23[MD5: 2C7E3C ~~C562F5]

显示全部楼层 · 发表于 2008-1-20 22:28:38

[MD5: 2C7E3C 3256FE 9E4CEA CEF04C 5BFD74 42BAF0 EE7477 FFC2F8 A391A7 C37131 D100B8 47D0F3 30B865 DFB12F B161B0 8CD0AB 8982D5 E22D3D CD6977 151327 828928 B8C6A8 C562F5]

24 Files scanned
(1 Archiv with 23 files)
21 Signatures found
2 Suspect code-parts found
Used time: 0:00.219

-------------------------------------------------------------------------------
I:\virus\test/11.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/12.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/13.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/14.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/15.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/16.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/17.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/18.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/19.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/20.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/22.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/23.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/24.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/25.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/28.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/29.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/30.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/31.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/32.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/33.exe: PUA.Packed.UPack-2 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 192974
Engine version: 0.92
Scanned directories: 1
Scanned files: 23
Infected files: 20
Data scanned: 0.54 MB
Time: 6.593 sec (0 m 6 s)

[ 本帖最后由冷_冷于 2008-1-21 13:31 编辑 ]

显示全部楼层 · 发表于 2008-1-20 22:38:23

NODKILL~16

显示全部楼层 · 发表于 2008-1-20 22:46:03

ESET
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 11.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 12.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 13.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 14.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 15.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 16.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 17.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 18.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 19.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 20.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 23.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 24.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 29.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 30.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 31.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\SAMPLE.rar » RAR » 32.exe - a variant of Win32/PSW.OnLineGames.MUG trojan

显示全部楼层 · 发表于 2008-1-20 22:49:22

Starting the file scan:

Begin scan in 'K:\SAMPLE.rar'
K:\SAMPLE.rar
  [0] Archive type: RAR
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 12.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nxj.2
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 17.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 19.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 20.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oju.1
  --> 22.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.RE.1
  --> 23.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nwz
  --> 24.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.omf
  --> 25.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> 28.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.RE
  --> 29.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 30.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 31.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.nvu.1
  --> 32.exe
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 33.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [INFO]    A backup was created as '47e05f84.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2008-1-20 22:54:23

18
detected: Trojan program Trojan.Win32.Vaklik.eg File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/11.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oxf File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/12.exe//PE_Patch//UPack//#
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oeq File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/13.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nmc File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/14.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oji File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/15.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.otp File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/16.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oxf File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/17.exe//PE_Patch//UPack//#
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oml File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/18.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.noj File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/19.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.nmc File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/20.exe//PE_Patch//UPack
detected: Trojan program Trojan.Win32.Agent.ebs File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/22.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.odg File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/23.exe//PE_Patch//UPack
detected: Trojan program Trojan-Downloader.Win32.Zlob.gef File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/24.exe//PE_Patch
detected: Trojan program Trojan.Win32.Agent.ebs File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/28.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oxf File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/29.exe//PE_Patch//UPack//#
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ovk File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/30.exe//PE_Patch//UPack//#//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ohb File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/31.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oxf File: C:\Documents and Settings\Owner\×ÀÃæ\SAMPLE.rar/32.exe//PE_Patch//UPack//#

显示全部楼层 · 发表于 2008-1-20 22:56:17

11个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.ljz
病毒： Trojan.PSW.Win32.XYOnline.aaf
病毒： Trojan.PSW.Win32.GameOL.ljx
病毒： Trojan.PSW.Win32.XYOnline.aal
病毒： Trojan.PSW.Win32.GamesOnline.ir
病毒： Trojan.PSW.Win32.GamesOnline.gs
病毒： Trojan.Win32.Undef.bra
病毒： Trojan.PSW.Win32.GameOL.lhy
病毒： Trojan.PSW.Win32.SO2Online.at

