顽固型木马

显示全部楼层 · 发表于 2008-4-16 10:54:45

EAV
D:\新建文件夹 (2)\system.part01.rar > RAR > system\cwebpage.dll - Win32/Adware.NewWeb 应用程序

显示全部楼层 · 发表于 2008-4-16 10:57:53

病毒释放去的东东~~

有磁碟机的味道~~

太毒了，能把大多数的杀毒软件和反黑软件干掉~~~
所以偶设了权限？

显示全部楼层 · 发表于 2008-4-16 11:00:29

病毒释放去的东东~~

有磁碟机的味道~~

太毒了，能把大多数的杀毒软件和反黑软件干掉~~~
所以偶设了权限？

显示全部楼层 · 发表于 2008-4-16 11:02:24

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\system'
E:\新建文件夹 (2)\system\cwebpage.dll
   [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Newweb.BF
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\yzwvhp17.dll
   [DETECTION] Is the Trojan horse TR/Agent.imc
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ickpqn54.dll
   [DETECTION] Is the Trojan horse TR/Agent.imc
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\dfqpnq31.dll
   [DETECTION] Is the Trojan horse TR/Agent.imc
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\newtn.dll
   [DETECTION] Is the Trojan horse TR/BHO.Soshelp
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\wdg.dll
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '486c6d0a.qua'!
E:\新建文件夹 (2)\system\msword.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '487c6d19.qua'!
E:\新建文件夹 (2)\system\Extensionsk.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.NAC
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\mseval.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '486a6d19.qua'!
E:\新建文件夹 (2)\system\u23.exe
   [DETECTION] Contains detection pattern of the dropper DR/BHO.alh.30
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\zdwhwq.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.11
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\pjfzuf.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\pydkxv.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.8
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\qqxyd.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ttVUFVUF1011.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.yip.19
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ttQACQAC1035.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ayFKKFKK1055.exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12134
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\cafjey.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xnu
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ttNNBNNB1047.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.zfe
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ttEZZEZZ1046.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ZFE.3
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\tofsyy.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\WSockDrv32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\mfchlp32.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.18
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\qqxyd.dll
   [DETECTION] Is the Trojan horse TR/PSW.Agent.afw.1
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\wcheck.dll
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\Windows201.exe
   [DETECTION] Contains detection pattern of the dropper DR/Dldr.Delf.OCE.55
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ad_2516.exe
   [DETECTION] Contains detection pattern of the dropper DR/Boran.EL.12
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\url1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\url2.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\g23.exe
   [DETECTION] Contains detection pattern of the dropper DR/Drop.Agent.qkj
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\mycc32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Pophot.acw.1
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\Transfer Sebvice.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\dlbar.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48676d15.qua'!
E:\新建文件夹 (2)\system\sysloader.dll
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\DbgHlp32.dlL
   [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\SHAProc.dat
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xnu
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\cvshost.exe
   [DETECTION] Is the Trojan horse TR/Click.Small.UB
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\jjyjhbid.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.12
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\fmsbbqi.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\kavell.sys
   [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.WV.1
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\PTSShell.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\ssdtdt.sys
   [DETECTION] Is the Trojan horse TR/Click.Agent.ZV
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\AVPSrv.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\LotusHlp.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\upxdnd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\tciocp32.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\cmdbcs.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.7
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\system\msccrt.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年4月16日  11:04
Used time: 00:20 min

The scan has been done completely.

