病毒一大包

显示全部楼层 · 发表于 2008-4-29 21:44:15

nod32 报了：
我下载时，contentIE5下的dudupart1.rar就被删除了
2008-4-29 21:38:09 文件系统实时防护文件 R:\Temporary Internet Files\Content.IE5\AJT7B3TP\dudu.part1[1].rar 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种已删除（下次重新启动后） - 已隔离 NT AUTHORITY\SYSTEM 在应用程序新建的文件上发生事件: C:\Program Files\Internet Explorer\iexplore.exe.

显示全部楼层 · 发表于 2008-4-29 21:48:14

Begin scan in 'C:\Documents and Settings\haha\桌面\dudu'
C:\Documents and Settings\haha\桌面\dudu\10a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487826d2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\16a.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.QQpass.bri
   [NOTE]    A backup was created as '487826d8.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\17a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487826d9.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\1a.exe
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.B
   [NOTE]    A backup was created as '48452703.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\20a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49dd8beb.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\24a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487826d6.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\3a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49e08a3c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\5a.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48452705.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\8a.exe
   [DETECTION] Is the Trojan horse TR/PSW.16785
   [NOTE]    A backup was created as '48452704.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\9a.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abtp
   [NOTE]    A backup was created as '49e08a3d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\bincdwsa.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abtp
   [NOTE]    A backup was created as '4885270c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dbhlp32.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487f2705.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dionpis.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '4886270c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqBAIBAI1063.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xzn
   [NOTE]    A backup was created as '48592714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqBAIBAI1066.dll
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    A backup was created as '49fc8a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqDABDAB1067.dll
   [DETECTION] Is the Trojan horse TR/Agent.10238
   [NOTE]    A backup was created as '485b2714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqDABDAB1070.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.achp
   [NOTE]    A backup was created as '49fe8a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqDXYDXY1006.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xyz
   [NOTE]    A backup was created as '485b2716.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqHADHAD1066.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.accf
   [NOTE]    A backup was created as '485f2714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqHADHAD1066.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.accf
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '49fa8a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqKAFKAF1066.dll
   [DETECTION] Is the Trojan horse TR/Agent.9864
   [NOTE]    A backup was created as '48622714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqKAFKAF1066.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/Agent.9864
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '49c78a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqMYSMYS1045.dll
   [DETECTION] Is the Trojan horse TR/Agent.11118
   [NOTE]    A backup was created as '48642714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqMYSMYS1045.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/Agent.11118
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '49c18a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqQACQAC1041.dll
   [DETECTION] Is the Trojan horse TR/Agent.9763
   [NOTE]    A backup was created as '48682714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqQACQAC1041.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/Agent.9763
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '49cd8a2d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqSADSAD1040.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acft
   [NOTE]    A backup was created as '486a2714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqSADSAD1040.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acft
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '486a2715.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\dqWHXWHX1012.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.achs
   [NOTE]    A backup was created as '486e2715.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\DXDLG.EXE
--> Object
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abhg
   [NOTE]    A backup was created as '485b26fc.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\fiosectc.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '4886270d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\fmsjhif.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '488a2711.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\inudhya.dll
   [DETECTION] Is the Trojan horse TR/Drop.Age.51042.A
   [NOTE]    A backup was created as '488c2712.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\jbhxabyt.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487f2706.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js0[1].exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [NOTE]    A backup was created as '48472717.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js10[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48482717.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js11[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49ed8a20.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js12[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48482719.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js13[1].exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xzn
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '49ed8a22.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js14[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '4848271b.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js15[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49eeecf0.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js16[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49eeecf2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js17[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '49eeecf4.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js18[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.5
   [NOTE]    A backup was created as '4848271d.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js19[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.10
   [NOTE]    A backup was created as '49eeecf6.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js1[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '4848271f.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-4-29 21:48:33

网络问题，，，重复了。。。

[ 本帖最后由 hahacomcn 于 2008-4-29 21:50 编辑 ]

