35个

显示全部楼层 · 发表于 2007-4-21 02:10:55

源头：http://www.nze21.com/wm/0.exe

运行后陆续释放十个下载者，那些下载者就负责下载下面的文件：
http://www.nze21.com/wm/10.exe
http://www.nze21.com/wm/9.exe
http://www.nze21.com/wm/1.exe
http://www.nze21.com/wm/6.exe
http://www.nze21.com/wm/3.exe
http://www.nze21.com/wm/7.exe
http://www.nze21.com/wm/8.exe
http://www.nze21.com/wm/5.exe
http://www.nze21.com/wm/4.exe
http://www.nze21.com/wm/2.exe

于是生成了一堆东西出来

样本密码：virus

[ 本帖最后由 dikex 于 2007-4-21 02:15 编辑 ]

显示全部楼层 · 发表于 2007-4-21 02:17:30

Scan performed at: 2007-4-21 2:17:20
Scanning Log
NOD32 version 2207 (20070420) NT
Command line: C:\Documents and Settings\EQ2\桌面\TEMP
Operating memory - is OK

Date: 21.4.2007 Time: 02:17:24
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\TEMP\
C:\Documents and Settings\EQ2\桌面\TEMP\0.exe - a variant of Win32/TrojanDownloader.Small.CXN trojan
C:\Documents and Settings\EQ2\桌面\TEMP\01.exe - probably a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\TEMP\d2.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\TEMP\d3.exe - a variant of Win32/PSW.Agent.NCC trojan
C:\Documents and Settings\EQ2\桌面\TEMP\d5.exe ?FSG v2.0 - Win32/PSW.Delf.NGW trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\TEMP\d7.exe - Win32/Agent.NHN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\d8.exe - probably a variant of Win32/PSW.QQShou.EP trojan
C:\Documents and Settings\EQ2\桌面\TEMP\downer1.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer10.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer2.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer3.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer4.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer5.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer6.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer7.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer8.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\downer9.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\lass.exe - Win32/TrojanDownloader.Small.CXN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\shualai.dll - Win32/Agent.NHN trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\svchost.exe - Win32/PSW.Delf.NGV trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\upsxdnd.dll - Win32/PSW.Agent.NDF trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\upsxdnd.exe - Win32/PSW.Agent.NDF trojan - quarantined - unable to clean - deleted
C:\Documents and Settings\EQ2\桌面\TEMP\winform.dll - a variant of Win32/PSW.Agent.NCC trojan
Number of scanned files: 36
Number of threats found: 23
Number of files cleaned: 23
Time of completion: 02:17:26 Total scanning time: 2 sec (00:00:02)

显示全部楼层 · 发表于 2007-4-21 02:23:23

0.exe;E:\TEMP[1];BackDoor.Pigeon.1604;;
01.exe;E:\TEMP[1];Trojan.PWS.Wsgame;;
cmdbcs.dll;E:\TEMP[1];Trojan.PWS.Wsgame;;
d2.exe;E:\TEMP[1];Trojan.PWS.Wsgame;;
d3.exe;E:\TEMP[1];Trojan.PWS.Wsgame;;
d5.exe\data001;E:\TEMP[1]\d5.exe;Trojan.PWS.Gamania;;
d5.exe;E:\TEMP[1];Archive contains infected objects;;
d7.exe;E:\TEMP[1];Trojan.PWS.Wsgame;;
d8.exe;E:\TEMP[1];Trojan.PWS.Qqpass.521;;
data001\data002;E:\TEMP[1]\d10.exe\data001;Adware.Borlander;;
data001\data003;E:\TEMP[1]\d10.exe\data001;not a virus Adware.Borlander.origin;;
data001\data004;E:\TEMP[1]\d10.exe\data001;not a virus Adware.Borlander.origin;;
data001\data005;E:\TEMP[1]\d10.exe\data001;Adware.Borlander;;
data001;E:\TEMP[1]\d10.exe;Archive contains infected objects;;
d10.exe;E:\TEMP[1];Archive contains infected objects;;
downer1.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer2.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer3.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer4.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer5.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer6.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer7.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer8.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer9.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
downer10.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
Ghook.dll;E:\TEMP[1];Trojan.PWS.Gamania;;
iguu.dll;E:\TEMP[1];not a virus Adware.Borlander.origin;;
lass.exe;E:\TEMP[1];Trojan.DownLoader.10548;;
ljxx.dll;E:\TEMP[1];Adware.Borlander;;
mppds.dll;E:\TEMP[1];Trojan.PWS.Wsgame;;
nlww.dll;E:\TEMP[1];not a virus Adware.Borlander.origin;;
shualai.dll;E:\TEMP[1];Trojan.PWS.Wsgame;;
SysInfo1.dll;E:\TEMP[1];Trojan.PWS.Qqpass.521;;
upsxdnd.exe;E:\TEMP[1];Trojan.PWS.Wsgame;;
upsxdnd.dll;E:\TEMP[1];Trojan.PWS.Wow;;
winform.dll;E:\TEMP[1];Trojan.PWS.Wsgame;;
BETA蜘蛛比AVK还多2个

