冷冷这个大漏勺从今天的virlist挖出的downlist~~之二

显示全部楼层 · 发表于 2008-8-2 00:24:54

已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco24.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shig 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco19.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco23.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjxn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco25.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco28.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smvz 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco10.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco27.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjxn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco30.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.skmc 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco31.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smxf 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco22.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjxn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco29.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.QQPass.cvl 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco33.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.udd 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco3.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco2.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slzl 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco4(1).exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sgbu 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco6.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhv 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco7.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smvg 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco11.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smzi 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco12.exe
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.sav 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco9(1).exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco13.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-Downloader.Win32.Delf.jfm 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco1.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco14.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhv 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco16.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco17.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smhv 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco5.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco8(1).exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\样本.rar/adco18.exe//PE_Patch//UPack

都是29,上报卡巴

显示全部楼层 · 发表于 2008-8-2 00:30:49

2008-8-2 0:29:30 1217608170 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco21.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:32 1217608172 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco24.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:32 1217608172 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco19.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:32 1217608172 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco20.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:32 1217608172 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco23.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco25.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco28.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco10.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco26.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco27.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco30.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco31.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco22.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco29.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-BSI [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco33.exe\[UPX]\[Embedded#FILE]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco3.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco2.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco4(1).exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco6.exe" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco7.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco11.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco12.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco9(1).exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:33 1217608173 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco13.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:Delf-IJE [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco1.exe\[Upack]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco14.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco16.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco17.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco5.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco8(1).exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco15.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:29:34 1217608174 Nerazzurri 3612 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\样本.rar\adco18.exe\[Upack]\[Embedded#4080]" file.

显示全部楼层 · 发表于 2008-8-2 00:35:28

Begin scan in 'C:\Documents and Settings\Nerazzurri\桌面\样本.rar'
C:\Documents and Settings\Nerazzurri\桌面\样本.rar
[0] Archive type: RAR
   --> adco21.exe
      [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
   --> adco23.exe
      [DETECTION] Is the TR/PSW.Online.tdy Trojan
--> adco25.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco28.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco27.exe
      [DETECTION] Is the TR/PSW.Online.aklp Trojan
--> adco30.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco31.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco22.exe
      [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
--> adco29.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco32.exe
      [1] Archive type: OVL
      --> Object
      [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco3.exe
      [DETECTION] Is the TR/PSW.Online.Osh.2 Trojan
--> adco2.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco4(1).exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco6.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco11.exe
      [DETECTION] Is the TR/PSW.OnLineGa.aqq Trojan
   --> adco9(1).exe
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/Generic.368144 Trojan
--> adco14.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> adco16.exe
      [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
   --> adco17.exe
      [DETECTION] Is the TR/PSW.Online.tdz Trojan
   --> adco5.exe
      [DETECTION] Is the TR/PSW.Online.bin Trojan
--> adco8(1).exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco15.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> adco18.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-8-2 02:47:28

已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.slmk 文件　: G:\Temp\Virus\样本.rar/adco21.exe//#
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhw 文件　: G:\Temp\Virus\样本.rar/adco24.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shig 文件　: G:\Temp\Virus\样本.rar/adco19.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smac 文件　: G:\Temp\Virus\样本.rar/adco20.exe//#
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhw 文件　: G:\Temp\Virus\样本.rar/adco23.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.sjxn 文件　: G:\Temp\Virus\样本.rar/adco25.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.slcw 文件　: G:\Temp\Virus\样本.rar/adco28.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smvz 文件　: G:\Temp\Virus\样本.rar/adco10.exe
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhw 文件　: G:\Temp\Virus\样本.rar/adco27.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.sjxn 文件　: G:\Temp\Virus\样本.rar/adco30.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.skmc 文件　: G:\Temp\Virus\样本.rar/adco31.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smxf 文件　: G:\Temp\Virus\样本.rar/adco22.exe
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.sjxn 文件　: G:\Temp\Virus\样本.rar/adco29.exe//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.QQPass.cvl 文件　: G:\Temp\Virus\样本.rar/adco33.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan.Win32.Agent.udd 文件　: G:\Temp\Virus\样本.rar/adco3.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smjn 文件　: G:\Temp\Virus\样本.rar/adco2.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.slzl 文件　: G:\Temp\Virus\样本.rar/adco4(1).exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.sgbu 文件　: G:\Temp\Virus\样本.rar/adco6.exe
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhv 文件　: G:\Temp\Virus\样本.rar/adco7.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smvg 文件　: G:\Temp\Virus\样本.rar/adco11.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smzi 文件　: G:\Temp\Virus\样本.rar/adco12.exe
已删除：木马程序 Trojan.Win32.Agent.sav 文件　: G:\Temp\Virus\样本.rar/adco9(1).exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhw 文件　: G:\Temp\Virus\样本.rar/adco13.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-Downloader.Win32.Delf.jfm 文件　: G:\Temp\Virus\样本.rar/adco1.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.slcw 文件　: G:\Temp\Virus\样本.rar/adco14.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhv 文件　: G:\Temp\Virus\样本.rar/adco16.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.shhw 文件　: G:\Temp\Virus\样本.rar/adco17.exe//PE_Patch.UPX//UPX
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smhv 文件　: G:\Temp\Virus\样本.rar/adco5.exe
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smjn 文件　: G:\Temp\Virus\样本.rar/adco8(1).exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.smjn 文件　: G:\Temp\Virus\样本.rar/adco15.exe//PE_Patch//UPack
已删除：木马程序 Trojan-GameThief.Win32.OnLineGames.slcw 文件　: G:\Temp\Virus\样本.rar/adco18.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-8-2 05:54:52

