某站路过

显示全部楼层 · 发表于 2008-5-27 12:51:17

6123t.rar
MD5...: 7806c353c9643b85d9a7229be7273de0

Result: 3/32 (9.38%)

F-Secure

6.70.13260.0

2008.05.27

Suspicious:W32/Malware!Gemini

Panda

9.0.0.4

2008.05.27

Suspicious file

VBA32

3.12.6.6

2008.05.27

suspected of Win32.Trojan.Downloader (http://...)

http://www.dtdtdk.net/dk.txt
产物
26
hxxp://updatea.softhomeba.com/softd.exe
hxxp://updatea.softhomeba.com/soft0.exe
hxxp://updatea.softhomeba.com/soft1.exe
hxxp://updatea.softhomeba.com/soft2.exe
hxxp://updatea.softhomeba.com/soft3.exe
hxxp://updatea.softhomeba.com/soft4.exe
hxxp://updatea.softhomeba.com/soft5.exe
hxxp://updatea.softhomeba.com/soft6.exe
hxxp://updatea.softhomeba.com/soft7.exe
hxxp://updateb.softhomeba.com/soft8.exe
hxxp://updateb.softhomeba.com/soft9.exe
hxxp://updateb.softhomeba.com/soft10.exe
hxxp://updateb.softhomeba.com/soft11.exe
hxxp://updateb.softhomeba.com/soft12.exe
hxxp://updateb.softhomeba.com/soft13.exe
hxxp://updateb.softhomeba.com/soft14.exe
hxxp://updatec.softhomeba.com/soft15.exe
hxxp://updatec.softhomeba.com/soft16.exe
hxxp://updatec.softhomeba.com/soft17.exe
hxxp://updatec.softhomeba.com/soft18.exe
hxxp://updatec.softhomeba.com/soft19.exe
hxxp://updatec.softhomeba.com/soft20.exe
hxxp://updatec.softhomeba.com/soft21.exe
hxxp://updatec.softhomeba.com/soft22.exe
hxxp://updatec.softhomeba.com/soft23.exe
hxxp://updatec.softhomeba.com/soft24.exe
hxxp://updated.softhomeba.com/soft25.exe
hxxp://updated.softhomeba.com/soft26.exe
hxxp://updated.softhomeba.com/soft27.exe
hxxp://updated.softhomeba.com/soft28.exe
hxxp://updated.softhomeba.com/soft29.exe
hxxp://updated.softhomeba.com/soft30.exe
hxxp://updated.softhomeba.com/soft31.exe
hxxp://updated.softhomeba.com/soft32.exe
hxxp://updated.softhomeba.com/soft33.exe
hxxp://updated.softhomeba.com/soft34.exe
hxxp://updated.softhomeba.com/soft35.exe
hxxp://updated.softhomeba.com/soft36.exe

显示全部楼层 · 发表于 2008-5-27 12:53:26

Starting the file scan:

Begin scan in 'E:\AV\6123t.rar'
Begin scan in 'E:\AV\产物'
E:\AV\产物\soft31.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft32.exe
   [DETECTION] Is the Trojan horse TR/Agent.nbl
   [NOTE]    The file was deleted!
E:\AV\产物\soft33.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft19.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft21.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft22.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft23.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft24.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft25.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EQ
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald
   [NOTE]    The file was deleted!
E:\AV\产物\soft26.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft27.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft28.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afqn
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft29.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the worm WORM/Downloader.ME
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft30.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft18.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft20.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft34.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.FC
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft35.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft36.exe
   [DETECTION] Is the Trojan horse TR/Agent.NBJ.1
   [NOTE]    The file was deleted!
E:\AV\产物\soft11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft12.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft13.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft14.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft15.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft16.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft17.exe
  [0] Archive type: RSRC
  --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!
E:\AV\产物\soft9.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft10.exe
  [0] Archive type: RSRC
  --> Object
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.afqn
   [NOTE]    The file was deleted!
E:\AV\产物\softd.exe
   [DETECTION] Is the Trojan horse TR/Agent.nbl
   [NOTE]    The file was deleted!
E:\AV\产物\soft0.exe
   [DETECTION] Is the Trojan horse TR/Agent.nbj
   [NOTE]    The file was deleted!
E:\AV\产物\soft1.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft2.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft3.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft4.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ajnn
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft5.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft6.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft7.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
E:\AV\产物\soft8.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年5月27日  12:55
Used time: 00:24 min

The scan has been done completely.

