[病毒样本] 130

显示全部楼层 · 发表于 2008-6-5 07:15:53

红伞打扫战场
Start of the scan: 2008年6月5日  07:15

Starting the file scan:

Begin scan in 'D:\TDdownload\0604\0604'
D:\TDdownload\0604\0604\ad7546.exe3
   [DETECTION] Contains detection pattern of the dropper DR/BHO.biw.2
   [NOTE]    The file was deleted!
D:\TDdownload\0604\0604\b.exe3
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
D:\TDdownload\0604\0604\beep.sys
   [DETECTION] Is the Trojan horse TR/Agent.qxb
   [NOTE]    The file was deleted!
D:\TDdownload\0604\0604\install.exe3
   [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
   [NOTE]    The file was deleted!
D:\TDdownload\0604\0604\k120060400712.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48792237.qua'!
D:\TDdownload\0604\0604\k120060401317.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4a75cb40.qua'!
D:\TDdownload\0604\0604\k12009446806.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48792239.qua'!
D:\TDdownload\0604\0604\k120094468712.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4a75cb42.qua'!
D:\TDdownload\0604\0604\k120094468913.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4879223b.qua'!
D:\TDdownload\0604\0604\k120094469014.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4a75cb44.qua'!
D:\TDdownload\0604\0604\k120094469115.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4879223d.qua'!
D:\TDdownload\0604\0604\k120116850213.exe3
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '4a75cb46.qua'!
D:\TDdownload\0604\0604\mpwdeapi.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
D:\TDdownload\0604\0604\wininnet.nls
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48b5226f.qua'!

End of the scan: 2008年6月5日  07:15
Used time: 00:11 min

The scan has been done completely.

   1 Scanning directories
   63 Files were scanned
   5 viruses and/or unwanted programs were found
   9 Files were classified as suspicious:
   5 files were deleted
   0 files were repaired
   9 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   58 Files not concerned
   0 Archives were scanned
   0 Warnings
   14 Notes

