--> 24.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.318861
      [WARNING] Infected files in archives cannot be repaired!
   --> 24.exe
      [1] Archive type: RAR SFX (self extracting)
      --> wpcap.dll
      --> npptools.dll
      --> drivers\npf.sys
      --> Rml.exe
         [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
         [WARNING] Infected files in archives cannot be repaired!
      --> Packet.dll
      --> WanPacket.dll
      --> rq.bat
      --> 4.vbs
   [INFO]    The file was deleted!

End of the scan: 2008年1月5日  09:53
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   32 Files were scanned
   11 viruses and/or unwanted programs were found
   12 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   21 Files not concerned
   24 Archives were scanned
   20 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-6 02:24:32

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nar File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\1.exe//UPack
detected: Trojan program Trojan-PSW.Win32.WOW.aie File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\10.exe//FSG//#//UPack//PE_Patch.MaskPE
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mup File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\11.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\13.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.myj File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\14.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.WOW.aib File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\16.exe//FSG//#//UPack//PE_Patch.MaskPE
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mza File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\18.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mzi File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\19.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.Nilage.bwn File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\2.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mwe File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\21.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mzj File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\22.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mry File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\3.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mzs File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\4.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mwj File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\5.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mvv File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\6.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.myu File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\7.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mvx File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\8.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.mvz File: C:\Users\Nerazzurri\Desktop\ÐÂ½¨ÎÄ¼þ¼Ða.rar/ÐÂ½¨ÎÄ¼þ¼Ða\9.exe//UPack
================================================================
deleted: riskware not-a-virus:NetTool.Win32.Agent.b File: C:\Users\Nerazzurri\Desktop\24.rar/24.exe//data.rar/Rml.exe
deleted: Trojan program Trojan.BAT.Agent.be File: C:\Users\Nerazzurri\Desktop\24.rar/24.exe//data.rar/rq.bat

显示全部楼层 · 发表于 2008-1-6 09:03:40

显示全部楼层 · 发表于 2008-1-6 09:14:42

新建文件夹a里，铁壳报了7个

[病毒样本] 22pcs

本帖子中包含更多资源

22

本帖子中包含更多资源

本帖子中包含更多资源