39个

显示全部楼层 · 发表于 2008-6-29 15:23:01

Starting the file scan:

Begin scan in 'C:\Documents and Settings\kato9096\桌面\样本'
C:\Documents and Settings\kato9096\桌面\样本\cc1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc10.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc11.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc12.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc13.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc14.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc15.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc16.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc17.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc19.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc2.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc20.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc21.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc23.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc5.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc6.exe
   [DETECTION] Contains detection pattern of the worm WORM/MSN.Zavis
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc8.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.argb
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\cc9.exe
  [0] Archive type: OVL
--> Object
   [1] Archive type: RSRC
   --> Object
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.argb
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\MMHADPQG1097.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\MMSADZFB1074.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\MMWLVAHB1039.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\MMWLVAHB1042.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\rfdswc.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\update.exe
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\vscript32.dll
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\zptlcsys.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\zxmsdwin.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\kato9096\桌面\样本\zyzxjime.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!

End of the scan: Sunday,29 June 2008  15:22
Used time: 00:09 min

The scan has been done completely.

   1 Scanning directories
   39 Files were scanned
   30 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   28 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   9 Files not concerned
   0 Archives were scanned
   0 Warnings
   28 Notes

11个不报.已上报.

File ID    Filename    Size (Byte) Result
25060948    cdwqfs.dll    224 KB    UNDER ANALYSIS
25060949    ddserh.dll    262.5 KB    UNDER ANALYSIS
25060863    fstlbsys.sys    1.02 KB    UNDER ANALYSIS
25060864    fxzxbime.sys    1.02 KB    UNDER ANALYSIS
25060865    fzmsbwin.sys    1.02 KB    UNDER ANALYSIS
25060950    mtewdh.dll    273 KB    UNDER ANALYSIS
25060951    sgdewg.dll    217 KB    UNDER ANALYSIS
25060866    up.css    4.5 KB    UNDER ANALYSIS
25060952    wrqszl.dll    227.5 KB    UNDER ANALYSIS
25060953    wyhesm.dll    227.5 KB    UNDER ANALYSIS
25060954    wyrsdj.dll    227.5 KB    UNDER ANALYSIS

显示全部楼层 · 发表于 2008-6-29 15:33:11

kv08 33

显示全部楼层 · 发表于 2008-6-29 15:35:08

病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\zxmsdwin.dll Win32.Troj.OnlineGameT.uv.91648 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\zptlcsys.dll Win32.Troj.OnlineGameT.uv.91648 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\wyrsdj.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\wyhesm.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\wrqszl.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\sgdewg.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\rfdswc.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:56 C:\Documents and Settings\Administrator\桌面\样本(1).rar\mtewdh.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\MMWLVAHB1039.dll Win32.Troj.AgentT.dl.86128 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\MMSADZFB1074.dll Win32.Troj.Agent.ks.81920 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\MMHADPQG1097.dll Win32.Troj.AgentT.dl.86128 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\ddserh.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cdwqfs.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-06-29  15:34:55 C:\Documents and Settings\Administrator\桌面\样本(1).rar\up.css Win32.TrojDownloader.Small.4608 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc23.exe Win32.Troj.OnlineGameT.pq.57344 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc21.exe Win32.Troj.Agent.73728 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc20.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc19.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc17.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc16.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc15.exe Win32.Troj.OnlineGamesT.ny.102456 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc14.exe Win32.Troj.OnlineGamesT.ny.102456 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc13.exe Win32.Troj.GameOnlineT.xx.61440 清除成功
病毒 2008-06-29  15:34:54 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc12.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc11.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc10.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc9.exe Win32.Troj.OnlineGameT.pq.57344 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc8.exe Win32.Troj.OnlineGameT.pq.57344 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc6.exe Win32.Troj.OnlineGameT.pq.57344 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc5.exe Win32.Troj.OnlineGamesT.ny.102456 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\cc2.exe Win32.Troj.OnlineGamesT.iw.110592 清除成功
病毒 2008-06-29  15:34:53 C:\Documents and Settings\Administrator\桌面\样本(1).rar\zyzxjime.dll Win32.Troj.OnlineGameT.uv.91648 清除成功