14个

显示全部楼层 · 发表于 2008-6-5 07:52:48

43+9可疑＝52

显示全部楼层 · 发表于 2008-6-5 08:24:57

红伞余下49个。
25037278  ad7564.exe3  127.8 KB  UNDER ANALYSIS
25037279  AUTOEXEC.NT  1.73 KB  UNDER ANALYSIS
25037280  BsMain.ini  160 Byte  UNDER ANALYSIS
25037281  cid_store.dat  9.83 KB  UNDER ANALYSIS
25037282  ciwdaapi.sys  24 Byte  UNDER ANALYSIS
25037283  config.ini  1.19 KB  UNDER ANALYSIS
25037284  conime.exe3  12.07 KB  UNDER ANALYSIS
25037285  ctfmon.exe3  12.07 KB  UNDER ANALYSIS
25037286  FNTCACHE.DAT  97.51 KB  UNDER ANALYSIS
25037287  hijackthis.exe2  645.39 KB  UNDER ANALYSIS
25037282  ijsgajba.sys  24 Byte  UNDER ANALYSIS
25037289  k120116850314.exe3  5.25 KB  UNDER ANALYSIS
25037290  msoscqit.dat  256 Byte  UNDER ANALYSIS
25037291  msosdohs.dat  256 Byte  UNDER ANALYSIS
25037292  msosfmsq.dat  256 Byte  UNDER ANALYSIS
25037293  msosmhfp.dat  256 Byte  UNDER ANALYSIS
25037294  msosping.dat  128 Byte  UNDER ANALYSIS
25037295  msosptfs.dat  256 Byte  UNDER ANALYSIS
25037296  newxbttb.sys  520 Byte  UNDER ANALYSIS
25037297  nttzapaq.sys  520 Byte  UNDER ANALYSIS
25037299  nvapps.xml  49.85 KB  UNDER ANALYSIS
25037300  prefscpl.cpl  24 KB  UNDER ANALYSIS
557879  REGKEY.hiv  8 KB  FALSE POSITIVE
25037301  tmp0EAD0.FOT  1.38 KB  UNDER ANALYSIS
25037302  tmp0FAD0.FOT  1.38 KB  UNDER ANALYSIS
1451931  pncrt.dll  272 KB  KNOWN CLEAN
1240417  pndx5016.dll  6.5 KB  KNOWN CLEAN
1240418  pndx5032.dll  5.5 KB  KNOWN CLEAN
3767251  QuickTime.qts  56 KB  KNOWN CLEAN
3767252  QuickTimeVR.qtx  88 KB  KNOWN CLEAN
25037306  tmp1BAD0.FOT  1.38 KB  UNDER ANALYSIS
25037307  tmp1CAD0.FOT  1.38 KB  UNDER ANALYSIS
25037308  tmp1DAD0.FOT  1.38 KB  UNDER ANALYSIS
25037309  tmp2AAD0.FOT  1.38 KB  UNDER ANALYSIS
25037310  tmpFFAD0.FOT  1.38 KB  UNDER ANALYSIS
25037311  win32.exe3  196 KB  UNDER ANALYSIS
25037312  winabc.GID  10.6 KB  UNDER ANALYSIS
25037313  wpa.dbl  2.15 KB  UNDER ANALYSIS
25037314  wuauclt.txt  12.07 KB  UNDER ANALYSIS
21104  watchdog.sys  17.25 KB  KNOWN CLEAN
25037316  cgsqatyu.sys  520 Byte  UNDER ANALYSIS
25037317  gpzhatde.sys  520 Byte  UNDER ANALYSIS
25037318  gsdhadwd.sys  520 Byte  UNDER ANALYSIS
25037319  rnmxajkl.sys  520 Byte  UNDER ANALYSIS
25037320  smmhbsrv.sys  520 Byte  UNDER ANALYSIS
25037321  snfybbyt.sys  520 Byte  UNDER ANALYSIS
25037322  spwdbapi.sys  520 Byte  UNDER ANALYSIS
25037312  winabc.GID  10.6 KB  UNDER ANALYSIS
25037323  xsdjbbmp.sys  1.02 KB  UNDER ANALYSIS
25037324  xzcsbhlp.sys  520 Byte  UNDER ANALYSIS
启发的12个：

25037326	k120060400712.exe3	5.7 KB	UNDER ANALYSIS
25037327	k120060401317.exe3	5.44 KB	UNDER ANALYSIS
25037328	k12009446773.exe3	4.28 KB	UNDER ANALYSIS
25037329	k12009446784.exe3	11.17 KB	UNDER ANALYSIS
25037330	k12009446806.exe3	15.42 KB	UNDER ANALYSIS
25037331	k120094468510.exe3	7.13 KB	UNDER ANALYSIS
25037332	k120094468712.exe3	4.28 KB	UNDER ANALYSIS
25037333	k120094468913.exe3	12.57 KB	UNDER ANALYSIS
25037334	k120094469014.exe3	8.3 KB	UNDER ANALYSIS
25037335	k120094469115.exe3	12.57 KB	UNDER ANALYSIS
25037336	k120116850213.exe3	6.63 KB	UNDER ANALYSIS
25037337	wininnet.nls	32 KB	UNDER ANALYSIS

[ 本帖最后由 HC303 于 2008-6-5 08:32 编辑 ]