   1 Scanning directories
   91 Files were scanned
   43 viruses and/or unwanted programs were found
   5 Files were classified as suspicious:
   44 files were deleted
   0 files were repaired
   4 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   48 Files not concerned
   0 Archives were scanned
   0 Warnings
   48 Notes

3820143  1Pcm70k.dll  1.28 KB  CLEAN
3820144  52vip_yoyo1012.exe  168.24 KB  MALWARE
3820145  ActiveInfo.ini  298 Byte  CLEAN
3820146  BDGuard.DAT  1.43 KB  CLEAN
3820147  BDGuardS.DAT  7.72 KB  DAMAGED FILE (UNKNOWN)
3790190  dfqpnq31.dllmmc.pkm  1 Byte  CLEAN
3820148  brushb.dll  140 KB  MALWARE
3820149  cid_store.dat  255 Byte  CLEAN
3820150  CIOTBIOVBHNTZFL.LDO  96 Byte  CLEAN
3820151  config_brush_ini  851 Byte  CLEAN
3820152  Deledomn.bat  150 Byte  CLEAN
3820153  DelSelf.bat  128 Byte  CLEAN
3790190  dfqpnq31.dllmmc.pkm  1 Byte  CLEAN
3820154  eilsoe.phd  2 Byte  CLEAN
3820155  FNTCACHE.DAT  102.95 KB  DAMAGED FILE (UNKNOWN)
3820165  havser.ini  40 Byte  CLEAN
2245809  nkrvsp39.dllmmc.pkm  1 Byte  CLEAN
3820166  INTAINU.DLL  75 Byte  CLEAN
3820167  interfat.ini  52 Byte  CLEAN
3790190  tlwtba38.dllmmc.pkm  1 Byte  CLEAN
3820168  kmss.dat  52.05 KB  CLEAN
3820169  licon.dat  15 Byte  CLEAN
3820170  list.dic  38.08 KB  CLEAN
3820171  lwizysy16_080415.dll  27 KB  MALWARE
3820172  mwiszcyys32_080415.dll  198.5 KB  MALWARE
2245809  nkrvsp39.dllmmc.pkm  1 Byte  CLEAN
3790190  tlwtba38.dllmmc.pkm  1 Byte  CLEAN
3820173  RavLoa.exe  44 KB  CLEAN
3820174  shelasv.exe  20 KB  MALWARE
3820175  SogouPy.ime  1.05 MB  CLEAN
3820176  solid.dll  116 KB  CLEAN
3820177  SSup.dll  177.31 KB  CLEAN
3795029  ticw.exe  156 KB  MALWARE
3790190  tlwtba38.dllmmc.pkm  1 Byte  CLEAN
3820178  value.dic  3.94 KB  CLEAN
3820179  wdv.dat  216 Byte  CLEAN
3790190  yzwvhp17.dllmmc.pkm  1 Byte  CLEAN
3820181  wordms.dll  40 KB  CLEAN
3820182  wpa.dbl  2.15 KB  CLEAN
3820183  YQL_Lyrics_Common.dll  444.5 KB  MALWARE
3820184  yyplay.exe  409 KB  MALWARE
3820185  yyshow.dll  1.75 MB  MALWARE

[ 本帖最后由 Exia 于 2008-4-16 18:49 编辑 ]

