下载者及产物32个

显示全部楼层 · 发表于 2008-3-9 13:48:01

下载这sta.exe
读取列表
Unpacker:00405000 0000001F C http://iii.u668u.com/admin.txt
Unpacker:00405104 0000001F C http://iii.wyfdc.com/admin.txt
Unpacker:00405208 0000001F C http://iii.188dm.com/admin.txt
只有http://iii.u668u.com/admin.txt可用

[CONTROL]
VERSION=2008-2-3
[DOWN]
NEWVERSION=http://iii.u668u.com/gx.exe
1=http://iii.u668u.com/mm/a1.exe
2=http://iii.u668u.com/mm/a2.exe
3=http://iii.u668u.com/mm/a3.exe
4=http://iii.u668u.com/mm/a4.exe
5=http://iii.u668u.com/mm/a5.exe
6=http://iii.u668u.com/mm/a6.exe
7=http://iii.u668u.com/mm/a7.exe
8=http://iii.u668u.com/mm/a8.exe
9=http://iii.u668u.com/mm/a9.exe
10=http://iii.u668u.com/mm/a10.exe
11=http://iii.u668u.com/mm/a11.exe
12=http://iii.u668u.com/mm/a12.exe
13=http://iii.u668u.com/mm/a13.exe
14=http://iii.u668u.com/mm/a14.exe
15=http://iii.u668u.com/mm/a15.exe
16=http://iii.u668u.com/mm/a16.exe

复制代码

[ 本帖最后由 promised 于 2008-3-9 13:50 编辑 ]

显示全部楼层 · 发表于 2008-3-9 13:51:11

C:\Documents and Settings\Don johnson\桌面\sta.rar » RAR » sta.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » SHAProc.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » upxdnd.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » WSockDrv32.dll - a variant of Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » AVPSrv.exE - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » cmdbcs.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » DbgHlp32.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » jaqfsvhx.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » Kvsc3.exE - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » LotusHlp.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » mppds.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » MsIMMs32.exE - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » PTSShell.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » SHAProc.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » upxdnd.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » WSockDrv32.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » a1.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » a6.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » a12.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » AVPSrv.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » cmdbcs.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » DbgHlp32.dlL - probably a variant of Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » Kvsc3.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » LotusHlp.dll - a variant of Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » mppds.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » MsIMMs32.dll - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » msosdohs00.dll - a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » msosmhfp00.dll - a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » PTSShell.dll - Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\产物.rar » RAR » sfnqpewv.dll - a variant of Win32/PSW.OnLineGames.HCV trojan

显示全部楼层 · 发表于 2008-3-9 13:51:44

木马名称:Trojan.Win32.Vaklik.lg

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\PTSSHELL.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OnLineGame.hjz

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\UPXDND.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OnLineGame.irj

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MSOSMHFP00.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

木马名称:Trojan-PSW.Win32.OnLineGame.qr

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\PTSSHELL.DLL
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2008-3-9 13:56:06

21
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tgb File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/WSockDrv32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tcr File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/AVPSrv.exE//UPack
detected: virus Heur.Trojan.Generic File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/cmdbcs.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.teb File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/DbgHlp32.exe//UPack
deleted: virus Heur.Trojan.Generic File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/jaqfsvhx.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tim File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/Kvsc3.exE//UPack
deleted: virus Heur.Trojan.Generic File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/LotusHlp.exe//UPack
detected: virus Heur.Trojan.Generic (modification) File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/mppds.exe//UPack
deleted: Trojan program Trojan.Win32.KillAV.pg File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/MsIMMs32.exE//UPack//PE_Patch
deleted: Trojan program Trojan.Win32.Vaklik.oy File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/PTSShell.exe//UPack
deleted: Trojan program Trojan.Win32.Vaklik.pz File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/SHAProc.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tea File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/upxdnd.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tgb File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/WSockDrv32.exe//UPack
detected: virus Heur.Invader (modification) File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/a1.exe//PE_Patch//UPack
detected: virus Heur.Invader (modification) File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/a6.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tde File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/a12.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tcq File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/AVPSrv.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tim File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/Kvsc3.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tis File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/LotusHlp.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tip File: C:\Documents and Settings\Administrator\×ÀÃæ\²úÎï.rar/MsIMMs32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\sta.rar/sta.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-3-9 14:00:18

