新病毒bao

显示全部楼层 · 发表于 2008-5-2 21:15:00

新病毒bao

显示全部楼层 · 发表于 2008-5-2 21:18:18

全部Packed

显示全部楼层 · 发表于 2008-5-2 21:20:36

时间处理结果木马名称木马进程名木马文件创建者
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.lby C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\TICISMS.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.mry C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\TCIOCP64.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.mrw C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\DBHLP32.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.msa C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\JYLVVIBI.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.mvu C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\FMSJHIF.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.msc C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\FMSIOCPS.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.mou C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\FMSBBQI.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2008-05-02 21:20:13 处理成功 Trojan-PSW.Win32.OL-Game.lfm C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIR\BINGDU\DIONPIS.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

显示全部楼层 · 发表于 2008-5-2 21:29:56

rising20.42.40未杀！

显示全部楼层 · 发表于 2008-5-2 21:32:16

vb的引擎太牛了.

2008-5-2 21:27:53 SYSTEM 1080 Sign of "Win32:OnLineGames-DNU [Trj]" has been found in "F:\bingdu\bingdu\fmsbbqi.exe\[FSG]" file.
2008-5-2 21:27:54 SYSTEM 1080 Sign of "Win32:OnLineGames-CDA [Trj]" has been found in "F:\bingdu\bingdu\fmsiocps.exe\[FSG]" file.
2008-5-2 21:27:54 SYSTEM 1080 Sign of "Win32:OnLineGames-DJX [Trj]" has been found in "F:\bingdu\bingdu\jylvvibi.exe\[FSG]" file.
2008-5-2 21:27:54 SYSTEM 1080 Sign of "Win32:OnLineGames-DAB [Trj]" has been found in "F:\bingdu\bingdu\yuiabct.exe\[FSG]" file.
2008-5-2 21:27:54 SYSTEM 1080 Sign of "Win32:Agent-CNF [Trj]" has been found in "F:\bingdu\bingdu\ptshell.exe\[FSG]" file.
2008-5-2 21:27:55 SYSTEM 1080 Sign of "Win32:VB-GDM [Trj]" has been found in "F:\bingdu\bingdu\SoundMan.exe" file.

显示全部楼层 · 发表于 2008-5-2 21:32:46

C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\cinfonmc.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\dbhlp32.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\dionpis.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\explorer.exe - probably a variant of Win32/TrojanDownloader.Agent.NWV trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\fiosectc.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\fmsbbqi.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\fmsiocps.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\fmsjhif.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\issms32.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\jylvvibi.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\mfchlp64.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\ptshell.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\SoundMan.exe - probably unknown NewHeur_PE virus - deleted - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\tciocp64.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\ticisms.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\WINSvr64.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined
C:\Documents and Settings\Don Johnson\桌面\bingdu\bingdu\yuiabct.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan - cleaned by deleting - quarantined

显示全部楼层 · 发表于 2008-5-2 21:39:09

卡8.0 MISS 3

显示全部楼层 · 发表于 2008-5-2 21:41:44

红伞剩3个

显示全部楼层 · 发表于 2008-5-3 02:26:01

剩1个
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\bingdu'
C:\Documents and Settings\Administrator\My Documents\bingdu\bingdu\
  cinfonmc.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  dbhlp32.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  dionpis.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  explorer.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  fiosectc.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  fmsbbqi.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  fmsiocps.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '488e5d15.qua'!
  fmsjhif.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  issms32.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  jylvvibi.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
   [NOTE]    The file was deleted!
  mfchlp64.exe
   [DETECTION] Is the Trojan horse TR/PSW.16789
   [NOTE]    The file was deleted!
  popo.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  ptshell.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  SoundMan.exe
[0] Archive type: RSRC
--> Object
   --> Object
      [1] Archive type: Runtime Packed
      --> Object
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
  tciocp64.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  ticisms.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: OVL
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  vqqsdl.exe
  WINSvr64.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  yuiabct.exe
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!

End of the scan: 2008年5月2日  11:25
Used time: 00:04 min

The scan has been done completely.

   2 Scanning directories
   19 Files were scanned
   16 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   17 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   0 Archives were scanned
   0 Warnings
   18 Notes

显示全部楼层 · 发表于 2008-5-3 02:28:46

25007781 vqqsdl.exe 88 KB UNDER ANALYSIS

[病毒样本] 新病毒bao

本帖子中包含更多资源

本帖子中包含更多资源

54/0

17

本帖子中包含更多资源