查看: 2861|回复: 8
收起左侧

[已鉴定] 毒网?

 关闭 [复制链接]
dollsgame
发表于 2008-5-13 22:26:24 | 显示全部楼层 |阅读模式
电影结束了
发表于 2008-5-13 22:37:40 | 显示全部楼层
Trojan-Downloader.Script.Suspicious
haol
发表于 2008-5-13 23:32:07 | 显示全部楼层
kaspersky found Trojan-Downloader.Win32.Agent.opk
曲中求
发表于 2008-5-13 23:43:05 | 显示全部楼层
a256886572008
发表于 2008-5-14 09:17:36 | 显示全部楼层
2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\__write_over__
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\__write_over__
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    删除文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\___temp.bat
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    访问服务管理器      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe

触发规则:应用程序规则->任务隔离区->D:\bak.css.exe



2008-05-14 09:11:48    删除文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\hook.sys
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

2008-05-14 09:11:48    底层读磁盘操作      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
操作磁盘:\Device\Harddisk0\DR0
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe

2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\WINDOWS\Temp\weilai.mp3
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*


2008-05-14 09:11:48    创建文件      操作:使用任务隔离区操作
进程路径:D:\bak.css.exe
文件路径:C:\EQSandBox\C\WINDOWS\Temp\weilai.mp3
触发规则:应用程序规则->任务隔离区->D:\bak.css.exe->*

[ 本帖最后由 a256886572008 于 2008-5-14 09:25 编辑 ]
Exia 该用户已被删除
发表于 2008-5-14 09:42:09 | 显示全部楼层


Starting the file scan:
Begin scan in 'E:\AV\a32.exe'
E:\AV\a32.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.QQpass.btc
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a1.exe'
E:\AV\a1.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddo
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a2.exe'
E:\AV\a2.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a3.exe'
E:\AV\a3.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a4.exe'
E:\AV\a4.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acfm
      [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a5.exe'
E:\AV\a5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aepl
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a6.exe'
E:\AV\a6.exe
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a7.exe'
E:\AV\a7.exe
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a9.exe'
E:\AV\a9.exe
      [DETECTION] Is the Trojan horse TR/PSW.18001
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a10.exe'
E:\AV\a10.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a8.exe'
E:\AV\a8.exe
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a11.exe'
E:\AV\a11.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a12.exe'
E:\AV\a12.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a13.exe'
E:\AV\a13.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a14.exe'
E:\AV\a14.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a15.exe'
E:\AV\a15.exe
      [DETECTION] Is the Trojan horse TR/Onlinegames.NVI
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a16.exe'
E:\AV\a16.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a17.exe'
E:\AV\a17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afdz
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a18.exe'
E:\AV\a18.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES
      --> Object
          [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES.1
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a19.exe'
E:\AV\a19.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a20.exe'
E:\AV\a20.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a21.exe'
E:\AV\a21.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afas
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a22.exe'
E:\AV\a22.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afeg
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a23.exe'
E:\AV\a23.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a24.exe'
E:\AV\a24.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adrg
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a25.exe'
E:\AV\a25.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EQ
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a26.exe'
E:\AV\a26.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a27.exe'
E:\AV\a27.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EW
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a28.exe'
E:\AV\a28.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a29.exe'
E:\AV\a29.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adxo.1
      --> Object
          [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.ES.1
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a30.exe'
E:\AV\a30.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\AV\a31.exe'
E:\AV\a31.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aduf
      --> Object
          [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aks.1
      [NOTE]      The file was deleted!

End of the scan: 2008年5月14日  09:43
Used time: 00:14 min
The scan has been done completely.
      0 Scanning directories
     32 Files were scanned
     39 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     32 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -7 Files not concerned
      0 Archives were scanned
      0 Warnings
     32 Notes

AV.part1.rar

488.28 KB, 下载次数: 63

AV.part2.rar

111.45 KB, 下载次数: 52

qigang
发表于 2008-5-14 20:27:16 | 显示全部楼层

109/42

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: RootKit.Win32.Undef.gt   
病毒: Trojan.PSW.Win32.GameOL.ka
病毒: Trojan.PSW.Win32.SunOnline.og
病毒: Trojan.PSW.Win32.GameOL.gbk
病毒: Trojan.PSW.Win32.QQSG.dx
病毒: Trojan.PSW.Win32.QQHX.txc
病毒: Trojan.PSW.Win32.QQPass.dmf
病毒: Trojan.PSW.Win32.QQPass.dmg
病毒: Trojan.PSW.Win32.GamesOnline.yp
病毒: Trojan.PSW.Win32.GameOL.gdn
病毒: Trojan.PSW.Win32.GameOL.gee
病毒: Trojan.PSW.Win32.GamesOnline.yr
病毒: RootKit.Win32.Mnless.oe  
病毒: Trojan.PSW.Win32.QQHX.twz
病毒: Trojan.PSW.Win32.SO2Online.bw
病毒: Trojan.PSW.Win32.GameOL.gef
病毒: Trojan.PSW.Win32.GamesOnline.wb
病毒: Trojan.PSW.Win32.GameOL.nip
病毒: Worm.Win32.PaBug.gy      
病毒: RootKit.Win32.Mnless.oj  
病毒: Trojan.PSW.Win32.SunOnline.nt
病毒: Trojan.PSW.Win32.GamesOnline.zc
病毒: Trojan.PSW.Win32.GameOL.nib
病毒: Trojan.PSW.Win32.GameOL.gdt

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.44.22
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-16 23:32 , Processed in 0.143530 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表