曾经的mm终于更新了

显示全部楼层 · 发表于 2008-2-17 20:31:12

新的mm：

运行下，去下了个hxxp://333.kv8.info/im/ctfmon.exe

还有个hxxp://test.591jx.com/test.exe

最后弄来一大包毒：

显示全部楼层 · 发表于 2008-2-17 20:35:18

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pup File: C:\Virus\mmdown.rar/11\aa1.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pvm File: C:\Virus\mmdown.rar/11\aa11.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qna File: C:\Virus\mmdown.rar/11\aa12.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rer File: C:\Virus\mmdown.rar/11\aa13.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rbf File: C:\Virus\mmdown.rar/11\aa14.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rda File: C:\Virus\mmdown.rar/11\aa15.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ozu File: C:\Virus\mmdown.rar/11\aa16.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rbf File: C:\Virus\mmdown.rar/11\aa17.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qoz File: C:\Virus\mmdown.rar/11\aa18.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.req File: C:\Virus\mmdown.rar/11\aa19.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rbf File: C:\Virus\mmdown.rar/11\aa2.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.oee File: C:\Virus\mmdown.rar/11\aa20.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rbf File: C:\Virus\mmdown.rar/11\aa21.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qpf File: C:\Virus\mmdown.rar/11\aa22.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rbf File: C:\Virus\mmdown.rar/11\aa23.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qnd File: C:\Virus\mmdown.rar/11\aa24.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qnc File: C:\Virus\mmdown.rar/11\aa3.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnd File: C:\Virus\mmdown.rar/11\aa4.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rhd File: C:\Virus\mmdown.rar/11\aa5.exe//UPack
deleted: Trojan program Trojan.Win32.Pakes.bzp File: C:\Virus\mmdown.rar/11\aa6.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rgf File: C:\Virus\mmdown.rar/11\aa7.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.qjj File: C:\Virus\mmdown.rar/11\aa8.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rhu File: C:\Virus\mmdown.rar/11\aa9.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-2-17 20:36:04

卡巴剩下aa10和aa26

显示全部楼层 · 发表于 2008-2-17 20:36:16

新 MM 金山不杀

其余如下

信息 2008-02-17  20:35:51 您此次查毒共查出18个病毒以及危险代码
信息 2008-02-17  20:35:51 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件52个
信息 2008-02-17  20:35:51 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa8.exe Win32.Troj.OnlineGamesT.wf.118784 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa7.exe Win32.PSWTroj.OnLineGames.77824 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa6.exe Win32.Troj.WoWT.zy.110592 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa5.exe Win32.Troj.OnlineGamesT.ty.98304 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa4.exe Win32.Troj.OnlineGamesT.ty.98304 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa3.exe Win32.Troj.OnlineGamesT.e.94315 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa26.exe Win32.Troj.OnlineGamesT.oy.61440 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa22.exe Win32.Troj.OnlineGamesT.af.57344 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa20.exe Win32.Troj.AgentT.fm.14452 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa19.exe Win32.Troj.OnlineGamesT.af.57344 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa18.exe Win32.Troj.OnLineGamesT.qo.98304 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa16.exe Win32.Troj.OnlineGamesT.ty.98304 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa13.exe Win32.Troj.OnlineGamesT.af.57344 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa12.exe Win32.PSWTroj.OnLineGames.77824 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa11.exe Win32.Troj.OnlineGamesT.nr.37008 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa10.exe Win32.Troj.OnlineGamesT.oy.61440 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\mmdown.rar\11\aa1.exe Win32.PSWTroj.Agent.4055 跳过，未处理
病毒 2008-02-17  20:35:51 C:\Users\挪威的冬天\Desktop\ctfmon.rar\ctfmon.exe Win32.Troj.Downloader.ex.23552 跳过，未处理

显示全部楼层 · 发表于 2008-2-17 20:37:15

cfmon:
deleted: Trojan program Trojan-Dropper.Win32.Agent.env File: C:\Virus\ctfmon.rar/ctfmon.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-2-17 20:39:23

前两个avast不杀，最后一个被杀了

显示全部楼层 · 发表于 2008-2-17 20:40:37

MM没认出来……上报

2008-2-17 20:40:57 Kernel File  'F:\virus\mm.rar' was sent to ESET for analysis.

