[病毒样本] 68*

显示全部楼层 · 发表于 2008-7-3 13:33:04

http://cao.caonima01.com/down.txt

c0=http://111.1212l112.net/cao/aa1.exe
c1=http://111.1212l112.net/cao/aa2.exe
c2=http://111.1212l112.net/cao/aa3.exe
c3=http://111.1212l112.net/cao/aa4.exe
c4=http://111.1212l112.net/cao/aa5.exe
c5=http://111.1212l112.net/cao/aa6.exe
c6=http://222.1212l112.net/cao/aa7.exe
c7=http://222.1212l112.net/cao/aa8.exe
c8=http://222.1212l112.net/cao/aa9.exe
c9=http://222.1212l112.net/cao/aa10.exe
c10=http://222.1212l112.net/cao/aa11.exe
c11=http://222.1212l112.net/cao/aa12.exe
c12=http://444.1212l112.net/cao/aa13.exe
c13=http://444.1212l112.net/cao/aa14.exe
c14=http://444.1212l112.net/cao/aa15.exe
c15=http://444.1212l112.net/cao/aa16.exe
c16=http://444.1212l112.net/cao/aa17.exe
c17=http://444.1212l112.net/cao/aa18.exe
c18=http://555.1212l112.net/cao/aa19.exe
c19=http://555.1212l112.net/cao/aa20.exe
c20=http://555.1212l112.net/cao/aa21.exe
c21=http://555.1212l112.net/cao/aa22.exe
c22=http://555.1212l112.net/cao/aa23.exe
c23=http://555.1212l112.net/cao/aa24.exe
c24=http://111.1212l112.net/cao/aa25.exe
c25=http://222.1212l112.net/cao/aa26.exe
c26=http://444.1212l112.net/cao/aa27.exe
c27=http://555.1212l112.net/cao/aa28.exe

显示全部楼层 · 发表于 2008-7-3 13:39:47

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\26'
C:\Documents and Settings\Administrator\桌面\26\49DC9198.DLL
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\7DDC8C1D.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa10.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa11.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa12.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa13.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa14.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa15.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa16.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa17.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnL.BJ.24576
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa18.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa19.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa2.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa20.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa21.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa22.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa23.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa24.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa25.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa26.exe
   [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa3.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa4.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa5.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa6.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa7.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa8.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\aa9.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnL.BJ.24576
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\cdwqfs.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\cedafb.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rxvv
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\cjet14.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\cumy0.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\ddserh.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rxvx
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\ducf19.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\epwe8.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnL.BJ.24576
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\eyqg18.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\fmcvxy.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.354
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\frxg16.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnL.BJ.24576
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\hhrdxd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\hmvf6.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\ifbn4.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\jfrwdh.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rxvu.3
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\jhfrxz.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.355
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\jhkc5.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\mfdesy.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rxwe.1
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\mrrk10.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\mtewdh.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\nimy12.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\oqmn21.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\qtjm11.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\rfdswc.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\sgdewg.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.550
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\szep22.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\tdffdl.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\tdggrz.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rxvt
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\tkqf23.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\tzno13.exe
   [DETECTION] Is the Trojan horse TR/Dropper.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\UnixSys08.Sys
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\uxjb20.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\vekn24.exe
   [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\vokg9.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\wklsdd.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\wpir7.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\wzid1.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\yrtg17.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\zefdst.dll
   [DETECTION] Is the Trojan horse TR/Crypt.Delf.F.357
   [NOTE]    The file was deleted!
C:\Documents and Settings\Administrator\桌面\26\zgrjdx.dll
   [DETECTION] Is the Trojan horse TR/Spy.Gen
   [NOTE]    The file was deleted!

End of the scan: 星期四 2008年7月3日  13:38
Used time: 00:35 min

The scan has been done completely.

