[病毒样本] 23x

显示全部楼层 · 发表于 2008-4-25 12:55:23

费尔23个
Date,Virus Name,Virus Type,User,Filename,Scan Type
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>9.exe,Manual scan
2008-4-25 12:50:04,Trojan.Cap841619.nyxs,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>8.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>7.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.behe,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>6.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>5.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.nbif,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>4.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>3.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.usov,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>23.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.tbzo,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>22.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.gxuo,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>21.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.bgwa,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>20.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.rqqm,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>19.exe,Manual scan
2008-4-25 12:50:04,PWSteal.Lemir.bpv.gnfb,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>18.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.rkfl,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>17.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>16.exe,Manual scan
2008-4-25 12:50:04,RootKit.Mnless.jz.vehw,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>15.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.yog.uibj,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>14.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>13.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>12.exe,Manual scan
2008-4-25 12:50:04,TrojanDropper.Gen.sxvq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>11.exe,Manual scan
2008-4-25 12:50:04,TrojanPSW.OnLineGames.wlu.kjdk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>10.exe,Manual scan
2008-4-25 12:50:04,TrojanDownloader.Nurech.bd.bmqk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.zip>>1.exe,Manual scan
2008-4-25 12:34:32,TrojanSpy.Gen.zmgl,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>ticisms.exe,Manual scan
2008-4-25 12:34:32,TrojanPSW.GameOL.GEN.jdfk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>leqgczlu.exe,Manual scan
2008-4-25 12:34:32,TrojanSpy.Gen.wfwz,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>fmsjhif.exe,Manual scan
2008-4-25 12:34:32,TrojanSpy.Gen.nkax,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>fiosectc.exe,Manual scan
2008-4-25 12:34:32,TrojanSpy.Gen.jouq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>dionpis.exe,Manual scan
2008-4-25 12:34:32,TrojanSpy.Gen.nsbl,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>dbhlp32.exe,Manual scan
2008-4-25 12:34:32,Trojan.Cap84233.gqry,木马,Administrator,C:\Documents and Settings\Administrator\桌面\2008424224055.rar>>bincdwsa.exe,Manual scan
2008-4-25 12:32:45,TrojanDownloader.Nurech.bd.bmqk,木马,Administrator,C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\S0JH9SDD\0[1].EXE,Realtime scan
2008-4-24 17:45:15,JS.Decoder.af,病毒,Administrator,C:\Documents and Settings\Administrator\桌面\oo[1].htm,Realtime scan
2008-4-24 17:45:06,JS.Decoder.af,病毒,Administrator,C:\Documents and Settings\Administrator\桌面\oo[1].htm,Manual scan
2008-4-24 11:27:49,Adware.SaveNow.a.pabv.dll,广告程序,Administrator,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh45.tmp\setuphlp.dll,Realtime scan
2008-4-24 11:27:47,Adware.SaveNow.a.pabv.dll,广告程序,Administrator,C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\NSH45.TMP\SETUPHLP.DLL,Realtime scan
2008-4-24 10:19:15,Trojan.Transformer.a,木马,Administrator,C:\Documents and Settings\Administrator\桌面\TVKDVD.rar>>TVKDVD.exe>>38.exe,Manual scan
2008-4-24 10:15:44,TrojanDownloader.Nurech.bd.bmqk,木马,Administrator,C:\Documents and Settings\Administrator\桌面\mm[1].rar>>mm[1].exe,Manual scan

显示全部楼层 · 发表于 2008-4-25 12:58:23

原帖由 EQ2 于 2008-4-25 04:22 发表
C:\Documents and Settings\Don johnson\桌面\1.zip » ZIP » 1.exe - Win32/PSW.OnLineGames.NOE trojan
C:\Documents and Settings\Don johnson\桌面\1.zip » ZIP » 10.exe - a variant of Wi ...

国内网盘都可以测试的
比如qq中转站就可以
只不过在web browser中
一定要把用的下载工具不能打叉（一般用的时候自己是把IDM什么的打叉的

）
或者直接用浏览器右键下载

要不然是测不出来的

[ 本帖最后由风野胤于 2008-4-25 13:01 编辑 ]

显示全部楼层 · 发表于 2008-4-25 14:31:33

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.XYOnline.acy
病毒： Packer.Win32.Upack.a
病毒： RootKit.Win32.Mnless.jz
病毒： Trojan.PSW.Win32.GamesOnline.fz
病毒： Trojan.PSW.Win32.SunOnline.nn