显示全部楼层 · 发表于 2008-4-16 11:02:34

病毒释放去的东东~~

有磁碟机的味道~~

太毒了，能把大多数的杀毒软件和反黑软件干掉~~~
所以偶设了权限！

显示全部楼层 · 发表于 2008-4-16 11:04:07

病毒下载东东~~

有磁碟机的味道~~

太毒了，能把大多数的杀毒软件和反黑软件干掉~~~
所以偶设了权限？

显示全部楼层 · 发表于 2008-4-16 11:04:45

好了，

累死偶了~~~

显示全部楼层 · 发表于 2008-4-16 11:15:24

#1:
已刪除: 病毒 Worm.Win32.Delf.el 檔案: C:\Documents and Settings\kato9096\桌面\Transfer Sebvice.rar/Transfer Sebvice.exe//PE_Patch.UPX//UPX
已刪除: 病毒 IRC-Worm.Win32.Delf.bd 檔案: C:\Documents and Settings\kato9096\桌面\Transfer Sebvice.rar/Extensionsk.exe
已刪除: 病毒 IRC-Worm.Win32.Delf.bd 檔案: C:\Documents and Settings\kato9096\桌面\Transfer Sebvice.rar/AutoRun.inf
#4:
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Cinmus.epk 檔案: C:\Documents and Settings\kato9096\桌面\system\system\52vip_yoyo1012.exe//data0004
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Boran.el 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ad_2516.exe//stream//data0001
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaff 檔案: C:\Documents and Settings\kato9096\桌面\system\system\AVPSrv.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.yip 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ayFKKFKK1055.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.xnu 檔案: C:\Documents and Settings\kato9096\桌面\system\system\cafjey.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaeg 檔案: C:\Documents and Settings\kato9096\桌面\system\system\cmdbcs.dll
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Small.ub 檔案: C:\Documents and Settings\kato9096\桌面\system\system\cvshost.exe
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.NewWeb.bf 檔案: C:\Documents and Settings\kato9096\桌面\system\system\cwebpage.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaee 檔案: C:\Documents and Settings\kato9096\桌面\system\system\DbgHlp32.dlL
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.imc 檔案: C:\Documents and Settings\kato9096\桌面\system\system\dfqpnq31.dll
已刪除: 病毒 IRC-Worm.Win32.Delf.bd 檔案: C:\Documents and Settings\kato9096\桌面\system\system\Extensionsk.exe
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaea 檔案: C:\Documents and Settings\kato9096\桌面\system\system\fmsbbqi.dll
已刪除: 特洛伊木馬程式 Trojan-Dropper.Win32.Agent.qkj 檔案: C:\Documents and Settings\kato9096\桌面\system\system\g23.exe//data0002
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.imc 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ickpqn54.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aanu 檔案: C:\Documents and Settings\kato9096\桌面\system\system\jjyjhbid.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aadi 檔案: C:\Documents and Settings\kato9096\桌面\system\system\kavell.sys
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaow 檔案: C:\Documents and Settings\kato9096\桌面\system\system\LotusHlp.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Pophot.apm 檔案: C:\Documents and Settings\kato9096\桌面\system\system\lwizysy16_080415.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaty 檔案: C:\Documents and Settings\kato9096\桌面\system\system\mfchlp32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaec 檔案: C:\Documents and Settings\kato9096\桌面\system\system\msccrt.dll
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Small.uk 檔案: C:\Documents and Settings\kato9096\桌面\system\system\mseval.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Pophot.apn 檔案: C:\Documents and Settings\kato9096\桌面\system\system\mwiszcyys32_080415.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Pophot.acw 檔案: C:\Documents and Settings\kato9096\桌面\system\system\mycc32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaej 檔案: C:\Documents and Settings\kato9096\桌面\system\system\pjfzuf.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaej 檔案: C:\Documents and Settings\kato9096\桌面\system\system\PTSShell.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaer 檔案: C:\Documents and Settings\kato9096\桌面\system\system\pydkxv.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Agent.afw 檔案: C:\Documents and Settings\kato9096\桌面\system\system\qqxyd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Agent.afw 檔案: C:\Documents and Settings\kato9096\桌面\system\system\qqxyd.exe//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.xnu 檔案: C:\Documents and Settings\kato9096\桌面\system\system\SHAProc.dat
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Agent.zv 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ssdtdt.sys
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Agent.mwy 檔案: C:\Documents and Settings\kato9096\桌面\system\system\sysloader.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aady 檔案: C:\Documents and Settings\kato9096\桌面\system\system\tciocp32.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aaej 檔案: C:\Documents and Settings\kato9096\桌面\system\system\tofsyy.dll
已刪除: 病毒 Worm.Win32.Delf.el 檔案: C:\Documents and Settings\kato9096\桌面\system\system\Transfer Sebvice.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.zfe 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ttEZZEZZ1046.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.zfe 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ttNNBNNB1047.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aahg 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ttQACQAC1035.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.yip 檔案: C:\Documents and Settings\kato9096\桌面\system\system\ttVUFVUF1011.exe//PE_Patch//UPack
已刪除: 廣告軟體 not-a-virus:AdWare.Win32.BHO.alh 檔案: C:\Documents and Settings\kato9096\桌面\system\system\u23.exe//data0003//data0002
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aadw 檔案: C:\Documents and Settings\kato9096\桌面\system\system\upxdnd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.zsl 檔案: C:\Documents and Settings\kato9096\桌面\system\system\WSockDrv32.dll
已刪除: 特洛伊木馬程式 Trojan-Clicker.Win32.Agent.aat 檔案: C:\Documents and Settings\kato9096\桌面\system\system\YQL_Lyrics_Common.dll
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.Delf.btm 檔案: C:\Documents and Settings\kato9096\桌面\system\system\yyplay.exe
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Delf.grv 檔案: C:\Documents and Settings\kato9096\桌面\system\system\yyshow.dll
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.imc 檔案: C:\Documents and Settings\kato9096\桌面\system\system\yzwvhp17.dll

