[病毒样本] 45X

显示全部楼层 · 发表于 2008-12-9 18:59:40

金山毒霸可信认证查询结果如下:

报告生成于: 2008/12/9 21:0

e0d49bde31.dll    --------    安全
r18040.exe    --------    安全
spcss.dll    --------    安全

a14[1].exe    --------    可疑的
a20[1].exe    --------    可疑的
a4CAD1KRB1.exe    --------    可疑的
a4[1].exe    --------    可疑的
a5[1].exe    --------    可疑的
smx275352.exe    --------    可疑的
smx276592.exe    --------    可疑的

mzqq[1].exe    --------    病毒
pcidump.sys    --------    病毒
serverCA3LDFP2.exe    --------    病毒

a12[1].exe    --------    未知
a17[1].exe    --------    未知
a1CAU4DEF9.exe    --------    未知
a21CAW40Z8K.exe    --------    未知
a7[1].exe    --------    未知
ie[1].exe    --------    未知
server[1].exe    --------    未知
ssqOHaYQ.dll    --------    未知

a11[1].exe    --------    分析中
a13[1].exe    --------    分析中
a19[1].exe    --------    分析中
a1[1].exe    --------    分析中
a3[1].exe    --------    分析中
a6[1].exe    --------    分析中
a9[1].exe    --------    分析中
apstpldr.dll[1].htm    --------    分析中
chat[1].exe    --------    分析中
csrss.dll    --------    分析中
HBYY.dll    --------    分析中
IEFILES5.INF    --------    分析中
killkb.dll    --------    分析中
psapi.dll    --------    分析中
RESSDT.sys    --------    分析中
rpcss.dll    --------    分析中
sh18040.dll    --------    分析中
smx26d577.dll    --------    分析中
smx275352.dll    --------    分析中
smx276592.dll    --------    分析中
System.exe    --------    分析中
~273bd2.~~~    --------    分析中
~27807c.~~~    --------    分析中
~27862a.~~~    --------    分析中

理论文件总数: 45
实际文件总数: 45

其中:

分析中: 24
安全: 3
可疑的: 7
病毒: 3
未知: 8

识别率为: 82%

[ 本帖最后由挪威的冬天于 2008-12-9 21:00 编辑 ]

显示全部楼层 · 发表于 2008-12-9 19:34:46

sep 32
antivir 38

显示全部楼层 · 发表于 2008-12-9 19:37:40

D:\Users\ekincheng\Desktop\桌面.rar » RAR » sh18040.dll - a variant of Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » ssqOHaYQ.dll - Win32/Adware.Virtumonde application
D:\Users\ekincheng\Desktop\桌面.rar » RAR » csrss.dll - Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » rpcss.dll - Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » smx275352.exe - a variant of Win32/PSW.Legendmir.NGY trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » smx276592.exe - Win32/PSW.Legendmir.NGY trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » ~273bd2.~~~ - Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a12[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a20[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » ie[1].exe - probably unknown NewHeur_PE virus
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a14[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a3[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a7[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a11[1].exe - a variant of Win32/PSW.OnLineGames.NSG trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » apstpldr.dll[1].htm - Win32/TrojanClicker.Agent.NFA trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a13[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a17[1].exe - a variant of Win32/PSW.OnLineGames.NSG trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » smx26d577.dll - a variant of Win32/PSW.Legendmir.NFY trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » server[1].exe - a variant of Win32/Kryptik.AE trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » HBYY.dll - a variant of Win32/PSW.OnLineGames.NRS trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » System.exe - Win32/PSW.OnLineGames.NRF trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » serverCA3LDFP2.exe - a variant of Win32/Agent.NHX trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a1[1].exe - a variant of Win32/Rootkit.Agent.NGW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a1CAU4DEF9.exe - a variant of Win32/Rootkit.Agent.NGW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » smx275352.dll - a variant of Win32/PSW.Legendmir.NFY trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a4[1].exe - probably a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a4CAD1KRB1.exe - probably a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » psapi.dll - Win32/Agent.OKR trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a5[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » smx276592.dll - Win32/PSW.Legendmir.NFY trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a6[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » ~27807c.~~~ - Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » ~27862a.~~~ - Win32/PSW.OnLineGames.NRW trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a9[1].exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a19[1].exe - a variant of Win32/PSW.OnLineGames.NSG trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » a21CAW40Z8K.exe - a variant of Win32/PSW.OnLineGames.NXI trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » chat[1].exe - a variant of Win32/Spy.Pophot trojan
D:\Users\ekincheng\Desktop\桌面.rar » RAR » mzqq[1].exe - probably a variant of Win32/PSW.Delf.NLZ trojan

显示全部楼层 · 发表于 2008-12-9 19:39:59

NIS解压干掉31，扫描4个，其余上报

已解决的威胁数:
Suspicious.AH.6
类型: 异常
风险: 中 (中隐蔽性，中清除，中性能，中隐私)
类别: 启发式病毒
状态: 完全解决
-----------
1 文件
c:\documents and settings\administrator\桌面\桌面\chat[1].exe - 已删除

Suspicious.AH.11
类型: 异常
风险: 中 (中隐蔽性，中清除，中性能，中隐私)
类别: 启发式病毒
状态: 完全解决
-----------
2 文件
c:\documents and settings\administrator\桌面\桌面\server[1].exe - 已删除
c:\documents and settings\administrator\桌面\桌面\serverca3ldfp2.exe - 已删除