显示全部楼层 · 发表于 2008-4-29 21:48:56

C:\Documents and Settings\haha\桌面\dudu\js20[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      --> Object
      [3] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aayo
   [NOTE]    A backup was created as '48492718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js21[1].exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '49dc8da9.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js22[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.7
   [NOTE]    A backup was created as '4849271a.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js23[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.8
   [NOTE]    A backup was created as '49dc8dab.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js24[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12910
   [NOTE]    A backup was created as '4849271c.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js25[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.13
   [NOTE]    A backup was created as '49dc8dad.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js26[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '4849271e.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js27[1].exe
   [DETECTION] Is the Trojan horse TR/Drop.Agent.12626
   [NOTE]    A backup was created as '49dc8daf.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js28[1].exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abcl.5
   [NOTE]    A backup was created as '48492700.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js29[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '49dc8db1.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js2[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.Steal.44658
   [NOTE]    A backup was created as '48492702.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js30[1].exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '484a2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js3[1].exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.10
   [DETECTION] Is the Trojan horse TR/Rootkit.Gen
   [NOTE]    A backup was created as '49df8da9.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js4[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '484b2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js5[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '484c2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js6[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '484d2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js7[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '484e2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js8[1].exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '484f2718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\js9[1].exe
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    A backup was created as '48502718.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\LotusHlp.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '488b2714.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\mfchlp64.exe
   [DETECTION] Is the Trojan horse TR/PSW.16785
   [NOTE]    A backup was created as '487a270b.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\mm[1].exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    A backup was created as '48722712.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\ntldr.exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    A backup was created as '48832719.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\Nt_Sys32.Sys
   [DETECTION] Is the Trojan horse TR/PSW.Steal.44658
   [NOTE]    A backup was created as '48762719.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\smss.exe
   [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    A backup was created as '488a2712.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\WSockDrv32.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '488626f8.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia10.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xyz
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '4878270f.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia12.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.achp
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '49ed8da0.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia14.exe
   [DETECTION] Is the Trojan horse TR/Hijacker.Gen
   [NOTE]    A backup was created as '48782711.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia25.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.achs
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '49ed8da2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia28.exe
  [0] Archive type: OVL
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.xyz
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
   [NOTE]    A backup was created as '48782713.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia29.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abcl.5
   [NOTE]    A backup was created as '49ed8da4.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\xia3.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.Steal.44658
   [NOTE]    A backup was created as '48782715.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\zaztamsn.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '48912707.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\zscqahlp.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487a2719.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\zsdjabmp.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487b271a.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\zxcsahlp.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    A backup was created as '487a271f.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\haha\桌面\dudu\~~.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    A backup was created as '48452725.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

End of the scan: 2008年4月29日  21:46
Used time: 00:06 min

The scan has been done completely.

   3 Scanning directories
   95 Files were scanned
   94 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   84 files were deleted
   0 files were repaired
   84 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   84 Notes