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-4-20
开始时间: 2007-4-21 2:21
引擎: KAV 引擎 (AVK 17.3590), BD  引擎
启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: 01.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Generic.Malware.SgPWS.C2D7668E (BD  引擎)
对象: cmdbcs.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), DeepScan:Generic.PWS.WSGame.91DB6115 (BD  引擎)
对象: d2.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Generic.Malware.SdldgPWS.78704969 (BD  引擎)
对象: d3.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Trojan.PWS.OnLineGames.ARI (BD  引擎)
对象: d5.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.hu (KAV 引擎), DeepScan:Generic.Malware.SFBdld.E3F7C6FE (BD  引擎)
对象: d7.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Generic.Malware.SdldPWS.D3838A45 (BD  引擎)
对象: d8.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.WOW.ao (KAV 引擎), Generic.PWS.WoW.5D81C7E4 (BD  引擎)
对象: stream data0001
      在压缩档案里: E:\TEMP[1]\d10.exe
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎)
对象: (NSIS o) lzma_solid_nsis0001
      在压缩档案里: E:\TEMP[1]\d10.exe
      Status: 已发现病毒
      病毒: Adware.Boran.AT (BD  引擎)
对象: d10.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎), Adware.Boran.AT (BD  引擎)
对象: downer1.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.F5D07FF7 (BD  引擎)
对象: downer2.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.C059F4D2 (BD  引擎)
对象: downer3.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.BBB1F62D (BD  引擎)
对象: downer4.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.0358FC91 (BD  引擎)
对象: downer5.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.78B0FE6E (BD  引擎)
对象: downer6.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.F488F96F (BD  引擎)
对象: downer7.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.8F60FB90 (BD  引擎)
对象: downer8.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.5E2BEA56 (BD  引擎)
对象: downer9.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.25C3E8A9 (BD  引擎)
对象: downer10.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.623C3906 (BD  引擎)
对象: Ghook.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.jj (KAV 引擎)
对象: iguu.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎), Adware.Boran.AT (BD  引擎)
对象: lass.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-Downloader.Win32.Small.dii (KAV 引擎), Generic.Malware.dld!!.36DCC298 (BD  引擎)
对象: ljxx.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎), Adware.Boran.AT (BD  引擎)
对象: mppds.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Generic.Malware.PWS.F7983865 (BD  引擎)
对象: nlww.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎), Adware.Boran.AT (BD  引擎)
对象: qoss.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: not-a-virus:AdWare.Win32.Boran.z (KAV 引擎), Adware.Boran.AT (BD  引擎)
对象: shualai.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Generic.PWS.Games.DCDB63F0 (BD  引擎)
对象: svchost.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.gm (KAV 引擎), Trojan.PWS.Onlinegames.EB (BD  引擎)
对象: SysInfo1.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.WOW.ao (KAV 引擎), Generic.PWS.WoW.A9CE7B5E (BD  引擎)
对象: upsxdnd.exe
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Generic.Malware.SdldPWS.833D63E1 (BD  引擎)
对象: upsxdnd.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.es (KAV 引擎), Generic.Malware.PWS.2F2F5E50 (BD  引擎)
对象: winform.dll
      路径: E:\TEMP[1]
      Status: 已发现病毒
      病毒: Trojan-PSW.Win32.OnLineGames.mq (KAV 引擎), Trojan.PWS.OnLineGames.ARI (BD  引擎)
Analysis complete: 2007-4-21 2:21
35 files checked
31 infected files detected