C:\ABC\产物\a1.exe - 特征码 'Trojan-Downloader.Win32.Zlob' 被发现
C:\ABC\产物\a12.exe - 特征码 'Trojan-Downloader.Win32.Zlob' 被发现
C:\ABC\产物\a16.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\产物\a6.exe - 特征码 'Trojan-Downloader.Win32.Zlob' 被发现
C:\ABC\产物\AVPSrv.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\AVPSrv.exE - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\cmdbcs.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\cmdbcs.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\DbgHlp32.dlL - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\DbgHlp32.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\jaqfsvhx.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\Kvsc3.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\Kvsc3.exE - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\LotusHlp.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\LotusHlp.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\mppds.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\mppds.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\MsIMMs32.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\MsIMMs32.exE - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\msosdohs00.dll - 特征码 'Generic.PWS.Games.3' 被发现
C:\ABC\产物\msosfpids32.sys
C:\ABC\产物\msosmhfp00.dll - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\产物\PTSShell.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\PTSShell.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\sfnqpewv.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\SHAProc.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\SHAProc.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\upxdnd.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\upxdnd.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\WSockDrv32.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\产物\WSockDrv32.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\产物\sta\sta.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现

显示全部楼层 · 发表于 2008-3-9 14:01:29

deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Users\Nerazzurri\Desktop\sta.rar/sta.exe//PE_Patch//UPack

产物23个
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tjs File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/SHAProc.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tgb File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/WSockDrv32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tcr File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/AVPSrv.exE//UPack
detected: virus Heur.Trojan.Generic (modification) File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/cmdbcs.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.teb File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/DbgHlp32.exe//UPack
detected: virus Heur.Trojan.Generic (modification) File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/jaqfsvhx.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tim File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/Kvsc3.exE//UPack
detected: virus Heur.Trojan.Generic (modification) File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/LotusHlp.exe//UPack
detected: virus Heur.Trojan.Generic (modification) File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/mppds.exe//UPack
deleted: Trojan program Trojan.Win32.KillAV.pg File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/MsIMMs32.exE//UPack//PE_Patch
deleted: Trojan program Trojan.Win32.Vaklik.oy File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/PTSShell.exe//UPack
deleted: Trojan program Trojan.Win32.Vaklik.pz File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/SHAProc.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tea File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/upxdnd.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tgb File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/WSockDrv32.exe//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tjq File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/a1.exe//PE_Patch//UPack//#//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tjn File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/a6.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tde File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/a12.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tcq File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/AVPSrv.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tjr File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/DbgHlp32.dlL
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tim File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/Kvsc3.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tis File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/LotusHlp.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tip File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/MsIMMs32.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.tjq File: C:\Users\Nerazzurri\Desktop\²úÎï.rar/msosmhfp00.dll//UPack

显示全部楼层 · 发表于 2008-3-9 14:02:06

C:\ABC\产物\a1.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\产物\a1.exe
C:\ABC\产物\a12.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\产物\a12.exe
C:\ABC\产物\a16.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\产物\a16.exe
C:\ABC\产物\a6.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\产物\a6.exe
C:\ABC\产物\AVPSrv.dll
>>> File "C:\ABC\产物\AVPSrv.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\AVPSrv.exE
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\AVPSrv.exE
C:\ABC\产物\cmdbcs.dll
>>> File "C:\ABC\产物\cmdbcs.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\cmdbcs.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\cmdbcs.exe
C:\ABC\产物\DbgHlp32.dlL
>>> File "C:\ABC\产物\DbgHlp32.dlL" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\DbgHlp32.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\DbgHlp32.exe
C:\ABC\产物\jaqfsvhx.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\jaqfsvhx.exe
C:\ABC\产物\Kvsc3.dll
>>> File "C:\ABC\产物\Kvsc3.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\Kvsc3.exE
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\Kvsc3.exE
C:\ABC\产物\LotusHlp.dll
>>> File "C:\ABC\产物\LotusHlp.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\LotusHlp.exe
>>> Virus 'Mal/Behav-191' found in file C:\ABC\产物\LotusHlp.exe
>>> File "C:\ABC\产物\LotusHlp.exe" has been identified as suspicious 'Sus/Behav-192'.
C:\ABC\产物\mppds.dll
>>> Virus 'Mal/WOWPWS-A' found in file C:\ABC\产物\mppds.dll
C:\ABC\产物\mppds.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\mppds.exe
C:\ABC\产物\MsIMMs32.dll
>>> File "C:\ABC\产物\MsIMMs32.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\MsIMMs32.exE
>>> Virus 'Mal/Behav-156' found in file C:\ABC\产物\MsIMMs32.exE
C:\ABC\产物\msosdohs00.dll
>>> Virus 'Mal/Behav-010' found in file C:\ABC\产物\msosdohs00.dll
C:\ABC\产物\msosfpids32.sys
C:\ABC\产物\msosmhfp00.dll
>>> Virus 'Mal/Behav-010' found in file C:\ABC\产物\msosmhfp00.dll
C:\ABC\产物\PTSShell.dll
>>> Virus 'Mal/Behav-010' found in file C:\ABC\产物\PTSShell.dll
C:\ABC\产物\PTSShell.exe
>>> Virus 'Mal/Behav-191' found in file C:\ABC\产物\PTSShell.exe
>>> File "C:\ABC\产物\PTSShell.exe" has been identified as suspicious 'Sus/Behav-192'.
C:\ABC\产物\sfnqpewv.dll
>>> File "C:\ABC\产物\sfnqpewv.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\SHAProc.dll
>>> File "C:\ABC\产物\SHAProc.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\SHAProc.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\SHAProc.exe
C:\ABC\产物\sta\sta.exe
>>> Virus 'Mal/Packer' found in file C:\ABC\产物\sta\sta.exe
C:\ABC\产物\upxdnd.dll
>>> File "C:\ABC\产物\upxdnd.dll" has been identified as suspicious 'Sus/Behav-169'.
C:\ABC\产物\upxdnd.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\upxdnd.exe
C:\ABC\产物\WSockDrv32.dll
>>> File "C:\ABC\产物\WSockDrv32.dll" has been identified as suspicious 'Sus/Malware-B'.
C:\ABC\产物\WSockDrv32.exe
>>> Virus 'Mal/EncPk-BW' found in file C:\ABC\产物\WSockDrv32.exe