显示全部楼层 · 发表于 2008-6-5 08:56:02

正在扫描日志
病毒库版本: 3159 (20080605)
日期: 2008-6-5 时间: 8:51:48
已扫描的磁盘、文件夹和文件: D:\firefox download\0604
D:\firefox download\0604\0604\0604\0601.exe2 - Win32/Small.NBT 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\12.exe2 - 正常
D:\firefox download\0604\0604\0604\ad7546.exe3 > NSIS > Entries.bin - 正常
D:\firefox download\0604\0604\0604\ad7546.exe3 > NSIS > Strings.txt - 正常
D:\firefox download\0604\0604\0604\ad7546.exe3 > NSIS > cpush.dll - Win32/Adware.Cinmus 应用程序的变种 - 是已删除对象的一部分
D:\firefox download\0604\0604\0604\ad7546.exe3 > NSIS > Uninst.exe - Win32/Adware.Cinmus 应用程序 - 是已删除对象的一部分
D:\firefox download\0604\0604\0604\ad7564.exe3 > NSIS > Entries.bin - 正常
D:\firefox download\0604\0604\0604\ad7564.exe3 > NSIS > Strings.txt - 正常
D:\firefox download\0604\0604\0604\ad7564.exe3 > NSIS > cpush.dll - Win32/Adware.Cinmus 应用程序的变种 - 是已删除对象的一部分
D:\firefox download\0604\0604\0604\ad7564.exe3 > NSIS > Uninst.exe - Win32/Adware.Cinmus 应用程序 - 是已删除对象的一部分
D:\firefox download\0604\0604\0604\AUTOEXEC.NT - 正常
D:\firefox download\0604\0604\0604\b.exe3 > UPX v12_m2 - 正常
D:\firefox download\0604\0604\0604\beep.sys - 正常
D:\firefox download\0604\0604\0604\BsMain.ini - 正常
D:\firefox download\0604\0604\0604\caaywt.exe3 - 正常
D:\firefox download\0604\0604\0604\cgsqatyu.sys - 正常
D:\firefox download\0604\0604\0604\cid_store.dat - 正常
D:\firefox download\0604\0604\0604\ciwdaapi.sys - 正常
D:\firefox download\0604\0604\0604\cj.exe2 - 正常
D:\firefox download\0604\0604\0604\cj.exe3 - 正常
D:\firefox download\0604\0604\0604\config.ini - 正常
D:\firefox download\0604\0604\0604\conime.exe3 - 正常
D:\firefox download\0604\0604\0604\ctfmon.exe3 - 正常
D:\firefox download\0604\0604\0604\dlld1.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld10.exe3 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld11.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld12.exe2 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld13.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld2.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld3.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld4.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld5.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld6.exe2 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld7.exe2 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld8.exe2 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\dlld9.exe2 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\ffcay.exe3 - 正常
D:\firefox download\0604\0604\0604\FNTCACHE.DAT - 正常
D:\firefox download\0604\0604\0604\ghwxattb.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\gpzhatde.sys - 正常
D:\firefox download\0604\0604\0604\gsdhadwd.sys - 正常
D:\firefox download\0604\0604\0604\hijackthis.exe2 > NSIS > Entries.bin - 正常
D:\firefox download\0604\0604\0604\hijackthis.exe2 > NSIS > Strings.txt - 正常
D:\firefox download\0604\0604\0604\hijackthis.exe2 > NSIS > hijackthis.exe > ASPack v2.12 - 正常
D:\firefox download\0604\0604\0604\ijsgajba.sys - 正常
D:\firefox download\0604\0604\0604\install.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\ismhasrv.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\k120060400712.exe3 - 正常
D:\firefox download\0604\0604\0604\k120060401317.exe3 - 正常
D:\firefox download\0604\0604\0604\k12009446773.exe3 - 正常
D:\firefox download\0604\0604\0604\k12009446784.exe3 - 正常
D:\firefox download\0604\0604\0604\k12009446806.exe3 - 正常
D:\firefox download\0604\0604\0604\k120094468510.exe3 - 正常
D:\firefox download\0604\0604\0604\k120094468712.exe3 - 正常
D:\firefox download\0604\0604\0604\k120094468913.exe3 - 正常
D:\firefox download\0604\0604\0604\k120094469014.exe3 - 正常
D:\firefox download\0604\0604\0604\k120094469115.exe3 - 正常
D:\firefox download\0604\0604\0604\k120116850213.exe3 - 正常
D:\firefox download\0604\0604\0604\k120116850314.exe3 - 正常
D:\firefox download\0604\0604\0604\lpmxajkl.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\lpzhatde.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\LYLOADER.EXE3 - Win32/PSW.Agent.NEC 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\LYMANGR.DLL - Win32/PSW.OnLineGames.DTR 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\mpwdeapi.dll - Win32/PSW.OnLineGames.FDY 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\MSDEG32.DLL - Win32/PSW.OnLineGames.VPI 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\msoscqit.dat - 正常
