[病毒样本] 24

显示全部楼层 · 发表于 2008-2-12 21:40:26

这个和刚才那个帖不一样吗？
FS扫描22+沙盘2，全k

显示全部楼层 · 发表于 2008-2-12 22:14:20

扫描进行于：2008-02-12 22:13:28
扫描日志
NOD32版本 2867 (20080212) NT
命令行： C:\Documents and Settings\Administrator\桌面\201716.rar

日期： 12.2.2008 时间：22:13:31
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Administrator\桌面\201716.rar
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa1.exe - Win32/PSW.Agent.NGZ 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa10.exe - Win32/PSW.OnLineGames.NFL 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa11.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa12.exe - Win32/PSW.OnLineGames.GJV 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa13.exe - Win32/PSW.OnLineGames.MUG 木马的变种
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa15.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa16.exe - Win32/PSW.OnLineGames.NFL 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa17.exe - Win32/PSW.OnLineGames.NFL 木马的变种
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa18.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa19.exe - Win32/PSW.OnLineGames.PBQ 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa20.exe - Win32/PSW.OnLineGames.FDY 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa21.exe - Win32/PSW.OnLineGames.MUG 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa22.exe - Win32/PSW.OnLineGames.PBQ 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa23.exe - Win32/PSW.OnLineGames.GJV 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa25.exe - Win32/PSW.OnLineGames.GJV 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa26.exe - Win32/PSW.OnLineGames.NML 木马的变种
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa3.exe - Win32/PSW.OnLineGames.YA 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa4.exe - Win32/PSW.OnLineGames.MUG 木马的变种
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa5.exe - Win32/PSW.OnLineGames.NFL 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa6.exe - Win32/PSW.OnLineGames.GJV 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa7.exe - Win32/PSW.OnLineGames.GJV 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa8.exe - Win32/PSW.OnLineGames.NLY 木马
C:\Documents and Settings\Administrator\桌面\201716.rar >>RAR >>201716\aa9.exe - Win32/PSW.OnLineGames.MUG 木马
已扫描的文件数目：25
已发现的病毒数目：23
完成时间： 22:13:33 总扫描时间：2 秒 (00:00:02)

显示全部楼层 · 发表于 2008-2-12 23:10:11

E:\virus\201716.rar » RAR » 201716\aa1.exe - Win32/PSW.Agent.NGZ trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa10.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa11.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa12.exe - Win32/PSW.OnLineGames.GJV trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa15.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa16.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa17.exe - a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa18.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa19.exe - Win32/PSW.OnLineGames.PBQ trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa2.exe - is OK
E:\virus\201716.rar » RAR » 201716\aa20.exe - Win32/PSW.OnLineGames.FDY trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa21.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa22.exe - Win32/PSW.OnLineGames.PBQ trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa23.exe - Win32/PSW.OnLineGames.GJV trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa24.exe - is OK
E:\virus\201716.rar » RAR » 201716\aa25.exe - Win32/PSW.OnLineGames.GJV trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa26.exe - a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa3.exe - Win32/PSW.OnLineGames.YA trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa4.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa5.exe - Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa6.exe - Win32/PSW.OnLineGames.GJV trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa7.exe - Win32/PSW.OnLineGames.GJV trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa8.exe - Win32/PSW.OnLineGames.NLY trojan - was a part of the deleted object
E:\virus\201716.rar » RAR » 201716\aa9.exe - Win32/PSW.OnLineGames.MUG trojan - was a part of the deleted object
E:\virus\201716.rar - multiple threats - deleted - quarantined

显示全部楼层 · 发表于 2008-2-12 23:34:31

江民20

显示全部楼层 · 发表于 2008-2-13 00:36:38

Hello,

aa10.exe_ - Trojan-PSW.Win32.OnLineGames.qjl,

aa16.exe_ - Trojan-PSW.Win32.OnLineGames.ozu,

aa17.exe_ - Trojan-PSW.Win32.OnLineGames.qyt,

aa26.exe_ - Trojan.Win32.Agent.fey,

aa5.exe_ - Trojan-PSW.Win32.OnLineGames.qfw

These files are already detected. Please update your antivirus bases.

aa2.exe_

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Dmitry Shvetsov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.

显示全部楼层 · 发表于 2008-2-13 00:38:03

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qjl 檔案: C:\Documents and Settings\kato9096\桌面\201716\201716\aa10.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ozu 檔案: C:\Documents and Settings\kato9096\桌面\201716\201716\aa16.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qyt 檔案: C:\Documents and Settings\kato9096\桌面\201716\201716\aa17.exe//UPack//PE_Patch
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.fey 檔案: C:\Documents and Settings\kato9096\桌面\201716\201716\aa26.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qfw 檔案: C:\Documents and Settings\kato9096\桌面\201716\201716\aa5.exe//UPack

显示全部楼层 · 发表于 2008-2-13 01:24:03

NOD32漏的最后一个，执行后...

显示全部楼层 · 发表于 2008-2-13 11:38:17

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.XYOnline.abe
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.GamesOnline.ma
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.lvs
病毒： Trojan.PSW.Win32.GameOL.lhu
病毒： Trojan.PSW.Win32.GamesOnline.mn
病毒： Trojan.PSW.Win32.GameOL.lvq
病毒： Trojan.PSW.Win32.SunOnline.md
病毒： Trojan.PSW.Win32.GamesOnline.mh
病毒： Trojan.PSW.Win32.GameOL.lmf
病毒： Trojan.PSW.Win32.GameOL.GEN

用户来源：互联网

软件版本：20.31.10 16个

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ 创建时间: 11:44:06 2008-2-13

+ 扫描结果:

C:\Documents and Settings\zh\桌面\201716.rar/201716\aa12.exe -> Downloader.Agent.bhc : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa23.exe -> Downloader.Agent.bhc : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa25.exe -> Downloader.Agent.bhc : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa6.exe -> Downloader.Agent.bhc : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa7.exe -> Downloader.Agent.bhc : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa1.exe -> Dropper.Agent.dxz : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa20.exe -> Trojan.OnLineGames.oeg : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa16.exe -> Trojan.OnLineGames.ozu : 已清除.
C:\Documents and Settings\zh\桌面\201716.rar/201716\aa5.exe -> Trojan.OnLineGames.qfw : 已清除.

