5个

显示全部楼层 · 发表于 2008-2-1 23:31:15

唉。。不小心运行了下样本。。猥琐的中毒了。。先发5个上来。。睡觉鸟。。

显示全部楼层 · 发表于 2008-2-1 23:31:51

发现我鼠标单击变成双击了。。昏。。

显示全部楼层 · 发表于 2008-2-1 23:32:18

Begin scan in 'C:\Documents and Settings\Administrator\桌面\temp.rar'
C:\Documents and Settings\Administrator\桌面\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
   [INFO]    The file was deleted!

End of the scan: 2008年2月1日  23:32
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   6 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-1 23:32:33

已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.hcm 檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/winlogan.exe//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.igf 檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/00011lt.dll//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.olr 檔案: C:\Documents and Settings\kato9096\桌面\197059.rar/tmp2E8.tmp

2个不报，上报

显示全部楼层 · 发表于 2008-2-1 23:33:38

Start of the scan: 2008年2月1日  23:33

Starting the file scan:

Begin scan in 'I:\样本'
I:\样本\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
   [INFO]    The file was deleted!

End of the scan: 2008年2月1日  23:33
Used time: 00:09 min

The scan has been done completely.

   1 Scanning directories
   9 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-1 23:34:11

2008-2-1 23:34:04 Real-time file system protection file G:\v\tmp2E8.tmp Win32/PSW.OnLineGames.OLR trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-1 23:34:03 Real-time file system protection file G:\v\00011lt.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-1 23:34:02 Real-time file system protection file G:\v\winlogan.exe Win32/TrojanDownloader.Small.NTQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-2-1 23:35:29

2008-2-1 23:34:46 Kernel File 'G:\v\773675006.exe' was sent to ESET for analysis.
2008-2-1 23:34:41 Kernel File 'G:\v\763675006.exe' was sent to ESET for analysis.