显示全部楼层 · 发表于 2007-4-21 02:28:10

红伞32个，剩下3个上报了，红伞不一样的感觉，红伞就是强

显示全部楼层 · 发表于 2007-4-21 02:28:42

原帖由 绅博周幸 于 2007-4-21 02:28 发表
红伞32个，剩下3个上报了，红伞不一样的感觉，红伞就是强

BETA蜘蛛比红伞还多一个呢

显示全部楼层 · 发表于 2007-4-21 02:29:34

Thank you for your submission. Below you can see the current status of the uploaded files.

--------------------------------------------------------------------------------

We received the following archive files:

File ID  Filename  Size (Byte) Result
270779  TEMP.rar 203.21 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
270780  0.exe  11.94 KB  UNDER ANALYSIS
270781  caoo.uni  1 B  UNDER ANALYSIS
270782  cmdbcs.dll  10.5 KB  UNDER ANALYSIS
270783  d3.exe  17 KB  UNDER ANALYSIS
270784  d4.exe  5.41 KB  UNDER ANALYSIS
270785  d7.exe  18.5 KB  UNDER ANALYSIS
270786  d9.exe  151.46 KB  UNDER ANALYSIS
270787  downer1.exe  3.5 KB  UNDER ANALYSIS
270788  downer10.exe  3.5 KB  UNDER ANALYSIS
270789  downer2.exe  3.5 KB  UNDER ANALYSIS
270790  downer3.exe  3.5 KB  UNDER ANALYSIS
270791  downer4.exe  3.5 KB  UNDER ANALYSIS
270792  downer5.exe  3.5 KB  UNDER ANALYSIS
270793  downer6.exe  3.5 KB  UNDER ANALYSIS
270794  downer7.exe  3.5 KB  UNDER ANALYSIS
270795  downer8.exe  3.5 KB  UNDER ANALYSIS
270796  downer9.exe  3.5 KB  UNDER ANALYSIS
270797  shualai.dll  12 KB  UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename Result
0.exe  UNDER ANALYSIS

The file '0.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
caoo.uni  UNDER ANALYSIS

The file 'caoo.uni' has been determined to be 'UNDER ANALYSIS'.

Filename Result
cmdbcs.dll  UNDER ANALYSIS

The file 'cmdbcs.dll' has been determined to be 'UNDER ANALYSIS'.

Filename Result
d3.exe  UNDER ANALYSIS

The file 'd3.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
d4.exe  UNDER ANALYSIS

The file 'd4.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
d7.exe  UNDER ANALYSIS

The file 'd7.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
d9.exe  UNDER ANALYSIS

The file 'd9.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer1.exe  UNDER ANALYSIS

The file 'downer1.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer10.exe  UNDER ANALYSIS

The file 'downer10.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer2.exe  UNDER ANALYSIS

The file 'downer2.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer3.exe  UNDER ANALYSIS

The file 'downer3.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer4.exe  UNDER ANALYSIS

The file 'downer4.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer5.exe  UNDER ANALYSIS

The file 'downer5.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer6.exe  UNDER ANALYSIS

The file 'downer6.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer7.exe  UNDER ANALYSIS

The file 'downer7.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer8.exe  UNDER ANALYSIS

The file 'downer8.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
downer9.exe  UNDER ANALYSIS

The file 'downer9.exe' has been determined to be 'UNDER ANALYSIS'.

