[病毒样本] 19

显示全部楼层 · 发表于 2008-2-2 18:37:14

倒到现在才知道沙盘user目录下面也有毒..

显示全部楼层 · 发表于 2008-2-2 18:37:53

12
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.prj       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/NVDispDrv.dll
deleted: Trojan program Trojan-Proxy.Win32.Wopla.as       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/kprof
deleted: Trojan program Trojan-Downloader.Win32.Small.fyx       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/Frjkfl4g.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-Downloader.Win32.Small.hcm       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/Lfj95jg.dll//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ony       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/ijougiemnaw.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqr       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/nahzij.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.psx       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/iqnauhc.dll//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvt       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/ijiq.dll//UPack
deleted: Trojan program Backdoor.Win32.Agent.egr       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/regflash.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.nkm       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/NAVMon32.dll
deleted: Trojan program Trojan-PSW.Win32.Nilage.bxx       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/PTSShell.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qfx       File: C:\Documents and Settings\Administrator\×ÀÃæ\system32.rar/upxdnd.dll

显示全部楼层 · 发表于 2008-2-2 18:40:37

16个
Starting the file scan:

Begin scan in 'E:\system32.rar'
E:\system32.rar
  [0] Archive type: RAR
  --> WinForm.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> NVDispDrv.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prj.1
  --> kprof
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> Frjkfl4g.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Small.fyx.3
  --> Lfj95jg.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Small.hcm.1
  --> ijougiemnaw.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.olr.1
  --> nahzij.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.10
  --> iqnauhc.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.23
  --> ijiq.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.prw.11
  --> regflash.exe
   [DETECTION] Is the Trojan horse TR/Agent.AGPG.3
  --> NAVMon32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> LotusHlp.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.266
  --> PTSShell.dll
   [DETECTION] Is the Trojan horse TR/PSW.Nilage.bxx.2
  --> upxdnd.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> SHAProc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> DbgHlp32.dlL
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.267
   [WARNING] The file was ignored!

End of the scan: 2008年2月2日  18:41
Used time: 00:22 min

The scan has been done completely.

   0 Scanning directories
   20 Files were scanned
   13 viruses and/or unwanted programs were found
   3 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-2 18:41:13

扫描报告
2008年2月2日 18:40:52 - 18:40:55
计算机名称: CN-89FF4B9EA4D6
扫描类型: 扫描指定目标
目标: I:\hanxiaojun\system32.rar

--------------------------------------------------------------------------------

结果: 发现12个恶意软件
Trojan-PSW.Win32.OnLineGames.prj (病毒)
I:\hanxiaojun\system32.rar\NVDispDrv.dll
Trojan-Proxy.Win32.Wopla.as (病毒)
I:\hanxiaojun\system32.rar\kprof
Trojan-Downloader.Win32.Small.fyx (病毒)
I:\hanxiaojun\system32.rar\Frjkfl4g.dll
Trojan-Downloader.Win32.Small.hcm (病毒)
I:\hanxiaojun\system32.rar\Lfj95jg.dll
Trojan-PSW.Win32.OnLineGames.ony (病毒)
I:\hanxiaojun\system32.rar\ijougiemnaw.dll
Trojan-PSW.Win32.OnLineGames.pqr (病毒)
I:\hanxiaojun\system32.rar\nahzij.dll
Trojan-PSW.Win32.OnLineGames.psx (病毒)
I:\hanxiaojun\system32.rar\iqnauhc.dll
Trojan-PSW.Win32.OnLineGames.pvt (病毒)
I:\hanxiaojun\system32.rar\ijiq.dll
Backdoor.Win32.Agent.egr (病毒)
I:\hanxiaojun\system32.rar\regflash.exe
Trojan-PSW.Win32.OnLineGames.nkm (病毒)
I:\hanxiaojun\system32.rar\NAVMon32.dll
Trojan-PSW.Win32.Nilage.bxx (病毒)
I:\hanxiaojun\system32.rar\PTSShell.dll
Trojan-PSW.Win32.OnLineGames.qfx (病毒)
I:\hanxiaojun\system32.rar\upxdnd.dll

