[病毒样本] 40

显示全部楼层 · 发表于 2008-1-20 16:22:03

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.orb       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp170.tmp//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp184.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.odi       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp208.tmp//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp216.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olk       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp219.tmp//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nmc       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmpFE.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ooz       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1A3.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.onw       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1B8.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1BF.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.okx       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1C7.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.okn       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1C8.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.onw       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1CD.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp1DC.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ojf       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp3B.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.okd       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp3F.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oku       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp18B.tmp//UPack//#
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.arw       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp18C.tmp//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ouz       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp19F.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.okb       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp20.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp21A.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oku       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp23.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oke       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp44.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oga       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp45.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oqn       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp47.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olh       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp118.tmp//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olj       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp129.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olf       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp144.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ooy       檔案: C:\Documents and Settings\kato9096\桌面\LocalTemp.rar/tmp145.tmp//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.omc       檔案: C:\Documents and Settings\kato9096\桌面\Sample.rar/欴掛\gnaixnauhqq.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.owx       檔案: C:\Documents and Settings\kato9096\桌面\Sample.rar/欴掛\hz.dll//UPack//#
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oki       檔案: C:\Documents and Settings\kato9096\桌面\Sample.rar/欴掛\msacpe.sys

9个不报,上报...

Hello,

111.dat, 222.dat, 333.dat, tmp207.tmp, ~DF421D.tmp, ~DF7A94.tmp, ~DF9613.tmp, ~DFCB81.tmp, ~wupcai

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-1-20 17:00 编辑 ]

显示全部楼层 · 发表于 2008-1-20 16:23:51

AVAST 15个
大蜘蛛 22个

显示全部楼层 · 发表于 2008-1-20 16:24:12

Starting the file scan:

Begin scan in 'E:\LocalTemp.rar'
E:\LocalTemp.rar
  [0] Archive type: RAR
  --> tmp170.tmp
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxd
  --> tmp184.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp208.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.147
  --> tmp216.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp219.tmp
   [DETECTION] Is the Trojan horse TR/PSW.BrowsOnline.A
  --> tmpFE.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp1A3.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> tmp1B8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.4
  --> tmp1BF.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> tmp1C7.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> tmp1C8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
  --> tmp1CD.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp1DC.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oju
  --> tmp3B.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp3F.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp18B.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp18C.tmp
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.23
  --> tmp19F.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp20.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oju
  --> tmp21A.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.1
  --> tmp44.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp45.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> tmp47.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp118.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olg.2
  --> tmp129.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp144.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp145.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
   [WARNING] The file was ignored!
Begin scan in 'E:\Sample.rar'
E:\Sample.rar
  [0] Archive type: RAR
  --> Ñù±¾\gnaixnauhqq.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omf
  --> Ñù±¾\hz.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oko
  --> Ñù±¾\msacpe.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [WARNING] The file was ignored!

End of the scan: 2008年1月20日  16:25
Used time: 00:27 min

The scan has been done completely.

   0 Scanning directories
   42 Files were scanned
   30 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   12 Files not concerned
   2 Archives were scanned
   2 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-20 16:27:48

Scanning Report
20 January 2008 16:27:05 - 16:27:12
Computer name: PUMA-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\LocalTemp.rar C:\Users\Administrator\Desktop\Sample.rar

