50个样本(测试有效期截止6月24日12：00)

显示全部楼层 · 发表于 2008-6-23 21:16:20

右键扫描 42 .exe不认识

运行

危险进程(PID:368): D:\download\50\50\42.exe

产品名称: 无
文件版本: 无
公司名称: 无
文件描述: 无
数字签名: 没有发现签名

危险级别: 高
级别评分: 61.18980
状态: 进程已被结束，但还没有清除，等待进一步处理。

在线扫描发现它不是有害程序，但这并不能肯定此文件是百分之百安全的。你可以信任它，但如果你认为它是不可信的也可以删除它。

显示全部楼层 · 发表于 2008-6-23 21:23:21

G DATA AntiVirus检测
版本 18.7.8155.555
病毒特征库日期 2008/6/23
开始时间： 2008/6/23 21:21
引擎：引擎A (AVK 18.4229), 引擎B (AVKB 18.318)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\Administrator\桌面\50\

对象： 1.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.adtv (引擎A)
对象： 10.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-Spy.Win32.Pophot.aqz (引擎A)
对象： 11.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan.Win32.Inject.aed (引擎A)
对象： 12.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.ajpn (引擎A)
对象： 13.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Backdoor.Win32.PcClient.dbr (引擎A)
对象： 14.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Worm.Win32.AutoRun.bix (引擎A)
对象： 15.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan.Win32.Buzus.fjh (引擎A)
对象： 16.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan.Win32.Agent.jtr (引擎A)
对象： 17.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.asek (引擎A)
对象： 18.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 19.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqeh (引擎A)
对象： 4.exe
在压缩档案中： C:\Documents and Settings\Administrator\桌面\50\2.EXE
状态：发现病毒
病毒： Backdoor.Win32.Ceckno.aym (引擎A)
对象： 2.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Backdoor.Win32.Ceckno.aym (引擎A)
对象： 20.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqgp (引擎A)
对象： [Upack]
在压缩档案中： C:\Documents and Settings\Administrator\桌面\50\21.exe
状态：发现病毒
病毒： Win32:OnLineGames-EAT [Trj] (引擎B)
对象： 21.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Win32:OnLineGames-EAT [Trj] (引擎B)
对象： 22.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqgp (引擎A)
对象： [Upack]
在压缩档案中： C:\Documents and Settings\Administrator\桌面\50\23.exe
状态：发现病毒
病毒： Win32:OnLineGames-EAT [Trj] (引擎B)
对象： 23.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Win32:OnLineGames-EAT [Trj] (引擎B)
对象： 24.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.asbu (引擎A)
对象： 25.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.arwu (引擎A)
对象： 26.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apms (引擎A)
对象： 27.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 28.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqna (引擎A)
对象： 29.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 3.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Worm.Win32.Delf.cg (引擎A)
对象： 30.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.arpj (引擎A)
对象： 31.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.asek (引擎A)
对象： 32.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apil (引擎A)
对象： 33.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apms (引擎A)
对象： 34.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqna (引擎A)
对象： 35.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apms (引擎A)
对象： 36.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 37.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqeh (引擎A)
对象： 38.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 39.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.arpj (引擎A)
对象： 4.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-Downloader.Win32.Flux.ep (引擎A)
对象： 40.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqmr (引擎A)
对象： 41.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqgp (引擎A)
对象： 43.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.QQPass.cdw (引擎A)
对象： 44.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aphm (引擎A)
对象： 45.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqfs (引擎A)
对象： 47.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aplq (引擎A)
对象： 48.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.aqmr (引擎A)
对象： 49.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apms (引擎A)
对象： 5.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-Downloader.Win32.Flux.fm (引擎A)
对象： 50.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.apil (引擎A)
对象： 6.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-Downloader.Win32.VB.bvx (引擎A)
对象： 8.exe
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Trojan-PSW.Win32.OnLineGames.abfv (引擎A)
对象： 9.EXE
路径: C:\Documents and Settings\Administrator\桌面\50
状态：病毒，文件被删除
病毒： Backdoor.Win32.PcClient.crq (引擎A)