显示全部楼层 · 发表于 2008-2-2 18:41:39

扫描进行于：2008-2-2 18:41:24
扫描日志
NOD32版本 2845 (20080202) NT
命令行： C:\Documents and Settings\Nerazzurri\桌面\system32.rar

日期： 2.2.2008 时间：18:41:27
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Nerazzurri\桌面\system32.rar
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>WinForm.dll - Win32/PSW.OnLineGames.HCV 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>NVDispDrv.dll - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>kprof - Win32/TrojanProxy.Wopla.AS 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>Frjkfl4g.dll - Win32/TrojanDownloader.Small.NTQ 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>Lfj95jg.dll - Win32/TrojanDownloader.Small.NTQ 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>ijougiemnaw.dll - Win32/PSW.OnLineGames.NLH 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>nahzij.dll - Win32/PSW.OnLineGames.NLH 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>iqnauhc.dll - Win32/PSW.OnLineGames.NLH 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>ijiq.dll - Win32/PSW.OnLineGames.NLH 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>NAVMon32.dll - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>LotusHlp.dll - Win32/PSW.OnLineGames.HCV 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>PTSShell.dll - Win32/PSW.OnLineGames.HCV 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>upxdnd.dll - Win32/PSW.OnLineGames.HCV 木马
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>SHAProc.dll - Win32/PSW.OnLineGames.HCV 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\system32.rar >>RAR >>DbgHlp32.dlL - 可能是 Win32/PSW.OnLineGames.HCV 木马的一个变种
已扫描的文件数目：19
已发现的病毒数目：15
完成时间： 18:41:28 总扫描时间：1 秒 (00:00:01)

显示全部楼层 · 发表于 2008-2-2 18:42:19

IK
I:\virus\system32.rar:\WinForm.dll
I:\virus\system32.rar:\conf.dat
I:\virus\system32.rar:\NVDispDrv.dll - Signature 'Virus.Win32.OnLineGames.BHW' found
I:\virus\system32.rar:\kprof - Signature 'Trojan-Proxy.Win32.Wopla.as' found
I:\virus\system32.rar:\Frjkfl4g.dll - Signature 'Trojan-Downloader.Win32.Small.ddx' found
I:\virus\system32.rar:\Lfj95jg.dll - Signature 'Trojan-Downloader.Win32.Small.ddx' found
I:\virus\system32.rar:\ijougiemnaw.dll - Signature 'Trojan-PWS.Win32.Small.br' found
I:\virus\system32.rar:\nahzij.dll - Signature 'Trojan-PWS.Win32.Small.br' found
I:\virus\system32.rar:\iqnauhc.dll - Signature 'Trojan-PWS.Win32.Small.br' found
I:\virus\system32.rar:\ijiq.dll - Signature 'Trojan-PWS.Win32.Small.br' found
I:\virus\system32.rar:\~GLH000c.TMP
I:\virus\system32.rar:\stdole2.tlb
I:\virus\system32.rar:\regflash.exe
I:\virus\system32.rar:\NAVMon32.dll - Signature 'Trojan-PWS.Win32.OnLineGames.es' found
I:\virus\system32.rar:\LotusHlp.dll - Signature 'Trojan-PWS.OnlineGames.NSR' found
I:\virus\system32.rar:\PTSShell.dll - Signature 'Virus.Win32.Agent.CNF' found
I:\virus\system32.rar:\upxdnd.dll
I:\virus\system32.rar:\SHAProc.dll - Signature 'Trojan-PWS.Win32.OnLineGames.es' found
I:\virus\system32.rar:\DbgHlp32.dlL - Signature 'Trojan-PWS.OnlineGames.NSR' found
I:\virus\system32.rar

      20 Files scanned
      (1 Archiv with 19 files)
      13 Signatures found
      0 Suspect code-parts found
      Used time: 0:00.266
-----------------------------------
ClamAV

