49

sam.to

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pmz        檔案: C:\Documents and Settings\kato9096\桌面\3.zip/3/08.1.28/08.1.28/tmp3Cjs.dll//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pmi        檔案: C:\Documents and Settings\kato9096\桌面\3.zip/3/08.1.28/08.1.28/tmp6.tmp
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pqr        檔案: C:\Documents and Settings\kato9096\桌面\3.zip/3/08.1.28/08.1.28/tmpB.tmp//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pik        檔案: C:\Documents and Settings\kato9096\桌面\3.zip/3/conime/conime.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pik        檔案: C:\Documents and Settings\kato9096\桌面\3.zip/3/机器狗conime/conime.exe

不报的上报

Download:
http://www.4shared.com/file/36155476/29ec8765/3_online.html

因为网站下载前会为用户杀毒,所以加上密码:
infected




Hello,

2D30B3CA.pf, CONIME.EXE-13EEEA1A.pf, TMP10.TMP-13C71359.pf, TMP13.TMP-10D12B75.pf, TMP14.TMP-0292E836.pf, TMP15.TMP-046223FD.pf, TMP18.TMP-20361AD1.pf, TMP1B.TMP-0E2FA862.pf, TMP1E.TMP-1668966C.pf, TMP1F.tmp-38964746, TMP2.TMP-39AFE951.pf, TMP22.TMP-301E1CD6.pf, TMP23.TMP-1EE0C0DC.pf, TMP24.TMP-1AEACD64.pf, TMP29.TMP-22DFE52B.pf, TMP2A.TMP-111D48FF.pf, TMP2D.TMP-177A1A1E.pf, TMP3.TMP-001BA4EF.pf, TMP30.TMP-159F7FF7.pf, TMP33.TMP-12F7E326.pf, TMP36.TMP-11A05BA8.pf, TMP39.TMP-36389A76.pf, TMP3A.TMP-1D0626B5.pf, TMP3B.TMP-31F8B6FD.pf, TMP3C.TMP-07D2D743.pf, TMP3D.TMP-06039B7C.pf, TMP9.TMP-03E37F60.pf, TMPA.TMP-1D15F321.pf, TMPC.tmp-32494293

These files are clean.
Windows creates pf-files for fast access to most used programs.
Please, send us original file, for example
FILE.EXE-399A8E72.pf is pf-file, FILE.EXE is original file.

conime.exek, conime.exekk - Trojan-PSW.Win32.OnLineGames.pik,
tmp3Cjs.dll - Trojan-PSW.Win32.OnLineGames.pmz,
tmp6.tmpk - Trojan-PSW.Win32.OnLineGames.pmi,
tmpB.tmpk - Trojan-PSW.Win32.OnLineGames.pqr

These files are already detected. Please update your antivirus bases.

f[1].htmk, nsl97.tmpk, s[1].htmk, tmp.dat, tmp1.tmpk, ~DFD602.tmpk

No malicious code were found in these files.

tmp22.tmpk - Trojan.Win32.Agent.emb,
ufangipn.exek - Trojan-PSW.Win32.OnLineGames.pro

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

[ 本帖最后由 kato9096 于 2008-1-28 13:34 编辑 ]

hj5abc

不能下 .

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\3'
C:\Documents and Settings\Administrator\My Documents\3\08.1.28\08.1.28\
  f[1].htm
  nsl97.tmp
  s[1].htm
  tmp.dat
  tmp1.tmp
  TMP10.TMP-13C71359.pf
  TMP13.TMP-10D12B75.pf
  TMP14.TMP-0292E836.pf
  TMP15.TMP-046223FD.pf
  TMP18.TMP-20361AD1.pf
  TMP1B.TMP-0E2FA862.pf
  TMP1E.TMP-1668966C.pf
  TMP1F.TMP-38964746.pf
  TMP2.TMP-39AFE951.pf
  tmp20.tmp
  tmp21.tmp
  tmp22.tmp
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '480d61ff.qua'!
  TMP22.TMP-301E1CD6.pf
  TMP23.TMP-1EE0C0DC.pf
  TMP24.TMP-1AEACD64.pf
  TMP29.TMP-22DFE52B.pf
  TMP2A.TMP-111D48FF.pf
  TMP2D.TMP-177A1A1E.pf
  TMP3.TMP-001BA4EF.pf
  TMP30.TMP-159F7FF7.pf
  TMP33.TMP-12F7E326.pf
  TMP36.TMP-11A05BA8.pf
  TMP39.TMP-36389A76.pf
  TMP3A.TMP-1D0626B5.pf
  TMP3B.TMP-31F8B6FD.pf
  TMP3C.TMP-07D2D743.pf
  tmp3Cjs.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '49aff3a0.qua'!
  TMP3D.TMP-06039B7C.pf
  tmp3E.tmp
  tmp6.tmp
  tmp8.tmp
  TMP9.TMP-03E37F60.pf
  TMPA.TMP-1D15F321.pf
  tmpB.tmp
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
      [INFO]      The file was moved to '480d6201.qua'!
  TMPC.TMP-32494293.pf
  ufangipn.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '47fe61f8.qua'!
  UFANGIPN.EXE-2D30B3CA.pf
  w[2].gif
  ~DFD602.tmp
  ~DFDC2C.tmp
  ~DFE82B.tmp
C:\Documents and Settings\Administrator\My Documents\3\conime\
  conime.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ode.2
      [INFO]      The file was moved to '480b6201.qua'!
C:\Documents and Settings\Administrator\My Documents\3\机器狗conime\
  conime.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ode.2
      [INFO]      The file was moved to '49aaee1a.qua'!
  CONIME.EXE-13EEEA1A.pf


End of the scan: 2008年1月27日  21:01
Used time: 00:05 min

The scan has been done completely.

      5 Scanning directories
     49 Files were scanned
      3 viruses and/or unwanted programs were found
      3 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     46 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

sam.to

网页打开不到?

hj5abc

是.

sam.to

原帖由 hj5abc 于 2008-1-28 13:03 发表
是.

红心王子

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.lqp
病毒： RootKit.Win32.Mnless.gw  
病毒： Trojan.PSW.Win32.GameOL.lpy
病毒： Trojan.PSW.Win32.Agent.vrw
病毒： Trojan.DL.Win32.Undef.w  

MAC 地址：00:1E:4F:91:F4:F0

用户来源：局域网

软件版本：20.29

mofunzone

看来你最近终于领悟了nod32就是个渣的真谛了，改用avast了

leonfg

ESET 5
C:\Documents and Settings\GUNDAM\桌面\3\3\3\08.1.28\08.1.28\tmp3Cjs.dll - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\3\3\3\08.1.28\08.1.28\tmpB.tmp - a variant of Win32/PSW.OnLineGames.NLH trojan
C:\Documents and Settings\GUNDAM\桌面\3\3\3\08.1.28\08.1.28\ufangipn.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\3\3\3\conime\conime.exe - Win32/TrojanDownloader.Small.NZL trojan
C:\Documents and Settings\GUNDAM\桌面\3\3\3\机器狗conime\conime.exe - Win32/TrojanDownloader.Small.NZL trojan

hj5abc

lz 在 1L 注释 样本打包在6L 吧 .

Sign of "Win32:OnLineGames-BLD [Trj]" has been found in "F:\3\3\3\08.1.28\08.1.28\tmpB.tmp\[Upack]" file.