冷冷这个大漏勺从今天的virlist挖出的downlist~~之三

显示全部楼层 · 发表于 2008-8-2 00:16:39

36
http://d.dd-01.cn/max1.exe
http://d.dd-01.cn/max2.exe
http://d.dd-01.cn/max3.exe
http://d.dd-01.cn/max4.exe
http://d.dd-01.cn/max5.exe
http://d.dd-01.cn/max6.exe
http://d.dd-01.cn/max7.exe
http://d.dd-01.cn/max8.exe
http://d.dd-01.cn/max9.exe
http://d.dd-01.cn/max10.exe
http://d.dd-01.cn/max11.exe
http://d.dd-01.cn/max12.exe
http://d.dd-01.cn/max13.exe
http://d.dd-01.cn/max14.exe
http://d.dd-01.cn/max15.exe
http://d.dd-01.cn/max16.exe
http://d.dd-01.cn/max17.exe
http://d.dd-01.cn/max18.exe
http://d.dd-01.cn/max19.exe
http://d.dd-01.cn/max20.exe
http://d.dd-01.cn/max22.exe
http://d.dd-01.cn/max23.exe
http://d.dd-01.cn/max24.exe
http://d.dd-01.cn/max25.exe
http://d.dd-01.cn/max26.exe
http://d.dd-01.cn/max27.exe
http://d.dd-01.cn/max28.exe
http://d.dd-01.cn/max29.exe
http://d.dd-01.cn/max30.exe
http://d.dd-01.cn/max32.exe
http://d.dd-01.cn/max33.exe

这个那个那里这里

显示全部楼层 · 发表于 2008-8-2 00:17:37

打包

31个没有少

[ 本帖最后由冷冷于 2008-8-2 00:20 编辑 ]

显示全部楼层 · 发表于 2008-8-2 00:19:07

打包，估计全灭

显示全部楼层 · 发表于 2008-8-2 00:20:19

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\Desktop.zip 上的扫描。
================
'SL.Trojan.26902' 在 'Desktop.zip//max1.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max10.exe' 中被检测到。
'SL.Trojan.26902' 在 'Desktop.zip//max11.exe' 中被检测到。
'SL.Trojan.26902' 在 'Desktop.zip//max12.exe' 中被检测到。
'SL.Trojan.26902' 在 'Desktop.zip//max13.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max14.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max15.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max16.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max17.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max18.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max19.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max2.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max20.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max22.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max23.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max24.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max25.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max26.exe' 中被检测到。
'SL.Trojan.26902' 在 'Desktop.zip//max27.exe' 中被检测到。
'SL.Trojan.4416' 在 'Desktop.zip//max28.exe' 中被检测到。
'SL.Trojan.Win32.Agent.Download.9023' 在 'Desktop.zip//max29.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max3.exe' 中被检测到。
'ST.Trojan.Win32.Agent.sav' 在 'Desktop.zip//max30.exe' 中被检测到。
'SL.Trojan.28295' 在 'Desktop.zip//max32.exe' 中被检测到。
'SL.Trojan.10905' 在 'Desktop.zip//max33.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max4.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max5.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max6.exe' 中被检测到。
'SL.Trojan.26902' 在 'Desktop.zip//max7.exe' 中被检测到。
'SL.Trojan.20319' 在 'Desktop.zip//max8.exe' 中被检测到。
'SL.Trojan.25230' 在 'Desktop.zip//max9.exe' 中被检测到。
================
扫描文件数： 32
本次扫描发现了 31 个已知威胁，请及时处理。
实际文件数： 1
扫描时间： 0-00-00 00:00:01:0531
威胁比率： 3100%

显示全部楼层 · 发表于 2008-8-2 00:21:01

以后EQ打包好了

显示全部楼层 · 发表于 2008-8-2 00:21:10

显示全部楼层 · 发表于 2008-8-2 00:23:59

已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sgie 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max5.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max11.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max26.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.siyn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max27.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max19.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sftq 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max25.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sftq 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max14.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max18.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan.Win32.Agent.sav 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max30.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sktl 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max28.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smwb 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max29.exe
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slzl 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max22.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shhw 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max33.exe//PE_Patch.UPX//UPX
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max9.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sftq 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max2.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-PSW.Win32.OnLineGames.ryhe 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max7.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max6.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slcw 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max10.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.siyn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max4.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.skmc 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max3.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sjxn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max12.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.skmc 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max16.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.smjn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max17.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slzl 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max20.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.slzl 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max8.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.shss 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max1.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.skmc 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max23.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.siyn 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max15.exe//PE_Patch//UPack
已刪除: 特洛伊木馬程式 Trojan-GameThief.Win32.OnLineGames.sfck 檔案: C:\Documents and Settings\kato9096\桌面\31.rar/max24.exe//PE_Patch//UPack

上报2个

显示全部楼层 · 发表于 2008-8-2 00:24:19

显示全部楼层 · 发表于 2008-8-2 00:28:22

2008-8-2 0:26:50 1217608010 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max5.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max11.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max26.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max27.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max19.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max25.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:Agent-ZRH [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max32.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max14.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max18.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max30.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max28.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max29.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max22.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:52 1217608012 Nerazzurri 3724 Sign of "Win32:Agent-ZRP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max33.exe\[UPX]\[Embedded#4060]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max9.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-ERQ [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max2.exe" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max7.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max6.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max10.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max4.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max3.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max12.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max16.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max17.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max20.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max8.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max1.exe" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max23.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max15.exe\[Upack]\[Embedded#4080]" file.
2008-8-2 0:26:53 1217608013 Nerazzurri 3724 Sign of "Win32:OnLineGames-DQP [Trj]" has been found in "C:\Documents and Settings\Nerazzurri\桌面\31.rar\max24.exe\[Upack]\[Embedded#4080]" file.

显示全部楼层 · 发表于 2008-8-2 00:29:16

Begin scan in 'C:\Documents and Settings\Nerazzurri\桌面\31.rar'
C:\Documents and Settings\Nerazzurri\桌面\31.rar
[0] Archive type: RAR
--> max5.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max11.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max26.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max27.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max19.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max25.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max14.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max18.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> max29.exe
      [DETECTION] Is the TR/PSW.Online.bin Trojan
--> max22.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> max33.exe
      [DETECTION] Is the TR/PSW.Online.aklp Trojan
--> max9.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max2.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max7.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max6.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max10.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max4.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max3.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max12.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max16.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> max13.exe
      [1] Archive type: OVL
      --> Object
      [DETECTION] Is the TR/Dropper.Gen Trojan
--> max17.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max20.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max8.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max1.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max23.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max15.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> max24.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!

[病毒样本] 冷冷这个大漏勺从今天的virlist挖出的downlist~~之三

回复 3楼 EQ2 的帖子

全灭

30....

31.....

[病毒样本] 冷冷这个大漏勺 从今天的virlist挖出的downlist~~之三

回复 3楼 EQ2 的帖子

全灭

30....

31.....

[病毒样本] 冷冷这个大漏勺从今天的virlist挖出的downlist~~之三