D:\firefox download\0604\0604\0604\msosdohs.dat - 正常
D:\firefox download\0604\0604\0604\msosfmsq.dat - 正常
D:\firefox download\0604\0604\0604\msosmhfp.dat - 正常
D:\firefox download\0604\0604\0604\msosping.dat - 正常
D:\firefox download\0604\0604\0604\msosptfs.dat - 正常
D:\firefox download\0604\0604\0604\net.exe3 - Win32/Mypis 病毒的变种 - 已删除 - 已隔离
D:\firefox download\0604\0604\0604\newxbttb.sys - 正常
D:\firefox download\0604\0604\0604\nttzapaq.sys - 正常
D:\firefox download\0604\0604\0604\nvapps.xml - 正常
D:\firefox download\0604\0604\0604\oltzapaq.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p1.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p10.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p11.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p12.exe3 - 正常
D:\firefox download\0604\0604\0604\p13.exe3 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p14.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p15.exe3 - 正常
D:\firefox download\0604\0604\0604\p16.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p17.exe3 - 正常
D:\firefox download\0604\0604\0604\p18.exe3 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p19.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p2.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p20.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p21.exe3 - 正常
D:\firefox download\0604\0604\0604\p22.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p25.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p26.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p27.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p28.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p29.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p3.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p4.exe3 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p5.exe2 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p6.exe2 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p7.exe2 - 正常
D:\firefox download\0604\0604\0604\p8.exe2 - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\p9.exe2 - 正常
D:\firefox download\0604\0604\0604\pldhadwd.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\pncrt.dll - 正常
D:\firefox download\0604\0604\0604\pndx5016.dll - 正常
D:\firefox download\0604\0604\0604\pndx5032.dll - 正常
D:\firefox download\0604\0604\0604\posqatyu.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\prefscpl.cpl - 正常
D:\firefox download\0604\0604\0604\qnnlhe.exe3 - 正常
D:\firefox download\0604\0604\0604\QuickTime.qts - 正常
D:\firefox download\0604\0604\0604\QuickTimeVR.qtx - 正常
D:\firefox download\0604\0604\0604\REGKEY.hiv - 正常
D:\firefox download\0604\0604\0604\rnmxajkl.sys - 正常
D:\firefox download\0604\0604\0604\ShuiNiu.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\siwdaapi.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\smmhbsrv.sys - 正常
D:\firefox download\0604\0604\0604\snfybbyt.sys - 正常
D:\firefox download\0604\0604\0604\spwdbapi.sys - 正常
D:\firefox download\0604\0604\0604\tjfyabyt.exe3 - 可能是 Win32/Genetik 特洛伊木马的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\tmp0EAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmp0FAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmp1BAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmp1CAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmp1DAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmp2AAD0.FOT - 正常
D:\firefox download\0604\0604\0604\tmpFFAD0.FOT - 正常
D:\firefox download\0604\0604\0604\uqunnpm.exe3 - Win32/Delf.NDF 蠕虫的变种 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\watchdog.sys - 正常
D:\firefox download\0604\0604\0604\win32.exe3 - 正常
D:\firefox download\0604\0604\0604\winabc.GID - 正常
D:\firefox download\0604\0604\0604\wininnet.nls - 正常
D:\firefox download\0604\0604\0604\wpa.dbl - 正常
D:\firefox download\0604\0604\0604\wuauclt.txt - 正常
D:\firefox download\0604\0604\0604\xsdjbbmp.sys - 正常
D:\firefox download\0604\0604\0604\xzcsbhlp.sys - 正常
D:\firefox download\0604\0604\0604\zsdjabmp.exe3 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
D:\firefox download\0604\0604\0604\zxcsahlp.exe3 - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 通过删除清除 - 已隔离 [1]
已扫描的对象数: 138
发现的威胁数: 58
已清除对象数:58
完成时间: 8:55:36 总扫描时间: 228 秒 (00:03:48)