--------------------------------------------------------------------------------

Result: 30 malware found
Trojan-PSW.Win32.OnLineGames.orb (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp170.tmp
Trojan-PSW.Win32.OnLineGames.olj (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp184.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp216.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1BF.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1DC.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp21A.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp129.tmp
Trojan-PSW.Win32.OnLineGames.odi (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp208.tmp
Trojan-PSW.Win32.OnLineGames.olk (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp219.tmp
Trojan-PSW.Win32.OnLineGames.nmc (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmpFE.tmp
Trojan-PSW.Win32.OnLineGames.ooz (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1A3.tmp
Trojan-PSW.Win32.OnLineGames.onw (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1B8.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1CD.tmp
Trojan-PSW.Win32.OnLineGames.okx (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1C7.tmp
Trojan-PSW.Win32.OnLineGames.okn (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp1C8.tmp
Trojan-PSW.Win32.OnLineGames.ojf (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp3B.tmp
Trojan-PSW.Win32.OnLineGames.okd (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp3F.tmp
Trojan-PSW.Win32.QQPass.arw (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp18C.tmp
Trojan-PSW.Win32.OnLineGames.ouz (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp19F.tmp
Trojan-PSW.Win32.OnLineGames.okb (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp20.tmp
Trojan-PSW.Win32.OnLineGames.oku (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp23.tmp
Trojan-PSW.Win32.OnLineGames.oke (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp44.tmp
Trojan-PSW.Win32.OnLineGames.oga (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp45.tmp
Trojan-PSW.Win32.OnLineGames.oqn (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp47.tmp
Trojan-PSW.Win32.OnLineGames.olh (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp118.tmp
Trojan-PSW.Win32.OnLineGames.olf (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp144.tmp
Trojan-PSW.Win32.OnLineGames.ooy (virus)
C:\Users\Administrator\Desktop\LocalTemp.rar\tmp145.tmp
C:\Users\Administrator\Desktop\LocalTemp.rar Action: deleted
Trojan-PSW.Win32.OnLineGames.omc (virus)
C:\Users\Administrator\Desktop\Sample.rar\Ñù±¾\gnaixnauhqq.dll
Trojan-PSW.Win32.OnLineGames.oki (virus)
C:\Users\Administrator\Desktop\Sample.rar\Ñù±¾\msacpe.sys

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 42
Not scanned: 1
Result:
Viruses: 30
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 1
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0
Files not scanned:
Cannot open a file in archive ~DF7A94.tmp

--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-01-19_02
Spyware: 2008-01-19_01
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-01-19
F-Secure Libra: 2.04.01, 2008-01-18
F-Secure Orion: 1.02.37, 2008-01-19
F-Secure Draco: 1.00.35, 2007-11-28
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Delete infected files
Spyware: Delete infected files

显示全部楼层 · 发表于 2008-1-20 16:28:04

31
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp170.tmp - Win32/PSW.OnLineGames.GJV 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp184.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp208.tmp - Win32/PSW.OnLineGames.NFL 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp216.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp219.tmp - Win32/PSW.OnLineGames.GJV 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmpFE.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1A3.tmp - Win32/PSW.OnLineGames.NLH 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1B8.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1BF.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1C7.tmp - Win32/PSW.OnLineGames.NLH 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1C8.tmp - Win32/PSW.OnLineGames.NFL 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1CD.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp1DC.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp3B.tmp - Win32/PSW.OnLineGames.MYG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp3F.tmp - Win32/PSW.OnLineGames.MYG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp18B.tmp - Win32/PSW.OnLineGames.NLH 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp18C.tmp - Win32/PSW.QQPass.NCU 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp19F.tmp - Win32/PSW.OnLineGames.MYG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp20.tmp - Win32/PSW.OnLineGames.NLP 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp21A.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp23.tmp - Win32/PSW.OnLineGames.NLR 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp44.tmp - Win32/PSW.OnLineGames.MYG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp45.tmp - Win32/PSW.OnLineGames.OGA 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp47.tmp - Win32/PSW.OnLineGames.MYG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp118.tmp - Win32/PSW.OnLineGames.NFL 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp129.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp144.tmp - Win32/PSW.OnLineGames.NLH 特洛伊木马
C:\Documents and Settings\user\桌面\LocalTemp.rar ?RAR ?tmp145.tmp - Win32/PSW.OnLineGames.MUG 特洛伊木马
C:\Documents and Settings\user\桌面\Sample.rar ?RAR ?样本\gnaixnauhqq.dll - Win32/PSW.OnLineGames.NLH 特洛伊木马
C:\Documents and Settings\user\桌面\Sample.rar ?RAR ?样本\hz.dll - 可能是 Win32/PSW.OnLineGames.NLH 特洛伊木马的变种
C:\Documents and Settings\user\桌面\Sample.rar ?RAR ?样本\msacpe.sys - Win32/PSW.OnLineGames.MYG 特洛伊木马的变种

