今天华军上挂的那个下来的

zzh161

每日一变，难得今天这个下载者不用驱动，用sbie抓来的，嘿嘿

样本：

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.XYOnline.abk
病毒： Trojan.PSW.Win32.GameOL.lvx
病毒： Trojan.PSW.Win32.ZhengTu.yna
病毒： Trojan.PSW.Win32.GamesOnline.mn
病毒： Trojan.PSW.Win32.XYOnline.aay
病毒： Trojan.PSW.Win32.QQPass.GEN
病毒： Trojan.PSW.Win32.GamesOnline.mh
病毒： RootKit.Win32.GameHack.geu
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： RootKit.Win32.GameHack.geu
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.AskTao.gw
病毒： RootKit.Win32.GameHack.GEN
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.ZeroOnline.dg

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.31.30

sharkkong

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rbf        文件: E:\下载\dod.rar/dod\1.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qxu        文件: E:\下载\dod.rar/dod\10.exe//#
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qyf        文件: E:\下载\dod.rar/dod\11.exe//#//UPack
已删除: 木马程序 Trojan-Dropper.Win32.Small.ben        文件: E:\下载\dod.rar/dod\1111.exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qiw        文件: E:\下载\dod.rar/dod\12.exe//#//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rbf        文件: E:\下载\dod.rar/dod\13.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.QQPass.atq        文件: E:\下载\dod.rar/dod\14.exe//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qml        文件: E:\下载\dod.rar/dod\15.exe//#//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qoz        文件: E:\下载\dod.rar/dod\16.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Downloader.Win32.Agent.inj        文件: E:\下载\dod.rar/dod\2.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qov        文件: E:\下载\dod.rar/dod\3.exe//UPack//PE_Patch
已删除: 木马程序 Trojan-PSW.Win32.Delf.aob        文件: E:\下载\dod.rar/dod\4.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qnk        文件: E:\下载\dod.rar/dod\6.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rdf        文件: E:\下载\dod.rar/dod\7.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qnn        文件: E:\下载\dod.rar/dod\8.exe//#//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qzo        文件: E:\下载\dod.rar/dod\9.exe//#//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qnk        文件: e:\下载\dod.rar/dod\10.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qoz        文件: e:\下载\dod.rar/dod\11.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qiv        文件: e:\下载\dod.rar/dod\12.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.pzl        文件: e:\下载\dod.rar/dod\15.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qnk        文件: e:\下载\dod.rar/dod\8.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qoz        文件: e:\下载\dod.rar/dod\9.exe//PE_Patch//UPack

allinwonderi

[Scanning : C:\Test]


C:\Test\dod.rar<RAR>:1.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:10.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:11.exe <- Trojan.Psw.Onlinegames.Qoz : No action
C:\Test\dod.rar<RAR>:12.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:13.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:14.exe <- Trojan.Psw.Qqpass.Atq : No action
C:\Test\dod.rar<RAR>:14.exe<UPX>:14.exe<DLLRES>:FILE0.exe <- Trojan.Psw.Qqpass.Atr : No action
C:\Test\dod.rar<RAR>:15.exe <- Trojan.Psw.Onlinegames.Pzl : No action
C:\Test\dod.rar<RAR>:16.exe <- Trojan.Psw.Onlinegames.Qoz : No action
C:\Test\dod.rar<RAR>:2.exe <- Trojan.Downloader.Agent.Inj : No action
C:\Test\dod.rar<RAR>:2.exe<UPack>:2.exe<DLLRES>:L010.exe <- Trojan.Downloader.Agent.Ink : No action
C:\Test\dod.rar<RAR>:3.exe<UPack>:3.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Qot : No action
C:\Test\dod.rar<RAR>:4.exe <- Trojan.Psw.Delf.Aob : No action
C:\Test\dod.rar<RAR>:4.exe<UPack>:4.exe<DLLRES>:L010.exe <- Trojan.Psw.Delf.Aoa : No action
C:\Test\dod.rar<RAR>:6.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:8.exe <- Heur.Win32.I : No action
C:\Test\dod.rar<RAR>:9.exe <- Heur.Win32.I : No action



