查看: 3151|回复: 8
收起左侧

[病毒样本] 再来sysload3(原来是光标漏洞)

[复制链接]
一派胡言
发表于 2007-4-1 12:02:32 | 显示全部楼层 |阅读模式
网吧真是毒窝。
病毒名称 处理结果 发现日期 扫描方式 路径 文件
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools “魔鬼波”蠕虫专杀工具 mocbotkiller.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools “落雪”(GamePass)木马专杀TrojanKiller.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools “ 极速 波”(I-WormZotob)专杀工具kvrt.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools mmjk.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools MSN病毒查杀工具.EXE
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools 超级巡警(Anti-Spyware toolkit) V3.2.0 标准版.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:03 文件监控 H:\tools\killvirustools 江民firewall20070401.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools ulock.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software 输入法小管家.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software 极品五笔6.6.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software 定时关机.EXE
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software wxSLock.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software WinRAR 3.62.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software winrar360m.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software WinPcap_3_1.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software webxl_01190.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software wangwangsetup_1.6(1).exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software Thunder5.5.4.268.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software Thunder5.5.2.252.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software eMule VeryCD 0.46b Build0715.exe
Worm.DlOnlineGames.a 清除成功 2007-04-03 09:05 文件监控 H:\tools\software eMule-0.47c-VeryCD1215-Setup.exe

[ 本帖最后由 一派胡言 于 2007-4-3 11:52 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
gggh
发表于 2007-4-1 14:11:52 | 显示全部楼层
???
bridgewr
发表于 2007-4-2 10:14:47 | 显示全部楼层
微点通杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
The EQs
发表于 2007-4-2 10:16:39 | 显示全部楼层

nod32全灭

Scan performed at: 2007-4-2 10:16:35
Scanning Log
NOD32 version 2161 (20070401) NT
Command line: C:\Documents and Settings\EQ2\桌面\sysload3.rar
Operating memory - is OK

Date: 2.4.2007  Time: 10:16:39
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\sysload3.rar
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?3.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?sysload3.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?4.exe - a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?sndvol32.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?5.exe - a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?sol.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?1.exe - a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?6.exe - a variant of Win32/PSW.Agent.NDP trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?2.exe - a variant of Win32/PSW.Agent.NDF trojan
C:\Documents and Settings\EQ2\桌面\sysload3.rar ?RAR ?7.exe - a variant of Win32/PSW.Agent.NDP trojan
Number of scanned files: 11
Number of threats found: 10
Number of files cleaned: 1
Time of completion: 10:16:39 Total scanning time: 0 sec (00:00:00)

Notes:
[7] File is probably infected with an unknown virus.
mofunzone
发表于 2007-4-2 10:26:00 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\sysload3.rar'
C:\Documents and Settings\morgan\My Documents\
  sysload3.rar
    [0] Archive type: RAR
    --> 3.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.LC.62
        [WARNING]   Infected files in archives cannot be repaired!
    --> sysload3.exe
        [DETECTION] Is the Trojan horse TR/Hijack.Explor.2490
        [WARNING]   Infected files in archives cannot be repaired!
    --> 4.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> sndvol32.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 5.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.92
        [WARNING]   Infected files in archives cannot be repaired!
    --> sol.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> 1.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.79
        [WARNING]   Infected files in archives cannot be repaired!
    --> 6.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.89
        [WARNING]   Infected files in archives cannot be repaired!
    --> 2.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1297
        [WARNING]   Infected files in archives cannot be repaired!
    --> 7.exe
        [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.93
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年4月1日  19:25
Used time: 00:10 min

The scan has been done completely.

      0 Scanning directories
     11 Files were scanned
     10 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
     11 Warnings
      0 Notes
soul20010
发表于 2007-4-2 10:51:35 | 显示全部楼层
FS7.0
Result: 10 malware found
Trojan-PSW.Win32.OnLineGames.lc (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\3.exe
Trojan-Downloader.Win32.Agent.bkp (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\sysload3.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\sndvol32.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\sol.exe
Trojan-PSW.Win32.OnLineGames.kw (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\4.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\5.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\1.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\6.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\7.exe
Trojan-PSW.Win32.OnLineGames.es (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\sysload3.rar\2.exe
一派胡言
 楼主| 发表于 2007-4-3 11:30:44 | 显示全部楼层
原来这就是传说中的"光标漏洞".
小邪邪
发表于 2007-4-3 12:38:31 | 显示全部楼层
2007-4-3        12:36:30        已删除 \SYSLOAD3\SYSLOAD3.EXE       
W32/Fujacks.aa (特洛伊)
2007-4-3        12:36:31        已删除\sysload3\sysload3.exe       
W32/Fujacks.aa (特洛伊)
2007-4-3        12:36:31        已清除\sysload3\sndvol32.exe       
W32/Fujacks.aa (特洛伊)
2007-4-3        12:36:31        已清除 \sysload3\sol.exe       
W32/Fujacks.aa (特洛伊)
2007-4-3        12:36:31        已清除\sysload3\sol.exe       
W32/Fujacks.remnants (特洛伊)
2007-4-3        12:36:31        已删除 \SYSLOAD3\2.EXE       
PWS-LegMir.gen.b (特洛伊)
2007-4-3        12:36:31        已删除 \sysload3\2.exe
PWS-LegMir.gen.b (特洛伊)
mmll888
头像被屏蔽
发表于 2007-4-3 16:16:19 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\zxb\桌面\sysload3.rar'
C:\Documents and Settings\zxb\桌面\sysload3.rar
  [0] Archive type: RAR
  --> 3.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.LC.62
  --> sysload3.exe
      [DETECTION] Is the Trojan horse TR/Hijack.Explor.2490
  --> 4.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.101
  --> sndvol32.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bkp.19
  --> 5.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.92
  --> sol.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bkp.20
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.79
  --> 6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.89
  --> 2.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1297
  --> 7.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.KW.93
      [INFO]      The file was deleted!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 09:51 , Processed in 0.132682 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表