1群体

显示全部楼层 · 发表于 2008-6-6 18:23:33

2008-6-01=http://www.mm027.cn/p1.exe
2008-6-01=http://www.mm027.cn/p2.exe
2008-6-01=http://www.mm027.cn/p3.exe
2008-6-01=http://www.mm027.cn/p4.exe
2008-6-01=http://www.mm027.cn/p5.exe
2008-6-01=http://www.mm027.cn/p6.exe
2008-6-01=http://www.mm027.cn/p7.exe
2008-6-01=http://www.mm027.cn/p8.exe
2008-6-01=http://www.mm027.cn/p9.exe
2008-6-01=http://www.mm027.cn/p10.exe
2008-6-01=http://www.mm027.cn/p11.exe
2008-6-01=http://www.mm027.cn/p12.exe
2008-6-01=http://www.mm027.cn/p13.exe
2008-6-01=http://www.mm027.cn/p14.exe
2008-6-01=http://www.mm027.cn/p15.exe
2008-6-01=http://www.mm027.cn/p16.exe
2008-6-01=http://www.mm027.cn/p17.exe
2008-6-01=http://www.mm027.cn/p18.exe
2008-6-01=http://www.mm027.cn/p19.exe
2008-6-01=http://www.mm027.cn/p20.exe
2008-6-01=http://www.mm027.cn/p21.exe
2008-6-01=http://www.mm027.cn/p22.exe
2008-6-01=http://www.mm027.cn/p23.exe
2008-6-01=http://www.mm027.cn/p24.exe
2008-6-01=http://www.mm027.cn/p25.exe
2008-6-01=http://www.mm027.cn/p26.exe
2008-6-01=http://www.mm027.cn/p27.exe
2008-6-01=http://www.mm027.cn/p28.exe
2008-6-01=http://www.mm027.cn/p29.exe
2008-6-01=http://www.mm027.cn/p30.exe
2008-6-01=http://www.mm027.cn/p31.exe
2008-6-01=http://www.skphp.cn/cj.exe

两失效

[ 本帖最后由电影结束了于 2008-6-6 18:29 编辑 ]

显示全部楼层 · 发表于 2008-6-6 18:37:00

正在扫描日志
病毒库版本: 3163 (20080606)
日期: 2008-6-6 时间: 18:37:45
已扫描的磁盘、文件夹和文件: G:\v\virus.rar
G:\v\virus.rar > RAR > p30.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p1.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p2.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p3.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p4.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p5.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p6.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p7.exe - 正常
G:\v\virus.rar > RAR > p8.exe - 正常
G:\v\virus.rar > RAR > p9.exe - 正常
G:\v\virus.rar > RAR > p10.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p11.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p12.exe - 正常
G:\v\virus.rar > RAR > p13.exe - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p14.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p15.exe - 正常
G:\v\virus.rar > RAR > p16.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p17.exe - 正常
G:\v\virus.rar > RAR > p18.exe - Win32/PSW.OnLineGames.OAF 特洛伊木马 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p19.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p20.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p21.exe - 正常
G:\v\virus.rar > RAR > p22.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p23.exe - 正常
G:\v\virus.rar > RAR > p24.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p25.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p26.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p27.exe - 可能是 Win32/Genetik 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p28.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
G:\v\virus.rar > RAR > p29.exe - 可能是 Win32/PSW.OnLineGames.NML 特洛伊木马的变种 - 是已删除对象的一部分
已扫描的对象数: 30
发现的威胁数: 22
已清除对象数:22
完成时间: 18:37:51 总扫描时间: 6 秒 (00:00:06)

显示全部楼层 · 发表于 2008-6-6 18:37:30

Miss 3 pcs
TO KL

显示全部楼层 · 发表于 2008-6-6 18:39:07

YO。。。
这个木马群还不错

显示全部楼层 · 发表于 2008-6-6 18:43:30

样本呢？

显示全部楼层 · 发表于 2008-6-6 20:03:34

Begin scan in 'C:\Documents and Settings\haha\桌面\virus1.rar'
C:\Documents and Settings\haha\桌面\virus1.rar
C:\Documents and Settings\haha\桌面\virus1.rar
  [0] Archive type: RAR
--> p1.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p3.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p6.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p7.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Nilage.crs
--> p9.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.amvv
--> p10.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p12.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.alhf
--> p16.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p17.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Nilage.cnj
--> p19.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p20.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p22.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p23.exe
      [DETECTION] Is the Trojan horse TR/Agent.qsa
--> p28.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> p29.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    A backup was created as '48bb27f1.qua'  ( QUARANTINE )

End of the scan: 2008年6月6日  20:03
Used time: 00:06 min

The scan has been done completely.

   0 Scanning directories
   31 Files were scanned
   30 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-6-6 20:04:47

[Scanning : C:\Documents and Settings\All Users\Documents\Test]

C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p13.exe <- Trojan.Psw.Onlinegames.Ajoi : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p13.exe<UPack>:p13.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Ahvx : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p14.exe <- Trojan.Psw.Onlinegames.Alqk : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p18.exe <- Trojan.Psw.Onlinegames.Ajod : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p18.exe<UPack>:p18.exe<DLLRES>:MAIN0.exe <- Trojan.Psw.Onlinegames.Affc : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p25.exe <- Trojan.Psw.Onlinegames.Ajrc : No action
C:\Documents and Settings\All Users\Documents\Test\virus.rar<RAR>:p26.exe <- Trojan.Psw.Onlinegames.Amrj : No action

Scanned objects : 79

Infected objects : 7

显示全部楼层 · 发表于 2008-6-6 20:05:40

[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p30.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p1.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p2.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p3.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p4.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p5.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p6.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p7.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p8.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p9.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p10.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p11.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p12.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p13.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p14.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p15.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p16.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p17.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p18.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p19.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p20.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p21.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p22.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p23.exe
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p24.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p25.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p26.exe->(UPack)
[Found security risk] <W32/Agent.L.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p27.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p28.exe->(UPack)
[Found security risk] <W32/Nilage.gen!GSA (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\virus.rar->p29.exe->(UPack)

---------------------------------------------------------------------
Scan ended: 2008-6-6, 20:05:22
Duration: 0:00:28

Scan result:

Scanned files:    6
Infected objects:    30
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-6-6 20:09:30

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.PSW.Win32.GameOL.GEN
病毒： Trojan.PSW.Win32.GameOL.nxy
病毒： Trojan.PSW.Win32.GameOL.nve
病毒： Trojan.PSW.Win32.GamesOnline.afn
病毒： Trojan.Win32.Undef.hcj
病毒： Trojan.PSW.Win32.SunGame.u
病毒： Trojan.PSW.Win32.GamesOnline.afv
病毒： Trojan.PSW.Win32.GameOL.nxh
病毒： Trojan.PSW.Win32.GameOL.nvc

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.42

显示全部楼层 · 发表于 2008-6-6 20:10:56

23..

[病毒样本] 1群体

本帖子中包含更多资源

Kaspersky Internet Security 2009

ArcaVir2008

F-Prot 4.4.4

66/29

本帖子中包含更多资源

浏览过的版块