继续发!

显示全部楼层 · 发表于 2008-6-2 15:11:54

这个下载者好敬业

:\virus\anistio.exE - 可疑代码段被发现 (Level: 140)
D:\virus\bincdwsa.exe - 可疑代码段被发现 (Level: 140)
D:\virus\dbhlp32.exe - 可疑代码段被发现 (Level: 140)
D:\virus\dionpis.exe - 可疑代码段被发现 (Level: 140)
D:\virus\fmbiost.exe - 特征码 'Generic.PWS.Games.4' 被发现
D:\virus\fmsbbqi.exe - 可疑代码段被发现 (Level: 140)
D:\virus\fmsjhif.exe - 特征码 'Trojan-PWS.Win32.Lmir.awg' 被发现
D:\virus\gwsmhxuq.exe - 可疑代码段被发现 (Level: 140)
D:\virus\hefcndy.exe - 可疑代码段被发现 (Level: 140)
D:\virus\huifitc.exe - 可疑代码段被发现 (Level: 140)
D:\virus\issms32.exe - 可疑代码段被发现 (Level: 140)
D:\virus\mfchlp64.exe - 可疑代码段被发现 (Level: 140)
D:\virus\ptshell.exe - 可疑代码段被发现 (Level: 140)
D:\virus\tciocp64.exe - 可疑代码段被发现 (Level: 140)
D:\virus\ticisms.exe - 可疑代码段被发现 (Level: 140)
15 文件被扫描
(0 压缩档 0 文件)
2 特征码被侦测
13 可疑代码段被发现
耗时: 0:00.937

显示全部楼层 · 发表于 2008-6-2 15:15:44

15

显示全部楼层 · 发表于 2008-6-2 15:17:01

C:\Users\Administrator\Desktop\virus.rar » RAR » fmbiost.exe - Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » fmsbbqi.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » fmsjhif.exe - Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » gwsmhxuq.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » hefcndy.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » huifitc.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » issms32.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » mfchlp64.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » ptshell.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » tciocp64.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » ticisms.exe - a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » anistio.exE - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » bincdwsa.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » dbhlp32.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan
C:\Users\Administrator\Desktop\virus.rar » RAR » dionpis.exe - probably a variant of Win32/PSW.OnLineGames.NWC trojan

显示全部楼层 · 发表于 2008-6-2 15:18:04

卡巴还漏一个,不知道卡七能不能启发出来

显示全部楼层 · 发表于 2008-6-2 15:34:02

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\新資料夾'
C:\Documents and Settings\Administrator\桌面\新資料夾\anistio.exE
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almd
   [NOTE]    A backup was created as '48aca2c7.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\bincdwsa.exe
   [DETECTION] Is the Trojan horse TR/PSW.16493
   [NOTE]    A backup was created as '48b1a2c2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\dbhlp32.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almz
   [NOTE]    A backup was created as '48aba2bb.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\dionpis.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alme.1
   [NOTE]    A backup was created as '48b2a2c2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\fmbiost.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '48a5a2c6.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\fmsbbqi.exe
   [DETECTION] Is the Trojan horse TR/PSW.18417.1
   [NOTE]    A backup was created as '48b6a2c6.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\fmsjhif.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    A backup was created as '4915d537.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\gwsmhxuq.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.allu
   [NOTE]    A backup was created as '48b6a2d0.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\hefcndy.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahnr
   [NOTE]    A backup was created as '48a9a2be.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\huifitc.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almh.1
   [NOTE]    A backup was created as '48aca2ce.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\issms32.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    A backup was created as '48b6a2cc.qua'  ( QUARANTINE )
C:\Documents and Settings\Administrator\桌面\新資料夾\mfchlp64.exe
   [DETECTION] Is the Trojan horse TR/PSW.16545
   [NOTE]    A backup was created as '48a6a2bf.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\ptshell.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alni
   [NOTE]    A backup was created as '48b6a2cd.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\tciocp64.exe
   [DETECTION] Is the Trojan horse TR/PSW.18397
   [NOTE]    A backup was created as '48aca2bc.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\新資料夾\ticisms.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.akyh.1
   [NOTE]    A backup was created as '48a6a2c2.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

End of the scan: 2008年6月2日  15:33
Used time: 00:02 min

The scan has been done completely.

