一堆老东西

显示全部楼层 · 发表于 2008-1-23 23:52:54

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\system32_02.rar'
C:\Documents and Settings\Administrator\桌面\system32_02.rar
  [0] Archive type: RAR
  --> upxdnd.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Flower.exe
   [DETECTION] Is the Trojan horse TR/Agent.32333
  --> 360rpt.exe
   [DETECTION] Is the Trojan horse TR/Hupigon.330044.1
  --> rarjepi.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rsmyjpm.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> avzxmmn.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> gdwdi32.dll
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> rarjetl.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> IsDrv122.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> avzxmst.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rsmyjsp.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> DbgHlp32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> linkinfo.dll
   [DETECTION] Contains code of the Windows virus W32/Rectix.A
  --> DbgHlp32.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [INFO]    The file was deleted!

End of the scan: 星期三 2008年1月23日  23:52
Used time: 00:09 min

The scan has been done completely.

   0 Scanning directories
   17 Files were scanned
   13 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

AVG Anti-Spyware - Scan Report(10)
---------------------------------------------------------

+ Created at: 6:02:24 2008-1-24

+ Scan result:

C:\Documents and Settings\Administrator\桌面\system32 02.rar/360rpt.exe -> Backdoor.Bifrose.djf : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/linkinfo.dll -> Downloader.Agent.erl : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/rarjepi.dll -> Trojan.OnLineGames.mqx : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/rsmyjpm.dll -> Trojan.OnLineGames.mra : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/rsmyjsp.exe -> Trojan.OnLineGames.mra : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/avzxmmn.dll -> Trojan.OnLineGames.mrt : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/upxdnd.exe -> Trojan.OnLineGames.msh : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/avzxmst.exe -> Trojan.OnLineGames.mtt : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/rarjetl.exe -> Trojan.OnLineGames.mtt : No action taken.
C:\Documents and Settings\Administrator\桌面\system32 02.rar/upxdnd.dll -> Trojan.OnLineGames.mtx : No action taken.

::Report end

[ 本帖最后由 nosferatu 于 2008-1-24 06:04 编辑 ]

显示全部楼层 · 发表于 2008-1-24 00:05:18

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\system32 02.rar'
C:\Documents and Settings\Administrator\My Documents\
  system32 02.rar
[0] Archive type: RAR
--> upxdnd.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> Flower.exe
      [DETECTION] Is the Trojan horse TR/Agent.32333
      [WARNING] Infected files in archives cannot be repaired!
--> 360rpt.exe
      [DETECTION] Is the Trojan horse TR/Hupigon.330044.1
      [WARNING] Infected files in archives cannot be repaired!
--> rarjepi.dll
      [DETECTION] Is the Trojan horse TR/WuDisable.B
      [WARNING] Infected files in archives cannot be repaired!
--> rsmyjpm.dll
      [DETECTION] Is the Trojan horse TR/WuDisable.B
      [WARNING] Infected files in archives cannot be repaired!
--> avzxmmn.dll
      [DETECTION] Is the Trojan horse TR/WuDisable.B
      [WARNING] Infected files in archives cannot be repaired!
   --> gdwdi32.dll
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Rootkit.Gen
            [WARNING] Infected files in archives cannot be repaired!
   --> rarjetl.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/WuDisable.B
            [WARNING] Infected files in archives cannot be repaired!
--> IsDrv122.sys
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [WARNING] Infected files in archives cannot be repaired!
   --> avzxmst.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/WuDisable.B
            [WARNING] Infected files in archives cannot be repaired!
   --> rsmyjsp.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/WuDisable.B
            [WARNING] Infected files in archives cannot be repaired!
--> DbgHlp32.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
   --> upxdnd.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
--> linkinfo.dll
      [DETECTION] Contains detection pattern of the Windows virus W32/Rectix.A
      [WARNING] Infected files in archives cannot be repaired!
   --> DbgHlp32.exe
      [1] Archive type: Runtime Packed
      --> Object
      [2] Archive type: RSRC
      --> Object
            [DETECTION] Contains suspicious code HEUR/Malware
            [WARNING] Infected files in archives cannot be repaired!
   [INFO]    The file was deleted!

