猛毒一个

Starting the file scan:

Begin scan in 'E:\样本'
E:\样本\a3.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.275
      [NOTE]      The file was deleted!
E:\样本\j4.exe
      [DETECTION] Is the Trojan horse TR/Flood.PortFlooder.B
      [NOTE]      The file was deleted!
E:\样本\y5.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.amdt
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!
E:\样本\m6.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ampm
      [NOTE]      The file was deleted!
E:\样本\r7.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.267
      [NOTE]      The file was deleted!
E:\样本\i8.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.37128
      [NOTE]      The file was deleted!
E:\样本\x9.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!
E:\样本\l10.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alna
      [NOTE]      The file was deleted!
E:\样本\b11.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.272
      [NOTE]      The file was deleted!
E:\样本\z12.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ampc
      [NOTE]      The file was deleted!
E:\样本\m13.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.279
      [NOTE]      The file was deleted!
E:\样本\n14.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.281
      [NOTE]      The file was deleted!
E:\样本\o15.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ampf
      [NOTE]      The file was deleted!
E:\样本\g16.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.265
      [NOTE]      The file was deleted!
E:\样本\j17.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.271
      [NOTE]      The file was deleted!
E:\样本\l18.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!
E:\样本\c19.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.amdt
      [DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen
      [NOTE]      The file was deleted!
E:\样本\t20.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.amoc
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [NOTE]      The file was deleted!
E:\样本\p21.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.273
      [NOTE]      The file was deleted!
E:\样本\x22.exe
      [DETECTION] Is the Trojan horse TR/PSW.16493
      [NOTE]      The file was deleted!
E:\样本\m23.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.266
      [NOTE]      The file was deleted!
E:\样本\o24.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddp
      [NOTE]      The file was deleted!
E:\样本\b25.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ahsh
      [NOTE]      The file was deleted!
E:\样本\e26.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!
E:\样本\v27.exe
      [DETECTION] Is the Trojan horse TR/PSW.Online.ddp
      [NOTE]      The file was deleted!
E:\样本\m28.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.278
      [NOTE]      The file was deleted!
E:\样本\u29.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.amoc
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [NOTE]      The file was deleted!
E:\样本\h30.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!
E:\样本\b31.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.rek.2
      [NOTE]      The file was deleted!
E:\样本\c32.exe
    --> Object
      [1] Archive type: RSRC
      --> Object
          [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ampv
      [NOTE]      The file was deleted!
E:\样本\u33.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Popwin.bfu Backdoor server programs
      [NOTE]      The file was deleted!
E:\样本\z34.exe
      [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
      [NOTE]      The file was deleted!
E:\样本\e1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alcm
      [NOTE]      The file was deleted!
E:\样本\r2.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE]      The file was deleted!


End of the scan: 2008年6月5日  22:08
Used time: 00:21 min

The scan has been done completely.

      1 Scanning directories
     34 Files were scanned
     38 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     34 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -4 Files not concerned
      0 Archives were scanned
      0 Warnings
     34 Notes

qigang

原帖由 tanlimo 于 2008-6-5 22:03 发表
279509

http://www.youxiu88.cn/abe.exe

http://www.ipoff.cn/uc.txt

[5]
20080512 http://www.beibei88.cn/down/e1.exe
20080512 http://www.beibei88.cn/down/r2.exe
20080512 http://www.beibei88.cn ...

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOL.nxl
病毒： RootKit.Win32.RESSDT.bf  
病毒： RootKit.Win32.RESSDT.bf  
病毒： Trojan.PSW.Win32.GameOL.nvb
病毒： Trojan.PSW.Win32.GameOL.nxi
病毒： Trojan.PSW.Win32.GameOL.nxk
病毒： Trojan.IMMSG.Win32.TBMSG.lj
病毒： Trojan.PSW.Win32.QQPass.dnh

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.32

猜不出你是谁

原帖由 inf 于 2008-6-5 20:48 发表
norton 360:
未检测到病毒或间谍软件

看了半天，MS只有铁壳的没有扫出来哦

残缺的唯美

C:\Documents and Settings\Administrator\桌面\orz.rar » RAR » orz.exe - probably a variant of Win32/Jalous worm

aaad2008

Win32:Trojan-gen {Other}

jiffy

nod32确实可以报~·

[ 本帖最后由 jiffy 于 2008-6-5 23:39 编辑 ]

sam.to

已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amoo        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/a3.exe//PE_Patch.UPX//UPX
已刪除: 惡意軟體 Flooder.Win32.PortFlooder.b        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/j4.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amey        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/y5.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amor        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/m6.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.Agent.aof        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/r7.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampd        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/i8.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amno        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/x9.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.alna        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/l10.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampj        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/b11.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampc        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/z12.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ammx        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/m13.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampd        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/n14.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampf        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/o15.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampa        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/g16.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amoh        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/j17.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amds        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/l18.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amey        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/c19.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amnl        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/p21.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.aloc        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/x22.exe//FSG
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amph        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/m23.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ahsh        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/b25.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amoy        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/e26.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ammu        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/m28.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amrk        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/h30.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampi        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/b31.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ampg        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/c32.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Backdoor.Win32.Popwin.bfu        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/u33.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.ccl        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/z34.exe//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.alcm        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/e1.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.amog        檔案: C:\Documents and Settings\kato9096\桌面\样本（34个 ）.rar/r2.exe//PE_Patch.UPX//UPX

30个,不报的已上报.

wuyalun

巴8.0.0.402阻止，系统时间没事。巴8.0.0.402阻止，系统时间没事。

zhou1973bzue

不是了

lx1234

特洛伊木马 W32/Suspicious_U.gen
已受感染 文件 c:\docume~1\lx\桌面\orz\orz.exe
已移除 特洛伊木马 W32/Suspicious_U.gen