扫描完成于： 2008/6/23 21:21
50个文件已检测
47个受感染文件已发现
0个可疑文件被发现

显示全部楼层 · 发表于 2008-6-23 21:43:41

全灭

显示全部楼层 · 发表于 2008-6-23 21:46:40

江民杀毒软件报告文件

北京江民新科技术有限公司

扫描引擎 11.00.704
病毒库日期 2008-06-23
更新日期 2008-06-23

扫描目标 F:\50.rar

开始时间 2008-06-23 21:45:50

在 F:\50.rar->50\1.EXE 中发现 Trojan/PSW.OnLineGames.tut 病毒, 已删除
在 F:\50.rar->50\2.EXE 中发现 Trojan/PSW.QQPass.qw 病毒, 已删除
在 F:\50.rar->50\3.EXE 中发现 TrojanDownloader.Agent.lzk 病毒, 已删除
在 F:\50.rar->50\4.exe 中发现 TrojanDownloader.Flux.ao 病毒, 已删除
在 F:\50.rar->50\5.exe 中发现 TrojanDownloader.Flux.bt 病毒, 已删除
在 F:\50.rar->50\6.EXE 中发现 TrojanDownloader.VB.hwe 病毒, 已删除
在 F:\50.rar->50\8.exe 中发现 Rootkit.Vanti.fam 病毒, 已删除
在 F:\50.rar->50\9.EXE 中发现 Backdoor/Agent.bfwk 病毒, 已删除
在 F:\50.rar->50\10.exe 中发现 TrojanSpy.Pophot.oj 病毒, 已删除
在 F:\50.rar->50\11.EXE 中发现 Trojan/Inject.acb 病毒, 已删除
在 F:\50.rar->50\12.EXE 中发现 Trojan/PSW.OnLineGames.aips 病毒, 已删除
在 F:\50.rar->50\13.EXE 中发现 Backdoor/PcClient.fry 病毒, 已删除
在 F:\50.rar->50\14.exe 中发现 Worm/AutoRun.ay 病毒, 已删除
在 F:\50.rar->50\15.EXE 中发现 Trojan/Buzus.aqv 病毒, 已删除
在 F:\50.rar->50\16.EXE 中发现 Trojan-DDos.Agent.si 病毒, 已删除
在 F:\50.rar->50\17.exe 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\18.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\19.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\20.EXE 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\21.exe 中发现 Trojan/PSW.OnLineGames.Gen 病毒, 已删除
在 F:\50.rar->50\22.EXE 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\23.exe 中发现 Trojan/PSW.OnLineGames.Gen 病毒, 已删除
在 F:\50.rar->50\24.exe 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\25.exe 中发现 Trojan/PSW.OnlineGames.Gen 病毒, 已删除
在 F:\50.rar->50\26.exe 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\27.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\28.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\29.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\30.EXE 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\31.exe 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\32.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\33.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\34.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\35.exe 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\36.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\37.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\38.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\39.EXE 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\40.exe 中发现 Trojan/PSW.OnlineGames.Gen 病毒, 已删除
在 F:\50.rar->50\41.EXE 中发现 Trojan/PSW.OnLineGames.vdq 病毒, 已删除
在 F:\50.rar->50\43.exe 中发现 Trojan/PSW.OnLineGames.aloy 病毒, 已删除
在 F:\50.rar->50\44.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\45.EXE 中发现 Trojan/PSW.OnLineGames.Gen 病毒, 已删除
在 F:\50.rar->50\46.exe 中发现 Trojan/PSW.OnLineGames.Gen 病毒, 已删除
在 F:\50.rar->50\47.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\48.exe 中发现 Trojan/PSW.OnlineGames.Gen 病毒, 已删除
在 F:\50.rar->50\49.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
在 F:\50.rar->50\50.EXE 中发现 Trojan/PSW.OnLineGames.urs 病毒, 已删除
正常结束。

扫描结果:
               文件数 :52                               病毒体 :48
               删除 :48                                  解毒 :0
扫描速度(千字节/秒) :540                            扫描时间 :00:00:04
扫描文件速度(个/秒) :13

