[病毒样本] 24

显示全部楼层 · 发表于 2008-3-26 12:02:53

已隔離: 病毒 Heur.Downloader (修改)       檔案: C:\Documents and Settings\kato9096\獢\銴ˊ (2) -??????雿?rar/璉格????拍?擐株???EXE
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.VB.dmd       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪銴ˊ -popo.rar/popo.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.wjm       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪5.exe3//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.usl       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪1.exe3//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.weh       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪2.exe2//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.wek       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪3.exe3//UPack//PE_Patch
已隔離: 病毒 Heur.Trojan.Generic (修改)       檔案: C:\Documents and Settings\kato9096\獢\??????雿脪4.exe3//UPack
已刪除: 病毒 IM-Worm.Win32.VB.as       檔案: C:\Documents and Settings\kato9096\獢\銴ˊ -?啣遣?辣憭?rar/?磰???璅糭dc.exe
已刪除: 病毒 IM-Worm.Win32.VB.as       檔案: C:\Documents and Settings\kato9096\獢\銴ˊ -?啣遣?辣憭?rar/?磰???璅糭Fun.exe
已刪除: 病毒 IM-Worm.Win32.VB.as       檔案: C:\Documents and Settings\kato9096\獢\銴ˊ -?啣遣?辣憭?rar/?磰???璅糭SVIQ.EXE
已偵測: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.whc       檔案: C:\Documents and Settings\kato9096\獢\FBgua\?芸?漣+FB??exe//FSG//#//UPX

报十一个,最后一个删除不到??

3.rar的三个是使用資料夾图标的exe

不报的已上报卡巴

Hello,

##.shs2, btwdins.exe_, CDAC15BA.SYS, klif.sys, klogon.dll, nvrszhc.dll, nvshell.dll, pfc.sys, RarExt.dll, rpshell.dll, sisidex.sys, sisperf.sys, spoolsv.exe_

No malicious code were found in these files.

5.exe_ - Trojan-PSW.Win32.OnLineGames.yoe

This file is already detected. Please update your antivirus bases.

a.exe_ - Trojan-Downloader.Win32.Delf.gfd

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Yury Nesmachny
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-3-30 16:40 编辑 ]

显示全部楼层 · 发表于 2008-3-26 12:07:58

Begin scan in 'F:\Virus\24.rar'
F:\Virus\24.rar
  [0] Archive type: RAR
--> a.rar
   [1] Archive type: RAR
   --> a.EXE2
      [DETECTION] Contains suspicious code HEUR/Malware
--> popo.rar
   [1] Archive type: RAR
   --> popo.exe0
      [DETECTION] Is the Trojan horse TR/Dldr.VB.VOV
--> 6.rar
   [1] Archive type: RAR
   --> 3.exe3
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.641
   --> 4.exe3
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
   --> 5.exe3
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.637
   --> 1.exe3
      [DETECTION] Is the Trojan horse TR/Onlinegames.usl
   --> 2.exe2
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
--> 3.rar
   [1] Archive type: RAR
   --> 3\dc.exe3
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.54
   --> 3\Fun.exe3
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.54
   --> 3\SVIQ.EXE3
      [DETECTION] Contains detection pattern of the worm WORM/VB.AS.54
--> FBgua.rar
   [1] Archive type: RAR
   --> FBgua\5.exe4
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.QZJ.17
   [INFO]    The file was deleted!

End of the scan: 2008年3月26日  12:16
Used time: 00:11 min

The scan has been done completely.

   0 Scanning directories
   34 Files were scanned
   10 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   24 Files not concerned
   10 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-26 12:09:30

C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » a.rar » RAR » a.EXE2 - probably a variant of Win32/Mypis.X virus
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 6.rar » RAR » 3.exe3 - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 6.rar » RAR » 4.exe3 - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 6.rar » RAR » 5.exe3 - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 6.rar » RAR » 1.exe3 - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 6.rar » RAR » 2.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 3.rar » RAR » 3\dc.exe3 - a variant of Win32/VB.NJO worm
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 3.rar » RAR » 3\Fun.exe3 - a variant of Win32/VB.NJO worm
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » 3.rar » RAR » 3\SVIQ.EXE3 - a variant of Win32/VB.NJO worm
C:\Documents and Settings\Don johnson\桌面\24.rar » RAR » FBgua.rar » RAR » FBgua\5.exe4 - a variant of Win32/PSW.OnLineGames.NMN trojan

