53个

显示全部楼层 · 发表于 2008-3-30 15:14:47

包中down.exe读取http://www.sxdz99.com/xzdz.txt
down.exe老worm免杀加壳成新货
难得24.exe上兴和onlinegame搭一块

[5]
20080313 http://www.sxdz99.com/mm/1.exe
20080313 http://www.sxdz99.com/mm/2.exe
20080313 http://www.sxdz99.com/mm/3.exe
20080313 http://www.sxdz99.com/mm/4.exe
20080313 http://www.sxdz99.com/mm/5.exe
20080313 http://www.sxdz99.com/mm/6.exe
20080313 http://www.sxdz99.com/mm/7.exe
20080313 http://www.sxdz99.com/mm/8.exe
20080313 http://www.sxdz99.com/mm/9.exe
20080313 http://www.sxdz99.com/mm/10.exe
20080313 http://www.sxdz99.com/mm/11.exe
20080313 http://www.sxdz99.com/mm/12.exe
20080313 http://www.sxdz99.com/mm/13.exe
20080313 http://www.sxdz99.com/mm/14.exe
20080313 http://www.sxdz99.com/mm/15.exe
20080313 http://www.sxdz99.com/mm/16.exe
20080313 http://www.sxdz99.com/mm/17.exe
20080313 http://www.sxdz99.com/mm/18.exe
20080313 http://www.sxdz99.com/mm/19.exe
20080313 http://www.sxdz99.com/mm/20.exe
20080313 http://www.sxdz99.com/mm/21.exe
20080313 http://www.sxdz99.com/mm/22.exe
20080313 http://www.sxdz99.com/mm/23.exe
20080313 http://www.sxdz99.com/mm/24.exe
20080313 http://www.sxdz99.com/mm/25.exe

复制代码

[ 本帖最后由 promised 于 2008-3-30 15:21 编辑 ]

显示全部楼层 · 发表于 2008-3-30 15:15:14

C:\ABC\样本1.rar:\SHAProc.dat - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\样本1.rar:\1.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\2.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\样本1.rar:\3.exe - 可疑代码段被发现 (Level: 5)
C:\ABC\样本1.rar:\4.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\5.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\6.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\7.exe - 可疑代码段被发现 (Level: 5)
C:\ABC\样本1.rar:\8.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\9.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.ssq' 被发现
C:\ABC\样本1.rar:\10.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\11.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.ssq' 被发现
C:\ABC\样本1.rar:\12.exe - 特征码 'Trojan-Downloader.6165' 被发现
C:\ABC\样本1.rar:\13.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\14.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
C:\ABC\样本1.rar:\15.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\样本1.rar:\16.exe - 特征码 'Trojan-Spy.Win32.Agent.hz' 被发现
C:\ABC\样本1.rar:\17.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
C:\ABC\样本1.rar:\18.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
C:\ABC\样本1.rar:\19.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\20.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\21.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.tzz' 被发现
C:\ABC\样本1.rar:\22.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.ssq' 被发现
C:\ABC\样本1.rar:\23.exe - 特征码 'Trojan-Spy.Win32.Delf.PD' 被发现
C:\ABC\样本1.rar:\24.exe - 特征码 'Generic.Graybird' 被发现
C:\ABC\样本1.rar:\25.exe - 特征码 'Trojan.Crypt.XDR' 被发现
C:\ABC\样本1.rar:\WinSys8v.Sys - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\样本1.rar:\kk.sys - 特征码 'Virus.Win32.Agent.RHN' 被发现
C:\ABC\样本1.rar:\login.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\样本1.rar:\ayBAIBAI1052.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayCBDCBD1044.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayDABDAB1055.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayEZZEZZ1040.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayFKKFKK1054.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayHADHAD1057.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayIIEIIE1042.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayJHVJHV1013.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayKAEKAE1054.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayLABLAB1043.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayNNBNNB1044.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayRABRAB1014.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\aySADSAD1030.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayVUFVUF1009.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\ayVWHVWH1024.dll - 特征码 'Trojan-PWS.Win32.Small.br' 被发现
C:\ABC\样本1.rar:\DbgHlp32.dlL - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\样本1.rar:\KK.dll
C:\ABC\样本1.rar:\msosdohs00.dll - 特征码 'Generic.PWS.Games.3' 被发现
C:\ABC\样本1.rar:\msosfmsq00.dll - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\样本1.rar:\msosmhfp00.dll - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\样本1.rar:\msosmytq00.dll - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\样本1.rar:\PTSShell.dll - 特征码 'Trojan-PWS.OnlineGames.NSR' 被发现
C:\ABC\样本1.rar:\down.exe - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\样本1.rar:\~xvid687.exe - 特征码 'Worm.Win32.Downloader.am' 被发现
C:\ABC\样本1.rar