显示全部楼层 · 发表于 2008-6-23 21:52:15

2008-6-23 21:52:04 Real-time file system protection file G:\v\50\50.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:52:02 Real-time file system protection file G:\v\50\49.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:52:01 Real-time file system protection file G:\v\50\48.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:59 Real-time file system protection file G:\v\50\47.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:58 Real-time file system protection file G:\v\50\46.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:56 Real-time file system protection file G:\v\50\45.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:54 Real-time file system protection file G:\v\50\44.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:53 Real-time file system protection file G:\v\50\43.exe a variant of Win32/PSW.QQPass.NCZ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:51 Real-time file system protection file G:\v\50\41.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:50 Real-time file system protection file G:\v\50\40.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:48 Real-time file system protection file G:\v\50\39.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:47 Real-time file system protection file G:\v\50\38.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:45 Real-time file system protection file G:\v\50\37.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:43 Real-time file system protection file G:\v\50\36.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:42 Real-time file system protection file G:\v\50\35.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:40 Real-time file system protection file G:\v\50\34.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:38 Real-time file system protection file G:\v\50\33.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:37 Real-time file system protection file G:\v\50\32.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:35 Real-time file system protection file G:\v\50\31.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:34 Real-time file system protection file G:\v\50\30.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:32 Real-time file system protection file G:\v\50\29.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:30 Real-time file system protection file G:\v\50\28.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:29 Real-time file system protection file G:\v\50\27.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:28 Real-time file system protection file G:\v\50\26.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:26 Real-time file system protection file G:\v\50\25.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:25 Real-time file system protection file G:\v\50\24.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:23 Real-time file system protection file G:\v\50\23.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:22 Real-time file system protection file G:\v\50\22.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:20 Real-time file system protection file G:\v\50\21.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:19 Real-time file system protection file G:\v\50\20.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:17 Real-time file system protection file G:\v\50\19.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:16 Real-time file system protection file G:\v\50\18.EXE a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:14 Real-time file system protection file G:\v\50\17.exe a variant of Win32/PSW.OnLineGames.OAF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:13 Real-time file system protection file G:\v\50\16.EXE Win32/Small.NO trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:12 Real-time file system protection file G:\v\50\15.EXE a variant of Win32/Poison trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:10 Real-time file system protection file G:\v\50\14.exe probably a variant of Win32/Delf.NDF worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:08 Real-time file system protection file G:\v\50\12.EXE a variant of Win32/PSW.OnLineGames.NFL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:07 Real-time file system protection file G:\v\50\11.EXE Win32/Inject.AED trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:05 Real-time file system protection file G:\v\50\10.exe a variant of Win32/Spy.Delf.NIL trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:04 Real-time file system protection file G:\v\50\9.EXE a variant of Win32/PcClient trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:03 Real-time file system protection file G:\v\50\8.exe a variant of Win32/PSW.OnLineGames.MUG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:01 Real-time file system protection file G:\v\50\7.PIF probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:51:00 Real-time file system protection file G:\v\50\6.EXE probably a variant of Win32/TrojanDownloader.VB trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:50:59 Real-time file system protection file G:\v\50\5.exe Win32/TrojanDownloader.Flux.AB trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:50:57 Real-time file system protection file G:\v\50\4.exe a variant of Win32/TrojanDownloader.Flux trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:50:56 Real-time file system protection file G:\v\50\3.EXE Win32/TrojanDownloader.Delf.BHO trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-6-23 21:50:54 Real-time file system protection file G:\v\50\1.EXE probably a variant of Win32/PSW.QQPass.NDF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-6-23 21:53:25

2.EXE
2008-6-23 21:52:45 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temp\IXP000.TMP\4.exe Win32/Agent.NCQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\50\2.EXE.

13.EXE
2008-6-23 21:53:05 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\drive\C\WINDOWS\system32\uscmzo.dll Win32/PcClient trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\50\13.EXE.

显示全部楼层 · 发表于 2008-6-23 21:55:07

原帖由 hellobaby 于 2008-6-23 20:48 发表
直接解压，红伞监控漏42.exe。后用红伞扫描（开高启），发现病毒，提示手工清除。结论：红伞全认。

如果没错的话红伞启发尸体

显示全部楼层 · 发表于 2008-6-23 22:41:15

显示全部楼层 · 发表于 2008-6-23 22:42:57

rchive type: RAR
  --> 50\2.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
--> 50\3.EXE
      [DETECTION] Is the Trojan horse TR/Spy.Gen
--> 50\4.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
--> 50\5.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
  --> 50\6.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
  --> 50\7.PIF
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
--> 50\8.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abej
  --> 50\9.EXE
   [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
  --> 50\10.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> 50\11.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.hax
  --> 50\13.EXE
   [DETECTION] Contains detection pattern of the dropper DR/PcClient.Gen
  --> 50\14.exe
   [DETECTION] Contains detection pattern of the worm WORM/Autorun.bix.8
  --> 50\15.EXE
   [DETECTION] Is the Trojan horse TR/Dldr.Agent.YZD
  --> 50\16.EXE
   [DETECTION] Is the Trojan horse TR/Agent.jtr.1
   [WARNING] The file was ignored!

[病毒样本] 50个样本(测试有效期截止6月24日12：00)

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

49

本帖子中包含更多资源