显示全部楼层 · 发表于 2008-3-26 12:13:58

2008-3-26 12:13:20 未采取操作 EKINCHENG D:\Documents and Settings\EKINCHENG\桌面\24.rar\3.RAR\DC.EXE3 Generic.dx(特洛伊)
2008-3-26 12:13:23 未采取操作 EKINCHENG D:\Documents and Settings\EKINCHENG\桌面\24.rar\3.RAR\FUN.EXE3 Generic.dx(特洛伊)
2008-3-26 12:13:23 未采取操作 EKINCHENG D:\Documents and Settings\EKINCHENG\桌面\24.rar\3.RAR\SVIQ.EXE3 Generic.dx(特洛伊)
2008-3-26 12:13:23 未采取操作 EKINCHENG D:\Documents and Settings\EKINCHENG\桌面\24.rar\FBGUA.RAR\5.EXE4\5.EXE4\00006200.EXE\00006200.EXE PWS-OnlineGames.ae(特洛伊)
2008-3-26 12:13:23 扫描摘要 EKIN\EKINCHENG 扫描摘要

显示全部楼层 · 发表于 2008-3-26 12:21:43

信息 2008-03-26  12:21:34 您此次查毒清除了9个病毒
信息 2008-03-26  12:21:34 您此次查毒共查出9个病毒以及危险代码
信息 2008-03-26  12:21:34 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件42个
信息 2008-03-26  12:21:34 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-03-26  12:21:34 D:\Desktop\24.rar\FBgua.rar\FBgua\5.exe4 Win32.PSWTroj.OnLineGames.81969 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\3.rar\3\SVIQ.EXE3 Worm.VB.as.65536 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\3.rar\3\Fun.exe3 Worm.VB.as.65536 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\3.rar\3\dc.exe3 Worm.VB.as.65536 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\6.rar\2.exe2 Win32.Troj.OnlineGamesT.e.94315 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\6.rar\1.exe3 Win32.Troj.OnlineGameT.lf.94208 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\6.rar\5.exe3 Win32.Troj.OnlineGamesT.e.94315 清除成功
病毒 2008-03-26  12:21:33 D:\Desktop\24.rar\6.rar\3.exe3 Win32.Troj.OnlineGamesT.ee.94208 清除成功
病毒 2008-03-26  12:21:32 D:\Desktop\24.rar\a.rar\a.EXE2 Win32.LwyLoadT.j.28802 清除成功

显示全部楼层 · 发表于 2008-3-26 12:26:36

[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\24.rar->6.rar->3.exe3->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\24.rar->6.rar->4.exe3->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\24.rar->6.rar->5.exe3->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\24.rar->6.rar->1.exe3->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\24.rar->6.rar->2.exe2->(UPack)
[Found worm] <W32/WormX.AS (exact, not disinfectable)> c:\test\24.rar->3.rar->3\dc.exe3
[Found worm] <W32/WormX.AS (exact, not disinfectable)> c:\test\24.rar->3.rar->3\Fun.exe3
[Found worm] <W32/WormX.AS (exact, not disinfectable)> c:\test\24.rar->3.rar->3\SVIQ.EXE3
[Found password stealer] <W32/BankerP.FJ (exact, not disinfectable)> c:\test\24.rar->FBgua.rar->FBgua\5.exe4->(embedded)

显示全部楼层 · 发表于 2008-3-26 12:51:07

E:\VIRUS\24(2).rar>>popo.rar>>popo.exe0 TrojanDownloader.VB.inm.sbzl 木马还未处理
E:\VIRUS\24(2).rar>>6.rar>>3.exe3 W32.Viking.k 病毒还未处理
E:\VIRUS\24(2).rar>>6.rar>>4.exe3 W32.Viking.k 病毒还未处理
E:\VIRUS\24(2).rar>>6.rar>>5.exe3 W32.Viking.k 病毒还未处理
E:\VIRUS\24(2).rar>>6.rar>>1.exe3 TrojanDownloader.Nurech.bd.bmqk 木马还未处理
E:\VIRUS\24(2).rar>>6.rar>>2.exe2 W32.Viking.k 病毒还未处理
E:\VIRUS\24(2).rar>>3.rar>>3\dc.exe3 IM.Worm.VB.as.rnjg 病毒还未处理
E:\VIRUS\24(2).rar>>3.rar>>3\Fun.exe3 IM.Worm.VB.as.rnjg 病毒还未处理
E:\VIRUS\24(2).rar>>3.rar>>3\SVIQ.EXE3 IM.Worm.VB.as.rnjg 病毒还未处理
E:\VIRUS\24(2).rar>>FBgua.rar>>FBgua\5.exe4 Heuri.Suspicious.ERNM 启发式扫描还未处理

