我朋友家抓的毒

显示全部楼层 · 发表于 2007-4-3 16:03:35

到处生成盘的自动执行文件

显示全部楼层 · 发表于 2007-4-3 16:05:28

N年前的病毒了,我连下载都省了.

显示全部楼层 · 发表于 2007-4-3 16:05:57

风暴胜者V2 测试版本(http://www.v0day.com)
_________您的安全是我们的责任_______________
载入病毒库…进行整理…分配内存…可以使用

===============================================
___________病毒查杀结果__________________

===============================================

2007年4月3日16时5分52秒开始查杀C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO
威胁性文件：C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\OSO.exe
C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\OSO.exe 发现未知可疑文件:Win32.NkHack.FSG.A 操作:阻止运行
C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\rundl132.exe 为可疑文件
威胁性文件：C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\SMSS.EXE
威胁性文件：C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\wsttrs.dll
威胁性文件：C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\o.dll
C:\Documents and Settings\Administrator\桌面\新建文件夹\OSO\o.dll 发现未知可疑文件:Win32.Nop 9gs9 操作:阻止运行
=========================================

_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

-----------------------------------------

2007年4月3日16时5分57秒收起线程…100% 查杀完毕！
扫描文件：5查杀病毒：6

显示全部楼层 · 发表于 2007-4-3 16:06:33

Starting the file scan:

Begin scan in 'C:\Documents and Settings\zxb\桌面\OSO.rar'
C:\Documents and Settings\zxb\桌面\OSO.rar
  [0] Archive type: RAR
  --> OSO.exe
   [DETECTION] Is the Trojan horse TR/PSW.QQPass.UJ
  --> rundl132.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> SMSS.EXE
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1361
--> bfdarx.rar
   [1] Archive type: RAR
   --> bfdarx.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.UJ
--> mplay.rar
   [1] Archive type: RAR
   --> mplay.com
      [DETECTION] Is the Trojan horse TR/Spy.Agent.PN.214
  --> wsttrs.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1362
  --> o.dll
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
--> severe.rar
   [1] Archive type: RAR
   --> severe.exe
      [DETECTION] Is the Trojan horse TR/PSW.QQPass.UJ
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-4-3 16:07:47

2007-4-3 16:04:59 已由访问保护规则禁止\svchost\svchost.exe
防病毒标准保护:禁止伪装 Windows 进程
已阻止的操作: 创建

2007-4-3 16:04:59 已由访问保护规则禁止 \OSO\SMSS.EXE
防病毒标准保护:禁止伪装 Windows 进程
已阻止的操作: 创建

2007-4-3 16:05:16 已由访问保护规则禁\OSO\autorun\autorun.inf
防病毒标准保护:禁止创建自动运行文件
已阻止的操作: 创建

显示全部楼层 · 发表于 2007-4-3 16:13:39

8个

已删除: 木马程序 Trojan-PSW.Win32.QQPass.uj 文件: F:\OSO.rar\OSO.exe/FSG
已删除: 病毒 Worm.Win32.Viking.gz 文件: F:\OSO.rar\rundl132.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: F:\OSO.rar\SMSS.EXE
已删除: 木马程序 Trojan-PSW.Win32.QQPass.uj 文件: F:\OSO.rar\bfdarx.rar\bfdarx.exe/FSG
已删除: 木马程序 Trojan-Spy.Win32.Agent.pn 文件: F:\OSO.rar\mplay.rar\mplay.com/PE_Patch/UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: F:\OSO.rar\wsttrs.dll
已删除: 病毒 Worm.Win32.Viking.gz 文件: F:\OSO.rar\o.dll
已删除: 木马程序 Trojan-PSW.Win32.QQPass.uj 文件: F:\OSO.rar\severe.rar\severe.exe/FSG

显示全部楼层 · 发表于 2007-4-3 16:24:01

Virus check with AntiVirusKit
Version 16.0.7
Virus signatures of 2007-4-1
Start time: 2007-4-3 16:23
Engine(s): KAV engine (AVK 17.3690), BD-Engine (BD 17.2421)
Heuristic: On
Archives: On
System areas: On