   1 Scanning directories
   40 Files were scanned
   43 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   38 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -3 Files not concerned
   1 Archives were scanned
   0 Warnings
   38 Notes

The file '6123t.exe' has been determined to be 'UNDER ANALYSIS'.

[ 本帖最后由 Exia 于 2008-5-27 12:55 编辑 ]

显示全部楼层 · 发表于 2008-5-27 12:55:44

跟这个http://www.xiaobai01.net/update.txt列表一样

显示全部楼层 · 发表于 2008-5-27 12:56:54

信息 2008-05-27  12:56:34 您此次查毒清除了10个病毒
信息 2008-05-27  12:56:34 您此次查毒共查出10个病毒以及危险代码
信息 2008-05-27  12:56:34 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件94个
信息 2008-05-27  12:56:34 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-27  12:56:33 D:\Desktop\2úÎï.rar\产物\soft4.exe Win32.Troj.OnlineGameT.ss.106496 清除成功
病毒 2008-05-27  12:56:32 D:\Desktop\2úÎï.rar\产物\soft0.exe Win32.Troj.Small.16384 清除成功
病毒 2008-05-27  12:56:32 D:\Desktop\2úÎï.rar\产物\soft10.exe Win32.Troj.OnlineGamesT.xe.106496 清除成功
病毒 2008-05-27  12:56:30 D:\Desktop\2úÎï.rar\产物\soft36.exe Win32.Troj.Small.16384 清除成功
病毒 2008-05-27  12:56:30 D:\Desktop\2úÎï.rar\产物\soft34.exe Win32.Troj.OnlineGames.aw.49152 清除成功
病毒 2008-05-27  12:56:29 D:\Desktop\2úÎï.rar\产物\soft30.exe Win32.Troj.OnlineGameT.ni.49152 清除成功
病毒 2008-05-27  12:56:29 D:\Desktop\2úÎï.rar\产物\soft29.exe Win32.Troj.OnlineGames.aw.49293 清除成功
病毒 2008-05-27  12:56:28 D:\Desktop\2úÎï.rar\产物\soft28.exe Win32.PSWTroj.OnLineGames.106496 清除成功
病毒 2008-05-27  12:56:28 D:\Desktop\2úÎï.rar\产物\soft27.exe Win32.Troj.OnlineGames.cd.49152 清除成功
病毒 2008-05-27  12:56:28 D:\Desktop\2úÎï.rar\产物\soft25.exe Win32.Troj.GameOnlieT.cv.49152 清除成功

显示全部楼层 · 发表于 2008-5-27 12:58:02

Jiangmin AntiVirus report

Beijing Jiangmin New Sci & Tec. Co. Ltd.

Scan engine 11.00.703
lib data 2008-05-26
   Update data 2008-05-27

Scan object: C:\Documents and Settings\Grace\桌面\产物.rar

Start time:2008-05-27 12:56:59

in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft22.exe found Trojan/PSW.OnLineGames.adab virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft25.exe found Trojan/Ck88866.Gen virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft28.exe found Trojan/PSW.OnLineGames.sss virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft30.exe found Trojan/Ck88866.Gen virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft34.exe found TrojanDropper.Driver.a virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft36.exe found Trojan/PSW.OnLineGames.jub virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft17.exe found Rootkit.Vanti.fey virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft0.exe found Trojan/PSW.OnLineGames.jub virus, Deleted
in C:\Documents and Settings\Grace\桌面\产物.rar->产物\soft4.exe found Trojan/PSW.OnLineGames.sss virus, Deleted
completed.

