18

sam.to

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abtj        檔案: C:\Documents and Settings\kato9096\桌面\18\11.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abto        檔案: C:\Documents and Settings\kato9096\桌面\18\13.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abxr        檔案: C:\Documents and Settings\kato9096\桌面\18\14.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abzz        檔案: C:\Documents and Settings\kato9096\桌面\18\15.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.acdp        檔案: C:\Documents and Settings\kato9096\桌面\18\16.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abtp        檔案: C:\Documents and Settings\kato9096\桌面\18\17.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.xzp        檔案: C:\Documents and Settings\kato9096\桌面\18\19.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.xzn        檔案: C:\Documents and Settings\kato9096\桌面\18\20.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.bsi        檔案: C:\Documents and Settings\kato9096\桌面\18\22.exe//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.bvh        檔案: C:\Documents and Settings\kato9096\桌面\18\23.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abxj        檔案: C:\Documents and Settings\kato9096\桌面\18\24.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.acld        檔案: C:\Documents and Settings\kato9096\桌面\18\25.exe//PE_Patch//UPack
已刪除: 病毒 Virus.Win32.VB.ks        檔案: C:\Documents and Settings\kato9096\桌面\18\27.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.Qhost.ajz        檔案: C:\Documents and Settings\kato9096\桌面\18\29.exe//PE_Patch//UPack
已刪除: 病毒 Worm.Win32.Downloader.jd        檔案: C:\Documents and Settings\kato9096\桌面\18\30.exe//PE_Patch//UPack

卡巴报15个,上报3个


Hello,

12.ex2e - Trojan-PSW.Win32.OnLineGames.acoq,
18.ex2e - Trojan-PSW.Win32.OnLineGames.acpv,
21.exe_ - Trojan-PSW.Win32.OnLineGames.acpw

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Yury Nesmachny
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-5-1 16:41 编辑 ]

无尽藏海

Begin scan in 'E:\VIRUS\18'
E:\VIRUS\18\18\11.exe2
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\12.exe2
      [DETECTION] Is the Trojan horse TR/PSW.16789
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\13.exe2
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\14.exe2
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ydw
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajp
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\15.exe2
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\16.exe2
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\17.exe2
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abtp
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\18.exe2
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\19.exe2
  [0] Archive type: OVL
  --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.accf
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\20.exe2
  [0] Archive type: OVL
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\21.exe2
  [0] Archive type: OVL
  --> Object
      [DETECTION] Is the Trojan horse TR/Agent.10358
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akc
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\22.exe2
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.Steal.44658
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\23.exe2
      [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\24.exe2
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aju
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The fund was classified as suspicious.
      [NOTE]      The file was moved to '4846ab87.qua'!
E:\VIRUS\18\18\25.exe2
  [0] Archive type: OVL
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akc
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\27.exe2
  [0] Archive type: RSRC
  --> Object
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\29.exe2
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
E:\VIRUS\18\18\30.exe2
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!


End of the scan: 2008年5月1日  01:24
Used time: 00:12 min

The scan has been done completely.

      2 Scanning directories
     18 Files were scanned
     22 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
     17 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -4 Files not concerned
      0 Archives were scanned
      0 Warnings
     18 Notes

Palkia

金山：9
瑞星：16
江民：13

醉一生爱妍

那强悍的启发啊


杀完了

[ 本帖最后由 garyyan456 于 2008-5-1 01:41 编辑 ]

aerbeisi

[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\11.exe2->(FSG)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\12.exe2->(FSG)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\13.exe2->(FSG)
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\14.exe2->(embedded)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\15.exe2->(FSG)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\16.exe2->(FSG)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\17.exe2->(FSG)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\18.exe2->(FSG)
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\19.exe2->exefile->(UPack)
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\20.exe2->exefile->(UPack)
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\21.exe2->exefile->(UPack)
[Found security risk]        <W32/AutoRun.D.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\22.exe2->(UPX)
[Found security risk]        <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\23.exe2
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\24.exe2->(embedded)
[Found security risk]        <W32/Agent.L.gen!Eldorado (not disinfectable, generic)>        C:\test\18.rar->18\25.exe2->exefile->(UPack)
[Found possible security risk]        <W32/Heuristic-210!Eldorado (damaged, not disinfectable)>        C:\test\18.rar->18\29.exe2->(UPack)
[Found possible security risk]        <W32/Heuristic-210!Eldorado (damaged, not disinfectable)>        C:\test\18.rar->18\30.exe2->(UPack)