Scan Log
Version of virus signature database: 2880 (20080215)
Date: 2008-2-17  Time: 20:39:19
Scanned disks, folders and files: F:\virus\mm.rar;F:\virus\ctfmon.rar;F:\virus\mmdown.rar
F:\virus\ctfmon.rar » RAR » ctfmon.exe - probably unknown NewHeur_PE virus [7]
F:\virus\mmdown.rar » RAR » 11\aa1.exe - Win32/PSW.Agent.NGZ trojan
F:\virus\mmdown.rar » RAR » 11\aa10.exe - a variant of Win32/PSW.OnLineGames.NML trojan
F:\virus\mmdown.rar » RAR » 11\aa11.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa12.exe - Win32/PSW.OnLineGames.GJV trojan
F:\virus\mmdown.rar » RAR » 11\aa13.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
F:\virus\mmdown.rar » RAR » 11\aa14.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa16.exe - Win32/PSW.OnLineGames.NFL trojan
F:\virus\mmdown.rar » RAR » 11\aa17.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa18.exe - Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa19.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
F:\virus\mmdown.rar » RAR » 11\aa2.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa20.exe - Win32/PSW.OnLineGames.FDY trojan
F:\virus\mmdown.rar » RAR » 11\aa21.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa22.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
F:\virus\mmdown.rar » RAR » 11\aa23.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
F:\virus\mmdown.rar » RAR » 11\aa24.exe - Win32/Agent.NIW trojan
F:\virus\mmdown.rar » RAR » 11\aa26.exe - a variant of Win32/PSW.OnLineGames.NML trojan
F:\virus\mmdown.rar » RAR » 11\aa3.exe - Win32/PSW.OnLineGames.YA trojan
F:\virus\mmdown.rar » RAR » 11\aa4.exe - a variant of Win32/PSW.OnLineGames.YA trojan
F:\virus\mmdown.rar » RAR » 11\aa5.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
F:\virus\mmdown.rar » RAR » 11\aa6.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
F:\virus\mmdown.rar » RAR » 11\aa7.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
F:\virus\mmdown.rar » RAR » 11\aa8.exe - Win32/PSW.OnLineGames.NLY trojan
F:\virus\mmdown.rar » RAR » 11\aa9.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
Number of scanned objects: 27
Number of threats found: 25
Time of completion: 20:39:31  Total scanning time: 12 sec (00:00:12)

Notes:
[7] Object is probably infected with an unknown virus.

显示全部楼层 · 发表于 2008-2-17 20:41:44

NOD mm.exe没报
ctfmon.exe - 未查明的 NewHeur_PE 病毒 [7]

NOD 24 mmdown.rar
已扫描的磁盘，文件夹及文件：E:\pic\_PICtemp\mmdown.rar
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa1.exe - Win32/PSW.Agent.NGZ 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa10.exe - Win32/PSW.OnLineGames.NML 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa11.exe - Win32/PSW.OnLineGames.MUG 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa12.exe - Win32/PSW.OnLineGames.GJV 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa13.exe - Win32/PSW.OnLineGames.PBQ 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa14.exe - Win32/PSW.OnLineGames.MUG 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa16.exe - Win32/PSW.OnLineGames.NFL 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa17.exe - Win32/PSW.OnLineGames.MUG 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa18.exe - Win32/PSW.OnLineGames.MUG 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa19.exe - Win32/PSW.OnLineGames.PBQ 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa2.exe - Win32/PSW.OnLineGames.MUG 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa20.exe - Win32/PSW.OnLineGames.FDY 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa21.exe - Win32/PSW.OnLineGames.MUG 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa22.exe - Win32/PSW.OnLineGames.PBQ 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa23.exe - Win32/PSW.OnLineGames.MUG 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa24.exe - Win32/Agent.NIW 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa26.exe - Win32/PSW.OnLineGames.NML 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa3.exe - Win32/PSW.OnLineGames.YA 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa4.exe - Win32/PSW.OnLineGames.YA 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa5.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马的一个变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa6.exe - Win32/PSW.OnLineGames.GJV 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa7.exe - Win32/PSW.OnLineGames.GJV 木马的变种
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa8.exe - Win32/PSW.OnLineGames.NLY 木马
E:\pic\_PICtemp\mmdown.rar >>RAR >>11\aa9.exe - Win32/PSW.OnLineGames.MUG 木马的变种
已扫描的文件数目：25
已发现的病毒数目：24
完成时间： 20:45:21 总扫描时间：8 秒 (00:00:08)

显示全部楼层 · 发表于 2008-2-17 20:43:31

detected: Trojan program Trojan-Downloader.Win32.Delf.epw       URL: http://bbs.kafan.cn/attachment.p ... xe//PE_Patch//UPack
detected: Trojan program Trojan-Dropper.Win32.Agent.env       URL: http://bbs.kafan.cn/attachment.p ... xe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pup       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa1.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pvm       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa11.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qna       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa12.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rer       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa13.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rbf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa14.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rda       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa15.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ozu       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa16.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rbf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa17.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qoz       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa18.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.req       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa19.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rbf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa2.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.oee       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa20.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rbf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa21.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qpf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa22.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rbf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa23.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qnd       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa24.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qnc       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa3.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.pnd       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa4.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rhd       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa5.exe//UPack
detected: Trojan program Trojan.Win32.Pakes.bzp       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa6.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rgf       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa7.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.qjj       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa8.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rhu       File: C:\Documents and Settings\Owner\×ÀÃæ\mmdown.rar/11\aa9.exe//PE_Patch//UPack

还是老    全杀

[ 本帖最后由 wangjay1980 于 2008-2-17 21:12 编辑 ]

显示全部楼层 · 发表于 2008-2-17 20:43:59

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.XYOnline.abe
病毒： Trojan.PSW.Win32.GamesOnline.ma
病毒： Trojan.PSW.Win32.GameOL.lxg
病毒： Trojan.PSW.Win32.GameOL.lvx
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： RootKit.Win32.GameHack.GEN
病毒： Trojan.PSW.Win32.ZeroOnline.dg
病毒： Trojan.PSW.Win32.XYOnline.aay
病毒： Trojan.PSW.Win32.GameOL.lhu
病毒： Trojan.PSW.Win32.GameOL.lvq
病毒： RootKit.Win32.GameHack.geu
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： RootKit.Win32.GameHack.geu
病毒： Trojan.PSW.Win32.GameOL.GEN

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.31.50

[病毒样本] 曾经的mm终于更新了

本帖子中包含更多资源

85/21

浏览过的版块