下载者

zzh161

费尔报了一半的启发。。。。

样本：

无尽藏海

Scan Log
Version of virus signature database: 2874 (20080214)
Date: 2008-2-14  Time: 20:37:01
Scanned disks, folders and files: F:\virus\pic.rar
F:\virus\pic.rar » RAR » 11\mz.exe - probably a variant of Win32/Genetik trojan
F:\virus\pic.rar » RAR » 11\net.exe - a variant of Win32/Jalous worm
F:\virus\pic.rar » RAR » 11\vv0.exe - Win32/PSW.Agent.NGZ trojan
F:\virus\pic.rar » RAR » 11\vv1.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv11.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
F:\virus\pic.rar » RAR » 11\vv14.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv15.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv16.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv17.exe - probably a variant of Win32/AutoRun.Q worm
F:\virus\pic.rar » RAR » 11\vv19.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv20.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv21.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv4.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv6.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\pic.rar » RAR » 11\vv8.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
Number of scanned objects: 15
Number of threats found: 15
Time of completion: 20:37:13  Total scanning time: 12 sec (00:00:12)

清蒸波波面

一共多少个 16个文件，费尔杀了15个

woai_jolin

2008/2/14 20:52:47        Real-time file system protection        file        G:\v\11\vv8.exe        a variant of Win32/PSW.OnLineGames.PBQ trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:46        Real-time file system protection        file        G:\v\11\vv6.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:45        Real-time file system protection        file        G:\v\11\vv4.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:43        Real-time file system protection        file        G:\v\11\vv21.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:42        Real-time file system protection        file        G:\v\11\vv20.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:41        Real-time file system protection        file        G:\v\11\vv19.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:39        Real-time file system protection        file        G:\v\11\vv17.exe        probably a variant of Win32/AutoRun.Q worm        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:38        Real-time file system protection        file        G:\v\11\vv16.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:37        Real-time file system protection        file        G:\v\11\vv15.exe        Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:36        Real-time file system protection        file        G:\v\11\vv14.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:35        Real-time file system protection        file        G:\v\11\vv11.exe        probably a variant of Win32/PSW.OnLineGames.NFL trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:34        Real-time file system protection        file        G:\v\11\vv1.exe        a variant of Win32/PSW.OnLineGames.MUG trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:33        Real-time file system protection        file        G:\v\11\vv0.exe        Win32/PSW.Agent.NGZ trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:32        Real-time file system protection        file        G:\v\11\net.exe        a variant of Win32/Jalous worm        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008/2/14 20:52:30        Real-time file system protection        file        G:\v\11\mz.exe        probably a variant of Win32/Genetik trojan        cleaned by deleting - quarantined                Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

红心王子

蠕虫名称:Worm.Win32.Downloader.uw

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\11\NET.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OLGames.kvi

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\11\VV11.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

sam.to

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Delf.anw        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\mz.exe//UPX
已刪除: 病毒 Worm.Win32.Downloader.eh        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\net.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.puu        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv0.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv1.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.qvq        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv11.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv14.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.pzl        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv16.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.auq        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv17.exe//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv19.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv20.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv21.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv4.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rbf        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv6.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.rdx        檔案: C:\Documents and Settings\kato9096\桌面\pic.rar/11\vv8.exe//PE_Patch//UPack

15．沒有不报

gho

2008-2-14 21:11:29        I:\hanxiaojun\pic.rar        15        15        0        Completed

gho

Scanning Report
14 February 2008 21:13:46 - 21:13:49
Computer name: CN-89FF4B9EA4D6
Scanning type: Scan target
Target: I:\hanxiaojun\pic.rar


--------------------------------------------------------------------------------

Result: 14 malware found
Trojan-PSW.Win32.Delf.anw (virus)
I:\hanxiaojun\pic.rar\11\mz.exe
Worm.Win32.Downloader.eh (virus)
I:\hanxiaojun\pic.rar\11\net.exe
Trojan-PSW.Win32.OnLineGames.puu (virus)
I:\hanxiaojun\pic.rar\11\vv0.exe
Trojan-PSW.Win32.OnLineGames.rbf (virus)
I:\hanxiaojun\pic.rar\11\vv1.exe
I:\hanxiaojun\pic.rar\11\vv14.exe
I:\hanxiaojun\pic.rar\11\vv16.exe
I:\hanxiaojun\pic.rar\11\vv19.exe
I:\hanxiaojun\pic.rar\11\vv20.exe
I:\hanxiaojun\pic.rar\11\vv21.exe
I:\hanxiaojun\pic.rar\11\vv4.exe
I:\hanxiaojun\pic.rar\11\vv6.exe
Trojan-PSW.Win32.OnLineGames.qvq (virus)
I:\hanxiaojun\pic.rar\11\vv11.exe
Trojan-PSW.Win32.OnLineGames.pzl (virus)
I:\hanxiaojun\pic.rar\11\vv15.exe
Trojan-PSW.Win32.QQPass.auq (virus)
I:\hanxiaojun\pic.rar\11\vv17.exe

挪威的冬天

信息        2008-02-14  21:14:59        您此次查毒共查出6个病毒以及危险代码                       
信息        2008-02-14  21:14:59        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件30个                       
信息        2008-02-14  21:14:59        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\vv8.exe        Win32.Troj.OnlineGamesT.af.57344        跳过，未处理       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\vv15.exe        Win32.Troj.OnlineGamesT.nr.37008        跳过，未处理       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\vv11.exe        Win32.Troj.OnlineGamesT.ty.98304        跳过，未处理       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\vv0.exe        Win32.PSWTroj.Agent.4055        跳过，未处理       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\net.exe        Win32.Troj.DwonLoaderT.xy.133203        跳过，未处理       
病毒        2008-02-14  21:14:59        C:\Users\挪威的冬天\Desktop\pic.rar\11\mz.exe        Win32.PSWTroj.Delf.90192        跳过，未处理

leonfg

FS扫描14+沙盘1全k
扫描：
结果: 发现14个恶意软件
Trojan-PSW.Win32.Delf.anw (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\mz.exe
Worm.Win32.Downloader.eh (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\net.exe
Trojan-PSW.Win32.OnLineGames.puu (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv0.exe
Trojan-PSW.Win32.OnLineGames.rbf (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv1.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv14.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv16.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv19.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv20.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv21.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv4.exe
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv6.exe
Trojan-PSW.Win32.OnLineGames.qvq (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv11.exe
Trojan-PSW.Win32.OnLineGames.pzl (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv15.exe
Trojan-PSW.Win32.QQPass.auq (病毒)
C:\Documents and Settings\GUNDAM\桌面\pic.rar\11\vv17.exe

沙盘：
在文件 C:\DOCUMENTS AND SETTINGS\GUNDAM\桌面\11\VV8.EXE 中发现恶意代码。
感染: W32/Malware
操作: 无.