显示全部楼层 · 发表于 2008-4-29 21:57:26

江民发现77个

显示全部楼层 · 发表于 2008-4-29 22:19:58

正在扫描日志
病毒库版本: 3062 (20080429)
日期: 2008-4-29 时间: 22:29:30
已扫描的磁盘、文件夹和文件: D:\dudu
D:\dudu\fiosectc.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\fmsjhif.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\LotusHlp.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\mfchlp64.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\WSockDrv32.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\bincdwsa.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\dbhlp32.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\dionpis.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\dudu\ntldr.exe - Win32/Anilogo.F 蠕虫
D:\dudu\dqSADSAD1040.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\dqHADHAD1066.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马
D:\dudu\dqKAFKAF1066.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\dqMYSMYS1045.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\dqQACQAC1041.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\xia28.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\xia29.exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\xia3.exe - Win32/PSW.QQPass.NCZ 特洛伊木马的变种
D:\dudu\xia10.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\xia12.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\xia14.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\xia25.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
D:\dudu\zxcsahlp.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\zaztamsn.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\zscqahlp.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\zsdjabmp.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\jbhxabyt.exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\dqBAIBAI1063.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqBAIBAI1066.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqDABDAB1067.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马
D:\dudu\dqDABDAB1070.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqDXYDXY1006.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqHADHAD1066.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马
D:\dudu\dqKAFKAF1066.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqMYSMYS1045.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqWHXWHX1012.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqQACQAC1041.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\dqSADSAD1040.dll - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\DXDLG.EXE - Win32/PSW.Agent.NEC 特洛伊木马的变种
D:\dudu\js12[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js16[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js1[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js20[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js24[1].exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\js28[1].exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马的变种
D:\dudu\js4[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js8[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js11[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js15[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js19[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js23[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js27[1].exe - Win32/PSW.OnLineGames.PBQ 特洛伊木马
D:\dudu\js3[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js7[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js10[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js14[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js18[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js22[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js26[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js2[1].exe - Win32/PSW.QQPass.NCZ 特洛伊木马的变种
D:\dudu\js30[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js6[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js13[1].exe - Win32/PSW.OnLineGames.XZN 特洛伊木马
D:\dudu\js17[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js21[1].exe - Win32/PSW.OnLineGames.NML 特洛伊木马的变种
D:\dudu\js25[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js29[1].exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
D:\dudu\js5[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\js9[1].exe - 可能是 Win32/Genetik 特洛伊木马的变种
D:\dudu\smss.exe - Win32/Anilogo.F 蠕虫
D:\dudu\8a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\9a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\10a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\16a.exe - Win32/PSW.QQPass.NCZ 特洛伊木马的变种
D:\dudu\17a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\20a.exe - Win32/PSW.OnLineGames.NFL 特洛伊木马
D:\dudu\24a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\3a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\5a.exe - 可能是 Win32/PSW.OnLineGames.NFL 特洛伊木马的变种
D:\dudu\Nt_Sys32.Sys - Win32/PSW.QQPass.NCZ 特洛伊木马的变种
D:\dudu\1a.exe - Win32/PSW.Delf.NKU 特洛伊木马
D:\dudu\inudhya.dll - Win32/PSW.Delf.NKU 特洛伊木马
已扫描的对象数: 95
发现的威胁数: 81
已清除对象数:0
完成时间: 22:30:54 总扫描时间: 84 秒 (00:01:24)

显示全部楼层 · 发表于 2008-4-29 22:20:27

信息 2008-04-29  22:20:17 您此次查毒隔离了17个文件
信息 2008-04-29  22:20:17 您此次查毒共查出17个病毒以及危险代码
信息 2008-04-29  22:20:17 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件196个
信息 2008-04-29  22:20:17 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒

显示全部楼层 · 发表于 2008-4-29 23:12:58

Hello,

aaaamon.dll, QQGAME1.vbs_, SYSTEM128.vxd

No malicious code were found in these files.

dqBAIBAI1066.dll, xia14.exe_ - Trojan-PSW.Win32.OnLineGames.ackj,
dqDABDAB1067.dll - Trojan-PSW.Win32.OnLineGames.ackk,
dqKAFKAF1066.dll - Trojan-PSW.Win32.OnLineGames.ackl,
dqMYSMYS1045.dll - Trojan-PSW.Win32.OnLineGames.ackm,
dqQACQAC1041.dll, dqQACQAC1041.exe_ - Trojan-PSW.Win32.OnLineGames.ackn,
js0[1].exe_ - Trojan-PSW.Win32.OnLineGames.ackt,
js10[1].exe_ - Trojan-PSW.Win32.OnLineGames.acko,
js11[1].exe_ - Trojan-PSW.Win32.OnLineGames.ackp,
js14[1].exe_ - Trojan-PSW.Win32.OnLineGames.acks,
js25[1].exe_ - Trojan-PSW.Win32.OnLineGames.ackq,
js9[1].exe_ - Trojan-PSW.Win32.OnLineGames.ackr,
mm[1].exe_, ~~.exe_ - Trojan-Downloader.Win32.Losabel.io