End of the scan: 2008年1月23日  08:05
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   16 Files were scanned
   11 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   7 Archives were scanned
   15 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-24 00:12:40

显示全部楼层 · 发表于 2008-1-24 01:05:52

Scanning Report
24 January 2008 01:05:43 - 01:05:44
Computer name: PUMA-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\system32_02.rar

--------------------------------------------------------------------------------

Result: 14 malware found
Trojan-PSW.Win32.OnLineGames.mtx (virus)
C:\Users\Administrator\Desktop\system32_02.rar\upxdnd.dll
Backdoor.Win32.Bifrose.djf (virus)
C:\Users\Administrator\Desktop\system32_02.rar\360rpt.exe
Trojan-PSW.Win32.OnLineGames.mqx (virus)
C:\Users\Administrator\Desktop\system32_02.rar\rarjepi.dll
Trojan-PSW.Win32.OnLineGames.mra (virus)
C:\Users\Administrator\Desktop\system32_02.rar\rsmyjpm.dll
C:\Users\Administrator\Desktop\system32_02.rar\rsmyjsp.exe
Trojan-PSW.Win32.OnLineGames.mrt (virus)
C:\Users\Administrator\Desktop\system32_02.rar\avzxmmn.dll
Trojan-PSW.Win32.OnLineGames.mrd (virus)
C:\Users\Administrator\Desktop\system32_02.rar\gdwdi32.dll
Trojan-PSW.Win32.OnLineGames.mtu (virus)
C:\Users\Administrator\Desktop\system32_02.rar\rarjetl.exe
Virus.Win32.Alman.b (virus)
C:\Users\Administrator\Desktop\system32_02.rar\IsDrv122.sys
Trojan-PSW.Win32.OnLineGames.mtt (virus)
C:\Users\Administrator\Desktop\system32_02.rar\avzxmst.exe
Trojan-PSW.Win32.OnLineGames.mty (virus)
C:\Users\Administrator\Desktop\system32_02.rar\DbgHlp32.dll
Trojan-PSW.Win32.OnLineGames.msh (virus)
C:\Users\Administrator\Desktop\system32_02.rar\upxdnd.exe
Trojan-Downloader.Win32.Agent.erl (virus)
C:\Users\Administrator\Desktop\system32_02.rar\linkinfo.dll
Trojan-PSW.Win32.OnLineGames.mtv (virus)
C:\Users\Administrator\Desktop\system32_02.rar\DbgHlp32.exe

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 16
Not scanned: 0
Result:
Viruses: 14
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0

显示全部楼层 · 发表于 2008-1-24 04:23:56

Scan Log
Version of virus signature database: 2818 (20080123)
Date: 2008-1-24 Time: 4:23:45
Scanned disks, folders and files: G:\v\system32_02.rar
Number of scanned objects: 16
Number of threats found: 15
Time of completion: 4:23:52 Total scanning time: 7 sec (00:00:07)

显示全部楼层 · 发表于 2008-1-24 09:19:48

AntiVir PersonalEdition Premium
Report file date: 星期四 2008年1月24日  09:18

Scanning for 1065753 virus strains and unwanted programs.

Licensed to:    chen yilong
Serial number: 1101089080-PEPWE-0001
Platform:       Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:       Administrator
Computer name: GHOST-A70CF650B