MIS全灭

显示全部楼层 · 发表于 2008-8-2 08:26:12

Scan Log
Version of virus signature database: 3318 (20080801)
Date: 2008-8-2 Time: 8:25:44
Scanned disks, folders and files: G:\v\样本.rar
G:\v\样本.rar » RAR » adco21.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco24.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco19.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco20.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco23.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco25.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco28.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco10.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco26.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco27.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco30.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco31.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco34.exe » UPX v12_m2 - is OK
G:\v\样本.rar » RAR » adco22.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco29.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco32.exe - is OK
G:\v\样本.rar » RAR » adco33.exe - Win32/PSW.QQPass.NDO trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco3.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco2.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco4(1).exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco6.exe - a variant of Win32/PSW.Agent.NHQ trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco7.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco11.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco12.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco9(1).exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco13.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco1.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco14.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco16.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco17.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco5.exe - a variant of Win32/PSW.OnLineGames.NXI trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco8(1).exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco15.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
G:\v\样本.rar » RAR » adco18.exe - probably a variant of Win32/PSW.OnLineGames.NML trojan - was a part of the deleted object
Number of scanned objects: 34
Number of threats found: 32
Number of cleaned objects: 32
Time of completion: 8:25:49 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2008-8-2 08:27:37

2008-8-2 8:27:13 Kernel File 'G:\v\adco34.exe' was sent to ESET for analysis.

显示全部楼层 · 发表于 2008-8-2 09:01:01

扫描系统区域...
扫描所选择的目录和文件...
对象: adco1.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Delf.jfm (KAV 引擎), Trojan.Crypt.Delf.C (BD 引擎)
对象: adco10.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smvz (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco11.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smvg (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco12.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smzi (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco13.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhw (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco14.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.slcw (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco15.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smjn (KAV 引擎), Trojan.PWS.OnlineGames.YXK (BD 引擎)
对象: adco16.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhv (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco17.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhw (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco18.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.slcw (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco19.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shig (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco2.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smjn (KAV 引擎), Trojan.PWS.OnlineGames.YXK (BD 引擎)
对象: adco20.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sncb (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco21.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sncc (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco22.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smxf (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco23.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhw (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco24.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhw (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco25.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sjxn (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco26.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco27.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhw (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco28.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.slcw (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco29.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sjxn (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco3.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan.Win32.Agent.udd (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco30.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sjxn (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco31.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.skmc (KAV 引擎), Trojan.PWS.OnlineGames.YZL (BD 引擎)
对象: adco32.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan.PWS.OnlineGames.ZKK (BD 引擎)
对象: adco33.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-PSW.Win32.QQPass.cvl (KAV 引擎), Generic.PWStealer.F4A2B8F8 (BD 引擎)
对象: adco4(1).exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.slzl (KAV 引擎), Trojan.PWS.OnlineGames.YXK (BD 引擎)
对象: adco5.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smhv (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco6.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.sgbu (KAV 引擎), Trojan.PWS.Lmir.UMH (BD 引擎)
对象: adco7.exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.shhv (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
对象: adco8(1).exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan-GameThief.Win32.OnLineGames.smjn (KAV 引擎), Trojan.PWS.OnlineGames.YXK (BD 引擎)
对象: adco9(1).exe
路径: E:\virus\vir\样本
Status: 已发现病毒
病毒: Trojan.Win32.Agent.sav (KAV 引擎), Trojan.PWS.OnlineGames.ZAY (BD 引擎)
扫描完成: 2008-8-2 9:00
已检查 34 个文件
已发现 33 个染毒文件

显示全部楼层 · 发表于 2008-8-2 11:34:29

从样本.RAR 中解压出36个文件,杀了35个,剩一个 adco34.exe 高手接着分析,这个是否漏网之鱼

显示全部楼层 · 发表于 2008-8-2 11:51:49

ug全歼！阿伞漏一个

[病毒样本] 冷冷这个大漏勺从今天的virlist挖出的downlist~~之二

32....

33

本帖子中包含更多资源

[病毒样本] 冷冷这个大漏勺 从今天的virlist挖出的downlist~~之二

32....

33

本帖子中包含更多资源

[病毒样本] 冷冷这个大漏勺从今天的virlist挖出的downlist~~之二