44

电影结束了

http://bbs.kafan.cn/viewthread.php?tid=190885&extra=page%3D1
里的第一和第二个下载者挖的

Joker

29
deleted: Trojan program Trojan-Downloader.Win32.Small.hsh        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\0.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Vaklik.eg        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\1.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\10.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.Lmir.boy        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\10[1].exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.onw        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\11.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.okn        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\12.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oml        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\13.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\14.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\14[1].exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.odi        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\15.exe//UPack//PE_Patch
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oku        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\16.exe//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owu        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\17.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\18.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.omm        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\19.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owf        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\2.exe//UPack
deleted: Trojan program Trojan.Win32.Vaklik.eb        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\20.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.owv        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\21.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.omo        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\3.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.orb        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\4.exe//FSG
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oku        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\5.exe//#
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ooy        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\6.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.okx        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\7.exe//#//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nis        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\8.exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dq        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\down[1].exe//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dq        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\usb32k.sys//PE_Patch//UPack
deleted: virus Worm.Win32.Downloader.dn        File: C:\Documents and Settings\Administrator\×ÀÃæ\virus\wxptdi.sys
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: c:\documents and settings\administrator\×ÀÃæ\virus\16.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: c:\documents and settings\administrator\×ÀÃæ\virus\5.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.olj        File: c:\documents and settings\administrator\×ÀÃæ\virus\7.exe//PE_Patch//UPack

醉一生爱妍

NOD~~~

其中两个解压错误了

juijui

tart of the scan: 2008年1月20日  12:51

Starting the file scan:

Begin scan in 'C:\TEST\virus[1].part2.rar'
C:\TEST\virus[1].part2.rar
  [0] Archive type: RAR
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 1[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 2.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omo.7
  --> 4.exe
      [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxd
  --> 4[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> 7.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> 8.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nis.2
  --> 10.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> 10[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.boy.22
  --> 11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.4
  --> 12.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
      [INFO]      The file was moved to '4804d3ba.qua'!
Begin scan in 'C:\TEST\virus[1].part3.rar'
C:\TEST\virus[1].part3.rar
  [0] Archive type: RAR
  --> 13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omf
  --> 14.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was moved to '4804d3bb.qua'!
Begin scan in 'C:\TEST\virus[1].part1.rar'
C:\TEST\virus[1].part1.rar
  [0] Archive type: RAR
  --> 15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.147
  --> 15[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 16.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 17.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 17[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 18.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.1
  --> 19.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 19[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> 20.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 20[1].exe
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> 21.exe
      [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
  --> 21[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> down[1].exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> usb32k.sys
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> wxptdi.sys
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
      [INFO]      The file was moved to '4804d3bd.qua'!


End of the scan: 2008年1月20日  12:51
Used time: 00:10 min

The scan has been done completely.

      0 Scanning directories
     49 Files were scanned
     23 viruses and/or unwanted programs were found
      8 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     26 Files not concerned
      3 Archives were scanned
      0 Warnings
      0 Notes

wangjay1980

很多的尸体

Hello,

11[1].exek - Trojan-Downloader.Win32.ConHook.jh,
13[1].exek - Trojan-Downloader.Win32.Zlob.gef,
16[1].exek - Trojan-Downloader.Win32.Zlob.geg,
17[1].exek, 21[1].exek, 4[1].exek - Trojan.Win32.Pakes.bzp,
18[1].exek - Trojan-Downloader.Win32.Zlob.geh,
5[1].exek - Trojan-Downloader.Win32.Zlob.gei,
6[1].exek - Trojan-Downloader.Win32.Zlob.gej,
7[1].exek - Trojan-Downloader.Win32.ConHook.ji,
8[1].exek - Trojan-Downloader.Win32.Zlob.gek

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

12[1].exek, 15[1].exek, 19[1].exek, 1[1].exek, 20[1].exek, 2[1].exek, 3[1].exek

These files are corrupted.

test[1].htmk

No malicious code was found in this file.

Please quote all when answering.

[ 本帖最后由 wangjay1980 于 2008-1-20 14:05 编辑 ]

jimmyleo

d:\download\virusscan\virus[1]\15[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\19[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\20[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\1[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\2[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\3[1].exe: Broken.Executable FOUND
d:\download\virusscan\virus[1]\12[1].exe: Broken.Executable FOUND

7个

风野胤

后面有[1]基本都是尸体的样子

[ 本帖最后由 风野胤 于 2008-1-20 13:14 编辑 ]

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GamesOnline.gq
病毒： Trojan.PSW.Win32.ZhengTu.ymm
病毒： Trojan.PSW.Win32.QQGame.bw
病毒： Trojan.PSW.Win32.GameOL.lka
病毒： Trojan.PSW.Win32.DJOnline.bp
病毒： Trojan.Win32.Mnless.zyt  
病毒： Trojan.Win32.Undef.bes   
病毒： Trojan.PSW.Win32.GamesOnline.ir
病毒： Trojan.PSW.Win32.GameOL.ljz
病毒： Trojan.PSW.Win32.GameOL.liz
病毒： Trojan.PSW.Win32.GameOL.ljg
病毒： Trojan.PSW.Win32.ZhengTu.ymo
病毒： Trojan.PSW.Win32.GamesOnline.gd
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Trojan.PSW.Win32.GamesOnline.ik
病毒： Trojan.PSW.Win32.GamesOnline.hr

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.27.60

风野胤

何止这么几个
起码17[1]和21[1]也是尸体

基本红伞报启发的都是尸体


这就是虚拟机的优势了
虚拟机脱壳鞭尸很少

[ 本帖最后由 风野胤 于 2008-1-20 13:16 编辑 ]

mofunzone

被免杀的差出来的也很少