MAC 地址：00:11:D8:2A:98:47

用户来源：局域网

软件版本：20.27.62

显示全部楼层 · 发表于 2008-1-20 22:59:32

Filename Result
LanguageSetter.exe CLEAN

The file 'LanguageSetter.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

显示全部楼层 · 发表于 2008-1-20 23:07:45

2008-1-20 23:06:16 Real-time file system protection file E:\virus\SAMPLE\32.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:06:10 Real-time file system protection file E:\virus\SAMPLE\31.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:06:08 Real-time file system protection file E:\virus\SAMPLE\30.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:06:03 Real-time file system protection file E:\virus\SAMPLE\29.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:06:00 Real-time file system protection file E:\virus\SAMPLE\24.exe Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:58 Real-time file system protection file E:\virus\SAMPLE\23.exe Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:56 Real-time file system protection file E:\virus\SAMPLE\20.exe Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:54 Real-time file system protection file E:\virus\SAMPLE\19.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:51 Real-time file system protection file E:\virus\SAMPLE\18.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:47 Real-time file system protection file E:\virus\SAMPLE\17.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:44 Real-time file system protection file E:\virus\SAMPLE\16.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:41 Real-time file system protection file E:\virus\SAMPLE\15.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:38 Real-time file system protection file E:\virus\SAMPLE\14.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:32 Real-time file system protection file E:\virus\SAMPLE\13.exe Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:29 Real-time file system protection file E:\virus\SAMPLE\12.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-1-20 23:05:26 Real-time file system protection file E:\virus\SAMPLE\11.exe a variant of Win32/PSW.OnLineGames.NFL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-1-20 23:08:51

小红
of the scan: 2008年1月20日  23:06

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\SAMPLE'

End of the scan: 2008年1月20日  23:06
Used time: 00:12 min

The scan has been done completely.

   1 Scanning directories
   3 Files were scanned
   0 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-20 23:56:03

已删除：木马程序 Trojan.Win32.Vaklik.eg 文件　: G:\Temp\SAMPLE1.rar/11.exe//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oxf 文件　: G:\Temp\SAMPLE1.rar/12.exe//PE_Patch//UPack//#
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oeq 文件　: G:\Temp\SAMPLE1.rar/13.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.nmc 文件　: G:\Temp\SAMPLE1.rar/14.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oji 文件　: G:\Temp\SAMPLE1.rar/15.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.otp 文件　: G:\Temp\SAMPLE1.rar/16.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oxf 文件　: G:\Temp\SAMPLE1.rar/17.exe//PE_Patch//UPack//#
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oml 文件　: G:\Temp\SAMPLE1.rar/18.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.noj 文件　: G:\Temp\SAMPLE1.rar/19.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.nmc 文件　: G:\Temp\SAMPLE1.rar/20.exe//PE_Patch//UPack
已删除：木马程序 Trojan.Win32.Agent.ebs 文件　: G:\Temp\SAMPLE1.rar/22.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.odg 文件　: G:\Temp\SAMPLE1.rar/23.exe//PE_Patch//UPack
已删除：木马程序 Trojan-Downloader.Win32.Zlob.gef 文件　: G:\Temp\SAMPLE1.rar/24.exe//PE_Patch
已删除：木马程序 Trojan.Win32.Agent.ebs 文件　: G:\Temp\SAMPLE1.rar/28.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oxf 文件　: G:\Temp\SAMPLE1.rar/29.exe//PE_Patch//UPack//#
检测到：木马程序 Trojan-PSW.Win32.OnLineGames.ovk 文件　: G:\Temp\SAMPLE1.rar/30.exe//PE_Patch//UPack//#//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.ohb 文件　: G:\Temp\SAMPLE1.rar/31.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.oxf 文件　: G:\Temp\SAMPLE1.rar/32.exe//PE_Patch//UPack//#

[病毒样本] 23[MD5: 2C7E3C ~~C562F5]

本帖子中包含更多资源

本帖子中包含更多资源

16

浏览过的版块