备注:
[1] 由于对象中仅包含病毒主体，因此已被删除。

显示全部楼层 · 发表于 2008-6-5 11:05:05

Scan performed at: 2008/6/5 11:05:11
Scanning Log
NOD32 version 3159 (20080605) NT
Command line: G:\v\0604
C:\Program Files\Eset\nod32.exe - is OK

Date: 5.6.2008 Time: 11:05:13
Anti-Stealth technology is enabled.
Scanned disks, folders and files: G:\v\0604\
G:\v\0604\0604\0601.exe2 - Win32/Small.NBT trojan
G:\v\0604\0604\12.exe2 - is OK
G:\v\0604\0604\ad7546.exe3 ?NSIS ?Entries.bin - is OK
G:\v\0604\0604\ad7546.exe3 ?NSIS ?Strings.txt - is OK
G:\v\0604\0604\ad7546.exe3 ?NSIS ?cpush.dll - a variant of Win32/Adware.Cinmus application
G:\v\0604\0604\ad7546.exe3 ?NSIS ?Uninst.exe - Win32/Adware.Cinmus application
G:\v\0604\0604\ad7564.exe3 ?NSIS ?Entries.bin - is OK
G:\v\0604\0604\ad7564.exe3 ?NSIS ?Strings.txt - is OK
G:\v\0604\0604\ad7564.exe3 ?NSIS ?cpush.dll - a variant of Win32/Adware.Cinmus application
G:\v\0604\0604\ad7564.exe3 ?NSIS ?Uninst.exe - Win32/Adware.Cinmus application
G:\v\0604\0604\AUTOEXEC.NT - is OK
G:\v\0604\0604\b.exe3 ?UPX v12_m2 - is OK
G:\v\0604\0604\beep.sys - is OK
G:\v\0604\0604\BsMain.ini - is OK
G:\v\0604\0604\caaywt.exe3 - is OK
G:\v\0604\0604\cgsqatyu.sys - is OK
G:\v\0604\0604\cid_store.dat - is OK
G:\v\0604\0604\ciwdaapi.sys - is OK
G:\v\0604\0604\cj.exe2 - is OK
G:\v\0604\0604\cj.exe3 - is OK
G:\v\0604\0604\config.ini - is OK
G:\v\0604\0604\conime.exe3 - is OK
G:\v\0604\0604\ctfmon.exe3 - is OK
G:\v\0604\0604\dlld1.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld10.exe3 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\dlld11.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld12.exe2 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld13.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld2.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld3.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld4.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld5.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld6.exe2 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\dlld7.exe2 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\dlld8.exe2 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\dlld9.exe2 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\ffcay.exe3 - is OK
G:\v\0604\0604\FNTCACHE.DAT - is OK
G:\v\0604\0604\ghwxattb.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\gpzhatde.sys - is OK
G:\v\0604\0604\gsdhadwd.sys - is OK
G:\v\0604\0604\hijackthis.exe2 ?NSIS ?Entries.bin - is OK
G:\v\0604\0604\hijackthis.exe2 ?NSIS ?Strings.txt - is OK
G:\v\0604\0604\hijackthis.exe2 ?NSIS ?hijackthis.exe ?ASPack v2.12 - is OK
G:\v\0604\0604\ijsgajba.sys - is OK
G:\v\0604\0604\install.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\ismhasrv.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\k120060400712.exe3 - is OK
G:\v\0604\0604\k120060401317.exe3 - is OK
G:\v\0604\0604\k12009446773.exe3 - is OK
G:\v\0604\0604\k12009446784.exe3 - is OK
G:\v\0604\0604\k12009446806.exe3 - is OK
G:\v\0604\0604\k120094468510.exe3 - is OK
G:\v\0604\0604\k120094468712.exe3 - is OK
G:\v\0604\0604\k120094468913.exe3 - is OK
G:\v\0604\0604\k120094469014.exe3 - is OK
G:\v\0604\0604\k120094469115.exe3 - is OK
G:\v\0604\0604\k120116850213.exe3 - is OK
G:\v\0604\0604\k120116850314.exe3 - is OK
G:\v\0604\0604\lpmxajkl.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\lpzhatde.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\LYLOADER.EXE3 - a variant of Win32/PSW.Agent.NEC trojan
G:\v\0604\0604\LYMANGR.DLL - a variant of Win32/PSW.OnLineGames.DTR trojan