   1 Scanning directories
   15 Files were scanned
   14 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   14 files were deleted
   0 files were repaired
   15 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   15 Notes

25034398

issms32.exe

18.16 KB

UNDER ANALYSIS

[ 本帖最后由 Kitman 于 2008-6-2 15:35 编辑 ]

显示全部楼层 · 发表于 2008-6-2 15:37:46

drweb 14/15
tis2008 12/15

显示全部楼层 · 发表于 2008-6-2 16:16:59

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\BINCDWSA.EXE
木马程序生成以下文件:
1) C:\WINDOWS\BINCDWSA.EXE
2) C:\WINDOWS\SYSTEM32\BINCDWSA.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\DBHLP32.EXE
木马程序生成以下文件:
1) C:\WINDOWS\DBHLP32.EXE
2) C:\WINDOWS\SYSTEM32\DBHLP32.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\DIONPIS.EXE
木马程序生成以下文件:
1) C:\WINDOWS\DIONPIS.EXE
2) C:\WINDOWS\SYSTEM32\DIONPIS.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\FMBIOST.EXE
木马程序生成以下文件:
1) C:\WINDOWS\FMBIOST.EXE
2) C:\WINDOWS\SYSTEM32\FMBIOST.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\FMSBBQI.EXE
木马程序生成以下文件:
1) C:\WINDOWS\FMSBBQI.EXE
2) C:\WINDOWS\SYSTEM32\FMSBBQI.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\FMSJHIF.EXE
木马程序生成以下文件:
1) C:\WINDOWS\FMSJHIF.EXE
2) C:\WINDOWS\SYSTEM32\FMSJHIF.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\GWSMHXUQ.EXE
木马程序生成以下文件:
1) C:\WINDOWS\EOJXXXGW.EXE
2) C:\WINDOWS\SYSTEM32\IOUJUYWX.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\HEFCNDY.EXE
木马程序生成以下文件:
1) C:\WINDOWS\HEFCNDY.EXE
2) C:\WINDOWS\SYSTEM32\HEFCNDY.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\HUIFITC.EXE
木马程序生成以下文件:
1) C:\WINDOWS\HUIFITC.EXE
2) C:\WINDOWS\SYSTEM32\HUIFITC.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\ISSMS32.EXE
木马程序生成以下文件:
1) C:\WINDOWS\ISSMS32.EXE
2) C:\WINDOWS\SYSTEM32\ISSMS32.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\MFCHLP64.EXE
木马程序生成以下文件:
1) C:\WINDOWS\MFCHLP64.EXE
2) C:\WINDOWS\SYSTEM32\MFCHLP64.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\PTSHELL.EXE
木马程序生成以下文件:
1) C:\WINDOWS\PTSHELL.EXE
2) C:\WINDOWS\SYSTEM32\PTSHELL.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\TCIOCP64.EXE
木马程序生成以下文件:
1) C:\WINDOWS\TCIOCP64.EXE
2) C:\WINDOWS\SYSTEM32\TCIOCP64.DLL
是否删除木马程序及其衍生物?

