还是下载者

zzh161

继续下载者

[oo]
t0=20080130
e0=http://15.buyaoni.com/new/1.exe
t1=20080130
e1=http://15.buyaoni.com/new/2.exe
t2=20080130
e2=http://15.buyaoni.com/new/3.exe
t3=20080130
e3=http://15.buyaoni.com/new/4.exe
t4=20080130
e4=http://15.buyaoni.com/new/5.exe
t5=20080130
e5=http://31.buyaoni.com/new/6.exe
t6=20080130
e6=http://31.buyaoni.com/new/7.exe
t7=20080130
e7=http://31.buyaoni.com/new/8.exe
t8=20080130
e8=http://31.buyaoni.com/new/10.exe
t9=20080130
e9=http://203.buyaoni.com/new/11.exe
t10=20080130
e10=http://203.buyaoni.com/new/14.exe
t11=20080130
e11=http://203.buyaoni.com/new/15.exe
t12=20080130
e12=http://203.buyaoni.com/new/16.exe
t13=20080130
e13=http://203.buyaoni.com/new/17.exe
t14=20080130
e14=http://71.buyaoni.com/new/18.exe
t15=20080130
e15=http://71.buyaoni.com/new/19.exe
t16=20080130
e16=http://71.buyaoni.com/new/20.exe
t17=20080130
e17=http://71.buyaoni.com/new/21.exe
t18=20080130
e18=http://71.buyaoni.com/new/24.exe
t19=20080130
e19=http://11.buyaoni.com/new/25.exe
t20=20080130
e20=http://11.buyaoni.com/new/26.exe
t21=20080130
e21=http://11.buyaoni.com/new/27.exe
t22=20080130
e22=http://11.buyaoni.com/new/30.exe

样本：

瑞星病毒查杀结果报告
清除病毒种类列表：
病毒： Trojan.PSW.Win32.XYOnline.abe
病毒： Trojan.PSW.Win32.XYOnline.abe
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.GameOL.gfw
病毒： Trojan.PSW.Win32.QQHX.tvu
病毒： Trojan.PSW.Win32.XYOnline.yz
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.ZhengTu.ymy
病毒： Trojan.PSW.Win32.GamesOnline.ma
病毒： Trojan.PSW.Win32.XYOnline.abc
病毒： Trojan.PSW.Win32.LMir.yys
病毒： Dropper.Win32.Agent.ysq  
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
MAC 地址：00:00:00:00:00:00
用户来源：局域网
软件版本：20.29.32

清蒸波波面

费尔报17个毒！！截图就免了，睡觉去

Graybird

Starting the file scan:

Begin scan in 'E:\newrl.rar'
E:\newrl.rar
  [0] Archive type: RAR
  --> newrl\1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.x
  --> newrl\10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji.1
  --> newrl\11.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> newrl\12.exe
      [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> newrl\13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.5
  --> newrl\14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.3
  --> newrl\15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.30
  --> newrl\16.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.8
  --> newrl\17.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.21963
  --> newrl\2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oyd
  --> newrl\3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.27
  --> newrl\4.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.4
  --> newrl\5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.2
  --> newrl\6.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> newrl\7.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> newrl\8.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.28619
  --> newrl\9.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!


End of the scan: 2008年1月31日  23:29
Used time: 00:23 min

The scan has been done completely.

      0 Scanning directories
     18 Files were scanned
     17 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

leonfg

ESET 17全k
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\1.exe - Win32/PSW.Agent.NGZ trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\10.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\11.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\12.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\13.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\14.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\15.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\16.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\17.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\2.exe - Win32/PSW.OnLineGames.NMF trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\3.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\4.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\5.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\6.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\7.exe - Win32/PSW.WOW.WU trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\8.exe - Win32/PSW.OnLineGames.FDY trojan
C:\Documents and Settings\GUNDAM\桌面\newrl.rar » RAR » newrl\9.exe - Win32/PSW.OnLineGames.NFL trojan

hign

avg 17个

冷冷

IK
I:\virus\newrl.rar:\newrl\1.exe - Signature 'Virus.Win32.OnLineGames.SR' found
I:\virus\newrl.rar:\newrl\10.exe - Signature 'Trojan-PWS.Win32.OnLineGames.es' found
I:\virus\newrl.rar:\newrl\11.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\newrl.rar:\newrl\12.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
I:\virus\newrl.rar:\newrl\13.exe - Signature 'Trojan-PWS.Win32.OnLineGames.isb' found
I:\virus\newrl.rar:\newrl\14.exe - Signature 'Trojan-PWS.Win32.OnLineGames.isb' found
I:\virus\newrl.rar:\newrl\15.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\newrl.rar:\newrl\16.exe - Signature 'Trojan-PWS.Win32.OnLineGames.mmu' found
I:\virus\newrl.rar:\newrl\17.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
I:\virus\newrl.rar:\newrl\2.exe - Signature 'Trojan-Spy.Win32.Agent.hz' found
I:\virus\newrl.rar:\newrl\3.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\newrl.rar:\newrl\4.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\newrl.rar:\newrl\5.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\newrl.rar:\newrl\6.exe - Signature 'Trojan-PWS.Win32.Lmir.boy' found
I:\virus\newrl.rar:\newrl\7.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\newrl.rar:\newrl\8.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\newrl.rar:\newrl\9.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\newrl.rar