显示全部楼层 · 发表于 2008-3-30 15:17:20

[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\1.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\2.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\3.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\4.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\5.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\6.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\7.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\8.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\9.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\10.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\11.exe->exefile->(UPack)
[Found security risk] <W32/AutoRun.D.gen!Eldorado (not disinfectable, generic)> c:\test\样本1\12.exe->(UPX)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\13.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\14.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\15.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\16.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\17.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\18.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\19.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\20.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\21.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\22.exe->exefile->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\23.exe->(UPack)
[Found downloader] <W32/Downloader.C.gen!Eldorado (not disinfectable, generic)> c:\test\样本1\24.exe->(UPX)
[Found possible virus] <W32/Threat-IKNP-based!Maximus> c:\test\样本1\25.exe->(NSPack)->(PE_Patch)
[Found virus] <W32/InfoStealer!Generic> c:\test\样本1\WinSys8v.Sys
[Found possible security risk] <W32/Heuristic-162!Eldorado (not disinfectable)> c:\test\样本1\kk.sys->(Klone.AF)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\login.exe->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayBAIBAI1052.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayCBDCBD1044.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayDABDAB1055.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayEZZEZZ1040.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayFKKFKK1054.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayHADHAD1057.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayIIEIIE1042.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayJHVJHV1013.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayKAEKAE1054.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayLABLAB1043.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayNNBNNB1044.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayRABRAB1014.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\aySADSAD1030.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayVUFVUF1009.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\ayVWHVWH1024.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\msosdohs00.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\msosfmsq00.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\msosmhfp00.dll->(UPack)
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\msosmytq00.dll->(UPack)
[Found possible security risk] <W32/Heuristic-KPP!Eldorado (not disinfectable)> c:\test\样本1\PTSShell.dll
[Found possible security risk] <W32/Heuristic-162!Eldorado (damaged, not disinfectable)> c:\test\样本1\down.exe->(UPack)

