6个

显示全部楼层 · 发表于 2008-2-2 18:33:44

汗 RAR居然压出了2%的压缩率..

显示全部楼层 · 发表于 2008-2-2 18:35:11

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oee File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/gjcsdzc.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nzg File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/rarjfpi.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oec File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/gjcsdyc.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nqz File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/jsqxcyc.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nzd File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/rarjftl.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nxz File: C:\Documents and Settings\Administrator\×ÀÃæ\C22.rar/jsqxczc.exe//UPack

显示全部楼层 · 发表于 2008-2-2 18:35:44

扫描报告
2008年2月2日 18:35:32 - 18:35:33
计算机名称: CN-89FF4B9EA4D6
扫描类型: 扫描指定目标
目标: I:\hanxiaojun\C22.rar

--------------------------------------------------------------------------------

结果: 发现6个恶意软件
Trojan-PSW.Win32.OnLineGames.oee (病毒)
I:\hanxiaojun\C22.rar\gjcsdzc.exe
Trojan-PSW.Win32.OnLineGames.nzg (病毒)
I:\hanxiaojun\C22.rar\rarjfpi.dll
Trojan-PSW.Win32.OnLineGames.oec (病毒)
I:\hanxiaojun\C22.rar\gjcsdyc.dll
Trojan-PSW.Win32.OnLineGames.nqz (病毒)
I:\hanxiaojun\C22.rar\jsqxcyc.dll
Trojan-PSW.Win32.OnLineGames.nzd (病毒)
I:\hanxiaojun\C22.rar\rarjftl.exe
Trojan-PSW.Win32.OnLineGames.nxz (病毒)
I:\hanxiaojun\C22.rar\jsqxczc.exe

显示全部楼层 · 发表于 2008-2-2 18:36:04

6个

Starting the file scan:

Begin scan in 'E:\C22.rar'
E:\C22.rar
  [0] Archive type: RAR
  --> gjcsdzc.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rarjfpi.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> gjcsdyc.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> jsqxcyc.dll
   [DETECTION] Is the Trojan horse TR/WuDisable.B
  --> rarjftl.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> jsqxczc.exe
   [DETECTION] Is the Trojan horse TR/WuDisable.B
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2008-2-2 18:38:04

IK
I:\virus\C22.rar:\gjcsdzc.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
I:\virus\C22.rar:\rarjfpi.dll - Signature 'BehavesLikeTrojan.WUDisable' found
I:\virus\C22.rar:\gjcsdyc.dll - Signature 'Virus.Win32.OnLineGames.BGD' found
I:\virus\C22.rar:\jsqxcyc.dll - Signature 'Virus.Win32.OnLineGames.BGD' found
I:\virus\C22.rar:\rarjftl.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
I:\virus\C22.rar:\jsqxczc.exe - Signature 'Trojan-Spy.Win32.Delf.uv' found
I:\virus\C22.rar

      7 Files scanned
      (1 Archiv with 6 files)
      6 Signatures found
      0 Suspect code-parts found
      Used time: 0:00.125
------------------------------------------
ClamAV
I:\virus\test/gjcsdyc.dll: Trojan.Spy-20427 FOUND
I:\virus\test/gjcsdzc.exe: PUA.Packed.UPack FOUND
I:\virus\test/jsqxcyc.dll: Trojan.Spy-16287 FOUND
I:\virus\test/jsqxczc.exe: PUA.Packed.UPack FOUND
I:\virus\test/rarjfpi.dll: Trojan.Spy-16287 FOUND
I:\virus\test/rarjftl.exe: PUA.Packed.UPack FOUND
----------- SCAN SUMMARY -----------
Known viruses: 201991
Engine version: 0.92
Scanned directories: 1
Scanned files: 6
Infected files: 6
Data scanned: 0.79 MB
Time: 6.890 sec (0 m 6 s)

[ 本帖最后由冷_冷于 2008-2-2 18:40 编辑 ]

显示全部楼层 · 发表于 2008-2-2 18:42:43

扫描进行于：2008-2-2 18:42:26
扫描日志
NOD32版本 2845 (20080202) NT
命令行： C:\Documents and Settings\Nerazzurri\桌面\C22.rar

日期： 2.2.2008 时间：18:42:28
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Nerazzurri\桌面\C22.rar
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>gjcsdzc.exe - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>rarjfpi.dll - Win32/PSW.OnLineGames.FDY 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>gjcsdyc.dll - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>jsqxcyc.dll - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>rarjftl.exe - Win32/PSW.OnLineGames.FDY 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\C22.rar >>RAR >>jsqxczc.exe - Win32/PSW.OnLineGames.FDY 木马
已扫描的文件数目：6
已发现的病毒数目：6
完成时间： 18:42:29 总扫描时间：1 秒 (00:00:01)

显示全部楼层 · 发表于 2008-2-2 18:44:03

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oee 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/gjcsdzc.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nzg 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/rarjfpi.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.oec 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/gjcsdyc.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nqz 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/jsqxcyc.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nzd 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/rarjftl.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nxz 檔案: C:\Documents and Settings\kato9096\桌面\197412.rar/jsqxczc.exe//UPack

沒有不报

显示全部楼层 · 发表于 2008-2-2 18:55:08

信息 2008-02-02  18:54:52 您此次查毒共查出6个病毒以及危险代码
信息 2008-02-02  18:54:52 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件7个
信息 2008-02-02  18:54:52 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\jsqxczc.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\rarjftl.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\jsqxcyc.dll Win32.Troj.OnlineGamesT.yy.26978 跳过，未处理
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\gjcsdyc.dll Win32.Troj.OnlineGamesT.yy.26978 跳过，未处理
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\rarjfpi.dll Win32.Troj.OnlineGamesT.yy.26978 跳过，未处理
病毒 2008-02-02  18:54:52 C:\Users\挪威的冬天\Desktop\C22.rar\gjcsdzc.exe Win32.Troj.AgentT.fm.14452 跳过，未处理

显示全部楼层 · 发表于 2008-2-2 18:57:08

2008-2-2 18:56:53 Real-time file system protection file G:\v\jsqxczc.exe Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:56:52 Real-time file system protection file G:\v\rarjftl.exe a variant of Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:56:51 Real-time file system protection file G:\v\jsqxcyc.dll Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:56:49 Real-time file system protection file G:\v\gjcsdyc.dll Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:56:48 Real-time file system protection file G:\v\rarjfpi.dll a variant of Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:56:47 Real-time file system protection file G:\v\gjcsdzc.exe Win32/PSW.OnLineGames.FDY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-2-2 18:58:52

木马名称:Trojan-PSW.Win32.OLGames.kav

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\GJCSDZC.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.hma

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RARJFTL.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.hgo

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\JSQXCZC.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

[病毒样本] 6个

本帖子中包含更多资源