8

sam.to

Start of the scan: Saturday,7 June 2008  20:28

Starting the file scan:

Begin scan in 'C:\Documents and Settings\kato9096\桌面\system32'
C:\Documents and Settings\kato9096\桌面\system32\an006[1].Vexe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [NOTE]      The file was deleted!
C:\Documents and Settings\kato9096\桌面\system32\sperls.dll2
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.47
      [NOTE]      The file was deleted!


End of the scan: Saturday,7 June 2008  20:28
Used time: 00:17 min

The scan has been done completely.

      1 Scanning directories
      8 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      2 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      0 Archives were scanned
      0 Warnings
      2 Notes



to antivir

File ID          Filename          Size (Byte)         Result
25039446          hujfgt.dll2          8.5 KB          UNDER ANALYSIS
25039447          jmkcgt.dll2          8.5 KB          UNDER ANALYSIS
25039448          msssc.dll2          44 Byte          UNDER ANALYSIS
25039449          Procmon1.exe2          2.45 MB          UNDER ANALYSIS
25039450          sysme.bat3          81 Byte          UNDER ANALYSIS
25039451          tencent.sys3          66 Byte          UNDER ANALYSIS


已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.abzd        檔案: C:\Documents and Settings\kato9096\桌面\system32.rar/sperls.dll2
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ajng        檔案: C:\Documents and Settings\kato9096\桌面\system32.rar/hujfgt.dll2
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ajya        檔案: C:\Documents and Settings\kato9096\桌面\system32.rar/jmkcgt.dll2

3,to kl

[ 本帖最后由 kato9096 于 2008-6-7 20:30 编辑 ]

Joker

4
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\system32'
C:\Documents and Settings\Administrator\桌面\system32\an006[1].Vexe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\system32\hujfgt.dll2
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The fund was classified as suspicious.
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\system32\jmkcgt.dll2
      [DETECTION] Contains suspicious code HEUR/Malware
      [NOTE]      The fund was classified as suspicious.
      [WARNING]   The file was ignored!
C:\Documents and Settings\Administrator\桌面\system32\sperls.dll2
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.47
      [NOTE]      The file was successfully wiped!
      [NOTE]      The file was deleted!

25039450	sysme.bat3	81 Byte	UNDER ANALYSIS
25039446	hujfgt.dll2	8.5 KB	UNDER ANALYSIS
25039447	jmkcgt.dll2	8.5 KB	UNDER ANALYSIS
25039448	msssc.dll2	44 Byte	UNDER ANALYSIS
25039449	Procmon1.exe2	2.45 MB	UNDER ANALYSIS
25039451	tencent.sys3	66 Byte	UNDER ANALYSIS
25039453	an006[1].Vexe	71.7 KB	UNDER ANALYSIS

LZ怎么测试的和我不一样啊。。。

[ 本帖最后由 Joker 于 2008-6-7 20:31 编辑 ]

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\system32.rar<RAR>:an006[1].Vexe<UPack>:an006[1].Vexe <- Downloader.Agent.Bto : No action



Scanned objects : 13

Infected objects : 1

sbbdms

卡巴杀3

已删除：木马程序 Trojan-PSW.Win32.OnLineGames.abzd 文件　: D:\软件\其它\v\k\system32.rar/sperls.dll2
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.ajng 文件　: D:\软件\其它\v\k\system32.rar/hujfgt.dll2
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.ajya 文件　: D:\软件\其它\v\k\system32.rar/jmkcgt.dll2

TO KL

你既然已经TO KL了为什么不早说啊。。。。后面才编辑

Hello,

an006[1].Vexe - Trojan-Downloader.Win32.Agent.sfj

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

msssc.dll2, Procmon1.exe_, sysme.bat_, tencent.sys3

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: system32.rar

[ 本帖最后由 sbbdms 于 2008-6-7 23:24 编辑 ]

allinwonderi

[Found password stealer]         <W32/Pwstealer.OHL (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\system32.rar->hujfgt.dll2
[Found downloader]         <W32/Downloader.B.gen!Eldorado (not disinfectable, generic)>        C:\Documents and Settings\All Users\Documents\Test\system32.rar->an006[1].Vexe

---------------------------------------------------------------------
Scan ended:        2008-6-7, 20:29:01
Duration:        0:00:08

Scan result:

Scanned files:                 6
Infected objects:         2
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------

电影结束了

对象: Procmon1.exe2
        在压缩档案里: F:\system32.rar
        Status: 已发现病毒
        病毒: Win32.Huhk.A (BD 引擎)
对象: sperls.dll2
        在压缩档案里: F:\system32.rar
        Status: 已发现病毒
        病毒: Trojan.PWS.Agent.SCY (BD 引擎)
对象: hujfgt.dll2
        在压缩档案里: F:\system32.rar
        Status: 已发现病毒
        病毒: Trojan.Generic.242052 (BD 引擎)
对象: jmkcgt.dll2
        在压缩档案里: F:\system32.rar
        Status: 已发现病毒
        病毒: Trojan.Generic.265932 (BD 引擎)

sam.to

那我不上报了，如果你上报了的話

[ 本帖最后由 kato9096 于 2008-6-7 20:33 编辑 ]

sam.to

我沒打开啟发,这为了上报更多的新病毒

[ 本帖最后由 kato9096 于 2008-6-7 20:41 编辑 ]

hahacomcn

原帖由 kato9096 于 2008-6-7 20:32 发表
我沒打开啟发,这为了上报更多的新病毒

kato9096真是辛苦了，一个人给两家上报。

btw：最精病毒很猛啊，红伞表现有点不好。

tracydk