Suspicious.AH.13
类型: 异常
风险: 中 (中隐蔽性，中清除，中性能，中隐私)
类别: 启发式病毒
状态: 完全解决
-----------
1 文件
c:\documents and settings\administrator\桌面\桌面\smx275352.exe - 已删除

显示全部楼层 · 发表于 2008-12-9 20:38:37

可疑 TO KL

显示全部楼层 · 发表于 2008-12-9 22:03:15

显示全部楼层 · 发表于 2008-12-10 08:50:19

"Infections"
"File";"Infection";"Result"
"D:\Users\ekincheng\Desktop\桌面.rar";"Trojan horse PSW.OnlineGames.BIVV";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\~27862a.~~~";"Trojan horse PSW.OnlineGames.BIVE";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a1[1].exe";"Trojan horse Rootkit-Agent.BG";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a12[1].exe";"Trojan horse PSW.OnlineGames.BIQQ";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a14[1].exe";"Trojan horse PSW.OnlineGames.BISK";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a20[1].exe";"Trojan horse PSW.Generic6.ATBG";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a11[1].exe";"Trojan horse PSW.Generic6.ASXV";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a13[1].exe";"Trojan horse PSW.Generic6.ASXZ";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a17[1].exe";"Trojan horse PSW.Generic6.ATBD";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a19[1].exe";"Trojan horse PSW.OnlineGames.BISI";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a3[1].exe";"Trojan horse PSW.Generic6.ASXU";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a7[1].exe";"Trojan horse PSW.OnlineGames.BIVG";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a1CAU4DEF9.exe";"Trojan horse Rootkit-Agent.BG";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a21CAW40Z8K.exe";"Trojan horse PSW.Generic6.ATBB";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\apstpldr.dll[1].htm";"Trojan horse Clicker.VAG";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\IEFILES5.INF";"Virus found Win32/Heur";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\mzqq[1].exe";"Trojan horse PSW.Delf.CJD";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\pcidump.sys";"Trojan horse Killap.E";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a4[1].exe";"Trojan horse PSW.OnlineGames.BIVF";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a4CAD1KRB1.exe";"Trojan horse PSW.OnlineGames.BIVF";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a5[1].exe";"Trojan horse PSW.Generic6.ATBH";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a6[1].exe";"Trojan horse PSW.Generic6.ASXY";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\a9[1].exe";"Trojan horse PSW.OnlineGames.BIVB";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\psapi.dll";"Trojan horse Agent.ALPM";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\serverCA3LDFP2.exe";"Trojan horse Agent.UQS";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\sh18040.dll";"Trojan horse PSW.OnlineGames.BIVV";"Infected"
"D:\Users\ekincheng\Desktop\桌面.rar:\System.exe";"Trojan horse PSW.OnlineGames.BISY";"Infected"

显示全部楼层 · 发表于 2008-12-10 09:22:25

病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\mzqq[1].exe Win32.Troj.QQPswT.bs.116858 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\chat[1].exe Win32.Troj.PophotD.a.491520 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a21CAW40Z8K.exe Win32.PSWTroj.Undef.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a19[1].exe Win32.PSWTroj.Undef.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a9[1].exe Win32.PSWTroj.Undef.69632 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\~27862a.~~~ Win32.Troj.PassThiefT.ak.26624 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\~27807c.~~~ Win32.Troj.OnlineGames.dh.29184 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a6[1].exe Win32.PSWTroj.Undef.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\smx276592.dll Win32.Troj.Encode.zi.110592 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a5[1].exe Win32.PSWTroj.Undef.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\psapi.dll Win32.Troj.DropRootKit.a.39936 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a4CAD1KRB1.exe Win32.PSWTroj.Undef.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a4[1].exe Win32.PSWTroj.Undef.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\smx275352.dll Win32.Troj.Encode.zi.110592 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a1CAU4DEF9.exe Win32.Troj.KillAV.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a1[1].exe Win32.Troj.KillAV.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\serverCA3LDFP2.exe Win32.Troj.OnLineGamesT.gr.2637 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\System.exe Win32.PSWTroj.MultiFirst.ab.6656 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\HBYY.dll Win32.Troj.OnlineGames.fd.14336 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\server[1].exe Win32.Troj.OnLineGamesT.gr.2637 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\pcidump.sys Win32.Hack.Rootkit.11904 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\smx26d577.dll Win32.Troj.Encode.zi.110592 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a13[1].exe Win32.Troj.Agent.et.65536 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a11[1].exe Win32.Troj.Agent.id.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a7[1].exe Win32.Troj.Agent.ff.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a3[1].exe Win32.Troj.Agent.fe.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\a12[1].exe Win32.Troj.Agent.yi.61440 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\~273bd2.~~~ Win32.Troj.OnlineGames.dh.30720 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\rpcss.dll Win32.Troj.OnlineGames.dh.30720 清除成功
病毒 2008-12-10  09:19:40 C:\Documents and Settings\Administrator\桌面\桌面\csrss.dll Win32.Troj.OnlineGames.dh.30720 清除成功

显示全部楼层 · 发表于 2008-12-10 09:25:58

微点拦截

[病毒样本] 45X

本帖子中包含更多资源

Norman Virus Control 5.99

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块