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\VIRUS\TICISMS.EXE
木马程序生成以下文件:
1) C:\WINDOWS\TICISMS.EXE
2) C:\WINDOWS\SYSTEM32\TICISMS.DLL
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-6-2 16:48:18

裸奔也要有裸奔的法门

* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, June 02, 2008
* VPS: 080601-0, 06/01/2008
*

C:\Documents and Settings\Limited User\Desktop\virus\anistio.exE\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\bincdwsa.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\dbhlp32.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\dionpis.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\fmbiost.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\fmsbbqi.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\fmsjhif.exe\[FSG] [L] Win32:OnLineGames-DQN [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\gwsmhxuq.exe\[FSG] [L] Win32:OnLineGames-DJX [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\hefcndy.exe\[FSG] [L] Win32:OnLineGames-DQN [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\huifitc.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\issms32.exe\[FSG] [L] Win32:OnLineGames-DQN [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\mfchlp64.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\ptshell.exe\[FSG] [L] Win32:Agent-CNF [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\tciocp64.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
C:\Documents and Settings\Limited User\Desktop\virus\ticisms.exe\[FSG] [L] Win32:OnLineGames-DQS [Trj] (0)
Infected files: 15
Total files: 30
Total folders: 1
Total size: 1.1 MB

*
* Task stopped: Monday, June 02, 2008
* Run-time was 4 second(s)

显示全部楼层 · 发表于 2008-6-2 16:53:33

信息 2008-06-02  16:52:32 您此次查毒清除了15个病毒
信息 2008-06-02  16:52:32 您此次查毒共查出15个病毒以及危险代码
信息 2008-06-02  16:52:32 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件31个
信息 2008-06-02  16:52:32 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-06-02  16:52:32 C:\Documents and Settings\Administrator\桌面\virus.rar\dionpis.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:32 C:\Documents and Settings\Administrator\桌面\virus.rar\dbhlp32.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:32 C:\Documents and Settings\Administrator\桌面\virus.rar\bincdwsa.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:32 C:\Documents and Settings\Administrator\桌面\virus.rar\anistio.exE Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:32 C:\Documents and Settings\Administrator\桌面\virus.rar\ticisms.exe Win32.Troj.GameOnlineT.fx.69713 清除成功
病毒 2008-06-02  16:52:31 C:\Documents and Settings\Administrator\桌面\virus.rar\tciocp64.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:31 C:\Documents and Settings\Administrator\桌面\virus.rar\ptshell.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:31 C:\Documents and Settings\Administrator\桌面\virus.rar\mfchlp64.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:31 C:\Documents and Settings\Administrator\桌面\virus.rar\issms32.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:31 C:\Documents and Settings\Administrator\桌面\virus.rar\huifitc.exe Win32.PSWTroj.OnLineGames.78049 清除成功
病毒 2008-06-02  16:52:30 C:\Documents and Settings\Administrator\桌面\virus.rar\hefcndy.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:30 C:\Documents and Settings\Administrator\桌面\virus.rar\gwsmhxuq.exe Win32.PSWTroj.OnLineGames.86016 清除成功
病毒 2008-06-02  16:52:30 C:\Documents and Settings\Administrator\桌面\virus.rar\fmsjhif.exe Win32.Troj.OnlineGameT.nc.61440 清除成功
病毒 2008-06-02  16:52:30 C:\Documents and Settings\Administrator\桌面\virus.rar\fmsbbqi.exe Win32.Troj.PatchMainT.ty.90412 清除成功
病毒 2008-06-02  16:52:30 C:\Documents and Settings\Administrator\桌面\virus.rar\fmbiost.exe Win32.Troj.OnlineGameT.nc.61440 清除成功

显示全部楼层 · 发表于 2008-6-2 18:00:12

诺顿3个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.nsq
病毒： Trojan.PSW.Win32.GameOL.nvb

用户来源：互联网

软件版本：20.47.01
15个全杀

[病毒样本] 继续发!

本帖子中包含更多资源

本帖子中包含更多资源

15

回复 2楼小邪邪的帖子

本帖子中包含更多资源

[病毒样本] 继续发!

本帖子中包含更多资源

本帖子中包含更多资源

15

回复 2楼 小邪邪 的帖子

本帖子中包含更多资源

回复 2楼小邪邪的帖子