显示全部楼层 · 发表于 2008-2-1 23:35:37

那两个

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style>body,td,a,p,.h{font-family:arial,sans-serif}.h{font-size:20px}.h{color:#3366cc}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:collapse}#gbar{float:left;font-weight:bold;height:22px;padding-left:2px}.gbh,.gb2 div{border-top:1px solid #c9d7f1;font-size:0;height:0}.gbh{position:absolute;top:24px;width:100%}.gb2 div{margin:5px}#gbi{background:#fff;border:1px solid;border-color:#c9d7f1 #36c #36c #a2bae7;font-size:13px;top:24px;z-index:1000}#guser{padding-bottom:7px !important}#gbar,#guser{font-size:13px;padding-top:1px !important}@media all{.gb1,.gb3{height:22px;margin-right:.73em;vertical-align:top}}#gbi,.gb2{display:none;position:absolute;width:8em}.gb2{z-index:1001}#gbar a,#gbar a:active,#gbar a:visited{color:#00c;font-weight:normal}.gb2 a,.gb3 a{text-decoration:none}.gb2 a{display:block;padding:.2em .5em}#gbar .gb2 a:hover{background:#36c;color:#fff}</style><script>window.google={kEI:"hC2jR8DFOpGasAL8rICFAw",kEXPI:"17259,17735",kHL:"en"};
function sf(){document.f.q.focus()}
window.clk=function(b,c,d,e,f,g){if(document.images){var a=encodeURIComponent||escape;(new Image).src="/url?sa=T"+(c?"&oi="+a(c):"")+(d?"&cad="+a(d):"")+"&ct="+a(e)+"&cd="+a(f)+(b?"&url="+a(b.replace(/#.*/,"")).replace(/\+/g,"%2B"):"")+"&ei=hC2jR8DFOpGasAL8rICFAw"+g}return true};
window.gbar={};(function(){var a=window.gbar,d,h,i;function l(b,f,e){b.display=i?"none":"block";b.left=f+"px";b.top=e+"px"}a.tg=function(b){var f=0,e=0,c,m=0,n,j=window.navExtra,k,g=document;h=h||g.getElementById("gbar").getElementsByTagName("span");(b||window.event).cancelBubble=!m;if(!d){d=g.createElement(Array.every||window.createPopup?"iframe":"DIV");d.frameBorder="0";d.scrolling="no";d.src="#";g.body.appendChild(d).id="gbi";if(j&&h[7])for(n in j){k=g.createElement("span");k.appendChild(j[n]);h[7].parentNode.insertBefore(k,h[7]).className="gb2"}g.onclick=a.close}while(c=h[++m]){if(e){l(c.style,e+1,f+25);f+=c.firstChild.tagName=="DIV"?9:20}if(c.className=="gb3"){do e+=c.offsetLeft;while(c=c.offsetParent)}}d.style.height=f+"px";l(d.style,e,24);i=!i};a.close=function(b){i&&a.tg(b)}})();</script></head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onload="sf();if(document.images){new Image().src='/images/nav_logo3.png'}" topmargin=3 marginheight=3><div id=gbar><nobr><span class=gb1>Web</a></span> <span class=gb1><a href="http://images.google.com/imghp?hl=en&tab=wi">Images</a></span> <span class=gb1><a href="http://maps.google.com/maps?hl=en&tab=wl">Maps</a></span> <span class=gb1><a href="http://news.google.com/nwshp?hl=en&tab=wn">News</a></span> <span class=gb1><a href="http://www.google.com/prdhp?hl=en&tab=wf">Shopping</a></span> <span class=gb1><a href="http://mail.google.com/mail/?hl=en&tab=wm">Gmail</a></span> <span class=gb3><a href="http://www.google.com/intl/en/options/" onclick="this.blur();gbar.tg(event);return !1"><u>more</u> <small>▼</small></a></span> <span class=gb2><a href="http://video.google.com/?hl=en&tab=wv">Video</a></span> <span class=gb2><a href="http://groups.google.com/grphp?hl=en&tab=wg">Groups</a></span> <span class=gb2><a href="http://books.google.com/bkshp?hl=en&tab=wp">Books</a></span> <span class=gb2><a href="http://scholar.google.com/schhp?hl=en&tab=ws">Scholar</a></span> <span class=gb2><a href="http://finance.google.com/finance?hl=en&tab=we">Finance</a></span> <span class=gb2><a href="http://blogsearch.google.com/?hl=en&tab=wb">Blogs</a></span> <span class=gb2><div></div></a></span> <span class=gb2><a href="http://www.youtube.com/?hl=en&tab=w1">YouTube</a></span> <span class=gb2><a href="http://www.google.com/calendar/render?hl=en&tab=wc">Calendar</a></span> <span class=gb2><a href="http://picasaweb.google.com/home?hl=en&tab=wq">Photos</a></span> <span class=gb2><a href="http://docs.google.com/?hl=en&tab=wo">Documents</a></span> <span class=gb2><a href="http://www.google.com/reader/view/?hl=en&tab=wy">Reader</a></span> <span class=gb2><div></div></a></span> <span class=gb2><a href="http://www.google.com/intl/en/options/">even more »</a></span> </nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div><div align=right id=guser style="font-size:84%;padding:0 0 4px" width=100%><nobr><a href="/url?sa=p&pref=ig&pval=3&q=http://www.google.com/ig%3Fhl%3Den%26source%3Diglk&usg=AFQjCNFA18XPfgb7dKnXfKz7x7g1GDH1tg">iGoogle</a> | <a href="https://www.google.com/accounts/Login?continue=http://www.google.com/&hl=en">Sign in</a></nobr></div><center><br clear=all id=lgpd><img alt="Google" height=110 src="/intl/en_ALL/images/logo.gif" width=276><br><br><form action="/search" name=f><table cellpadding=0 cellspacing=0><tr valign=top><td width=25%> </td><td align=center nowrap><input name=hl type=hidden value=en><input maxlength=2048 name=q size=55 title="Google Search" value=""><br><input name=btnG type=submit value="Google Search"><input name=btnI type=submit value="I'm Feeling Lucky"></td><td nowrap width=25%><font size=-2>  <a href=/advanced_search?hl=en>Advanced Search</a><br>  <a href=/preferences?hl=en>Preferences</a><br>  <a href=/language_tools?hl=en>Language Tools</a></font></td></tr></table></form><br><br><font size=-1><span id=hp style="behavior:url(#default#homepage)"></span><script>
</script><a href="/intl/en/ads/">Advertising Programs</a> - <a href="/services/">Business Solutions</a> - <a href="/intl/en/about.html">About Google</a> -

显示全部楼层 · 发表于 2008-2-1 23:36:04

都是3个？
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » winlogan.exe - Win32/TrojanDownloader.Small.NTQ trojan
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » 00011lt.dll - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\GUNDAM\桌面\temp.rar » RAR » tmp2E8.tmp - Win32/PSW.OnLineGames.OLR trojan

显示全部楼层 · 发表于 2008-2-1 23:37:01

Starting the file scan:
Begin scan in 'G:\v\temp.rar'
G:\v\temp.rar
  [0] Archive type: RAR
  --> winlogan.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm
  --> 00011lt.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.igf
  --> tmp2E8.tmp
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
   [INFO]    The file was deleted!

End of the scan: 2008年2月1日  23:37
Used time: 00:08 min
The scan has been done completely.
   0 Scanning directories
   7 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

[病毒样本] 5个

本帖子中包含更多资源