用户来源：互联网

软件版本：20.41.40
6个

[扫描路径] C:\Documents and Settings\zh\桌面\新建文件夹
>C:\Documents and Settings\zh\桌面\新建文件夹\1.exe 已被病毒感染：  Trojan.PWS.Wsgame.4582
>C:\Documents and Settings\zh\桌面\新建文件夹\10.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>>C:\Documents and Settings\zh\桌面\新建文件夹\11.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\12.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>C:\Documents and Settings\zh\桌面\新建文件夹\13.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>C:\Documents and Settings\zh\桌面\新建文件夹\14.exe 已被病毒感染：  Trojan.PWS.Wsgame.4454
C:\Documents and Settings\zh\桌面\新建文件夹\15.exe - 可能已被感染了： MULDROP.Trojan
>>>C:\Documents and Settings\zh\桌面\新建文件夹\15.exe\data001 - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\15.exe\data002 - 确定
C:\Documents and Settings\zh\桌面\新建文件夹\15.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\16.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>>C:\Documents and Settings\zh\桌面\新建文件夹\17.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\18.exe 已被病毒感染：  Trojan.PWS.Legmir
C:\Documents and Settings\zh\桌面\新建文件夹\2.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\3.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>>C:\Documents and Settings\zh\桌面\新建文件夹\4.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\5.exe 已被病毒感染：  Trojan.PWS.Wsgame.4418
>>>C:\Documents and Settings\zh\桌面\新建文件夹\6.exe - 确定
>C:\Documents and Settings\zh\桌面\新建文件夹\7.exe 已被病毒感染：  Trojan.PWS.Wsgame.4418
C:\Documents and Settings\zh\桌面\新建文件夹\8.exe 已被病毒感染：  Trojan.PWS.Wsgame.4611
>C:\Documents and Settings\zh\桌面\新建文件夹\9.exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>>C:\Documents and Settings\zh\桌面\新建文件夹\19.exe - 确定
>>>C:\Documents and Settings\zh\桌面\新建文件夹\20.exe - 确定
>>>C:\Documents and Settings\zh\桌面\新建文件夹\21.exe - 确定
>>>C:\Documents and Settings\zh\桌面\新建文件夹\22.exe - 确定
>>>C:\Documents and Settings\zh\桌面\新建文件夹\23.exe - 确定

-----------------------------------------------------------------------------
扫描统计
-----------------------------------------------------------------------------
已扫描对象: 27
发现受感染对象: 12
发现受变种感染对象: 0
发现可疑对象: 1

显示全部楼层 · 发表于 2008-4-25 14:35:08

不错

显示全部楼层 · 发表于 2008-4-25 14:45:17

病毒扫描日志 ########
时间已检测，用户设定为信任类型威胁名称受感染文件第一处理措施
14:45 手动扫描文件 TSPY_AGENT.ABEM 1.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 11.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 TROJ_ZLOB.LN 13.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 14.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 15.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 TSPY_LEGMIR.CUM 18.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 4.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 6.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 TROJ_MALQAZ.A 7.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 TSPY_ONLINEG.MWO 8.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 19.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 20.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 21.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 22.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 Possible_OLGM-11 23.exe (C:\Documents and Settings\****\桌面\1.zip) 忽略成功
14:45 手动扫描文件 --- C:\Documents and Settings\****\桌面\1.zip 忽略成功

显示全部楼层 · 发表于 2008-4-25 15:14:26

The file '2.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

显示全部楼层 · 发表于 2008-4-25 16:33:05

Hello.
New malicious software was found in the attached file.
Its detection will be included in the next update. Thank you for your help.
-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

显示全部楼层 · 发表于 2008-4-25 19:44:12

kv 12

显示全部楼层 · 发表于 2008-4-25 19:50:27

been found in "C:\Documents and Settings\Administrator\桌面\1.zip\10.exe\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\11.exe\[UPX]\[Embedded#5060]\[Embedded#4660]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DIB [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\12.exe\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DIB [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\13.exe\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\14.exe\[Upack]\[Embedded#6060]\[Upack]\[Embedded#8060]\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\15.exe\[UPX]\[Embedded#5060]\[Embedded#54b0]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DIB [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\16.exe\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\17.exe\[UPX]\[Embedded#5060]\[Embedded#4860]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:Lmir-OK [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\18.exe\[Upack]\[Embedded#J999666]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DIB [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\3.exe\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\4.exe\[UPX]\[Embedded#5060]\[Embedded#4060]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-CYO [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\5.exe\[Upack]\[Embedded#50c0]\[Upack]" file.
2008-4-25 19:48:51 Administrator 1504 Sign of "Win32:OnLineGames-DJV [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\1.zip\6.exe\[UPX]\[Embedded#5060]\[Embedded#4660]" file.

显示全部楼层 · 发表于 2008-4-25 20:02:57

赛门铁克
已解决的风险:
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[11.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[14.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[15.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[17.exe] 位于[e:\1.zip] - 已删除

Infostealer.Lemir.G
病毒 ID: 39570
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[18.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[4.exe] 位于[e:\1.zip] - 已删除

Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[5.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[6.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[19.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[20.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[21.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[22.exe] 位于[e:\1.zip] - 已删除

Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 个文件
[23.exe] 位于[e:\1.zip] - 已删除

[病毒样本] 23x

本帖子中包含更多资源

16