显示全部楼层 · 发表于 2008-1-20 16:30:56

卡巴不报几个的没问题

显示全部楼层 · 发表于 2008-1-20 16:41:16

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GamesOnline.ir
病毒： Trojan.PSW.Win32.GameOL.liq
病毒： RootKit.Win32.Small.p
病毒： Trojan.PSW.Win32.GameOL.ljg
病毒： Trojan.PSW.Win32.ZhengTu.ymm
病毒： Trojan.PSW.Win32.GamesOnline.gq
病毒： Trojan.PSW.Win32.GameOL.lid
病毒： Trojan.PSW.Win32.GameOL.ljx
病毒： Trojan.PSW.Win32.ZhengTu.ymo
病毒： Trojan.PSW.Win32.GamesOnline.ik
病毒： Trojan.PSW.Win32.GamesOnline.hr
病毒： Trojan.PSW.Win32.GameOL.lit
病毒： RootKit.Win32.GameHack.ap
病毒： RootKit.Win32.GameHack.ak
病毒： RootKit.Win32.GameHack.an
病毒： RootKit.Win32.Small.aa
病毒： RootKit.Win32.GameHack.aq
病毒： Malicious Code
病毒： Trojan.PSW.Win32.GamesOnline.iv
病毒： Trojan.PSW.Win32.ZhengTu.ymo

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.27.60

显示全部楼层 · 发表于 2008-1-20 16:53:14

I:\virus\test/tmp118.tmp: PUA.Packed.UPack-1 FOUND
I:\virus\test/tmp129.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp144.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp145.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp170.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp184.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp18B.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp18C.tmp: Trojan.QQPass-493 FOUND
I:\virus\test/tmp19F.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmp1A3.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp1B8.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp1BF.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp1C7.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp1C8.tmp: PUA.Packed.UPack-1 FOUND
I:\virus\test/tmp1CD.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp1DC.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp20.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmp208.tmp: PUA.Packed.UPack-1 FOUND
I:\virus\test/tmp216.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp219.tmp: PUA.Packed.UPack FOUND
I:\virus\test/tmp21A.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/tmp23.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmp44.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmp45.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmp47.tmp: Trojan.Mono-9 FOUND
I:\virus\test/tmpFE.tmp: PUA.Packed.UPack-3 FOUND
I:\virus\test/样本/gnaixnauhqq.dll: PUA.Packed.UPack FOUND
I:\virus\test/样本/hz.dll: PUA.Packed.UPack FOUND
I:\virus\test/样本/msacpe.sys: Trojan.Mono-9 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 214216
Engine version: 0.92
Scanned directories: 2
Scanned files: 40
Infected files: 29
Data scanned: 0.89 MB
Time: 8.812 sec (0 m 8 s)

显示全部楼层 · 发表于 2008-1-20 16:58:38

Start of the scan: 2008年1月20日  16:57

Starting the file scan:

Begin scan in 'I:\样本'
I:\样本\LocalTemp.rar
  [0] Archive type: RAR
  --> tmp170.tmp
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxd
  --> tmp184.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp208.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.147
  --> tmp216.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp219.tmp
   [DETECTION] Is the Trojan horse TR/PSW.BrowsOnline.A
  --> tmpFE.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp1A3.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> tmp1B8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.4
  --> tmp1BF.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> tmp1C7.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr
  --> tmp1C8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
  --> tmp1CD.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp1DC.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oju
  --> tmp3B.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp3F.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp18B.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp18C.tmp
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.23
  --> tmp19F.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp20.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oju
  --> tmp21A.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.1
  --> tmp44.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp45.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
  --> tmp47.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp118.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olg.2
  --> tmp129.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku
  --> tmp144.tmp
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> tmp145.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oga.2
   [INFO]    The file was deleted!
I:\样本\Sample.rar
  [0] Archive type: RAR
  --> Ñù±¾\gnaixnauhqq.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omf
  --> Ñù±¾\hz.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oko
  --> Ñù±¾\msacpe.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年1月20日  16:57
Used time: 00:34 min

The scan has been done completely.

   1 Scanning directories
   42 Files were scanned
   30 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   12 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-20 17:00:10

Hello,

111.dat, 222.dat, 333.dat, tmp207.tmp, ~DF421D.tmp, ~DF7A94.tmp, ~DF9613.tmp, ~DFCB81.tmp, ~wupcai

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[病毒样本] 40

本帖子中包含更多资源

30

64/27

30个