   1 Scanning directories
   68 Files were scanned
   67 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   67 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   67 Notes
UnixSys32.Jmp UNDER ANALYSIS

[ 本帖最后由 nosferatu 于 2008-7-3 13:41 编辑 ]

显示全部楼层 · 发表于 2008-7-3 13:40:40

扫描进行于：2008-7-3 13:40:13
扫描日志
NOD32版本 3237 (20080702) NT
命令行： C:\Documents and Settings\Nerazzurri\桌面\26.zip

日期： 3.7.2008 时间：13:40:17
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Nerazzurri\桌面\26.zip
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa1.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa10.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa11.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa12.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa13.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa14.exe - Win32/PSW.OnLineGames.NXI 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa15.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa16.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa17.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa18.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa19.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa2.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa20.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa21.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa22.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa23.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa24.exe - Win32/PSW.OnLineGames.NXI 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa25.exe - Win32/PSW.QQPass.NCZ 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa26.exe - Win32/TrojanDownloader.Flux 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa3.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa4.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa5.exe - Win32/PSW.WOW.NDK 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa6.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa7.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa8.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\26.zip >>ZIP >>aa9.exe - Win32/PSW.OnLineGames.NXI 木马的变种
已扫描的文件数目：26
已发现的病毒数目：26
完成时间： 13:40:22 总扫描时间：5 秒 (00:00:05)

显示全部楼层 · 发表于 2008-7-3 13:40:52

漏1 个
49DC9198.DLL => Heur.Downloader (难得见到启发...)
UnixSys32.JMP => 我觉得不是毒。。PE头被破坏了

[ 本帖最后由 gankeyu 于 2008-7-3 13:42 编辑 ]

显示全部楼层 · 发表于 2008-7-3 13:41:43

扫描进行于：2008-7-3 13:41:14
扫描日志
NOD32版本 3237 (20080702) NT
命令行： C:\Documents and Settings\Nerazzurri\桌面\42.rar

日期： 3.7.2008 时间：13:41:17
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Nerazzurri\桌面\42.rar
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>eyqg18.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>fmcvxy.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>frxg16.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>hhrdxd.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>hmvf6.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>ifbn4.exe - Win32/PSW.WOW.NDK 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>jfrwdh.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>jhfrxz.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>jhkc5.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>mfdesy.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>mrrk10.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>mtewdh.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>nimy12.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>oqmn21.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>qtjm11.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>rfdswc.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>sgdewg.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>szep22.exe - Win32/PSW.OnLineGames.NXI 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>tdffdl.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>tdggrz.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>tkqf23.exe - Win32/PSW.OnLineGames.NXI 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>tzno13.exe - Win32/PSW.OnLineGames.NXI 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>UnixSys08.Sys - Win32/PSW.QQPass.NCZ 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>uxjb20.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>vekn24.exe - Win32/PSW.QQPass.NCZ 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>vokg9.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>wklsdd.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>wpir7.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>wzid1.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>yrtg17.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>zefdst.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>zgrjdx.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>7DDC8C1D.EXE - Win32/TrojanDownloader.Flux 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>cdwqfs.dll - Win32/PSW.OnLineGames.NOA 木马的变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>cedafb.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>cjet14.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>cumy0.exe - 可能是 Win32/PSW.OnLineGames.NML 木马的一个变种
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>ddserh.dll - Win32/PSW.OnLineGames.NOA 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>ducf19.exe - Win32/PSW.OnLineGames.NML 木马
C:\Documents and Settings\Nerazzurri\桌面\42.rar >>RAR >>epwe8.exe - Win32/PSW.OnLineGames.NXI 木马的变种
已扫描的文件数目：42
已发现的病毒数目：40
完成时间： 13:41:22 总扫描时间：5 秒 (00:00:05)

显示全部楼层 · 发表于 2008-7-3 13:47:18

显示全部楼层 · 发表于 2008-7-3 13:52:24

用G DATA AntiVirus检测病毒
版本 18.5.8071.731
病毒特征库日期 2008/7/3
开始时间： 2008/7/3 13:51
引擎：引擎A (AVK 18.4360), 引擎B (AVKB 18.332)
启发式：开启
档案文件：开启
系统区域：开启

