还是下载者下来的

zzh161

下载者这个名字真好，总是一包一包的

[oo]
t0=20080130
e0=http://1.111281.com/1.exe
t1=20080130
e1=http://1.111281.com/2.exe
t2=20080130
e2=http://1.111281.com/3.exe
t3=20080130
e3=http://1.111281.com/4.exe
t4=20080130
e4=http://1.111281.com/5.exe
t5=20080130
e5=http://1.111281.com/6.exe
t6=20080130
e6=http://1.111281.com/7.exe
t7=20080130
e7=http://1.111281.com/8.exe
t8=20080130
e8=http://1.111281.com/9.exe
t9=20080130
e9=http://1.111281.com/10.exe
t10=20080130
e10=http://1.111281.com/11.exe
t11=20080130
e11=http://1.111281.com/12.exe
t12=20080130
e12=http://1.111281.com/13.exe
t13=20080130
e13=http://1.111281.com/14.exe
t14=20080130
e14=http://1.111281.com/15.exe
t15=20080130
e15=http://1.111281.com/16.exe
t16=20080130
e16=http://1.111281.com/17.exe
t17=20080131
e17=http://1.111281.com/18.exe
t18=20080130
e18=http://1.111281.com/19.exe
t19=20080130
e19=http://1.111281.com/20.exe
t20=20080130
e20=http://1.111281.com/21.exe
t21=20080130
e21=http://1.111281.com/22.exe

样本：

Graybird

Starting the file scan:

Begin scan in 'E:\11.rar'
E:\11.rar
  [0] Archive type: RAR
  --> 11\1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.aav.1
  --> 11\10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.3
  --> 11\11.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pne
  --> 11\12.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oiv.2
  --> 11\13.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oku.8
  --> 11\15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.242
  --> 11\16.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\17.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 11\18.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.261
  --> 11\19.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pjl.8
  --> 11\2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pgp.2
  --> 11\20.exe
      [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxx.3
  --> 11\21.exe
      [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxe
  --> 11\3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pim
  --> 11\4.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 11\5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.22
  --> 11\6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.27
  --> 11\7.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\8.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.3
  --> 11\9.exe
      [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.25
      [INFO]      The file was deleted!


End of the scan: 2008年1月31日  16:04
Used time: 00:25 min

The scan has been done completely.

      0 Scanning directories
     22 Files were scanned
     21 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

leonfg

ESET  21全K
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\1.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\10.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\11.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\12.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\14.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\15.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\16.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\17.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\18.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\19.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\2.exe - a variant of Win32/PSW.OnLineGames.NLY trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\20.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\21.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\3.exe - a variant of Win32/PSW.OnLineGames.NLY trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\4.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\5.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\6.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\7.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\8.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\11.rar » RAR » 11\9.exe - probably a variant of Win32/AutoRun.Q worm

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.LMir.zaj
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.QQHX.tvu
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.lqz
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.DJOnline.bp
病毒： Trojan.PSW.Win32.SunOnline.ma
病毒： Trojan.PSW.Win32.ZhengTu.ymy
病毒： Trojan.PSW.Win32.XYOnline.abc
病毒： Worm.Win32.PaBug.GEN     

用户来源：互联网

软件版本：20.29.30

21个

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.LMir.zaj
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.QQHX.tvu
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.lqz
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.DJOnline.bp
病毒： Trojan.PSW.Win32.SunOnline.ma
病毒： Trojan.PSW.Win32.ZhengTu.ymy
病毒： Trojan.PSW.Win32.XYOnline.abc
病毒： Worm.Win32.PaBug.GEN     

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.29.30

啊弥陀佛

木马名称:Trojan-PSW.Win32.OLGames.hzw
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\12.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.hvz
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\14.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.igs
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\21.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\1.EXE
木马程序生成以下文件:
1) C:\WINDOWS\WINFORM.EXE
2) C:\WINDOWS\SYSTEM32\WINFORM.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\2.EXE
木马程序生成以下文件:
1) C:\WINDOWS\FRHHUSYK.EXE
2) C:\WINDOWS\WIASOISAO.EXE
3) C:\WINDOWS\KFNRTHOH.DLL
是否删除木马程序及其衍生物

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\3.EXE
木马程序生成以下文件:
1) C:\WINDOWS\MDGVRHLM.EXE
2) C:\WINDOWS\DMGDMGQV.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\11\11\4.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\GNVDNUAWOW.DLL
2) C:\WINDOWS\SYSTEM32\HHHCOMPRESS.DLL
是否删除木马程序及其衍生物?

冷冷

I:\virus\test\11\1.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\10.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\11.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\12.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\13.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\14.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\test\11\15.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\16.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\17.exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
I:\virus\test\11\18.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\19.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\2.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\20.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\21.exe - Signature 'Trojan-PWS.Win32.Delf.ix' found
I:\virus\test\11\3.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\test\11\4.exe - Signature 'Trojan-PWS.Win32.Agent.jp' found
I:\virus\test\11\5.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\6.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\7.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\8.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\test\11\9.exe - Signature 'Trojan-Proxy.Win32.Delf.AN' found

        21 Files scanned
          (0 Archives with 0 files)
        21 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.625


I:\virus\test/11/1.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/10.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/11.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/12.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/13.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/14.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/11/15.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/16.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/17.exe: PUA.Packed.UPack FOUND
I:\virus\test/11/18.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/19.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/2.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/20.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/21.exe: PUA.Packed.UPack FOUND
I:\virus\test/11/3.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/11/4.exe: PUA.Packed.UPack FOUND
I:\virus\test/11/5.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/6.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/7.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/8.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/11/9.exe: Trojan.QQPass-493 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 199272
Engine version: 0.92
Scanned directories: 2
Scanned files: 21
Infected files: 21
Data scanned: 0.71 MB
Time: 7.390 sec (0 m 7 s)

spaceplane

AVAST 12
大蜘蛛 18

[ 本帖最后由 spaceplane 于 2008-1-31 16:49 编辑 ]

鱼是一只我

kav7
费尔   

傻猪猪米走鸡

ena21