Scanned objects : 43

Infected objects : 17

无尽藏海

Scan Log
Version of virus signature database: 2874 (20080214)
Date: 2008-2-14  Time: 20:38:48
Scanned disks, folders and files: F:\virus\dod.rar
F:\virus\dod.rar &raquo; RAR &raquo; dod\1.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\10.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\11.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\12.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\14.exe - probably a variant of Win32/AutoRun.Q worm
F:\virus\dod.rar &raquo; RAR &raquo; dod\15.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\16.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\2.exe - a variant of Win32/PSW.OnLineGames.NMN trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\3.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\4.exe - a variant of Win32/PSW.OnLineGames.NMN trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\6.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\7.exe - a variant of Win32/PSW.OnLineGames.NLY trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\8.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod\9.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\dod.rar &raquo; RAR &raquo; dod.exe - probably a variant of Win32/Genetik trojan
Number of scanned objects: 25
Number of threats found: 16
Time of completion: 20:38:58  Total scanning time: 10 sec (00:00:10)

清蒸波波面

26个文件，费尔15个

woai_jolin

2008/2/14 20:50:20        Real-time file system protection        file        G:\v\dod.exe        probably a variant of Win32/Genetik trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:18        Real-time file system protection        file        G:\v\dod\9.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:17        Real-time file system protection        file        G:\v\dod\8.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:15        Real-time file system protection        file        G:\v\dod\7.exe        a variant of Win32/PSW.OnLineGames.NLY trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:14        Real-time file system protection        file        G:\v\dod\6.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:12        Real-time file system protection        file        G:\v\dod\4.exe        a variant of Win32/PSW.OnLineGames.NMN trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:11        Real-time file system protection        file        G:\v\dod\3.exe        a variant of Win32/PSW.OnLineGames.NFL trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:10        Real-time file system protection        file        G:\v\dod\2.exe        a variant of Win32/PSW.OnLineGames.NMN trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:09        Real-time file system protection        file        G:\v\dod\16.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:08        Real-time file system protection        file        G:\v\dod\15.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:07        Real-time file system protection        file        G:\v\dod\14.exe        probably a variant of Win32/AutoRun.Q worm        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:06        Real-time file system protection        file        G:\v\dod\13.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:04        Real-time file system protection        file        G:\v\dod\12.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:03        Real-time file system protection        file        G:\v\dod\11.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:02        Real-time file system protection        file        G:\v\dod\10.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:50:01        Real-time file system protection        file        G:\v\dod\1.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

woai_jolin

2008/2/14 20:51:10        Kernel        File  'G:\v\dod\dod.rar' was sent to ESET for analysis.

挪威的冬天

我说 不是吧

信息        2008-02-14  21:37:39        您此次查毒共查出5个病毒以及危险代码                       
信息        2008-02-14  21:37:39        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件42个                       
信息        2008-02-14  21:37:39        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-02-14  21:37:39        C:\Users\挪威的冬天\Desktop\dod.rar\dod\4.exe        Win32.Troj.DownloaderT.m.101715        跳过，未处理       
病毒        2008-02-14  21:37:39        C:\Users\挪威的冬天\Desktop\dod.rar\dod\3.exe        Win32.Troj.OnlineGamesT.ky.151552        跳过，未处理       
病毒        2008-02-14  21:37:39        C:\Users\挪威的冬天\Desktop\dod.rar\dod\2.exe        Win32.Troj.DownloaderT.m.101715        跳过，未处理       
病毒        2008-02-14  21:37:39        C:\Users\挪威的冬天\Desktop\dod.rar\dod\15.exe        Win32.Troj.OnlineGamesT.nr.37008        跳过，未处理       
病毒        2008-02-14  21:37:39        C:\Users\挪威的冬天\Desktop\dod.rar\dod\12.exe        Win32.Troj.OnlineGamesT.nr.37008        跳过，未处理

leonfg

FS
扫描16；
老妈子dod.exe漏了，运行后沙盘报一个生成物，系统控制拦几下，未见后续动作......
Hello,

Thank you for your e-mail.

The file you sent was found to be malicious. An appropriate detection will be added in one of the next database updates.

Our latest database updates are available here:

http://www.f-secure.com/download-purchase/updates.shtml

Have a nice day!

--
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/
BE SURE.

剩的8个仔儿好像运行不起来。
Hello,

Thank you for the samples that you sent to us.

The files you submitted are clean HTML files. They are not malicious.

Should you have further concerns, please do not hesitate to e-mail us again.

Have a nice day!

--
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/
BE SURE.

[ 本帖最后由 leonfg 于 2008-2-14 22:40 编辑 ]