[病毒样本] 19*

显示全部楼层 · 发表于 2008-7-2 11:45:40

昨天的...

显示全部楼层 · 发表于 2008-7-2 11:48:08

LZ的virus从哪儿抠来的..
17个
ntdll.dll和newxbttb.sys应该都不是病毒

显示全部楼层 · 发表于 2008-7-2 11:48:20

用G DATA AntiVirus检测病毒
版本 18.5.8071.731
病毒特征库日期 2008/7/2
开始时间： 2008/7/2 11:48
引擎：引擎A (AVK 18.4348), 引擎B (AVKB 18.331)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\祝俊杰\桌面\新建文件夹\

对象： 7976281.dnt
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxwr (引擎A)
对象： 7996828.dnt
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.WOW.bfr (引擎A)
对象： 8005921.dnt
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxqt (引擎A)
对象： 8042171.dnt.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-MLJ [Trj] (引擎B)
对象： ghwxattb.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:OnLineGames-EEP [Trj] (引擎B)
对象： jggtsr.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxws (引擎A)
对象： [Upack]
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\lmwdsb.dll
状态：检测到病毒
病毒： Win32:Agent-WVL [Trj] (引擎B)
对象： lmwdsb.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-WVL [Trj] (4x) (引擎B)
对象： oswxdttb.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-PSW.Win32.OnLineGames.aqba (引擎A)
对象： rqRJCVPf.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan.Win32.Monder.wk (引擎A)
对象： tfsdmz.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:OnLineGames-DQP [Trj] (引擎B)
对象： WD.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxqx (引擎A)

检测执行时间： 2008/7/2 11:48
19个文件已检测
11个受感染文件
0个可疑文件被发现

显示全部楼层 · 发表于 2008-7-2 11:49:34

原帖由 gankeyu 于 2008-7-2 11:48 发表
LZ的virus从哪儿抠来的..
17个

有些生成物...
有些是下载的....
还有些是QQ群里的.....

显示全部楼层 · 发表于 2008-7-2 11:54:51

Scan Log
Version of virus signature database: 3233 (20080701)
Date: 2008-7-2 Time: 11:54:39
Scanned disks, folders and files: G:\v\19.zip
G:\v\19.zip » ZIP » 7976281.dnt - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\19.zip » ZIP » 7996828.dnt - a variant of Win32/TrojanDownloader.VB.CEJ trojan
G:\v\19.zip » ZIP » 8005921.dnt - probably a variant of Win32/PSW.OnLineGames.NML trojan
G:\v\19.zip » ZIP » 8042171.dnt.exe - Win32/Small.NBR trojan
G:\v\19.zip » ZIP » bnghxd.dll - probably a variant of Win32/PSW.OnLineGames.MUG trojan
G:\v\19.zip » ZIP » bnghxd.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
G:\v\19.zip » ZIP » cvnyjut.dll - probably a variant of Win32/PSW.OnLineGames.MUG trojan
G:\v\19.zip » ZIP » cvnyjut.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
G:\v\19.zip » ZIP » fgthe.dll - is OK
G:\v\19.zip » ZIP » ghwxattb.exe - a variant of Win32/PSW.OnLineGames.OAF trojan
G:\v\19.zip » ZIP » hyhhtr.dll - is OK
G:\v\19.zip » ZIP » jggtsr.dll - Win32/PSW.OnLineGames.NOA trojan
G:\v\19.zip » ZIP » lmwdsb.dll - a variant of Win32/PSW.OnLineGames.NHF trojan
G:\v\19.zip » ZIP » newxbttb.sys - is OK
G:\v\19.zip » ZIP » ntdll.dll - is OK
G:\v\19.zip » ZIP » oswxdttb.dll - probably a variant of Win32/PSW.OnLineGames.FDY trojan
G:\v\19.zip » ZIP » rqRJCVPf.dll - is OK
G:\v\19.zip » ZIP » tfsdmz.dll - a variant of Win32/PSW.OnLineGames.NOA trojan
G:\v\19.zip » ZIP » WD.exe - probably a variant of Win32/PSW.OnLineGames.MUG trojan
G:\v\19.zip:Zone.Identifier - is OK
Number of scanned objects: 20
Number of threats found: 14
Number of cleaned objects: 0
Time of completion: 11:54:40 Total scanning time: 1 sec (00:00:01)

显示全部楼层 · 发表于 2008-7-2 11:56:51

卡饭换服务器了？下载速度这么快现在？？

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\19'
C:\Documents and Settings\morgan\My Documents\19\
  7976281.dnt
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  7996828.dnt
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  8005921.dnt
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  8042171.dnt.exe
[0] Archive type: Runtime Packed
--> Object
      [DETECTION] Is the Trojan horse TR/Dldr.Small.cla.2
   [NOTE]    The file was deleted!
  bnghxd.dll
[0] Archive type: RSRC
--> Object
--> Object
   [NOTE]    The file was deleted!
  bnghxd.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.YYE.1
   [NOTE]    The file was deleted!
  cvnyjut.dll
[0] Archive type: RSRC
--> Object
--> Object
   [NOTE]    The file was deleted!
  cvnyjut.exe
   [DETECTION] Is the Trojan horse TR/PSW.18457
   [NOTE]    The file was deleted!
  fgthe.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48defccf.qua'!
  ghwxattb.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  hyhhtr.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48d2fce1.qua'!
  jggtsr.dll
[0] Archive type: OVL
   --> Object
      [1] Archive type: OVL
      --> Object
      [2] Archive type: OVL
      --> Object
         [3] Archive type: OVL
         --> Object
            [4] Archive type: OVL
            --> Object
            [5] Archive type: OVL
            --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48d1fccf.qua'!
  lmwdsb.dll
[0] Archive type: Runtime Packed
--> Object
   [NOTE]    The file was deleted!
  newxbttb.sys
  ntdll.dll
  oswxdttb.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
  rqRJCVPf.dll
   [DETECTION] Is the Trojan horse TR/Monder.WK.1
   [NOTE]    The file was deleted!
  tfsdmz.dll
[0] Archive type: OVL
   --> Object
      [1] Archive type: OVL
      --> Object
      [2] Archive type: OVL
      --> Object
         [3] Archive type: OVL
         --> Object
            [4] Archive type: OVL
            --> Object
            [5] Archive type: OVL
            --> Object
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to '48ddfcce.qua'!
  WD.exe
[0] Archive type: Runtime Packed
   --> Object
      [1] Archive type: RSRC
      --> Object
      [2] Archive type: Runtime Packed
      --> Object
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!