45,上报46

显示全部楼层 · 发表于 2008-4-16 11:19:00

楼主自己的电脑吗？我看了你的谷歌词库，隐私部分暴露。

显示全部楼层 · 发表于 2008-4-16 11:19:39

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\widows)'
E:\新建文件夹 (2)\widows)\tciocp32.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\cmdbcs.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.7
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\msccrt.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\DbgHlp32.exe
   [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\SHAProc.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aanw
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\pbjoqdke.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\fmsbbqi.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\PTSShell.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\WSockDrv32.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\AVPSrv.exE
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\upxdnd.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\LotusHlp.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\mfchlp32.exe
   [DETECTION] Is the Trojan horse TR/PSW.16257
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\ThunderBHONew32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\widows)\ThunderHelper32.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!
Begin scan in 'E:\新建文件夹 (2)\下载马'
E:\新建文件夹 (2)\下载马\00007[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00015[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.zfe
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00031[1].exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00035[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aaem
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/OnLineGames.C.1
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\1001[1].exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\202[1].exe
   [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00002[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.Agent.agp
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/OnLineGames.C.1
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00012[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00013[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00014[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00016[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00017[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00021[1].exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00030[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.16257
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\5[1].exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\arp111[1].exe
  [0] Archive type: RSRC
--> Object
      [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.2
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\game[1].exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00003[1].exe
   [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00004[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12134
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00006[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ZFE.3
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00008[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00011[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00019[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\cc1[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\lmmh[1].exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\223[1].exe
   [DETECTION] Contains detection pattern of the dropper DR/Agent.gyh
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00020[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ahy
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\00005[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aanw
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\90[1].exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\qq[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.39
   [NOTE]    The file was deleted!
E:\新建文件夹 (2)\下载马\soundma[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.B
   [NOTE]    The file was deleted!

End of the scan: 2008年4月16日  11:20
Used time: 00:34 min

The scan has been done completely.

   2 Scanning directories
   57 Files were scanned
   47 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   46 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   10 Files not concerned
   0 Archives were scanned
   0 Warnings
   46 Notes

3820189  00036[1].exe  11.43 KB  DAMAGED FILE (UNKNOWN)
3820190  ad7546[1].exe  127.06 KB  MALWARE
197880  0.log  0 Byte  CLEAN
1084443  bootstat.dat  2 KB  KNOWN CLEAN
3820192  d39.exe  127.06 KB  MALWARE
3820193  fn00321.log  8 Byte  CLEAN
3817086  npptools.dll  27.83 KB  DAMAGED FILE (UNKNOWN)
3817084  Packet.dll  35.86 KB  DAMAGED FILE (UNKNOWN)
3820194  Powerplayer.ini  15 Byte  CLEAN
3817078  WanPacket.dll  29.99 KB  DAMAGED FILE (UNKNOWN)
3817085  wpcap.dll  90.55 KB  DAMAGED FILE (UNKNOWN)

[ 本帖最后由 Exia 于 2008-4-16 16:56 编辑 ]

[病毒样本] 顽固型木马

继续

继续

本帖子中包含更多资源

48

本帖子中包含更多资源

本帖子中包含更多资源

49