显示全部楼层 · 发表于 2008-3-30 15:18:27

费尔 52

E:\病毒\样本1\1.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\10.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\11.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\12.exe Trojan.Delf.nz.pfnn 木马还未处理
E:\病毒\样本1\13.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\14.exe TrojanPSW.OnLineGames.rri.fccq 木马还未处理
E:\病毒\样本1\15.exe W32.Viking.k 病毒还未处理
E:\病毒\样本1\16.exe W32.Viking.k 病毒还未处理
E:\病毒\样本1\17.exe TrojanPSW.OnLineGames.rri.fccq 木马还未处理
E:\病毒\样本1\18.exe TrojanPSW.OnLineGames.rri.fccq 木马还未处理
E:\病毒\样本1\19.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\2.exe W32.Viking.k 病毒还未处理
E:\病毒\样本1\20.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\21.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\22.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\23.exe TrojanPSW.OnLineGames.rri.fccq 木马还未处理
E:\病毒\样本1\24.exe Packed.UPX.a 带壳程序还未处理
E:\病毒\样本1\25.exe Packed.NSPack.a 带壳程序还未处理
E:\病毒\样本1\3.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\4.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\5.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\6.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\7.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\8.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\9.exe W32.Warezov.p 病毒还未处理
E:\病毒\样本1\ayBAIBAI1052.dll TrojanPSW.GameOL.mqh.kclb.dll 木马还未处理
E:\病毒\样本1\ayCBDCBD1044.dll PWSteal.OnlineGames.aa.xcyu.dll 木马还未处理
E:\病毒\样本1\ayDABDAB1055.dll PWSteal.OnlineGames.aa.fpaq.dll 木马还未处理
E:\病毒\样本1\ayEZZEZZ1040.dll TrojanPSW.GameOL.mqh.dyhc.dll 木马还未处理
E:\病毒\样本1\ayFKKFKK1054.dll PWSteal.OnlineGames.aa.dpjp.dll 木马还未处理
E:\病毒\样本1\ayHADHAD1057.dll TrojanPSW.GameOL.mqh.dbar.dll 木马还未处理
E:\病毒\样本1\ayKAEKAE1054.dll TrojanPSW.GameOL.mpu.gqnj.dll 木马还未处理
E:\病毒\样本1\ayLABLAB1043.dll TrojanPSW.GameOL.mmv.dgci.dll 木马还未处理
E:\病毒\样本1\ayNNBNNB1044.dll PWSteal.OnlineGames.aa.aonn.dll 木马还未处理
E:\病毒\样本1\ayRABRAB1014.dll TrojanPSW.GameOL.mmi.uohe.dll 木马还未处理
E:\病毒\样本1\aySADSAD1030.dll TrojanPSW.GamesOnline.rt.mhtr.dll 木马还未处理
E:\病毒\样本1\ayVUFVUF1009.dll TrojanPSW.SunGame.l.koow.dll 木马还未处理
E:\病毒\样本1\ayVWHVWH1024.dll TrojanPSW.GameOL.mqh.fkuo.dll 木马还未处理
E:\病毒\样本1\DbgHlp32.dlL TrojanPSW.SO2Online.bl.bqbv.dll 木马还未处理
E:\病毒\样本1\down.exe TrojanDownloader.Nurech.bd.bmqk 木马还未处理
E:\病毒\样本1\kk.sys RootKit.Mnless.dq.loyw 木马还未处理
E:\病毒\样本1\login.exe Heuri.Suspicious.ERNM 启发式扫描还未处理
E:\病毒\样本1\msosdohs00.dll TrojanPSW.Agent.aet.odgt.dll 木马还未处理
E:\病毒\样本1\msosfmsq00.dll TrojanPSW.OnLineGames.yij.xsyp.dll 木马还未处理
E:\病毒\样本1\msosmhfp00.dll TrojanPSW.GameOL.mrk.nbbi.dll 木马还未处理
E:\病毒\样本1\msosmytq00.dll TrojanPSW.GameOL.msj.grzo.dll 木马还未处理
E:\病毒\样本1\PTSShell.dll TrojanPSW.OnLineGames.wje.puak.dll 木马还未处理
E:\病毒\样本1\SHAProc.dat TrojanPSW.GameOL.mrs.kmuj.dll 木马还未处理
E:\病毒\样本1\WinSys8v.Sys TrojanPSW.QQPass.zfa.guru.dll 木马还未处理
E:\病毒\样本1\~xvid687.exe>>emb-1.exe Worm.Downloader.fh.opfx 木马还未处理
E:\病毒\样本1\~xvid687.exe>>emb-3.exe Worm.Downloader.fi.zpkq 木马还未处理
E:\病毒\样本1\~xvid687.exe>>emb-4.exe Worm.Downloader.cq.edzs 木马还未处理

显示全部楼层 · 发表于 2008-3-30 15:18:41

Starting the file scan:

Begin scan in 'D:\样本1.rar'
D:\样本1.rar
  [0] Archive type: RAR
  --> SHAProc.dat
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12355
  --> 2.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 3.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.13350
  --> 4.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11688
  --> 5.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12137
  --> 6.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12570
  --> 7.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.13181
  --> 8.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11935
  --> 9.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12703
  --> 10.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12050
  --> 11.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
  --> 12.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.36
  --> 13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wkm.1
  --> 14.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.19952
  --> 15.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 16.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 17.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 18.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 19.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11603
  --> 20.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
  --> 21.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.570
  --> 22.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12107
  --> 23.exe
   [DETECTION] Is the Trojan horse TR/PSW.Online.wpc.2
  --> 24.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
  --> 25.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
  --> WinSys8v.Sys
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.36
  --> login.exe
   [DETECTION] Is the Trojan horse TR/Agent.95212
  --> ayBAIBAI1052.dll
   [DETECTION] Is the Trojan horse TR/Agent.7708
  --> ayCBDCBD1044.dll
   [DETECTION] Is the Trojan horse TR/Agent.7451
  --> ayDABDAB1055.dll
   [DETECTION] Is the Trojan horse TR/Agent.7602
  --> ayEZZEZZ1040.dll
   [DETECTION] Is the Trojan horse TR/Agent.7809
  --> ayFKKFKK1054.dll
   [DETECTION] Is the Trojan horse TR/Agent.7229.2
  --> ayHADHAD1057.dll
   [DETECTION] Is the Trojan horse TR/Agent.7211.1
  --> ayIIEIIE1042.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> ayJHVJHV1013.dll
   [DETECTION] Is the Trojan horse TR/Agent.8450
  --> ayKAEKAE1054.dll
   [DETECTION] Is the Trojan horse TR/Agent.7150
  --> ayLABLAB1043.dll
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
  --> ayNNBNNB1044.dll
   [DETECTION] Is the Trojan horse TR/Agent.7035
  --> ayRABRAB1014.dll
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
  --> aySADSAD1030.dll
   [DETECTION] Is the Trojan horse TR/Agent.7666
  --> ayVUFVUF1009.dll
   [DETECTION] Is the Trojan horse TR/Agent.6788
  --> ayVWHVWH1024.dll
   [DETECTION] Is the Trojan horse TR/Agent.8281
  --> DbgHlp32.dlL
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> KK.dll
   [DETECTION] Contains suspicious code HEUR/Malware
  --> msosdohs00.dll
   [DETECTION] Is the Trojan horse TR/PSW.Online.wpc.2
  --> msosfmsq00.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> msosmhfp00.dll
   [DETECTION] Is the Trojan horse TR/Drop.Agent.19952
  --> msosmytq00.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> PTSShell.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> down.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
  --> ~xvid687.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [INFO]    The file was deleted!