检测系统区域...
检测以下目录和文件：
C:\Documents and Settings\祝俊杰\桌面\新建文件夹\

对象： 49DC9198.DLL
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Backdoor.Win32.Agent.lkt (引擎A)
对象： 7DDC8C1D.EXE
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-LWQ [Trj] (引擎B)
对象： aa1.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.saep (引擎A)
对象： aa10.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.saep (引擎A)
对象： aa11.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rzsa (引擎A)
对象： aa12.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa13.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa14.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa15.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa16.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa17.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan.Win32.Agent.sav (引擎A)
对象： aa18.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sajy (引擎A)
对象： aa19.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sajy (引擎A)
对象： aa2.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa20.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa21.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa22.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa23.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa24.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa25.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-PSW.Win32.QQPass.clo (引擎A)
对象： aa26.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-LWQ [Trj] (引擎B)
对象： aa3.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.saep (引擎A)
对象： aa4.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa5.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： aa6.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa7.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa8.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： aa9.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： cdwqfs.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sakc (引擎A)
对象： cedafb.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvv (引擎A)
对象： cjet14.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： cumy0.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.saep (引擎A)
对象： ddserh.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvx (引擎A)
对象： ducf19.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： epwe8.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： eyqg18.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sajy (引擎A)
对象： fmcvxy.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxww (引擎A)
对象： frxg16.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan.Win32.Agent.sav (引擎A)
对象： hhrdxd.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxwb (引擎A)
对象： hmvf6.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： ifbn4.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： jfrwdh.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvu (引擎A)
对象： jhfrxz.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.ryqk (引擎A)
对象： jhkc5.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： mfdesy.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxwe (引擎A)
对象： mrrk10.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rzsa (引擎A)
对象： data0000
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： data0001
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： data0002
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： data0003
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： data0004
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： data0005
在压缩档案中： C:\Documents and Settings\祝俊杰\桌面\新建文件夹\mtewdh.dll
状态：检测到病毒
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (引擎A)
对象： mtewdh.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sacy (6x) (引擎A)
对象： nimy12.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： oqmn21.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： qtjm11.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： rfdswc.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sakh (引擎A)
对象： sgdewg.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rzuf (引擎A)
对象： szep22.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： tdffdl.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxwz (引擎A)
对象： tdggrz.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvt (引擎A)
对象： tkqf23.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： tzno13.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:Agent-ZRP [Trj] (引擎B)
对象： UnixSys08.Sys
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-PSW.Win32.QQPass.clp (引擎A)
对象： UnixSys32.Jmp
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Win32:QQPass-RX [Trj] (引擎B)
对象： uxjb20.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： vekn24.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-PSW.Win32.QQPass.clo (引擎A)
对象： vokg9.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.saep (引擎A)
对象： wklsdd.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sabp (引擎A)
对象： wpir7.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： wzid1.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxvq (引擎A)
对象： yrtg17.exe
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sajy (引擎A)
对象： zefdst.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.rxww (引擎A)
对象： zgrjdx.dll
路径: C:\Documents and Settings\祝俊杰\桌面\新建文件夹
状态：移动文件到隔离区
病毒： Trojan-GameThief.Win32.OnLineGames.sahx (引擎A)

检测执行时间： 2008/7/3 13:51
68个文件已检测
68个受感染文件
0个可疑文件被发现

显示全部楼层 · 发表于 2008-7-3 14:39:24

无法识别的.都已上传卡巴..红伞..~~!

显示全部楼层 · 发表于 2008-7-3 15:23:13

毒霸 miss 4

显示全部楼层 · 发表于 2008-7-3 15:41:28

费尔67个

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.GameOL.okz
病毒： Trojan.PSW.Win32.GameOL.oek
病毒： Trojan.PSW.Win32.GameOL.oky
病毒： Trojan.PSW.Win32.GameOL.ong
病毒： Trojan.PSW.Win32.GameOL.ons
病毒： Trojan.PSW.Win32.GameOL.nvl
病毒： Trojan.PSW.Win32.GameOL.ogg
病毒： Trojan.PSW.Win32.GameOL.onq

用户来源：互联网

软件版本：20.51.30

54个

[病毒样本] 68*

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼电影结束了的帖子

浏览过的版块

[病毒样本] 68*

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 电影结束了 的帖子

浏览过的版块

回复 1楼电影结束了的帖子