Filename Result
shualai.dll  UNDER ANALYSIS

The file 'shualai.dll' has been determined to be 'UNDER ANALYSIS'.

--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

[:27:] [:27:]

显示全部楼层 · 发表于 2007-4-21 02:31:09

将报的文件名发上来。。。好想看

显示全部楼层 · 发表于 2007-4-21 02:32:01

预计此帖又将口水
睡觉了

显示全部楼层 · 发表于 2007-4-21 02:52:51

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\01.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\cmdbcs.dll
已删除: 病毒 Suspicious (修改) 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d2.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d2.exe\MPPDS.DLL
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d3.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.hu 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d5.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.oe 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d7.exe
已删除: 木马程序 Trojan-PSW.Win32.WOW.ao 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d8.exe//UPack
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\d10.exe//stream//data0001
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer1.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer2.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer3.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer4.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer5.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer6.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer7.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer8.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer9.exe
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\downer10.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.jj 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\Ghook.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\iguu.dll
已删除: 木马程序 Trojan-Downloader.Win32.Small.dii 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\lass.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\ljxx.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\mppds.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\nlww.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\qoss.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.gm 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\svchost.exe
已删除: 木马程序 Trojan-PSW.Win32.WOW.ao 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\SysInfo1.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\upsxdnd.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\upsxdnd.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.mq 文件: C:\Documents and Settings\Administrator\桌面\TEMP[1]\winform.dll
31个

显示全部楼层 · 发表于 2007-4-21 08:27:57

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\TEMP'
C:\Documents and Settings\morgan\My Documents\TEMP\
  0.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!
  01.exe
   [DETECTION] Is the Trojan horse TR/Agent.17408.27
   [WARNING] The file was ignored!
  caoo.uni
  cmdbcs.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  d10.exe
   [DETECTION] Contains signature of the dropper DR/Boran.Z.99
   [WARNING] The file was ignored!
  d2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1662
   [WARNING] The file was ignored!
  d3.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  d4.exe
  d5.exe
   [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
   [WARNING] The file was ignored!
  d7.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  d8.exe
   [DETECTION] Is the Trojan horse TR/PSW.80740
   [WARNING] The file was ignored!
  d9.exe
  downer1.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer10.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer2.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer3.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer4.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer5.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer6.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer7.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer8.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  downer9.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  Ghook.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.JJ.60
   [WARNING] The file was ignored!
  iguu.dll
   [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Boran.XSS.2
   [WARNING] The file was ignored!
  lass.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Small.dii.8
   [WARNING] The file was ignored!
  ljxx.dll
   [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Bor.X.19.C.2
   [WARNING] The file was ignored!
  mppds.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.1662
   [WARNING] The file was ignored!
  nlww.dll
   [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Bor.X.19.C.3
   [WARNING] The file was ignored!
  qoss.dll
   [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Bor.X.19.C.4
   [WARNING] The file was ignored!
  shualai.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [WARNING] The file was ignored!
  svchost.exe
   [DETECTION] Is the Trojan horse TR/PSW.Onlinegames.EB.3
   [WARNING] The file was ignored!
  SysInfo1.dll
   [DETECTION] Is the Trojan horse TR/PSW.80740
   [WARNING] The file was ignored!
  upsxdnd.dll
   [DETECTION] Is the Trojan horse TR/Agent.11264.28
   [WARNING] The file was ignored!
  upsxdnd.exe
   [DETECTION] Is the Trojan horse TR/Agent.17920.29
   [WARNING] The file was ignored!
  winform.dll
   [DETECTION] Is the Trojan horse TR/Agent.9728.26
   [WARNING] The file was ignored!

End of the scan: 2007年4月20日  17:27
Used time: 00:13 min

The scan has been done completely.

   1 Scanning directories
   35 Files were scanned
   32 viruses and/or unwanted programs were found
   15 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
-12 Files not concerned
   0 Archives were scanned
   32 Warnings
   0 Notes
   0 Hidden objects were found

[病毒样本] 35个

本帖子中包含更多资源

剩下来的上报去了