Trojan-PSW.Win32.OnlineGame.kw是什么啊,害死我了

小嘴儿

是目前很流行的一个盗号木马

用AVG可以清楚掉

卡巴查不出来...

iceman999

Trojan-PSW.Win32.OnlineGame.kw
－－－－－－－－－－－－－－－－－－－
偶今天就是因为这个DD，害的偶这么晚了，还没有睡。

飘蓝一尘

怎样清除IE缓存啊

听雨醉

点击桌面IE图标-属性-常规，删除cookies、删除文件-勾选删除脱机内容、清除历史记录。

siman.yu

偶用NOD32AVG两年啦!只杀出木马和病毒!没中过标!

chenyucid

我昨天中的就是这个毒 把卡巴都无声无息关掉了........ 我的也是这样啊！
现在还多了一个“shualai.exe”，用卡巴和AVG都查不到，删了又重生，在注册表里找不到一丝关于它的形迹，可是 Trojan-PSW.Win32.OnLineGames.kw之类的不停循环报警，杀了又重生``` [:12:] [:12:]

奇怪的是，现在已经有一个多小时没病毒报警了，我只是重复的手动删除，和前几次所做的一样呀？
哦，忘了帖了扫描日志：
Logfile of HijackThis v1.99.1
Scan saved at 21:45:55, on 2007-4-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ydfdckc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\DOWNLOAD\soft\ha_hijackthis_1991\HijackThis.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O1 - Hosts: 61.152.169.246 www.npjxjy.com
O1 - Hosts: 61.152.169.246 quxiuu.com
O1 - Hosts: 61.152.169.246 www.23b.cn
O1 - Hosts: 61.152.169.246 www.baidulink.com
O1 - Hosts: 61.152.169.246 www.ookkw.com
O1 - Hosts: 61.152.169.246 www.97725.com
O1 - Hosts: 61.152.169.246 www.54699.com
O1 - Hosts: 61.152.169.246 www.wu7x.cn
O1 - Hosts: 61.152.169.246 d.qbbd.com
O1 - Hosts: 61.152.169.246 w.qbbd.com
O1 - Hosts: 61.152.169.246 web.77276.com
O1 - Hosts: 61.152.169.246 www.77276.com
O1 - Hosts: 61.152.169.246 www.npjxjy.com
O1 - Hosts: 61.152.169.246 www.baidulink.com
O1 - Hosts: 61.152.169.246 www.ookkw.com
O1 - Hosts: 61.152.169.246 www.wu7x.cn
O1 - Hosts: 61.152.169.246 www.wwwlm.net
O1 - Hosts: 61.152.169.246 dm1.yiall.com
O1 - Hosts: 61.152.169.246 www.my6688.cn
O1 - Hosts: 61.152.169.246 www.union123.com
O1 - Hosts: 61.152.169.246 www.ktan.cn
O1 - Hosts: 61.152.169.246 www.2t2t.cn
O1 - Hosts: 61.152.169.246 www.cq530.com
O1 - Hosts: 61.152.169.246 www.365tc.com
O1 - Hosts: 61.152.169.246 ad.qucha.net
O1 - Hosts: 61.152.169.246 www.tan8.cn
O1 - Hosts: 61.152.169.246 www.itjj.net
O1 - Hosts: 61.152.169.246 www.start188.com
O1 - Hosts: 61.152.169.246 www.at58.cn
O1 - Hosts: 61.152.169.246 union.yxad.com
O1 - Hosts: 61.152.169.246 www.iptan.com
O1 - Hosts: 61.152.169.246 www.ip2008.net
O1 - Hosts: 61.152.169.246 www.yqif.com
O1 - Hosts: 61.152.169.246 www.2t2t.cn
O1 - Hosts: 61.152.169.246 www.688ip.com
O1 - Hosts: 61.152.169.246 www.17tc.com
O1 - Hosts: 61.152.169.246 www1.6tan.com
O1 - Hosts: 61.152.169.246 www2.6tan.com
O1 - Hosts: 61.152.169.246 www.6tan.com
O1 - Hosts: 61.152.169.246 www.zztan.com
O1 - Hosts: 61.152.169.246 www.5tanip.com
O1 - Hosts: 61.152.169.246 www.16tc.com
O1 - Hosts: 61.152.169.246 www.163se.net
O1 - Hosts: 61.152.169.246 www.168080.com
O1 - Hosts: 61.152.169.246 www.baidu8.org
O1 - Hosts: 61.152.169.246 www.qqwei.com
O1 - Hosts: 61.152.169.246 qz.magforum.net
O1 - Hosts: 61.152.169.246 www.nze21.com
O1 - Hosts: 61.152.169.246 www.437799.com
O1 - Hosts: 61.152.169.246 www.168080.com
O1 - Hosts: 61.152.169.246 new2.jixie123.cn
O1 - Hosts: 61.152.169.246 www.18dmm.com
O1 - Hosts: 61.152.169.246 www.souxse.cn
O1 - Hosts: 61.152.169.246 x.vvcyin.com
O1 - Hosts: 61.152.169.246 dm1.yiall.com
O1 - Hosts: 61.152.169.246 www.168080.com
O1 - Hosts: 61.152.169.246 www.nze21.com
O1 - Hosts: 61.152.169.246 www.puma163.com
O1 - Hosts: 61.152.169.246 www.138505.com
O2 - BHO: ExtentIE Class - {66C2C482-D4EE-42A5-AEF7-0B124F278D47} - C:\WINDOWS\system32\acce.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\tool\Thunder\ComDlls\XunLeiBHO_006.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &使用迅雷下载 - D:\tool\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\tool\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\tool\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\tool\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\tool\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\tool\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\tool\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\tool\BitSpirit\bsurl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\tool\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\tool\Thunder\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\game\浩方对战平台\GameClient.exe
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\tool\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\tool\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\tool\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gc.com.cn/msrdp.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: 3CBF3F6 - Unknown owner - C:\WINDOWS\system32\3CBF3F6.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: error monitor (EmonSrv) - Unknown owner - C:\WINDOWS\system32\cce6.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Routing Protect Access (MOVEESS) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[ 本帖最后由 chenyucid 于 2007-4-20 21:52 编辑 ]

