10 pcs

qianwenxiang

killloop

江民9

hshhua01

10
Begin scan in 'D:\BOOK\Data13.rar'
D:\BOOK\Data13.rar
  [0] Archive type: RAR
  --> 13.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.qnq.6
  --> 15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ode
  --> cn.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGa.NMN
  --> 3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.QIV.7
  --> 4.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.29
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 8.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 9.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.qoz.6
      [WARNING]   The file was ignored!

[ 本帖最后由 hshhua01 于 2008-2-13 20:14 编辑 ]

sam.to

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qnk        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/13.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ode        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.imf        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/1.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qiv        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/3.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pud        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/4.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qnk        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/6.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qoz        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/8.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qoz        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/9.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qoz        檔案: C:\Documents and Settings\kato9096\桌面\202258.rar/10.exe//PE_Patch//UPack

9,上报一个

28654621

D:\download\Data13.rar>>13.exe        TrojanPSW.OnLineGames.qnk.qqmn        木马        还未处理
D:\download\Data13.rar>>15.exe        TrojanPSW.OnlineGames.GEN.rkne        木马        还未处理
D:\download\Data13.rar>>1.exe        PWSteal.LegMir.xsaj        木马        还未处理
D:\download\Data13.rar>>3.exe        TrojanPSW.OnLineGames.qiv.mbxz        木马        还未处理
D:\download\Data13.rar>>4.exe        TrojanPSW.XYOnline.aay.takw        木马        还未处理
D:\download\Data13.rar>>6.exe        TrojanPSW.OnLineGames.qnk.becc        木马        还未处理
D:\download\Data13.rar>>8.exe        TrojanPSW.OnLineGames.qoz.zuuo        木马        还未处理
D:\download\Data13.rar>>9.exe        TrojanPSW.OnLineGames.qoz.axlu        木马        还未处理
D:\download\Data13.rar>>10.exe        Heuri.Suspicious.ERNM        启发式扫描        还未处理

leonfg

FS 9，蜘蛛全k
扫描报告
2008年2月13日 20:12:13 - 20:12:14
计算机名称: CHINESE-GUNDAM
扫描类型: 扫描指定目标
目标: C:\Documents and Settings\GUNDAM\桌面\Data13.rar


--------------------------------------------------------------------------------

结果: 发现9个恶意软件
Trojan-PSW.Win32.OnLineGames.qnk (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\13.exe
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\6.exe
Trojan-PSW.Win32.OnLineGames.ode (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\15.exe
Trojan-Downloader.Win32.Agent.imf (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\1.exe
Trojan-PSW.Win32.OnLineGames.qiv (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\3.exe
Trojan-PSW.Win32.OnLineGames.pud (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\4.exe
Trojan-PSW.Win32.OnLineGames.qoz (病毒)
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\8.exe
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\9.exe
C:\Documents and Settings\GUNDAM\桌面\Data13.rar\10.exe

漏的cn.exe又下了一堆，里面又漏一个：

AhnLab-V3	2008.2.13.11	2008.02.13	-
AntiVir	7.6.0.65	2008.02.13	-
Authentium	4.93.8	2008.02.13	-
Avast	4.7.1098.0	2008.02.13	-
AVG	7.5.0.516	2008.02.13	-
BitDefender	7.2	2008.02.13	-
CAT-QuickHeal	None	2008.02.12	(Suspicious) - DNAScan
ClamAV	0.92	2008.02.13	PUA.Packed.UPack-3
DrWeb	4.44.0.09170	2008.02.13	-
eSafe	7.0.15.0	2008.02.11	Suspicious File
eTrust-Vet	31.3.5533	2008.02.13	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.13	-
Fortinet	3.14.0.0	2008.02.13	-
F-Prot	4.4.2.54	2008.02.12	W32/Heuristic-CSU!Eldorado
F-Secure	6.70.13260.0	2008.02.13	-
Ikarus	T3.1.1.20	2008.02.13	-
Kaspersky	7.0.0.125	2008.02.13	-
McAfee	5228	2008.02.12	New Malware.aj
Microsoft	1.3204	2008.02.13	-
NOD32v2	2871	2008.02.13	-
Norman	5.80.02	2008.02.12	-
Panda	9.0.0.4	2008.02.13	Suspicious file
Prevx1	V2	2008.02.13	-
Sophos	4.26.0	2008.02.13	Mal/Packer
Sunbelt	2.2.907.0	2008.02.13	VIPRE.Suspicious
Symantec	10	2008.02.13	-
TheHacker	6.2.9.218	2008.02.12	-
VBA32	3.12.6.0	2008.02.11	-
VirusBuster	4.3.26:9	2008.02.12	Packed/Upack
Webwasher-Gateway	6.6.2	2008.02.13	Win32.Malware.gen#Upack!84 (suspicious)

[ 本帖最后由 leonfg 于 2008-2-13 20:37 编辑 ]

无尽藏海

9个
F:\virus\Data13.rar » RAR » 13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 15.exe - Win32/TrojanDownloader.Small.NZL trojan
F:\virus\Data13.rar » RAR » 1.exe - Win32/PSW.OnLineGames.NMN trojan
F:\virus\Data13.rar » RAR » 3.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 4.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 6.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 8.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 9.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\Data13.rar » RAR » 10.exe - Win32/PSW.OnLineGames.MUG trojan

2008-2-13 20:32:40 Kernel File  'F:\virus\Data13\cn.rar' was sent to ESET for analysis.

[ 本帖最后由 无尽藏海 于 2008-2-13 20:33 编辑 ]

sam.to

Hello,

cn.exe_ - Trojan-Downloader.Win32.Murlo.ju

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

冷冷

IK
I:\virus\Data13.rar:\13.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\15.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\Data13.rar:\cn.exe - Signature 'Dialer' found
I:\virus\Data13.rar:\1.exe - Signature 'Trojan-Dropper.Win32.Agent.ane' found
I:\virus\Data13.rar:\3.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\4.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\6.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\8.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\9.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar:\10.exe - Signature 'Trojan-Spy.Win32.Delf.PD' found
I:\virus\Data13.rar

        11 Files scanned
          (1 Archiv with 10 files)
        10 Signatures found
        0 Suspect code-parts found
        Used time: 0:00.093

冷冷

IK
I:\virus\in7.rar:\in7.exe - Suspect code-parts found (Level: 70)
I:\virus\in7.rar

        2 Files scanned
          (1 Archiv with 1 file)
        0 Signatures found
        1 Suspect code-part found
        Used time: 0:00.016