显示全部楼层 · 发表于 2008-3-26 12:57:10

Virus check with AntiVirusKit
Version 17.0.7089
Virus signatures of 10/4/2008
Start time: 3/26/2008 12:55
Engine(s): Engine A (KAV 88.8888), Engine B (BD 88.8888)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Check file C:\Documents and Settings\\HERO\Test\24.rar
Object: popo.rar popo.exe0
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan-Downloader.Win32.VB.dmd (Engine A)
Object: 6.rar 3.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.wek (Engine A)
Object: 6.rar 5.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.wjm (Engine A)
Object: 6.rar 1.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.usl (Engine A)
Object: 6.rar 2.exe2
In archive: C:\Documents and Settings\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.weh (Engine A)
Object: 3.rar/3 dc.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: IM-Worm.Win32.VB.as (Engine A)
Object: 3.rar/3 Fun.exe3
In archive: C:\Documents and Settings\J\HERO\Test\24.rar
Status: Virus detected
Virus: IM-Worm.Win32.VB.as (Engine A)
Object: 3.rar/3 SVIQ.EXE3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: IM-Worm.Win32.VB.as (Engine A)
Object: a.rar a.EXE2
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Suspected virus
Virus: BehavesLike:Trojan.Downloader (Engine B)
Object: popo.rar popo.exe0
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan.Downloader.VB.VOV (Engine B)
Object: 6.rar 3.exe3
In archive: C:\Documents and Settings\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan.PWS.OnLineGames.NSR (Engine B)
Object: 6.rar 4.exe3
In archive: C:\Documents and Settings\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan.PWS.OnLineGames.NSR (Engine B)
Object: 6.rar 5.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Generic.PWS.Games.4.54CD0143 (Engine B)
Object: 6.rar 2.exe2
In archive: C:\Documents and Settings\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan.PWS.OnLineGames.NSR (Engine B)
Object: 3.rar 3\dc.exe3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Win32.Worm.IM.VB.AK (Engine B)
Object: 3.rar 3\Fun.exe3
In archive: C:\Documents and Settings\HERO\Test\24.rar
Status: Virus detected
Virus: Win32.Worm.IM.VB.AK (Engine B)
Object: 3.rar 3\SVIQ.EXE3
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Win32.Worm.IM.VB.AK (Engine B)
Object: FBgua.rar FBgua\5.exe4
In archive: C:\Documents and Settings\\HERO\Test\24.rar
Status: Virus detected
Virus: Trojan.PWS.OnLineGames.SSL (Engine B)
Object: 24.rar
Path: C:\Documents and Settings\\HERO\Test
Status: Virus detected
Virus: Trojan-Downloader.Win32.VB.dmd, Trojan-PSW.Win32.OnLineGames.wek, Trojan-PSW.Win32.OnLineGames.wjm, Trojan-PSW.Win32.OnLineGames.usl, Trojan-PSW.Win32.OnLineGames.weh, IM-Worm.Win32.VB.as (3x) (Engine A), BehavesLike:Trojan.Downloader, Trojan.Downloader.VB.VOV, Trojan.PWS.OnLineGames.NSR (3x), Generic.PWS.Games.4.54CD0143, Win32.Worm.IM.VB.AK (3x), Trojan.PWS.OnLineGames.SSL (Engine B)
Analysis complete: 3/26/2008 12:55
1 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2008-3-26 22:02:07

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Win32.Downloader.ac
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.mnp
病毒： Trojan.Clicker.Win32.VB.zws

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.37.22

显示全部楼层 · 发表于 2008-3-29 17:31:54

久未回复,卡巴叫我重发

[病毒样本] 24

本帖子中包含更多资源

9

44/9