Version information:
BUILD.DAT : 308          17199 Bytes  2007-09-19 13:44:00
AVSCAN.EXE : 7.0.6.1    290856 Bytes  2007-08-23 06:16:30
AVSCAN.DLL : 7.0.6.0    49192 Bytes  2007-08-16 05:23:52
LUKE.DLL    : 7.0.5.3    147496 Bytes  2007-08-14 08:32:48
LUKERES.DLL  : 7.0.6.1    10280 Bytes  2007-08-21 05:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes  2007-07-18 06:36:36
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes  2007-12-14 04:29:02
ANTIVIR2.VDF : 7.0.2.0    948736 Bytes  2008-01-15 09:16:30
ANTIVIR3.VDF : 7.0.2.36    347648 Bytes  2008-01-23 00:34:50
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes  2008-01-15 06:29:26
AVWINLL.DLL  : 1.0.0.7    14376 Bytes  2007-02-26 03:36:28
AVPREF.DLL : 7.0.2.2    25640 Bytes  2007-07-18 00:39:18
AVREP.DLL : 7.0.0.1    155688 Bytes  2007-12-14 04:29:10
AVPACK32.DLL : 7.6.0.3    360488 Bytes  2008-01-15 06:29:28
AVREG.DLL : 7.0.1.6    30760 Bytes  2007-07-18 00:17:08
AVARKT.DLL : 1.0.0.20    278568 Bytes  2007-08-28 05:26:34
AVEVTLOG.DLL : 7.0.0.20    86056 Bytes  2007-07-18 00:10:20
NETNT.DLL : 7.0.0.0       7720 Bytes  2007-03-08 04:09:44
RCIMAGE.DLL  : 7.0.1.30 2576424 Bytes  2007-08-07 05:51:08
RCTEXT.DLL : 7.0.62.0    86056 Bytes  2007-08-21 06:03:20
SQLITE3.DLL  : 3.3.17.1    339968 Bytes  2007-07-23 02:37:22

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6c503b43.avp
Logging..........................: low
Primary action...................: delete
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: off
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+JOKE,+SPR,

Start of the scan: 星期四 2008年1月24日  09:18

Starting the file scan:

Begin scan in 'd:\我的文档\桌面\system32 02.rar'
d:\我的文档\桌面\system32 02.rar
  [0] Archive type: RAR
  --> upxdnd.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Flower.exe
   [DETECTION] Is the Trojan horse TR/Agent.32333
  --> 360rpt.exe
   [DETECTION] Is the Trojan horse TR/Hupigon.330044.1
  --> rarjepi.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rsmyjpm.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> avzxmmn.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> gdwdi32.dll
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> rarjetl.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> IsDrv122.sys
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> avzxmst.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rsmyjsp.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> DbgHlp32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> linkinfo.dll
   [DETECTION] Contains code of the Windows virus W32/Rectix.A
  --> DbgHlp32.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [INFO]    A backup was created as '480ae7fa.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: 星期四 2008年1月24日  09:18
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   16 Files were scanned
   13 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-24 16:54:05

avast! x 14 ...

Sign of "Win32:OnLineGames-BQS [Trj]" has been found in "F:\system32 02.rar\upxdnd.dll" file.
Sign of "Win32:Agent-BQC [Trj]" has been found in "F:\system32 02.rar\IsDrv122.sys" file.
Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "F:\system32 02.rar\rarjepi.dll" file.
Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "F:\system32 02.rar\rsmyjpm.dll" file.
Sign of "Win32:Delf-FVM [Trj]" has been found in "F:\system32 02.rar\avzxmmn.dll" file.
Sign of "Win32:OnLineGames-BSR [Trj]" has been found in "F:\system32 02.rar\DbgHlp32.dll" file.
Sign of "Win32:Trojan-gen {Other}" has been found in "F:\system32 02.rar\upxdnd.exe" file.
Sign of "Win32:Agent-JJY [Trj]" has been found in "F:\system32 02.rar\linkinfo.dll" file.
Sign of "Win32:GrayBird-AD [Trj]" has been found in "F:\system32 02.rar\360rpt.exe\[eXPressor]" file.
Sign of "Win32:OnLineGames-BKU [Trj]" has been found in "F:\system32 02.rar\gdwdi32.dll\[Upack]" file.
Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "F:\system32 02.rar\rarjetl.exe\[Upack]\[Embedded#MUSIC]" file.
Sign of "Win32:Delf-FVM [Trj]" has been found in "F:\system32 02.rar\avzxmst.exe\[Upack]\[Embedded#MUSIC]" file.
Sign of "Win32:OnLineGames-BGD [Trj]" has been found in "F:\system32 02.rar\rsmyjsp.exe\[Upack]\[Embedded#MUSIC]" file.
Sign of "Win32:OnLineGames-BSR [Trj]" has been found in "F:\system32 02.rar\DbgHlp32.exe\[Upack]\[Embedded#4060]" file.

[ 本帖最后由 hj5abc 于 2008-1-24 16:56 编辑 ]

[病毒样本] 一堆老东西

KV2008 15个全

本帖子中包含更多资源