一堆网马

显示全部楼层 · 发表于 2008-4-19 15:17:18

EAV
D:\新建文件夹 (2)\Downloads.rar > RAR > 20.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 21.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 22.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > 23.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 24.exe - 可能是 Win32/PSW.OnLineGames.NMQ 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 25.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > gmxxz.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > jhdqserver.exe - 可能是 Win32/PSW.QQPass.NDF 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 10.exe - 可能是 Win32/PSW.OnLineGames.NMQ 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 11.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 12.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 13.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > 14.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > 15.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 16.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > 17.exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\新建文件夹 (2)\Downloads.rar > RAR > 18.exe - Win32/PSW.OnLineGames.MUG 特洛伊木马
D:\新建文件夹 (2)\Downloads.rar > RAR > 19.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种

显示全部楼层 · 发表于 2008-4-19 15:21:48

Scan Log
Version of virus signature database: 3040 (20080419)
Date: 2008-4-19 Time: 15:22:58
Scanned disks, folders and files: D:\firefox download\Downloads.rar
D:\firefox download\Downloads.rar » RAR » 20.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 21.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 22.exe - Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 23.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 24.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
D:\firefox download\Downloads.rar » RAR » 25.exe - Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » gmxxz.exe - probably a variant of Win32/Genetik trojan
D:\firefox download\Downloads.rar » RAR » jhdqserver.exe - probably a variant of Win32/PSW.QQPass.NDF trojan
D:\firefox download\Downloads.rar » RAR » 10.exe - probably a variant of Win32/PSW.OnLineGames.NMQ trojan
D:\firefox download\Downloads.rar » RAR » 11.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 12.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 13.exe - Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 14.exe - Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 15.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 16.exe - Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar » RAR » 17.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\firefox download\Downloads.rar » RAR » 18.exe - Win32/PSW.OnLineGames.MUG trojan
D:\firefox download\Downloads.rar » RAR » 19.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\firefox download\Downloads.rar:Zone.Identifier - is OK
Number of scanned objects: 19
Number of threats found: 18
Number of cleaned objects: 0
Time of completion: 15:23:10 Total scanning time: 12 sec (00:00:12)

显示全部楼层 · 发表于 2008-4-19 15:29:02

E:\VIRUS\Downloads\10.exe: PUA.Packed.UPack FOUND
E:\VIRUS\Downloads\14.exe: Trojan.Spy-31507 FOUND
E:\VIRUS\Downloads\17.exe: PUA.Packed.UPack-3 FOUND
E:\VIRUS\Downloads\18.exe: PUA.Packed.UPack-3 FOUND
E:\VIRUS\Downloads\24.exe: PUA.Packed.UPack FOUND
----------- SCAN SUMMARY -----------
Known viruses: 259149
Engine version: 0.92
Scanned directories: 1
Scanned files: 18
Skipped non-executable files: 0
Infected files: 5

显示全部楼层 · 发表于 2008-4-19 15:39:57

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\Downloads'
C:\Documents and Settings\Administrator\My Documents\Downloads\
  10.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  11.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aavi
   [NOTE]    The file was deleted!
  12.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aayv
   [NOTE]    The file was deleted!
  13.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  14.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.6
   [NOTE]    The file was deleted!
  15.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  16.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
  17.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
         [3] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aayo
            [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!
  18.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.Online.ddn.2
            [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!
  19.exe
   [DETECTION] Is the Trojan horse TR/PSW.16161
   [NOTE]    The file was deleted!
  20.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  21.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  22.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  23.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  24.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  25.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  gmxxz.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [NOTE]    The file was deleted!
  jhdqserver.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aazb
         [WARNING] Infected files in archives cannot be repaired!
   [NOTE]    The file was deleted!

End of the scan: 2008年4月19日  00:39
Used time: 00:05 min

The scan has been done completely.

   1 Scanning directories
   18 Files were scanned
   18 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   18 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   0 Archives were scanned
   3 Warnings
   18 Notes

显示全部楼层 · 发表于 2008-4-19 16:00:20

信息 2008-04-19  15:59:31 您此次查毒清除了13个病毒
信息 2008-04-19  15:59:31 您此次查毒共查出13个病毒以及危险代码
病毒 2008-04-19  15:59:31 \桌面\Downloads.rar\19.exe Win32.Troj.OnlineGameT.bd.65697 清除成功
病毒 2008-04-19  15:59:31 \桌面\Downloads.rar\18.exe Win32.Hack.UpackT.a.15981 清除成功
病毒 2008-04-19  15:59:31 \桌面\Downloads.rar\17.exe Win32.Hack.UpackT.a.15981 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\14.exe Win32.PSWTroj.GameOL.73941 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\13.exe Win32.Troj.OnlineGameT.bd.65697 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\12.exe Win32.Troj.OnlineGameT.bd.65697 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\11.exe Win32.Troj.OnlineGameT.bd.65697 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\10.exe Win32.Troj.GameOnlineT.b.45320 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\jhdqserver.exe Win32.Packed.MaskPE 清除成功
病毒 2008-04-19  15:59:30 \桌面\Downloads.rar\gmxxz.exe Win32.Packed.MaskPE 清除成功
病毒 2008-04-19  15:59:29\桌面\Downloads.rar\24.exe Win32.Troj.GameOnlineT.b.45320 清除成功
病毒 2008-04-19  15:59:28 \桌面\Downloads.rar\21.exe Win32.Troj.OnlineGameT.bd.65697 清除成功
病毒 2008-04-19  15:59:28 \桌面\Downloads.rar\20.exe Win32.Troj.OnlineGameT.bd.65697 清除成功

显示全部楼层 · 发表于 2008-4-19 22:43:50

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： RootKit.Win32.Nops.a
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： RootKit.Win32.FileHider.d
病毒： Trojan.PSW.Win32.GamesOnline.uj
病毒： Trojan.PSW.Win32.GameOL.nbd
病毒： Worm.Win32.Agent.zny
病毒： Trojan.PSW.Win32.QQPass.zgk
病毒： RootKit.Win32.FileHider.d
病毒： Trojan.PSW.Win32.GameOL.mxr
病毒： Packer.Win32.Upack.a

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.40.52

[病毒样本] 一堆网马

all

54/15