一大包病毒

显示全部楼层 · 发表于 2008-6-3 18:37:16

kav miss 41

显示全部楼层 · 发表于 2008-6-3 19:57:56

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOL.nvb
病毒： Trojan.Win32.StartPage.mcy
病毒： Trojan.PSW.Win32.GameOL.nvd
病毒： Trojan.PSW.Win32.GameOL.nsq
病毒： Trojan.PSW.Win32.GameOL.nve
病毒： Trojan.Win32.Undef.hbl
病毒： Trojan.Win32.Mnless.drt
病毒： Trojan.PSW.Win32.XYOnline.aec

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.12

显示全部楼层 · 发表于 2008-6-3 20:13:06

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.akay 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\0.exe//FSG//PEPatch
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Lmir.bvh 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aknl 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\a.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.qnv 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\bb.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-Spy.Win32.KeySpy.u 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\d32dx9.sys
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.qsy 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\gpr40D.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.qsy 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\gpr458.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.crt 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcb.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.crr 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcq.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.cru 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcqsj.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.crs 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapms.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.cmy 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapmy.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.alae 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimaptl.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.cni 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwd.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.cnj 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwl.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Nilage.cnd 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwm.dll
已刪除: 特洛伊木馬程式 Trojan.Win32.Inject.cky 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapzx.dll
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.akay 檔案: C:\Documents and Settings\kato9096\桌面\dudu\dudu\updatax.exe//FSG//PEPatch

18个,卡巴不报50.......已上报.

显示全部楼层 · 发表于 2008-6-3 20:16:19

Start of the scan: Tuesday,3 June 2008  20:16

Starting the file scan:

Begin scan in 'C:\Documents and Settings\kato9096\桌面\dudu'
C:\Documents and Settings\kato9096\桌面\dudu\dudu\0.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\15.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\27.exe
   [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\a.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\bb.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\d32dx9.sys
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\gpr40D.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\gpr458.exe
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcb.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcq.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapcqsj.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapms.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapmy.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimaptl.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwd.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwl.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapwm.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\midimapzx.dll
   [WARNING] The file could not be opened!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\rl.htm
   [DETECTION] Contains detection pattern of the Java script virus JS/Agent.ES
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\dudu\dudu\updatax.exe
   [WARNING] The file could not be opened!

End of the scan: Tuesday,3 June 2008  20:16
Used time: 00:08 min

The scan has been done completely.

   2 Scanning directories
   68 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   18 Files cannot be scanned
   66 Files not concerned
   0 Archives were scanned
   18 Warnings
   2 Notes

上报.

显示全部楼层 · 发表于 2008-6-3 21:31:00

drweb 3

TIS2008 6
"21:31" "手动扫描" "文件" "Cryp_Pai-3" "C:\Documents and Settings\sky\桌面\dudu\dudu\0.exe" "删除成功" ""
"21:31" "手动扫描" "文件" "TROJ_ANOMALY.AKX" "C:\Documents and Settings\sky\桌面\dudu\dudu\27.exe" "删除成功" ""
"21:31" "手动扫描" "文件" "TROJ_AGENT.RIW" "C:\Documents and Settings\sky\桌面\dudu\dudu\bb.exe" "删除成功" ""
"21:31" "手动扫描" "文件" "TROJ_KEYSPY.AG" "C:\Documents and Settings\sky\桌面\dudu\dudu\d32dx9.sys" "删除成功" ""
"21:31" "手动扫描" "文件" "JS_REAPLAY.B" "C:\Documents and Settings\sky\桌面\dudu\dudu\rl.htm" "删除成功" ""
"21:31" "手动扫描" "文件" "Cryp_Pai-3" "C:\Documents and Settings\sky\桌面\dudu\dudu\updatax.exe" "删除成功" ""

显示全部楼层 · 发表于 2008-6-3 21:34:37

信息 2008-06-03  21:34:25 您此次查毒隔离了17个文件
信息 2008-06-03  21:34:25 您此次查毒共查出17个病毒以及危险代码
信息 2008-06-03  21:34:25 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件79个
信息 2008-06-03  21:34:25 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\updatax.exe Win32.Hack.MaskPET.a.36864 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapzx.dll Win32.Troj.MapwdT.fc.20628 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapwm.dll Win32.PSWTroj.Nilage.22016 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapwl.dll Win32.PSWTroj.Nilage.23040 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapwd.dll Win32.PSWTroj.Nilage.21504 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimaptl.dll Win32.Troj.MapwdT.fc.20628 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapmy.dll Win32.PSWTroj.Nilage.32768 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapms.dll Win32.PSWTroj.Nilage.24064 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapcqsj.dll Win32.Troj.MapwdT.fc.20628 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapcq.dll Win32.Troj.MapwdT.fc.20628 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\midimapcb.dll Win32.Troj.MapwdT.fc.20628 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\gpr458.exe Win32.Troj.Agent.98304 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\d32dx9.sys Win32.Troj.KeySpy.u.6592 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\bb.exe Win32.Troj.Agent.372736 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\a.exe Win32.PSWTroj.OnLineGames.143360 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\15.exe Win32.Troj.Wow.df.163901 隔离成功
病毒 2008-06-03  21:34:25 D:\Desktop\calc\dudu\0.exe Win32.Hack.MaskPET.a.36864 隔离成功

显示全部楼层 · 发表于 2008-6-3 21:36:16

[Found possible security risk] <W32/Heuristic-MU2!Eldorado (damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part1.rar->dudu\5.exe
[Found possible security risk] <W32/Heuristic-CSU!Eldorado (damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part1.rar->dudu\15.exe
[Found possible security risk] <W32/Heuristic-CSU!Eldorado (damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\a.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\gpr40D.exe
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapwm.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapwd.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapms.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapzx.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimaptl.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapwl.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapcb.dll
[Found security risk] <W32/OnlineGames.B.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\midimapmy.dll
[Found Trojan] <W32/Trojan2.ASUR (exact, damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\updatax.exe
[Found possible security risk] <W32/Heuristic-210!Eldorado (damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\gpr458.exe->(UPack)
[Found Trojan] <W32/Trojan2.ASUR (exact, damaged, not disinfectable)> C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar->dudu\0.exe

---------------------------------------------------------------------
Scan ended: 2008-6-3, 21:35:54
Duration: 0:00:06

Scan result:

Scanned files:    7
Infected objects:    15
Disinfected objects:    0
Quarantined files:    0
-----------------------------------------------------------

显示全部楼层 · 发表于 2008-6-3 21:37:00

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\dudu.part1.rar<RAR>:27.exe <- Trojan.Startpage.Bbq : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:bb.exe <- Trojan.Agent.Qnv : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:midimaptl.dll <- Trojan.Psw.Onlinegames.Alae : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:updatax.exe <- Trojan.Psw.Onlinegames.Akay : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:updatax.exe<FSG>:updatax.exe <- Trojan.Psw.Onlinegames.Akay : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:0.exe <- Trojan.Psw.Onlinegames.Akay : No action
C:\Documents and Settings\All Users\Documents\Test\dudu.part2.rar<RAR>:0.exe<FSG>:0.exe <- Trojan.Psw.Onlinegames.Akay : No action

Scanned objects : 75

Infected objects : 7

显示全部楼层 · 发表于 2008-6-3 22:59:34

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com

显示全部楼层 · 发表于 2008-6-3 23:15:40

报启发而被转移隔离区的上报了么

[病毒样本] 一大包病毒

77/30

F-Prot 4.4.4

ArcaVir2008

回复 6楼 HC303 的帖子