scan result:
               files :41                               virus :9
  delete :9                                  kill virus :0
   scan speed(Kb/sec) :108                      scan time :00:00:12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -    - - - - - - - - - - - -

显示全部楼层 · 发表于 2008-5-27 12:59:52

江民第二包没有反应

显示全部楼层 · 发表于 2008-5-27 16:35:05

The file '6123t.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dldr.Small.iwh. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2008-5-27 19:36:29

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GamesOnline.acw
病毒： Trojan.PSW.Win32.GamesOnline.acv
病毒： RootKit.Win32.Undef.gt
病毒： Trojan.PSW.Win32.QQHX.twz
病毒： RootKit.Win32.RESSDT.al
病毒： Trojan.PSW.Win32.GamesOnline.wb
病毒： Trojan.PSW.Win32.GameOL.gbk
病毒： Trojan.PSW.Win32.GamesOnline.acu
病毒： Trojan.PSW.Win32.SunOnline.og
病毒： Trojan.PSW.Win32.SunOnline.op
病毒： Trojan.PSW.Win32.GamesOnline.act

MAC 地址：00:17:31:40:A3:57

用户来源：局域网

软件版本：20.46.12

显示全部楼层 · 发表于 2008-5-27 19:43:06

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft25.exe<FSG>:soft25.exe <- Trojan.Psw.Onlinegames.Aehr : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft25.exe<FSG>:soft25.exe<DLLRES>:res0.exe <- Trojan.Proxy.Xorpix.Eq : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft25.exe<FSG>:soft25.exe<DLLRES>:res0.exe<UPack>:res0.exe <- Trojan.Proxy.Xorpix.Eq : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft25.exe<FSG>:soft25.exe<DLLRES>:res1.exe <- Trojan.Rootkit.Agent.Ald : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft28.exe<UPack>:soft28.exe <- Trojan.Psw.Onlinegames.Adup : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft28.exe<UPack>:soft28.exe<DLLRES>:res0.exe <- Variant:Trojan.Psw.Onlinegames.Adup : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft28.exe<UPack>:soft28.exe<DLLRES>:res0.exe<UPack>:res0.exe <- Trojan.Psw.Wow.Azc : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft28.exe<UPack>:soft28.exe<DLLRES>:res1.exe <- Trojan.Psw.Onlinegames.Afqn : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft30.exe<FSG>:soft30.exe <- Trojan.Psw.Onlinegames.Ygb : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft30.exe<FSG>:soft30.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Ygh : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft34.exe <- Trojan.Psw.Onlinegames.Aimc : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft34.exe<FSG>:soft34.exe<DLLRES>:res1.exe <- Trojan.Proxy.Xorpix.Fc : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft10.exe <- Trojan.Psw.Onlinegames.Afql : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft10.exe<DLLRES>:res0.exe <- Variant:Trojan.Psw.Onlinegames.Afql : No action
C:\Documents and Settings\All Users\Documents\Test\产物.rar<RAR>:soft10.exe<DLLRES>:res1.exe <- Trojan.Psw.Onlinegames.Afqn : No action

Scanned objects : 119

Infected objects : 15

显示全部楼层 · 发表于 2008-5-27 19:43:43

[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft31.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft24.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft25.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft27.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft28.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft29.exe->(embedded)
[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft30.exe->(FSG)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft18.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft34.exe->(embedded)
[Found worm] <W32/Warezov.B.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft17.exe
[Found possible security risk] <W32/Heuristic-KPP!Eldorado (not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft10.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft1.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft4.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft6.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft7.exe->(embedded)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\产物.rar->产物\soft8.exe->(embedded)

---------------------------------------------------------------------
Scan ended: 2008-5-27, 19:43:22
Duration: 0:00:08

Scan result:

Scanned files:    7
Infected objects:    16
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

[病毒样本] 某站路过

本帖子中包含更多资源

86/24

ArcaVir2008

F-Prot 4.4.4