某下载者留下的一堆

显示全部楼层 · 发表于 2008-1-19 14:57:35

地址：
画叉的地方全部替换成a.8q8.biz:666就可以下载到鸟

显示全部楼层 · 发表于 2008-1-19 15:00:19

Begin scan in 'D:\Downloads\样本\0119001.rar'
D:\Downloads\样本\0119001.rar
  [0] Archive type: RAR
  --> 00025.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kny
  --> 00026.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kea
  --> 00027.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> down1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.8848
  --> host.exe
   [DETECTION] Is the Trojan horse TR/Qhost.aef
  --> soundma.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.B
  --> 00023.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.YMX
  --> arp.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
  --> 00008.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 00001.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kpt
  --> 00003.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kpw
  --> 00004.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kas
  --> 00005.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 00006.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.24396
  --> 00007.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mxq.1
  --> 00009.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jpc
  --> 00010.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLinGame.jfj
  --> 00012.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 00013.exe
   [DETECTION] Is the Trojan horse TR/FWDisable.24932
  --> 00014.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.klt
  --> 00015.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLinGame.jfh
  --> 00016.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 00017.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kpu
  --> 00019.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.jlc.21
  --> 00020.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.kjf
  --> 00021.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 00022.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> 00024.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [WARNING] The file was ignored!

End of the scan: 2008年1月19日  14:56
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   29 Files were scanned
   28 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-19 15:02:00

显示全部楼层 · 发表于 2008-1-19 15:05:32

祥子来看PUA亚

d:\download\virusscan\0119001\00025.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00026.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00027.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\host.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\soundma.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00023.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\arp.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00008.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00001.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00003.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00004.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00005.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00006.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00007.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00009.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00010.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00012.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00013.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00014.exe: PUA.Packed.UPack-3 FOUND
d:\download\virusscan\0119001\00015.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00016.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00017.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00019.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00020.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00021.exe: PUA.Packed.UPack-2 FOUND
d:\download\virusscan\0119001\00022.exe: PUA.Packed.UPack FOUND
d:\download\virusscan\0119001\00024.exe: PUA.Packed.UPack-2 FOUND

显示全部楼层 · 发表于 2008-1-19 15:06:28

扫描进行于：2008-1-19 15:06:06
扫描日志
NOD32版本 2807 (20080119) NT
命令行： F:\virus\0119001.rar

日期： 19.1.2008 时间：15:06:08
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：F:\virus\0119001.rar
F:\virus\0119001.rar >>RAR >>00025.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00026.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00027.exe - 可能是 Win32/PSW.OnLineGames.MUG 木马的一个变种
F:\virus\0119001.rar >>RAR >>host.exe - Win32/Qhost.AEF 木马
F:\virus\0119001.rar >>RAR >>soundma.exe - Win32/PSW.Delf.NKU 木马
F:\virus\0119001.rar >>RAR >>00023.exe - Win32/PSW.OnLineGames.JTC 木马
F:\virus\0119001.rar >>RAR >>arp.exe - 未查明的 NewHeur_PE 病毒 [7]
F:\virus\0119001.rar >>RAR >>00008.exe - Win32/PSW.OnLineGames.NKJ 木马
F:\virus\0119001.rar >>RAR >>00001.exe - Win32/PSW.OnLineGames.NFL 木马
F:\virus\0119001.rar >>RAR >>00003.exe - Win32/PSW.OnLineGames.NFL 木马
F:\virus\0119001.rar >>RAR >>00004.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\0119001.rar >>RAR >>00005.exe - Win32/PSW.OnLineGames.NKI 木马
F:\virus\0119001.rar >>RAR >>00006.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\0119001.rar >>RAR >>00007.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00009.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\0119001.rar >>RAR >>00010.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\0119001.rar >>RAR >>00012.exe - 可能是 Win32/PSW.OnLineGames.MUG 木马的一个变种
F:\virus\0119001.rar >>RAR >>00013.exe - Win32/PSW.OnLineGames.FDY 木马
F:\virus\0119001.rar >>RAR >>00014.exe - 可能是 Win32/PSW.OnLineGames.NGU 木马的一个变种
F:\virus\0119001.rar >>RAR >>00015.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00016.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00017.exe - Win32/PSW.OnLineGames.NFL 木马的变种
F:\virus\0119001.rar >>RAR >>00019.exe - Win32/PSW.OnLineGames.NJG 木马
F:\virus\0119001.rar >>RAR >>00020.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00021.exe - Win32/PSW.OnLineGames.KQF 木马
F:\virus\0119001.rar >>RAR >>00022.exe - Win32/PSW.OnLineGames.FDY 木马的变种
F:\virus\0119001.rar >>RAR >>00024.exe - Win32/PSW.OnLineGames.NFL 木马的变种
已扫描的文件数目：28
已发现的病毒数目：27
完成时间： 15:06:15 总扫描时间：7 秒 (00:00:07)