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Nt_Win32.Jmp, Sy_Win7k.Jmp

These files are corrupted.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: dudu.zip
[:1:]

显示全部楼层 · 发表于 2008-4-29 23:34:34

原帖由 njdzhan 于 2008-4-29 21:34 发表
sample是啥意思？

样本

显示全部楼层 · 发表于 2008-4-30 11:52:19

[扫描路径] C:\Documents and Settings\zh\桌面\dudu.part1.rar
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\fiosectc.exe 已被病毒感染：  Trojan.PWS.Wsgame.4862
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\fmsjhif.exe 已被病毒感染：  Trojan.PWS.Wsgame.origin
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\LotusHlp.exe 已被病毒感染：  Trojan.PWS.Wsgame.4586
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\mfchlp64.exe 已被病毒感染：  Trojan.PWS.Gamania.9730
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\WSockDrv32.exe 已被病毒感染：  Trojan.PWS.Wsgame.4359
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\bincdwsa.exe 已被病毒感染：  Trojan.PWS.Gamania.9726
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dbhlp32.exe 已被病毒感染：  Trojan.PWS.Wsgame.4604
>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\devcon.exe - 确定
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dionpis.exe 已被病毒感染：  Trojan.PWS.Wsgame.origin
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\ntldr.exe 已被病毒感染：  Win32.HLLW.Autoruner.1070
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqSADSAD1040.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqHADHAD1066.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqKAFKAF1066.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqMYSMYS1045.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqQACQAC1041.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia28.exe 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia29.exe 已被病毒感染：  Trojan.ShellHook
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia3.exe 已被病毒感染：  Trojan.PWS.Lineage.4640
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia10.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia12.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia14.exe 可能已被感染了：  DLOADER.Trojan
>>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\xia25.exe 可能已被感染了：  DLOADER.Trojan
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\zxcsahlp.exe 已被病毒感染：  Trojan.PWS.Gamania.9719
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\zaztamsn.exe 已被病毒感染：  Trojan.PWS.Gamania.9720
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\zscqahlp.exe 已被病毒感染：  Trojan.PWS.Gamania.9673
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\zsdjabmp.exe 已被病毒感染：  Trojan.PWS.Gamania.9718
>>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\jbhxabyt.exe 已被病毒感染：  Trojan.PWS.Gamania.9714
>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\bootvrfy.exe - 确定
>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\aaaamon.dll - 确定
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqBAIBAI1063.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqBAIBAI1066.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqDABDAB1067.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqDABDAB1070.dll 可能已被感染了：  DLOADER.Trojan
>C:\Documents and Settings\zh\桌面\dudu.part1.rar\dudu\dqDXYDXY1006.dll - 分割文件 - 跳过
C:\Documents and Settings\zh\桌面\dudu.part1.rar - 发现压缩文件中有被感染的对象