G:\v\0604\0604\mpwdeapi.dll - a variant of Win32/PSW.OnLineGames.FDY trojan
G:\v\0604\0604\MSDEG32.DLL - a variant of Win32/PSW.OnLineGames.VPI trojan
G:\v\0604\0604\msoscqit.dat - is OK
G:\v\0604\0604\msosdohs.dat - is OK
G:\v\0604\0604\msosfmsq.dat - is OK
G:\v\0604\0604\msosmhfp.dat - is OK
G:\v\0604\0604\msosping.dat - is OK
G:\v\0604\0604\msosptfs.dat - is OK
G:\v\0604\0604\net.exe3 - a variant of Win32/Mypis virus
G:\v\0604\0604\newxbttb.sys - is OK
G:\v\0604\0604\nttzapaq.sys - is OK
G:\v\0604\0604\nvapps.xml - is OK
G:\v\0604\0604\oltzapaq.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p1.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p10.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p11.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p12.exe3 - is OK
G:\v\0604\0604\p13.exe3 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\p14.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p15.exe3 - is OK
G:\v\0604\0604\p16.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p17.exe3 - is OK
G:\v\0604\0604\p18.exe3 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\p19.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p2.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p20.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p21.exe3 - is OK
G:\v\0604\0604\p22.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p25.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p26.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p27.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p28.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p29.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p3.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p4.exe3 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p5.exe2 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\p6.exe2 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p7.exe2 - is OK
G:\v\0604\0604\p8.exe2 - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\0604\0604\p9.exe2 - is OK
G:\v\0604\0604\pldhadwd.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\pncrt.dll - is OK
G:\v\0604\0604\pndx5016.dll - is OK
G:\v\0604\0604\pndx5032.dll - is OK
G:\v\0604\0604\posqatyu.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\prefscpl.cpl - is OK
G:\v\0604\0604\qnnlhe.exe3 - is OK
G:\v\0604\0604\QuickTime.qts - is OK
G:\v\0604\0604\QuickTimeVR.qtx - is OK
G:\v\0604\0604\REGKEY.hiv - is OK
G:\v\0604\0604\rnmxajkl.sys - is OK
G:\v\0604\0604\ShuiNiu.exe3 - Win32/Small.L virus
G:\v\0604\0604\siwdaapi.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\smmhbsrv.sys - is OK
G:\v\0604\0604\snfybbyt.sys - is OK
G:\v\0604\0604\spwdbapi.sys - is OK
G:\v\0604\0604\tjfyabyt.exe3 - probably a variant of Win32/Genetik trojan
G:\v\0604\0604\tmp0EAD0.FOT - is OK
G:\v\0604\0604\tmp0FAD0.FOT - is OK
G:\v\0604\0604\tmp1BAD0.FOT - is OK
G:\v\0604\0604\tmp1CAD0.FOT - is OK
G:\v\0604\0604\tmp1DAD0.FOT - is OK
G:\v\0604\0604\tmp2AAD0.FOT - is OK
G:\v\0604\0604\tmpFFAD0.FOT - is OK
G:\v\0604\0604\uqunnpm.exe3 - a variant of Win32/Delf.NDF worm
G:\v\0604\0604\watchdog.sys - is OK
G:\v\0604\0604\win32.exe3 - is OK
G:\v\0604\0604\winabc.GID - is OK
G:\v\0604\0604\wininnet.nls - is OK
G:\v\0604\0604\wpa.dbl - is OK
G:\v\0604\0604\wuauclt.txt - is OK
G:\v\0604\0604\xsdjbbmp.sys - is OK
G:\v\0604\0604\xzcsbhlp.sys - is OK
G:\v\0604\0604\zsdjabmp.exe3 - Win32/PSW.OnLineGames.OAF trojan
G:\v\0604\0604\zxcsahlp.exe3 - Win32/PSW.OnLineGames.OAF trojan
Number of scanned files: 138
Number of threats found: 58
Time of completion: 11:05:39 Total scanning time: 26 sec (00:00:26)