End of the scan: 2008年3月30日  15:20
Used time: 00:28 min

The scan has been done completely.

   0 Scanning directories
   54 Files were scanned
   50 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-3-30 15:20:28

在剑盟看到了

显示全部楼层 · 发表于 2008-3-30 15:21:02

C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » SHAProc.dat - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 1.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 2.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 3.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 4.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 5.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 6.exe - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 7.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 8.exe - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 9.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 10.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 11.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 12.exe - Win32/PSW.QQPass.BMD trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 13.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 14.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 15.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 16.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 17.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 18.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 19.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 20.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 21.exe - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 22.exe - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 23.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » 24.exe - probably a variant of Win32/Hupigon trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » WinSys8v.Sys - Win32/PSW.QQPass.NCZ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayBAIBAI1052.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayCBDCBD1044.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayDABDAB1055.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayEZZEZZ1040.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayFKKFKK1054.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayHADHAD1057.dll - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayIIEIIE1042.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayJHVJHV1013.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayKAEKAE1054.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayLABLAB1043.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayNNBNNB1044.dll - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayRABRAB1014.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » aySADSAD1030.dll - Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayVUFVUF1009.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ayVWHVWH1024.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » DbgHlp32.dlL - probably a variant of Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » msosdohs00.dll - Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » msosfmsq00.dll - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » msosmhfp00.dll - a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » msosmytq00.dll - a variant of Win32/PSW.OnLineGames.NMQ trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » PTSShell.dll - a variant of Win32/PSW.OnLineGames.HCV trojan
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » down.exe - a variant of Win32/Jalous worm
C:\Documents and Settings\Don johnson\桌面\样本1.rar » RAR » ~xvid687.exe - a variant of Win32/Jalous worm