[扫描路径] C:\Documents and Settings\zh\桌面\dudu.part2.rar
>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqDXYDXY1006.dll - 分割文件 - 跳过
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqHADHAD1066.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqKAFKAF1066.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqMYSMYS1045.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqWHXWHX1012.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqQACQAC1041.dll 可能已被感染了：  DLOADER.Trojan
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\dqSADSAD1040.dll 可能已被感染了：  DLOADER.Trojan
>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\QQGAME1.vbs 可能已被感染了：  SCRIPT.Virus
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\DXDLG.EXE 已被病毒感染：  Trojan.PWS.Gamania.origin
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\~~.exe 已被病毒感染：  Trojan.DownLoader.origin
>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\_uninsep.bat - 确定
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\mm[1].exe 已被病毒感染：  Trojan.DownLoader.origin
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js12[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9718
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js16[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9714
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js1[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9722
>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js20[1].exe 已被病毒感染：  Trojan.PWS.Wsgame.4611
>>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js24[1].exe 已被病毒感染：  Trojan.PWS.Wsgame.origin
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js28[1].exe 已被病毒感染：  Trojan.ShellHook
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js4[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9703
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js8[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9703
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js11[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9725
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js15[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9719
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js19[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9748
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js23[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9748
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js27[1].exe 已被病毒感染：  Trojan.ShellHook.2
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js3[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9542
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js7[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9720
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js10[1].exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js14[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9724
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js18[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9542
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js22[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9748
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js26[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9542
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js2[1].exe 已被病毒感染：  Trojan.PWS.Lineage.4640
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js30[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9748
>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js6[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9717
>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js0[1].exe 已被病毒感染：  Trojan.AVKill.415
>>>>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js13[1].exe 可能已被感染了：  DLOADER.Trojan
>C:\Documents and Settings\zh\桌面\dudu.part2.rar\dudu\js17[1].exe - 分割文件 - 跳过
C:\Documents and Settings\zh\桌面\dudu.part2.rar - 发现压缩文件中有被感染的对象

[扫描路径] C:\Documents and Settings\zh\桌面\dudu.part3.rar
>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js17[1].exe - 分割文件 - 跳过
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js21[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9749
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js25[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9542
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js29[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9542
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js5[1].exe 已被病毒感染：  Trojan.PWS.Gamania.9158
>>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\js9[1].exe 已被病毒感染：  Trojan.PWS.Gamania.origin
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\smss.exe 已被病毒感染：  Win32.HLLW.Autoruner.1070
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\8a.exe 已被病毒感染：  Trojan.PWS.Gamania.9730
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\9a.exe 已被病毒感染：  Trojan.PWS.Gamania.9726
>>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\10a.exe 已被病毒感染：  Trojan.PWS.Wsgame.origin
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\16a.exe 已被病毒感染：  Trojan.PWS.Lineage.4230
>>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\17a.exe 已被病毒感染：  Trojan.PWS.Wsgame.4604
>>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\20a.exe 已被病毒感染：  Trojan.PWS.Wsgame.origin
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\24a.exe 已被病毒感染：  Trojan.PWS.Wsgame.4586
>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\SYSTEM128.vxd - 确定
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\3a.exe 已被病毒感染：  Trojan.PWS.Wsgame.4862
>>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\5a.exe 已被病毒感染：  Trojan.PWS.Wsgame.4359
>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\Nt_Win32.Jmp - 确定
>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\Sy_Win7k.Jmp - 确定
>C:\Documents and Settings\zh\桌面\dudu.part3.rar\dudu\RichFX\Player\nprfxins.dll - 分割文件 - 跳过
C:\Documents and Settings\zh\桌面\dudu.part3.rar - 发现压缩文件中有被感染的对象

[扫描路径] C:\Documents and Settings\zh\桌面\dudu.part4.rar
>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\RichFX\Player\nprfxins.dll - 分割文件 - 跳过
>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\RichFX\Player\nprfxins_EULA.txt - 确定
>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\Nt_Sys32.Sys 已被病毒感染：  Trojan.PWS.Lineage.4640
>>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\conimef.exe - 确定
>>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\1a.exe 已被病毒感染：  Trojan.MulDrop.9959
>C:\Documents and Settings\zh\桌面\dudu.part4.rar\dudu\inudhya.dll 已被病毒感染：  Trojan.DownLoader.38060
C:\Documents and Settings\zh\桌面\dudu.part4.rar - 发现压缩文件中有被感染的对象

-----------------------------------------------------------------------------
扫描统计
-----------------------------------------------------------------------------
已扫描对象: 94
发现受感染对象: 61
发现受变种感染对象: 0
发现可疑对象: 22

[病毒样本] 病毒一大包