显示全部楼层 · 发表于 2008-3-9 14:03:49

[ 本帖最后由剑指七星于 2008-3-9 14:08 编辑 ]

显示全部楼层 · 发表于 2008-3-9 14:06:48

E:\virus test\sta.rar
  [0] Archive type: RAR
  --> sta.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
   [WARNING] The file was ignored!
E:\virus test\产物.rar
  [0] Archive type: RAR
  --> SHAProc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Onlinegames.rxt
  --> WSockDrv32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> AVPSrv.exE
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> cmdbcs.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> DbgHlp32.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> jaqfsvhx.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> Kvsc3.exE
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> LotusHlp.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> mppds.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> MsIMMs32.exE
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> PTSShell.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.463
  --> SHAProc.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> upxdnd.exe
   [DETECTION] Is the Trojan horse TR/Onlinegames.rxt
  --> WSockDrv32.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> a1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> a6.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> a12.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> a16.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
  --> AVPSrv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> DbgHlp32.dlL
   [DETECTION] Contains suspicious code HEUR/Malware
  --> Kvsc3.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> LotusHlp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> mppds.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> MsIMMs32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> msosdohs00.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> msosmhfp00.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> PTSShell.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.463
  --> sfnqpewv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
产物中有2个没有反应。

显示全部楼层 · 发表于 2008-3-9 14:07:09

antivir v8漏1个
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\sta'
C:\Documents and Settings\Administrator\My Documents\sta\
  a1.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48017e9d.qua'!
  a12.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48057e9d.qua'!
  a16.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was moved to '48097e9d.qua'!
  a6.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48017ea2.qua'!
  AVPSrv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48237ec2.qua'!
  AVPSrv.exE
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49b1353b.qua'!
  cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48377ed9.qua'!
  cmdbcs.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49a53522.qua'!
  DbgHlp32.dlL
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '483a7ecf.qua'!
  DbgHlp32.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49a83528.qua'!
  jaqfsvhx.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '48447ece.qua'!
  Kvsc3.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48467ee3.qua'!
  Kvsc3.exE
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49d4351c.qua'!
  LotusHlp.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48477edc.qua'!
  LotusHlp.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49d53525.qua'!
  mppds.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48437edd.qua'!
  mppds.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49d13526.qua'!
  MsIMMs32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '481c7ee0.qua'!
  MsIMMs32.exE
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '498e3519.qua'!
  msosdohs00.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was moved to '48427ee0.qua'!
  msosfpids32.sys
  msosmhfp00.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was moved to '49d03519.qua'!
  PTSShell.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.463
   [NOTE]    The file was moved to '48267ec1.qua'!
  PTSShell.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.463
         [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was moved to '49b4353a.qua'!
  sfnqpewv.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48417ed3.qua'!
  SHAProc.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48147eb5.qua'!
  SHAProc.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '4986354e.qua'!
  sta.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
   [NOTE]    The file was moved to '48347ee1.qua'!
  upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Onlinegames.rxt
   [NOTE]    The file was moved to '484b7edd.qua'!
  upxdnd.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Onlinegames.rxt
   [NOTE]    The file was moved to '49d93526.qua'!
  WSockDrv32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48427ec0.qua'!
  WSockDrv32.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was moved to '49d03539.qua'!

End of the scan: 2008年3月8日  22:06
Used time: 00:07 min

The scan has been done completely.

   1 Scanning directories
   32 Files were scanned
   15 viruses and/or unwanted programs were found
   16 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   31 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   17 Files not concerned
   0 Archives were scanned
   1 Warnings
   31 Notes

[病毒样本] 下载者及产物32个

本帖子中包含更多资源

30个

miss 1

miss 1

费尔报22个

本帖子中包含更多资源