注意：
[7] 该文件可能感染上未知病毒。

显示全部楼层 · 发表于 2008-1-19 15:10:56

费尔 28
E:\0119001.rar>>00025.exe TrojanPSW.OnLineGames.itf.geme 木马还未处理
E:\0119001.rar>>00026.exe TrojanPSW.OnLineGames.hnz.hvwe 木马还未处理
E:\0119001.rar>>00027.exe TrojanPSW.OnlineGames.GEN.bqjz 木马还未处理
E:\0119001.rar>>down1.exe Trojan.Yaeesy.wsxp 木马还未处理
E:\0119001.rar>>host.exe Trojan.QHost.abe.dpcp 木马还未处理
E:\0119001.rar>>soundma.exe TrojanDownloader.Agent.bxw.qecb 木马还未处理
E:\0119001.rar>>00023.exe TrojanPSW.OnLineGames.jct.mzbd 木马还未处理
E:\0119001.rar>>arp.exe Backdoor.Delf.cjx.bgty 后门还未处理
E:\0119001.rar>>00008.exe TrojanPSW.OnLineGames.kqe.hlev 木马还未处理
E:\0119001.rar>>00001.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
E:\0119001.rar>>00003.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
E:\0119001.rar>>00004.exe TrojanPSW.OnLineGames.kbj.oajg 木马还未处理
E:\0119001.rar>>00005.exe TrojanPSW.OnLineGames.kqm.ruwc 木马还未处理
E:\0119001.rar>>00006.exe TrojanPSW.OnLineGames.itf.xrbl 木马还未处理
E:\0119001.rar>>00007.exe TrojanPSW.OnLineGames.lhc.silg 木马还未处理
E:\0119001.rar>>00009.exe TrojanPSW.SunOnline.in.tsej 木马还未处理
E:\0119001.rar>>00010.exe TrojanSpy.Delf.aud.tzma 木马还未处理
E:\0119001.rar>>00012.exe TrojanPSW.OnLineGames.kmp.tyro 木马还未处理
E:\0119001.rar>>00013.exe TrojanPSW.OnLineGames.iys.iuvp 木马还未处理
E:\0119001.rar>>00014.exe TrojanPSW.GamePass.abur.rjeb 木马还未处理
E:\0119001.rar>>00015.exe TrojanPSW.OnLineGames.kix.cxua 木马还未处理
E:\0119001.rar>>00016.exe TrojanPSW.OnLineGames.jhe.vibd 木马还未处理
E:\0119001.rar>>00017.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
E:\0119001.rar>>00019.exe TrojanPSW.OnLineGames.jlc.kcky 木马还未处理
E:\0119001.rar>>00020.exe TrojanPSW.OnLineGames.mcs.lzwz 木马还未处理
E:\0119001.rar>>00021.exe TrojanPSW.OnLineGames.kqf.fxea 木马还未处理
E:\0119001.rar>>00022.exe TrojanPSW.OnLineGames.itf.vqls 木马还未处理
E:\0119001.rar>>00024.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理

显示全部楼层 · 发表于 2008-1-19 15:15:53

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.LMir.yzj
病毒： Trojan.PSW.Win32.XYOnline.vu
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.DL.Win32.Mnless.rq
病毒： Trojan.Win32.QHost.abe
病毒： Trojan.Win32.Mnless.zvz
病毒： Dropper.Win32.Agent.yse
病毒： Trojan.PSW.Win32.SunOnline.iy
病毒： Trojan.PSW.Win32.GameOL.gn
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.SunOnline.in
病毒： Trojan.PSW.Win32.XYOnline.vk
病毒： Trojan.PSW.Win32.GameOnline.arq
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GamesOnline.j
病毒： Trojan.PSW.Win32.GamesOnline.l
病毒： Trojan.PSW.Win32.GameOL.ed
病毒： Trojan.PSW.Win32.GamesOnline.g

用户来源：互联网

软件版本：20.27.50

显示全部楼层 · 发表于 2008-1-19 15:27:25

PUA。。。够KB的。。

显示全部楼层 · 发表于 2008-1-19 15:30:33

PUA是啥软件

显示全部楼层 · 发表于 2008-1-19 15:42:50

CLAMWIN的检测壳的功能...我也是前天听阿米说才知道CW还有这个功能的...

[病毒样本] 某下载者留下的一堆

本帖子中包含更多资源

本帖子中包含更多资源

回复 4楼 jimmyleo 的帖子

回复 8楼 qianwenxiang 的帖子

回复 9楼冷_冷的帖子

[病毒样本] 某下载者留下的一堆

本帖子中包含更多资源

本帖子中包含更多资源

回复 4楼 jimmyleo 的帖子

回复 8楼 qianwenxiang 的帖子

回复 9楼 冷_冷 的帖子

回复 9楼冷_冷的帖子