老毒物，不更新！

显示全部楼层 · 发表于 2008-3-22 17:21:35

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： RootKit.Win32.Undef.dg
病毒： Trojan.PSW.Win32.OnlineGames.GEN
病毒： Trojan.PSW.Win32.GamesOnline.ro

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.36.50

显示全部楼层 · 发表于 2008-3-22 17:23:09

IK
I:\virus\March\22\virus.rar:\0bf.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\ad.cab\ad.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\ad.cab
I:\virus\March\22\virus.rar:\0014.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\0pps.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\0lz.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\0rl.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\ad1.cab\ad.exe - Signature 'Trojan-Downloader.Win32.Zlob.and' found
I:\virus\March\22\virus.rar:\ad1.cab
I:\virus\March\22\virus.rar:\new.cab\new.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\new.cab
I:\virus\March\22\virus.rar:\014s.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\rll.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar:\ogame.exe - Signature 'Packed.Win32.Klone.af' found
I:\virus\March\22\virus.rar

15 Files scanned
(1 Archiv with 14 files)
11 Signatures found
0 Suspect code-parts found
Used time: 0:00.062

显示全部楼层 · 发表于 2008-3-22 17:23:37

正在扫描日志
病毒库版本: 2967 (20080321)
日期: 2008-3-22 时间: 17:23:10
已扫描的磁盘、文件夹和文件: D:\常用\virus.rar
D:\常用\virus.rar > RAR > 0bf.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > ad.cab > CAB > ad.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > 0014.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > 0pps.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > 0lz.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > 0rl.exe - 可能是 Win32/TrojanDownloader.Agent.NWE 特洛伊木马的变种
D:\常用\virus.rar > RAR > ad1.cab > CAB > ad.exe - Win32/TrojanDownloader.Small.NZS 特洛伊木马
D:\常用\virus.rar > RAR > new.cab > CAB > new.exe - Win32/TrojanDownloader.Agent.NWE 特洛伊木马
D:\常用\virus.rar > RAR > 014s.exe - Win32/TrojanDownloader.Agent.NWE 特洛伊木马
D:\常用\virus.rar > RAR > rll.exe - Win32/TrojanDownloader.Agent.NWE 特洛伊木马
D:\常用\virus.rar > RAR > ogame.exe - Win32/TrojanDownloader.Agent.NWE 特洛伊木马
已扫描的对象数: 12
发现的威胁数: 11
完成时间: 17:23:12 总扫描时间: 2 秒 (00:00:02)

显示全部楼层 · 发表于 2008-3-22 17:23:46

Starting the file scan:

Begin scan in 'E:\AVIRA\virus.rar'
E:\AVIRA\virus.rar
  [0] Archive type: RAR
  --> 0bf.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> ad.cab
   [1] Archive type: CAB (Microsoft)
   --> ad.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> 0014.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> 0pps.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> 0lz.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
  --> 0rl.exe
   [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> ad1.cab
   [1] Archive type: CAB (Microsoft)
   --> ad.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
--> new.cab
   [1] Archive type: CAB (Microsoft)
   --> new.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> 014s.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> rll.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> ogame.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
   [INFO]    The file was deleted!

End of the scan: 2008年3月22日  17:24
Used time: 00:26 min

The scan has been done completely.

   0 Scanning directories
   15 Files were scanned
   11 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   4 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-22 17:23:52

C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 0bf.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » ad.cab » CAB » ad.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 0014.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 0pps.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 0lz.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 0rl.exe - probably a variant of Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » ad1.cab » CAB » ad.exe - Win32/TrojanDownloader.Small.NZS trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » new.cab » CAB » new.exe - Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » 014s.exe - Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » rll.exe - Win32/TrojanDownloader.Agent.NWE trojan
C:\Documents and Settings\Don johnson\桌面\virus.rar » RAR » ogame.exe - Win32/TrojanDownloader.Agent.NWE trojan

显示全部楼层 · 发表于 2008-3-22 17:25:16

Starting the file scan:

Begin scan in 'D:\常用\virus.rar'
D:\常用\virus.rar
  [0] Archive type: RAR
--> 0bf.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> ad.cab
   [1] Archive type: CAB (Microsoft)
   --> ad.exe
         [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> 0014.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> 0pps.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> 0lz.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> 0rl.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/HideProcess.B
--> ad1.cab
   [1] Archive type: CAB (Microsoft)
   --> ad.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
--> new.cab
   [1] Archive type: CAB (Microsoft)
   --> new.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> 014s.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> rll.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
  --> ogame.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.rxpi
   [NOTE]    The file was deleted!

End of the scan: 2008年3月22日  17:24
Used time: 00:09 min

The scan has been done completely.

   0 Scanning directories
   15 Files were scanned
   11 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   4 Archives were scanned
   0 Warnings
   1 Notes

呵呵

显示全部楼层 · 发表于 2008-3-22 17:27:36

E:\VIRUS\virus（22）.rar>>0bf.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>ad.cab>>ad.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>0014.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>0pps.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>0lz.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>0rl.exe TrojanPSW.OnLineGames.sea.adjb 木马还未处理
E:\VIRUS\virus（22）.rar>>ad1.cab>>ad.exe TrojanPSW.OnlineGames.GEN.gugq 木马还未处理
E:\VIRUS\virus（22）.rar>>new.cab>>new.exe TrojanPSW.OnLineGames.rxpi.urex 木马还未处理
E:\VIRUS\virus（22）.rar>>014s.exe TrojanPSW.OnLineGames.rxpi.urex 木马还未处理
E:\VIRUS\virus（22）.rar>>rll.exe TrojanPSW.OnLineGames.rxpi.urex 木马还未处理
E:\VIRUS\virus（22）.rar>>ogame.exe TrojanPSW.OnLineGames.rxpi.urex 木马还未处理

显示全部楼层 · 发表于 2008-3-22 17:33:36

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2008-3-21, 5:02

Scan name: virus scan
Path to scan: C:\virus\08-03-22\|

Thorough scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2008-3-22, 17:33:23
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->0bf.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->ad.cab->ad.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->0014.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->0pps.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->0lz.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->0rl.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->ad1.cab->ad.exe->(UPack)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->new.cab->new.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->014s.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->rll.exe->(NSPack)->(PE_Patch)
[Found possible security risk] <W32/Heuristic-114!Eldorado (damaged, not disinfectable)> C:\virus\08-03-22\virus.rar->ogame.exe->(NSPack)->(PE_Patch)

---------------------------------------------------------------------
Scan ended: 2008-3-22, 17:33:42
Duration: 0:00:18

Scan result:

Scanned files:    6
Infected objects:    11
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-3-22 18:08:31

11
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/0bf.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/ad.cab/ad.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/0014.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/0pps.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/0lz.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.sea File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/0rl.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.ppu File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/ad1.cab/ad.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rxpi File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/new.cab/new.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rxpi File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/014s.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rxpi File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/rll.exe//NSPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.rxpi File: C:\Documents and Settings\Administrator\×ÀÃæ\virus.rar/ogame.exe//NSPack

显示全部楼层 · 发表于 2008-3-22 18:59:07

3月22日eTrust EZ Antivirus扫15个报14个，哈哈蛤，我要看看CA究竟适合国情不。

[病毒样本] 老毒物，不更新！

本帖子中包含更多资源

11