I:\virus\test/Frjkfl4g.dll: Trojan.Downloader-18634 FOUND
I:\virus\test/ijiq.dll: PUA.Packed.UPack FOUND
I:\virus\test/ijougiemnaw.dll: PUA.Packed.UPack FOUND
I:\virus\test/iqnauhc.dll: PUA.Packed.UPack FOUND
I:\virus\test/kprof: Trojan.Proxy-2368 FOUND
I:\virus\test/nahzij.dll: PUA.Packed.UPack FOUND
I:\virus\test/NAVMon32.dll: Trojan.Spy-20871 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 201991
Engine version: 0.92
Scanned directories: 1
Scanned files: 19
Infected files: 7
Data scanned: 0.37 MB
Time: 6.843 sec (0 m 6 s)

[ 本帖最后由冷_冷于 2008-2-2 18:43 编辑 ]

显示全部楼层 · 发表于 2008-2-2 18:42:26

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.prj 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/NVDispDrv.dll
已刪除: 特洛伊木馬程式 Trojan-Proxy.Win32.Wopla.as 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/kprof
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.fyx 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/Frjkfl4g.dll//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Small.hcm 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/Lfj95jg.dll//PE_Patch.PECompact//PecBundle//PECompact
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ony 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/ijougiemnaw.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pqr 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/nahzij.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.psx 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/iqnauhc.dll//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pvt 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/ijiq.dll//UPack
已刪除: 特洛伊木馬程式 Backdoor.Win32.Agent.egr 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/regflash.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.nkm 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/NAVMon32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.bxx 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/PTSShell.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qfx 檔案: C:\Documents and Settings\kato9096\桌面\197416.rar/upxdnd.dll

１２，不报的上报

显示全部楼层 · 发表于 2008-2-2 18:53:05

AVAST 7
蜘蛛 15

显示全部楼层 · 发表于 2008-2-2 18:56:24

信息 2008-02-02  18:56:14 您此次查毒共查出14个病毒以及危险代码
信息 2008-02-02  18:56:14 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件26个
信息 2008-02-02  18:56:14 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\DbgHlp32.dlL Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\SHAProc.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\upxdnd.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\PTSShell.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\LotusHlp.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\NAVMon32.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\ijiq.dll Win32.Troj.OnlineGames.yk.73728 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\iqnauhc.dll Win32.Troj.OnlineGamesT.ty.90112 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\nahzij.dll Win32.Troj.OnlineGames.yf.73728 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\ijougiemnaw.dll Win32.Troj.OnlineGamesT.zy.90112 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\Lfj95jg.dll Win32.TrojDownloader.Small.33280 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\Frjkfl4g.dll Win32.TrojDownloader.Small.33280 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\NVDispDrv.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理
病毒 2008-02-02  18:56:14 C:\Users\挪威的冬天\Desktop\system32.rar\WinForm.dll Win32.Troj.OnlineGamesT.uy.31744 跳过，未处理

显示全部楼层 · 发表于 2008-2-2 18:58:33

2008-2-2 18:58:12 Real-time file system protection file G:\v\DbgHlp32.dlL probably a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:11 Real-time file system protection file G:\v\SHAProc.dll a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:10 Real-time file system protection file G:\v\upxdnd.dll Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:09 Real-time file system protection file G:\v\PTSShell.dll a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:08 Real-time file system protection file G:\v\LotusHlp.dll a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:06 Real-time file system protection file G:\v\NAVMon32.dll probably a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:05 Real-time file system protection file G:\v\ijiq.dll Win32/PSW.OnLineGames.NLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:04 Real-time file system protection file G:\v\iqnauhc.dll a variant of Win32/PSW.OnLineGames.NLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:02 Real-time file system protection file G:\v\nahzij.dll a variant of Win32/PSW.OnLineGames.NLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:58:01 Real-time file system protection file G:\v\ijougiemnaw.dll Win32/PSW.OnLineGames.NLH trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:57:59 Real-time file system protection file G:\v\Lfj95jg.dll Win32/TrojanDownloader.Small.NTQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:57:58 Real-time file system protection file G:\v\Frjkfl4g.dll Win32/TrojanDownloader.Small.NTQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:57:57 Real-time file system protection file G:\v\kprof Win32/TrojanProxy.Wopla.AS trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:57:56 Real-time file system protection file G:\v\NVDispDrv.dll probably a variant of Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-2-2 18:57:55 Real-time file system protection file G:\v\WinForm.dll Win32/PSW.OnLineGames.HCV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

[病毒样本] 19

本帖子中包含更多资源