virus

显示全部楼层 · 发表于 2008-6-4 09:50:59

2008-6-1=http://60.190.114.61/a1.exe
2008-6-1=http://60.190.114.61/a2.exe
2008-6-1=http://60.190.114.61/a3.exe
2008-6-1=http://60.190.114.61/a4.exe
2008-6-1=http://60.190.114.61/a5.exe
2008-6-1=http://60.190.114.61/a6.exe
2008-6-1=http://60.190.114.61/a7.exe
2008-6-1=http://60.190.114.61/a8.exe
2008-6-1=http://60.190.114.61/a9.exe
2008-6-1=http://60.190.114.61/a10.exe
2008-6-1=http://60.190.114.61/a11.exe
2008-6-1=http://60.190.114.61/a12.exe
2008-6-1=http://60.190.114.61/a13.exe
2008-6-1=http://60.190.114.61/a14.exe
2008-6-1=http://60.190.114.61/a15.exe
2008-6-1=http://60.190.114.61/a16.exe
2008-6-1=http://60.190.114.61/a17.exe
2008-6-1=http://60.190.114.61/a18.exe
2008-6-1=http://60.190.114.61/a19.exe
2008-6-1=http://59.34.198.190/a20.exe
2008-6-1=http://59.34.198.190/a21.exe
2008-6-1=http://59.34.198.190/a22.exe
2008-6-1=http://59.34.198.190/a23.exe
2008-6-1=http://59.34.198.190/a24.exe
2008-6-1=http://59.34.198.190/a25.exe
2008-6-1=http://59.34.198.190/a26.exe
2008-6-1=http://59.34.198.190/a27.exe
2008-6-1=http://59.34.198.190/a28.exe
2008-6-1=http://59.34.198.190/a29.exe

显示全部楼层 · 发表于 2008-6-4 09:51:57

28
程序:
E:\A28.EXE
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-6-4 09:54:58

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\virus'
C:\Documents and Settings\Administrator\桌面\virus\a1.exe
   [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alme.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a12.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almc
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a13.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a14.exe
   [DETECTION] Is the Trojan horse TR/PSW.16493
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a15.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almz
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a16.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a17.exe
   [DETECTION] Is the Trojan horse TR/PSW.18417.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a18.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a19.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.allu
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almb
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a20.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahnr
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a21.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aenz
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a22.exe
   [DETECTION] Is the Trojan horse TR/PSW.18397
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a23.exe
   [DETECTION] Is the Trojan horse TR/PSW.16981
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a24.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alor.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a25.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almh.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a26.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahrg
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a27.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.akyh.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a28.exe
   [DETECTION] Is the Trojan horse TR/Agent.43569
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a29.exe
   [DETECTION] Is the Trojan horse TR/Drop.Spy.Pca.A.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a3.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a4.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.almd
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a5.exe
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alne
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a6.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a7.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aldu
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.235
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\virus\a9.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aom
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!

End of the scan: 星期三 2008年6月4日  09:54
Used time: 00:17 min

The scan has been done completely.

   1 Scanning directories
   29 Files were scanned
   32 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   29 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -3 Files not concerned
   0 Archives were scanned
   0 Warnings
   29 Notes