chenyucid

刚才正在研究系统进程的时候,卡巴又无声无息地关闭了一次，现在又开始病毒报警了。

tjj515

未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: C:\Program Files\Common Files\System\wab32res_icon.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: E:\编程杂烩\Borland C++ Builder Compiler 5.5 .exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: E:\QQ\QQTemp\TM.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: D:\程序安装库\Nimo50Build7.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: D:\程序安装库\eMule-0.47c-VeryCD1122-Setup.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: D:\程序安装库\ccproxysetup.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: D:\程序安装库\RealOnePlayerV2GOLD_cn.exe
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.fq URL:
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: C:\Program Files\Common Files\System\wab32res_icon.exe
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.oz URL:
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.pa URL:
已检测到: 木马程序 Trojan-Downloader.Win32.Small.elo URL: http://w1.love9g.com/9g.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: C:\Program Files\Common Files\System\wab32res_download.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: C:\DOCUME~1\tan\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YL0HSVIH\9g[1].exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: I:\tool.exe/PE_Patch/UPack
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: C:\Program Files\Common Files\System\directdb.exe/PE_Patch/UPack
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\msaccess.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\excel.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\outlook.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\mstore.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\finder.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\powerpnt.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\program files\ringz studio\storm codec\gspot.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\program files\real\realplayer\realplay.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\program files\ringz studio\storm codec\mplayerc.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: d:\microsoft visual studio\vb98\vb6.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\ivt corporation\bluesoleil\btntservice.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\alcohol 120\starwind\starwindservice.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\msohtmed.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\program files\adobe\acrobat 7.0\reader\acrord32.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\alcohol 120\alcohol120.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\ivt corporation\bluesoleil\bluesoleil.exe
未发现: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\infopath.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\mspub.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\microsoft office\office11\ois.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.elo 文件: e:\program files\winrar\winrar.exe






小弟中的是这个……

sleo1981

俺也中的这个，AVG也杀不掉啊，四楼的专杀也没有用，泪！