        18 Files scanned
          (1 Archiv with 17 files)
        17 Signatures found
        0 Suspect code-parts found
        Used time: 0:02.844

ClamAV
I:\virus\test/newrl/10.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/newrl/11.exe: Trojan.Spy-18711 FOUND
I:\virus\test/newrl/12.exe: PUA.Packed.UPack FOUND
I:\virus\test/newrl/13.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/newrl/14.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/newrl/15.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/newrl/16.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/newrl/17.exe: PUA.Packed.UPack FOUND
I:\virus\test/newrl/2.exe: PUA.Packed.UPack-1 FOUND
I:\virus\test/newrl/3.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/newrl/4.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/newrl/5.exe: PUA.Packed.UPack-3 FOUND
I:\virus\test/newrl/6.exe: PUA.Packed.UPack-2 FOUND
I:\virus\test/newrl/7.exe: PUA.Packed.UPack FOUND
I:\virus\test/newrl/8.exe: PUA.Packed.UPack FOUND

----------- SCAN SUMMARY -----------
Known viruses: 199272
Engine version: 0.92
Scanned directories: 2
Scanned files: 17
Infected files: 15
Data scanned: 0.28 MB
Time: 7.125 sec (0 m 7 s)

scottxzt

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\NEWRL\3.EXE
病毒程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\UTGNEHZ.DLL
2) C:\WINDOWS\SYSTEM32\DRIVERS\MSACLUE.SYS
是否删除木马程序及其衍生物?

su-tt

换好引擎来试试

Begin scan in 'C:\Documents and Settings\Administrator\桌面\newrl.rar'
C:\Documents and Settings\Administrator\桌面\newrl.rar
  [0] Archive type: RAR
  --> newrl\1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.x
  --> newrl\10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji.1
  --> newrl\11.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> newrl\12.exe
      [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> newrl\13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.5
  --> newrl\14.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.3
  --> newrl\15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.30
  --> newrl\16.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.8
  --> newrl\17.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.21963
  --> newrl\2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.oyd
  --> newrl\3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.27
  --> newrl\4.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.4
  --> newrl\5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.2
  --> newrl\6.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
  --> newrl\7.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> newrl\8.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.28619
  --> newrl\9.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!


End of the scan: 2008年2月1日  01:49
Used time: 00:10 min

The scan has been done completely.

      0 Scanning directories
     18 Files were scanned
     17 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

kkgh

智能实验室-杀马(Defendio) 扫描威胁日志记录
版本 4.25.0.930
数据更新版本:24358
数据更新日期:2008-01-30 18:15
开始时间: 10:14:00
启发式:   最高
压缩文件: 是
内存区域: 否
注册表:   否
系统区域: 否

扫描所选择的目录和文件...


对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\1.exe->资源:LOADER_LYLOADER.EXE
威胁: Heur/Susp.Trojan-Dropper.Win32.Agent.30.63.00002FB8
状态: 已经忽略

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\10.exe
威胁: Trojan-PSW.Win32.OnLineGames.isb
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\11.exe
威胁: Trojan-PSW.Win32.OnLineGames.lqb
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\12.exe
威胁: Trojan-PSW.Win32.OnLineGames.nbl
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\13.exe
威胁: Trojan-PSW.Win32.OnLineGames.isb
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\14.exe
威胁: Trojan-PSW.Win32.OnLineGames.isb
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\15.exe
威胁: Trojan-PSW.Win32.OnLineGames.pbp
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\16.exe
威胁: Trojan-PSW.Win32.OnLineGames.isb
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\17.exe
威胁: Trojan-PSW.Win32.OnLineGames.mqa
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\2.exe
威胁: Trojan-PSW.Win32.OnLineGames.pcn
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\3.exe
威胁: Trojan-PSW.Win32.OnLineGames.pvn
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\4.exe
威胁: Trojan-PSW.Win32.OnLineGames.pvm
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\5.exe
威胁: Trojan-PSW.Win32.OnLineGames.pry
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\6.exe
威胁: Trojan-PSW.Win32.Lmir.boy
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\7.exe
威胁: Trojan-Downloader.Win32.Delf.axx
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\8.exe
威胁: Trojan-PSW.Win32.OnLineGames.mmy
状态: (请马上清除！)

对象: C:\Documents and Settings\zh\桌面\新建文件夹\newrl\9.exe
威胁: Trojan-PSW.Win32.OnLineGames.bm.1
状态: (请马上清除！)


扫描耗时: 0小时0分钟0秒
    已检查:    19 个
    实际扫描:  19 个
    程序文件:  17 个
    压缩文件:  0 个
    多媒体文件:0 个
    图片文件:  0 个
    邮件文件:  0 个
    其它文件:  2 个
    发现威胁:  17 个
    已清除:    0 个
    已隔离:    0 个
    未处理:    16/17 个

hljdqzr