挪威的冬天

信息        2008-05-01  07:05:12        您此次查毒清除了9个病毒                       
信息        2008-05-01  07:05:12        您此次查毒共查出9个病毒以及危险代码                       
信息        2008-05-01  07:05:12        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件39个                       
信息        2008-05-01  07:05:12        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-05-01  07:05:12        D:\Desktop\18.rar\18\30.exe2        Worm.Downloader.ia.147456        清除成功       
病毒        2008-05-01  07:05:12        D:\Desktop\18.rar\18\29.exe2        Win32.Troj.Qhost.aj.73728        清除成功       
病毒        2008-05-01  07:05:11        D:\Desktop\18.rar\18\22.exe2        Win32.PSWTroj.Lmir.29751        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\17.exe2        Win32.Troj.OnlineGames.fl.61440        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\16.exe2        Win32.PSWTroj.OnlineGames.65536        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\15.exe2        Win32.PSWTroj.OnlineGames.65609        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\14.exe2        Win32.Troj.OnlineGames.aw.49152        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\13.exe2        Win32.PSWTroj.OnLineGames.69717        清除成功       
病毒        2008-05-01  07:05:10        D:\Desktop\18.rar\18\11.exe2        Win32.PSWTroj.OnLineGames.69813        清除成功

傻猪猪米走鸡

Scan Log
Version of virus signature database: 3067 (20080430)
Date: 2008-5-1  Time: 7:25:43
Scanned disks, folders and files: E:\virus\18.rar
E:\virus\18.rar » RAR » 18\11.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\12.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\13.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\14.exe2 - probably a variant of Win32/PSW.OnLineGames.NMQ trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\15.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\16.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\17.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\18.exe2 - probably a variant of Win32/PSW.OnLineGames.NFL trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\19.exe2 - Win32/PSW.OnLineGames.XZN trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\20.exe2 - Win32/PSW.OnLineGames.XZN trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\21.exe2 - a variant of Win32/PSW.OnLineGames.XZN trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\22.exe2 - a variant of Win32/PSW.QQPass.NCZ trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\23.exe2 - probably a variant of Win32/PSW.WOW.WU trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\24.exe2 - a variant of Win32/PSW.OnLineGames.NMQ trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\25.exe2 - a variant of Win32/PSW.OnLineGames.XZN trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\27.exe2 - probably unknown NewHeur_PE virus [7] - was a part of the deleted object
E:\virus\18.rar » RAR » 18\29.exe2 - Win32/Qhost.AJZ trojan - was a part of the deleted object
E:\virus\18.rar » RAR » 18\30.exe2 - probably a variant of Win32/Genetik trojan - was a part of the deleted object
Number of scanned objects: 18
Number of threats found: 18
Number of cleaned objects: 18
Time of completion: 7:25:49  Total scanning time: 6 sec (00:00:06)

Notes:
[7] Object is probably infected with an unknown virus.

红心王子

时间        处理结果        木马名称        木马进程名        木马文件创建者
2008-05-01 08:37:58        处理成功        Trojan.Win32.Qhost.ly        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\29.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:58        处理成功        Trojan-PSW.Win32.OL-Game.kzr        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\24.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:58        处理成功        Trojan-PSW.Win32.QQPass.jno        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\22.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:57        处理成功        Trojan-PSW.Win32.OL-Game.kfc        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\20.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:57        处理成功        Trojan-PSW.Win32.OL-Game.kfr        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\19.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:57        处理成功        Trojan-PSW.Win32.OL-Game.knx        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\16.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:57        处理成功        Trojan-PSW.Win32.OL-Game.koo        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\15.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-01 08:37:57        处理成功        Trojan-PSW.Win32.OL-Game.kmf        C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\18\11.EXE2        C:\PROGRAM FILES\WINRAR\WINRAR.EXE

梦想奇迹

小红伞全杀了

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.ndy
病毒： Trojan.PSW.Win32.GameOL.neh
病毒： RootKit.Win32.HideFile.g
病毒： Trojan.PSW.Win32.GameOL.nga
病毒： Trojan.PSW.Win32.GameOL.ngd
病毒： Trojan.PSW.Win32.GameOL.ngj
病毒： Trojan.PSW.Win32.GameOL.nei
病毒： Trojan.PSW.Win32.GameOL.nhb
病毒： Suspicious.Trojan.Win32.DelSelf.a
病毒： Worm.Win32.PaBug.gfg     
病毒： Suspicious.Trojan.Win32.VBDownLoader.a
病毒： Trojan.Win32.VB.zsu      

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.42.22