显示全部楼层 · 发表于 2008-3-30 15:21:15

antivir v8漏掉2个。。

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\样本1'
C:\Documents and Settings\Administrator\My Documents\样本1\
  1.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12355
   [NOTE]    The file was deleted!
  10.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12050
   [NOTE]    The file was deleted!
  11.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
   [NOTE]    The file was deleted!
  12.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.36
         [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!
  13.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wkm.1
   [NOTE]    The file was deleted!
  14.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
            [DETECTION] Is the Trojan horse TR/Drop.Agent.19952
            [WARNING] Infected files in archives cannot be repaired!
      --> Object
   [NOTE]    The file was deleted!
  15.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
  16.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
  17.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '481d4d82.qua'!
  18.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '481d4d83.qua'!
  19.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11603
   [NOTE]    The file was deleted!
  2.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
  20.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
   [NOTE]    The file was deleted!
  21.exe
   [DETECTION] Is the Trojan horse TR/Hook.Shell.570
   [NOTE]    The file was deleted!
  22.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12107
   [NOTE]    The file was deleted!
  23.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/PSW.Online.wpc.2
   [NOTE]    The file was deleted!
  24.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [NOTE]    The file was deleted!
  25.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  3.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.13350
   [NOTE]    The file was deleted!
  4.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11688
   [NOTE]    The file was deleted!
  5.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12137
   [NOTE]    The file was deleted!
  6.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12570
   [NOTE]    The file was deleted!
  7.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.13181
   [NOTE]    The file was deleted!
  8.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.11935
   [NOTE]    The file was deleted!
  9.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12703
   [NOTE]    The file was deleted!
  ayBAIBAI1052.dll
   [DETECTION] Is the Trojan horse TR/Agent.7708
   [NOTE]    The file was deleted!
  ayCBDCBD1044.dll
   [DETECTION] Is the Trojan horse TR/Agent.7451
   [NOTE]    The file was deleted!
  ayDABDAB1055.dll
   [DETECTION] Is the Trojan horse TR/Agent.7602
   [NOTE]    The file was deleted!
  ayEZZEZZ1040.dll
   [DETECTION] Is the Trojan horse TR/Agent.7809
   [NOTE]    The file was deleted!
  ayFKKFKK1054.dll
   [DETECTION] Is the Trojan horse TR/Agent.7229.2
   [NOTE]    The file was deleted!
  ayHADHAD1057.dll
   [DETECTION] Is the Trojan horse TR/Agent.7211.1
   [NOTE]    The file was deleted!
  ayIIEIIE1042.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  ayJHVJHV1013.dll
   [DETECTION] Is the Trojan horse TR/Agent.8450
   [NOTE]    The file was deleted!
  ayKAEKAE1054.dll
   [DETECTION] Is the Trojan horse TR/Agent.7150
   [NOTE]    The file was deleted!
  ayLABLAB1043.dll
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
   [NOTE]    The file was deleted!
  ayNNBNNB1044.dll
   [DETECTION] Is the Trojan horse TR/Agent.7035
   [NOTE]    The file was deleted!
  ayRABRAB1014.dll
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Drop.Agent.jue.1
   [NOTE]    The file was deleted!
  aySADSAD1030.dll
   [DETECTION] Is the Trojan horse TR/Agent.7666
   [NOTE]    The file was deleted!
  ayVUFVUF1009.dll
   [DETECTION] Is the Trojan horse TR/Agent.6788
   [NOTE]    The file was deleted!
  ayVWHVWH1024.dll
   [DETECTION] Is the Trojan horse TR/Agent.8281
   [NOTE]    The file was deleted!
  DbgHlp32.dlL
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48564dae.qua'!
  down.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [NOTE]    The file was deleted!
  KK.dll
  kk.sys
  login.exe
   [DETECTION] Is the Trojan horse TR/Agent.95212
   [NOTE]    The file was deleted!
  msosdohs00.dll
   [DETECTION] Is the Trojan horse TR/PSW.Online.wpc.2
   [NOTE]    The file was deleted!
  msosfmsq00.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  msosmhfp00.dll
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Drop.Agent.19952
   [NOTE]    The file was deleted!
  msosmytq00.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  PTSShell.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48424da0.qua'!
  SHAProc.dat
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48304d94.qua'!
  WinSys8v.Sys
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.36
   [NOTE]    The file was deleted!
  ~xvid687.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
   [NOTE]    The file was deleted!

End of the scan: 2008年3月30日  00:20
Used time: 00:05 min

The scan has been done completely.

   1 Scanning directories
   53 Files were scanned
   43 viruses and/or unwanted programs were found
   8 Files were classified as suspicious:
   46 files were deleted
   0 files were repaired
   5 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   0 Archives were scanned
   2 Warnings
   51 Notes

显示全部楼层 · 发表于 2008-3-30 15:24:07

卡巴只有43个，汗！！！

显示全部楼层 · 发表于 2008-3-30 15:31:09

时间处理结果木马名称木马进程名木马文件创建者
2008-03-30 15:30:47 处理成功 Worm.Win32.Downloader.xq C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\DOWN.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-30 15:30:47 处理成功 Trojan-PSW.Win32.OLGame.xth C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MSOSMYTQ00.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-30 15:30:47 处理成功 Trojan-PSW.Win32.OLGame.xtg C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MSOSMHFP00.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-30 15:30:47 延时删除 Trojan-PSW.Win32.OLGame.xtf C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\MSOSDOHS00.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-03-30 15:30:46 处理成功 Trojan-PSW.Win32.OLGame.ovd C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\AYLABLAB1043.DLL C:\PROGRAM FILES\WINRAR\WINRAR.EXE

[病毒样本] 53个

本帖子中包含更多资源

miss 1

49

52

49，其余的TO EVL

Micropoint