End of the scan: 2008年7月1日  20:56
Used time: 00:05 min

The scan has been done completely.

   1 Scanning directories
   19 Files were scanned
   13 viruses and/or unwanted programs were found
   4 Files were classified as suspicious:
   13 files were deleted
   0 files were repaired
   4 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   0 Archives were scanned
   0 Warnings
   17 Notes

显示全部楼层 · 发表于 2008-7-2 12:00:43

楼主你简直是毒霸

显示全部楼层 · 发表于 2008-7-2 12:04:39

病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\WD.exe Win32.Troj.OnLineGamesT.or.258048 清除成功
病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\tfsdmz.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\rqRJCVPf.dll Win32.Troj.Monder.wk.25088 清除成功
病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\oswxdttb.dll Win32.Troj.OnlineGameT.uv.91648 清除成功
病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\lmwdsb.dll Win32.Troj.OnlineGamesT.nc.77894 清除成功
病毒 2008-07-02  12:03:25 C:\Documents and Settings\Administrator\桌面\19.zip\jggtsr.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-07-02  12:03:24 C:\Documents and Settings\Administrator\桌面\19.zip\ghwxattb.exe Win32.Troj.OnlineGamesT.ny.102456 清除成功
病毒 2008-07-02  12:03:24 C:\Documents and Settings\Administrator\桌面\19.zip\cvnyjut.exe Win32.Troj.OnlineGameT.bb.9796 清除成功
病毒 2008-07-02  12:03:23 C:\Documents and Settings\Administrator\桌面\19.zip\bnghxd.exe Win32.Troj.OnlineGameT.bb.9796 清除成功
病毒 2008-07-02  12:03:23 C:\Documents and Settings\Administrator\桌面\19.zip\8042171.dnt.exe Win32.TrojDownloader.Agent.17408 清除成功
病毒 2008-07-02  12:03:23 C:\Documents and Settings\Administrator\桌面\19.zip\8005921.dnt Win32.Troj.OnlineGamesT.wi.110635 清除成功
病毒 2008-07-02  12:03:22 C:\Documents and Settings\Administrator\桌面\19.zip\7976281.dnt Win32.Troj.OnlineGamesT.wi.110635 清除成功

显示全部楼层 · 发表于 2008-7-2 12:04:45

信息 2008-07-02  12:02:09 您此次查毒清除了12个病毒
信息 2008-07-02  12:02:09 您此次查毒共查出12个病毒以及危险代码
信息 2008-07-02  12:02:09 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件27个
信息 2008-07-02  12:02:09 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-07-02  12:02:09 D:\Desktop\19.zip\WD.exe Win32.Troj.OnLineGamesT.or.258048 清除成功
病毒 2008-07-02  12:02:09 D:\Desktop\19.zip\tfsdmz.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-07-02  12:02:09 D:\Desktop\19.zip\rqRJCVPf.dll Win32.Troj.Monder.wk.25088 清除成功
病毒 2008-07-02  12:02:09 D:\Desktop\19.zip\oswxdttb.dll Win32.Troj.OnlineGameT.uv.91648 清除成功
病毒 2008-07-02  12:02:09 D:\Desktop\19.zip\lmwdsb.dll Win32.Troj.OnlineGamesT.nc.77894 清除成功
病毒 2008-07-02  12:02:08 D:\Desktop\19.zip\jggtsr.dll Win32.Troj.OnlienGamesT.ny.254464 清除成功
病毒 2008-07-02  12:02:08 D:\Desktop\19.zip\ghwxattb.exe Win32.Troj.OnlineGamesT.ny.102456 清除成功
病毒 2008-07-02  12:02:08 D:\Desktop\19.zip\cvnyjut.exe Win32.Troj.OnlineGameT.bb.9796 清除成功
病毒 2008-07-02  12:02:07 D:\Desktop\19.zip\bnghxd.exe Win32.Troj.OnlineGameT.bb.9796 清除成功
病毒 2008-07-02  12:02:07 D:\Desktop\19.zip\8042171.dnt.exe Win32.TrojDownloader.Agent.17408 清除成功
病毒 2008-07-02  12:02:07 D:\Desktop\19.zip\8005921.dnt Win32.Troj.OnlineGamesT.wi.110635 清除成功
病毒 2008-07-02  12:02:06 D:\Desktop\19.zip\7976281.dnt Win32.Troj.OnlineGamesT.wi.110635 清除成功

ntdll 那个应该不是的

显示全部楼层 · 发表于 2008-7-2 12:43:52

[病毒样本] 19*

本帖子中包含更多资源

本帖子中包含更多资源

毒霸来了

本帖子中包含更多资源

浏览过的版块