显示全部楼层 · 发表于 2008-6-29 15:40:15

kv杀33

显示全部楼层 · 发表于 2008-6-29 16:36:53

Hello,

cc11.exe_, ddserh.dll - Trojan-GameThief.Win32.OnLineGames.rzdm,
cdwqfs.dll - Trojan-GameThief.Win32.OnLineGames.rzdn,
MMWLVAHB1042.dll - Trojan-GameThief.Win32.OnLineGames.rzdo,
wrqszl.dll - Trojan-GameThief.Win32.OnLineGames.rzdq,
wyhesm.dll - Trojan-GameThief.Win32.OnLineGames.rzdr

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

fstlbsys.sys, fxzxbime.sys, fzmsbwin.sys

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-6-29 16:41:54

G:\v\c\cc1.exe - is OK
G:\v\c\cc10.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc11.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc12.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc13.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - cleaned by deleting - quarantined
G:\v\c\cc14.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined
G:\v\c\cc15.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined
G:\v\c\cc16.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc17.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc19.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc2.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc20.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - cleaned by deleting - quarantined
G:\v\c\cc21.exe - Win32/KillAV.NBX trojan - cleaned by deleting - quarantined
G:\v\c\cc23.exe - a variant of Win32/PSW.OnLineGames.XZN trojan - cleaned by deleting - quarantined
G:\v\c\cc5.exe - probably a variant of Win32/PSW.OnLineGames.OAF trojan - cleaned by deleting - quarantined
G:\v\c\cc6.exe - a variant of Win32/PSW.OnLineGames.XZN trojan - cleaned by deleting - quarantined
G:\v\c\cc8.exe - a variant of Win32/PSW.OnLineGames.XZN trojan - cleaned by deleting - quarantined
G:\v\c\cc9.exe - a variant of Win32/PSW.OnLineGames.XZN trojan - cleaned by deleting - quarantined
G:\v\c\cdwqfs.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\ddserh.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\fstlbsys.sys - is OK
G:\v\c\fxzxbime.sys - is OK
G:\v\c\fzmsbwin.sys - is OK
G:\v\c\MMHADPQG1097.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan - cleaned by deleting - quarantined
G:\v\c\MMSADZFB1074.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan - cleaned by deleting - quarantined
G:\v\c\MMWLVAHB1039.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan - cleaned by deleting - quarantined
G:\v\c\MMWLVAHB1042.dll - a variant of Win32/PSW.OnLineGames.PBQ trojan - cleaned by deleting - quarantined
G:\v\c\mtewdh.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\rfdswc.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\sgdewg.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\up.css - is OK
G:\v\c\update.exe - a variant of Win32/Inject.NBE trojan - cleaned by deleting - quarantined
G:\v\c\vscript32.dll - is OK
G:\v\c\wrqszl.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\wyhesm.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\wyrsdj.dll - a variant of Win32/PSW.OnLineGames.NOA trojan - cleaned by deleting - quarantined
G:\v\c\zptlcsys.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
G:\v\c\zxmsdwin.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined
G:\v\c\zyzxjime.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan - cleaned by deleting - quarantined

显示全部楼层 · 发表于 2008-6-29 17:23:18

Hello,

cc11.ex2e, ddserh.dll - Trojan-GameThief.Win32.OnLineGames.rzdm,
cc13.ex2e - Trojan-GameThief.Win32.OnLineGames.rzea,
cdwqfs.dll - Trojan-GameThief.Win32.OnLineGames.rzdn,
MMWLVAHB1042.dll - Trojan-GameThief.Win32.OnLineGames.rzdo,
wrqszl.dll - Trojan-GameThief.Win32.OnLineGames.rzdq,
wyhesm.dll - Trojan-GameThief.Win32.OnLineGames.rzdr

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

fstlbsys.sys, fxzxbime.sys, fzmsbwin.sys

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-6-29 17:41:57

Symantec
-8
去除非病毒
全部上报！

显示全部楼层 · 发表于 2008-6-29 18:01:24

红伞38个

显示全部楼层 · 发表于 2008-6-29 18:11:46

[病毒样本] 39个

32

本帖子中包含更多资源