Check system areas...
Check selected directories and files...
Object: OSO.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.uj (KAV engine), Generic.PWStealer.227BB933 (BD-Engine)
Object: rundl132.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Worm.Win32.Viking.gz (KAV engine), Win32.Worm.Viking.LP (BD-Engine)
Object: SMSS.EXE
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.es (KAV engine), Generic.Malware.SdldgPWS.9444109C (BD-Engine)
Object: bfdarx.rar bfdarx.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.uj (KAV engine)
Object: mplay.rar mplay.com
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-Spy.Win32.Agent.pn (KAV engine)
Object: wsttrs.dll
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.OnLineGames.es (KAV engine), Generic.Malware.PWS.9B81E831 (BD-Engine)
Object: o.dll
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Worm.Win32.Viking.gz (KAV engine), Win32.Worm.Viking.LP (BD-Engine)
Object: severe.rar severe.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Trojan-PSW.Win32.QQPass.uj (KAV engine)
Object: bfdarx.rar bfdarx.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Generic.PWStealer.227BB933 (BD-Engine)
Object: mplay.rar mplay.com
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Generic.Malware.BE!dldspg.F61F891E (BD-Engine)
Object: severe.rar severe.exe
In archive: C:\Documents and Settings\Administrator\桌面\OSO.rar
Status: Virus detected
Virus: Generic.PWStealer.227BB933 (BD-Engine)
Object: OSO.rar
Path: C:\Documents and Settings\Administrator\桌面
Status: Move file into quarantine
Virus: Trojan-PSW.Win32.QQPass.uj (3x), Worm.Win32.Viking.gz (2x), Trojan-PSW.Win32.OnLineGames.es (2x), Trojan-Spy.Win32.Agent.pn (KAV engine), Generic.PWStealer.227BB933 (3x), Win32.Worm.Viking.LP (2x), Generic.Malware.SdldgPWS.9444109C, Generic.Malware.BE!dldspg.F61F891E, Generic.Malware.PWS.9B81E831 (BD-Engine)
Analysis complete: 2007-4-3 16:23
1 files checked
1 infected files detected
0 suspected files detected

显示全部楼层 · 发表于 2007-4-3 17:47:38

蜘蛛也是8个..

bfdarx.rar\bfdarx.exe;C:\Documents and Settings\Administrator\桌面\OSO\bfdarx.rar;Trojan.PWS.Qqpass.422;;
bfdarx.rar;C:\Documents and Settings\Administrator\桌面\OSO;Archive contains infected objects;;
mplay.rar\mplay.com;C:\Documents and Settings\Administrator\桌面\OSO\mplay.rar;Trojan.Hitpop.origin;;
mplay.rar;C:\Documents and Settings\Administrator\桌面\OSO;Archive contains infected objects;;
o.dll;C:\Documents and Settings\Administrator\桌面\OSO;Trojan.Vanti;;
OSO.exe;C:\Documents and Settings\Administrator\桌面\OSO;Trojan.PWS.Qqpass.422;;
rundl132.exe;C:\Documents and Settings\Administrator\桌面\OSO;Win32.HLLW.Gavir.54;;
severe.rar\severe.exe;C:\Documents and Settings\Administrator\桌面\OSO\severe.rar;Trojan.PWS.Qqpass.422;;
severe.rar;C:\Documents and Settings\Administrator\桌面\OSO;Archive contains infected objects;;
SMSS.EXE;C:\Documents and Settings\Administrator\桌面\OSO;Trojan.PWS.Wsgame;;
wsttrs.dll;C:\Documents and Settings\Administrator\桌面\OSO;Trojan.PWS.Wsgame;;

显示全部楼层 · 发表于 2007-4-3 17:51:06

FS7.0
Result: 8 malware found
Trojan-PSW.Win32.QQPass.uj (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\OSO.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\bfdarx.rar\bfdarx.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\severe.rar\severe.exe
Worm.Win32.Viking.gz (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\rundl132.exe
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\o.dll
Trojan-PSW.Win32.OnLineGames.es (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\SMSS.EXE
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\wsttrs.dll
Trojan-Spy.Win32.Agent.pn (virus)
C:\Documents and Settings\ÉÙÁÖ\×ÀÃæ\OSO.rar\mplay.rar\mplay.com

显示全部楼层 · 发表于 2007-4-3 18:31:01

已经上报了...

[病毒样本] 我朋友家抓的毒

本帖子中包含更多资源

MCAFEE监控+访问保护

本帖子中包含更多资源