显示全部楼层 · 发表于 2008-6-5 11:18:37

诺顿59个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.XYOnline.afe
病毒： Trojan.PSW.Win32.GameOL.nwl
病毒： Trojan.PSW.Win32.XYOnline.afe
病毒： Trojan.DL.Win32.Direct.mx
病毒： Trojan.Win32.Undef.hcj
病毒： Trojan.PSW.Win32.SunGame.u
病毒： Trojan.PSW.Win32.GameOL.nve
病毒： Trojan.PSW.Win32.GameOL.nrv
病毒： Trojan.PSW.Win32.GameOL.nvc
病毒： Trojan.PSW.Win32.GamesOnline.afn
病毒： Worm.Madangel.a
病毒： Worm.Win32.AVKiller.aa
病毒： Trojan.DL.Win32.Mnless.aie
病毒： Backdoor.Win32.Agent.zvg
病毒： Trojan.Clicker.Win32.PopHot.dxq
病毒： Trojan.Clicker.Win32.PopHot.dxq
病毒： Trojan.Clicker.Win32.PopHot.dxj
病毒： Trojan.Win32.Mnless.drt

用户来源：互联网

软件版本：20.47.22

56个

显示全部楼层 · 发表于 2008-6-5 13:06:06

信息 2008-06-05  12:11:04 您此次查毒隔离了62个文件
信息 2008-06-05  12:11:04 您此次查毒共查出62个病毒以及危险代码
信息 2008-06-05  12:11:04 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件186个
信息 2008-06-05  12:11:04 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒

显示全部楼层 · 发表于 2008-6-5 15:11:15

上报结果
25037316  cgsqatyu.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037317  gpzhatde.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037318  gsdhadwd.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037319  rnmxajkl.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037320  smmhbsrv.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037321  snfybbyt.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037322  spwdbapi.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037312  winabc.GID  10.6 KB  CLEAN
25037323  xsdjbbmp.sys  1.02 KB  DAMAGED FILE (UNKNOWN)
25037324  xzcsbhlp.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037278  ad7564.exe3  127.8 KB  MALWARE
25037279  AUTOEXEC.NT  1.73 KB  CLEAN
25037280  BsMain.ini  160 Byte  DAMAGED FILE (UNKNOWN)
25037281  cid_store.dat  9.83 KB  CLEAN
25037282  ciwdaapi.sys  24 Byte  CLEAN
25037283  config.ini  1.19 KB  CLEAN
25037284  conime.exe3  12.07 KB  CLEAN
25037285  ctfmon.exe3  12.07 KB  DAMAGED FILE (UNKNOWN)
25037286  FNTCACHE.DAT  97.51 KB  DAMAGED FILE (UNKNOWN)
25037287  hijackthis.exe2  645.39 KB  CLEAN
25037282  ijsgajba.sys  24 Byte  CLEAN
25037289  k120116850314.exe3  5.25 KB  DAMAGED FILE (UNKNOWN)
25037290  msoscqit.dat  256 Byte  DAMAGED FILE (UNKNOWN)
25037291  msosdohs.dat  256 Byte  DAMAGED FILE (UNKNOWN)
25037292  msosfmsq.dat  256 Byte  DAMAGED FILE (UNKNOWN)
25037293  msosmhfp.dat  256 Byte  DAMAGED FILE (UNKNOWN)
25037294  msosping.dat  128 Byte  DAMAGED FILE (UNKNOWN)
25037295  msosptfs.dat  256 Byte  DAMAGED FILE (UNKNOWN)
25037296  newxbttb.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037297  nttzapaq.sys  520 Byte  DAMAGED FILE (UNKNOWN)
25037299  nvapps.xml  49.85 KB  CLEAN
25037300  prefscpl.cpl  24 KB  CLEAN
557879  REGKEY.hiv  8 KB  FALSE POSITIVE
25037301  tmp0EAD0.FOT  1.38 KB  DAMAGED FILE (UNKNOWN)
25037302  tmp0FAD0.FOT  1.38 KB  DAMAGED FILE (UNKNOWN)
1451931  pncrt.dll  272 KB  KNOWN CLEAN
1240417  pndx5016.dll  6.5 KB  KNOWN CLEAN
1240418  pndx5032.dll  5.5 KB  KNOWN CLEAN
3767251  QuickTime.qts  56 KB  KNOWN CLEAN
3767252  QuickTimeVR.qtx  88 KB  KNOWN CLEAN
25037299  nvapps.xml  49.85 KB  CLEAN
25037300  prefscpl.cpl  24 KB  CLEAN
557879  REGKEY.hiv  8 KB  FALSE POSITIVE
25037301  tmp0EAD0.FOT  1.38 KB  DAMAGED FILE (UNKNOWN)
25037302  tmp0FAD0.FOT  1.38 KB  DAMAGED FILE (UNKNOWN)
1451931  pncrt.dll  272 KB  KNOWN CLEAN
1240417  pndx5016.dll  6.5 KB  KNOWN CLEAN
1240418  pndx5032.dll  5.5 KB  KNOWN CLEAN
3767251  QuickTime.qts  56 KB  KNOWN CLEAN
3767252  QuickTimeVR.qtx  88 KB  KNOWN CLEAN

显示全部楼层 · 发表于 2008-6-5 19:17:05

如何得知报了启发

[ 本帖最后由 kato9096 于 2008-6-5 19:26 编辑 ]

显示全部楼层 · 发表于 2008-6-5 19:25:04

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Backdoor.Win32.Agent.zvg
病毒： Trojan.Win32.Undef.hir
病毒： Trojan.Win32.AvKiller.bz
病毒： Trojan.Clicker.Win32.PopHot.dxq
病毒： Trojan.Clicker.Win32.PopHot.dxt
病毒： Trojan.Clicker.Win32.PopHot.dxj
病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.SunGame.u
病毒： Trojan.Win32.Mnless.drt
病毒： Trojan.PSW.Win32.XYOnline.afe
病毒： Trojan.PSW.Win32.GameOL.nwl
病毒： Trojan.PSW.Win32.XYOnline.afe
病毒： Trojan.DL.Win32.Direct.mx
病毒： Trojan.PSW.Win32.GameOL.nxa
病毒： Trojan.Win32.Undef.hcj
病毒： Trojan.PSW.Win32.GameOL.nve
病毒： Trojan.PSW.Win32.GameOL.nrv
病毒： Trojan.PSW.Win32.GameOL.nvc
病毒： Trojan.PSW.Win32.GamesOnline.afn
病毒： Worm.Madangel.a
病毒： Worm.Win32.AVKiller.aa
病毒： Trojan.DL.Win32.Mnless.aie

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.32

[病毒样本] 130

本帖子中包含更多资源

58

回复 13楼 HC303 的帖子

221/65