显示全部楼层 · 发表于 2008-6-4 11:35:38

Ikarus 29
D:\病毒测试\临时解压\a1.exe - 特征码 'Virus.Win32.GrayBird.KM' 被发现
D:\病毒测试\临时解压\a10.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a11.exe - 特征码 'Generic.PWS.Games.4' 被发现
D:\病毒测试\临时解压\a12.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a13.exe - 特征码 'Trojan-PWS.Win32.Lmir.awg' 被发现
D:\病毒测试\临时解压\a14.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a15.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a16.exe - 可疑代码段被发现 (Level: 75)
D:\病毒测试\临时解压\a17.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a18.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
D:\病毒测试\临时解压\a19.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a2.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a20.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a21.exe - 特征码 'Virus.Win32.OnLineGames.CYJ' 被发现
D:\病毒测试\临时解压\a22.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a23.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a24.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a25.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a26.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a27.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a28.exe - 特征码 'Virus.Win32.GrayBird.KM' 被发现
D:\病毒测试\临时解压\a29.exe - 特征码 'Virus.Win32.Delf.EVJ' 被发现
D:\病毒测试\临时解压\a3.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a4.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a5.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a6.exe - 特征码 'Trojan-PWS.Win32.Gamec.aa' 被发现
D:\病毒测试\临时解压\a7.exe - 特征码 'Virus.Win32.OnLineGames.DOC' 被发现
D:\病毒测试\临时解压\a8.exe - 可疑代码段被发现 (Level: 140)
D:\病毒测试\临时解压\a9.exe - 可疑代码段被发现 (Level: 100)

29 文件被扫描
(0 压缩档 0 文件)

显示全部楼层 · 发表于 2008-6-4 11:46:17

不扫了 avast!监控报
第一包 Win32:Agent-BQC [Trj]
第二 Win32:OnLineGames-DQS [Trj]

显示全部楼层 · 发表于 2008-6-4 12:41:55

clear

信息 2008-06-04  12:40:34 您此次查毒隔离了29个文件
信息 2008-06-04  12:40:34 您此次查毒共查出29个病毒以及危险代码
信息 2008-06-04  12:40:34 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件65个
信息 2008-06-04  12:40:34 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒

显示全部楼层 · 发表于 2008-6-4 16:11:15

好面善

显示全部楼层 · 发表于 2008-6-4 17:49:34

Drweb 24/29

EAV

正在扫描日志
病毒库版本: 3156 (20080603)
日期: 2008-6-4 时间: 17:50:05
已扫描的磁盘、文件夹和文件: C:\Documents and Settings\sky\桌面\virus
C:\Documents and Settings\sky\桌面\virus\a10.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a11.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a12.exe - Win32/PSW.OnLineGames.NWB 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a13.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a14.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a15.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a16.exe - 可能是 Win32/PSW.WOW.WU 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a17.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a18.exe - 可能是 Win32/Genetik 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a19.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a2.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马
C:\Documents and Settings\sky\桌面\virus\a20.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a21.exe - Win32/PSW.OnLineGames.NWB 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a22.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a23.exe - Win32/PSW.OnLineGames.MUG 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a24.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a25.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a26.exe - 可能是 Win32/PSW.OnLineGames.NWB 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a27.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a28.exe - 未查明的 NewHeur_PE 病毒 [7]
C:\Documents and Settings\sky\桌面\virus\a29.exe - Win32/Delf.CSN 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a3.exe - 可能是 Win32/PSW.OnLineGames.NWB 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a4.exe - 可能是 Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a5.exe - Win32/PSW.OnLineGames.NWB 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a6.exe - Win32/PSW.QQPass.NCZ 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a7.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a8.exe - Win32/PSW.OnLineGames.NWC 特洛伊木马的变种
C:\Documents and Settings\sky\桌面\virus\a9.exe - Win32/PSW.OnLineGames.XZN 特洛伊木马的变种
已扫描的对象数: 29
发现的威胁数: 28
已清除对象数:0
完成时间: 17:50:09 总扫描时间: 4 秒 (00:00:04)
备注:
[7] 对象可能感染了未知病毒。

显示全部楼层 · 发表于 2008-6-4 20:39:05

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOL.nvd
病毒： Trojan.PSW.Win32.GameOL.nvb
病毒： Backdoor.Win32.Agent.yff
病毒： Backdoor.Win32.Agent.yff
病毒： Trojan.PSW.Win32.QQPass.dnh
病毒： Trojan.PSW.Win32.XYOnline.afb
病毒： RootKit.Win32.Undef.ib
病毒： RootKit.Win32.Undef.ib
病毒： Trojan.PSW.Win32.GameOL.nsq
病毒： Trojan.PSW.Win32.LMir.bqd
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GamesOnline.aeb

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.22

[病毒样本] virus

本帖子中包含更多资源

51/29