::报告结束

显示全部楼层 · 发表于 2008-2-13 22:05:25

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.XYOnline.abe
病毒： Trojan.PSW.Win32.QQGame.GEN
病毒： Trojan.PSW.Win32.GamesOnline.ma
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.lvs
病毒： Trojan.PSW.Win32.GameOL.lhu
病毒： Trojan.PSW.Win32.GamesOnline.mn
病毒： Trojan.PSW.Win32.GameOL.lvq
病毒： Trojan.PSW.Win32.SunOnline.md
病毒： Trojan.PSW.Win32.GamesOnline.mh
病毒： Trojan.PSW.Win32.GameOL.lmf
病毒： Trojan.PSW.Win32.GameOL.GEN

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.31.10

显示全部楼层 · 发表于 2008-2-13 22:22:05

ArcaMicroScan - Scanning report [2008.02.13 22:19:45]
Base date : 2008.02.12 10:02:20

[Scanning : C:\Test]

C:\Test\201716.rar<RAR>:aa1.exe<DLLRES>:LYLOADER.EXE0.exe <- Trojan.Psw.Onlinegames.Pvw : No action
C:\Test\201716.rar<RAR>:aa1.exe<DLLRES>:LYLOADER.EXE0.exe<UPack>:LYLOADER.EXE0.exe<DLLRES>:MSDEG32.DLL1.exe <- Trojan.Psw.Onlinegames.Pul : No action
C:\Test\201716.rar<RAR>:aa10.exe<UPack>:aa10.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Qjk : No action
C:\Test\201716.rar<RAR>:aa11.exe <- Trojan.Psw.Onlinegames.Pvm : No action
C:\Test\201716.rar<RAR>:aa12.exe <- Trojan.Psw.Onlinegames.Qna : No action
C:\Test\201716.rar<RAR>:aa12.exe<UPX>:aa12.exe<DLLRES>:DATEINFO0.exe <- Trojan.Psw.Nilage.Bza : No action
C:\Test\201716.rar<RAR>:aa13.exe <- Trojan.Psw.Onlinegames.Qoz : No action
C:\Test\201716.rar<RAR>:aa15.exe <- Heur.Win32.I : No action
C:\Test\201716.rar<RAR>:aa16.exe<UPack>:aa16.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Ozu : No action
C:\Test\201716.rar<RAR>:aa18.exe <- Trojan.Psw.Onlinegames.Qoz : No action
C:\Test\201716.rar<RAR>:aa19.exe <- Trojan.Dropper.Agent.Ebc : No action
C:\Test\201716.rar<RAR>:aa20.exe <- Trojan.Psw.Onlinegames.Oee : No action
C:\Test\201716.rar<RAR>:aa20.exe<UPack>:aa20.exe<DLLRES>:MUSIC0.exe <- Trojan.Psw.Onlinegames.Oec : No action
C:\Test\201716.rar<RAR>:aa21.exe <- Heur.Win32.I : No action
C:\Test\201716.rar<RAR>:aa22.exe <- Trojan.Psw.Onlinegames.Qpf : No action
C:\Test\201716.rar<RAR>:aa23.exe <- Trojan.Psw.Wow.Ald : No action
C:\Test\201716.rar<RAR>:aa23.exe<UPX>:aa23.exe<DLLRES>:DATEINFO0.exe <- Trojan.Psw.Wow.Alc : No action
C:\Test\201716.rar<RAR>:aa24.exe <- Trojan.Psw.Onlinegames.Qnd : No action
C:\Test\201716.rar<RAR>:aa25.exe <- Trojan.Psw.Nilage.Byx : No action
C:\Test\201716.rar<RAR>:aa25.exe<UPX>:aa25.exe<DLLRES>:DATEINFO0.exe <- Trojan.Psw.Nilage.Byp : No action
C:\Test\201716.rar<RAR>:aa26.exe <- Heur.Win32.I : No action
C:\Test\201716.rar<RAR>:aa3.exe <- Trojan.Psw.Onlinegames.Qnc : No action
C:\Test\201716.rar<RAR>:aa3.exe<UPack>:aa3.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Qne : No action
C:\Test\201716.rar<RAR>:aa4.exe <- Trojan.Psw.Onlinegames.Pzl : No action
C:\Test\201716.rar<RAR>:aa5.exe<UPack>:aa5.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Qmk : No action
C:\Test\201716.rar<RAR>:aa6.exe<FSG>:aa6.exe<DLLRES>:DATEINFO0.exe <- Trojan.Psw.Nilage.Bzb : No action
C:\Test\201716.rar<RAR>:aa7.exe <- Trojan.Psw.Nilage.Byy : No action
C:\Test\201716.rar<RAR>:aa7.exe<UPX>:aa7.exe<DLLRES>:DATEINFO0.exe <- Trojan.Psw.Nilage.Byy : No action
C:\Test\201716.rar<RAR>:aa9.exe <- Trojan.Psw.Onlinegames.Pzl : No action

Scanned objects : 66

Infected objects : 29

[病毒样本] 24

23

回复 15楼 kato9096 的帖子

本帖子中包含更多资源

71/16