在朋友机器上发现的

ytysh

密码为：virus

rasis

ess

D:\Download\vir\msctfime.iem > UPX v12_m2_dll - 解压错误
D:\Download\vir\OneG5075492.exe - Win32/Agent.RYN 特洛伊木马 的变种
D:\Download\vir\OneG6556425.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6604411.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6622554.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6640868.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6664362.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6686951.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG6717637.exe - Win32/PSW.OnLineGames.QLE 特洛伊木马 的变种
D:\Download\vir\OneG8169226.exe - Win32/Kryptik.AE 特洛伊木马 的变种

3XTO ess

http://samples.nod32.com.sg/index.php?a=query&lang=3&md5=676d4e8ee7b4d2fc4608c949e6fe8d96

rasis

avira

Begin scan in 'D:\Download\vir'
D:\Download\vir\jkrjewc.DLL
    [DETECTION] Is the TR/PSW.Frethoq.cdy Trojan
    [NOTE]      The file was moved to quarantine directory and named '4e8092e2.qua'!
D:\Download\vir\kpbmgtgjng.sd
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '5627bd42.qua'!
D:\Download\vir\OneG5075492.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '0445e7a8.qua'!
D:\Download\vir\OneG6556425.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '6272a86a.qua'!
D:\Download\vir\OneG6604411.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '27f68554.qua'!
D:\Download\vir\OneG6622554.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '58edb735.qua'!
D:\Download\vir\OneG6640868.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '14559b7f.qua'!
D:\Download\vir\OneG6664362.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '684ddb2f.qua'!
D:\Download\vir\OneG6686951.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '4517f462.qua'!
D:\Download\vir\OneG6717637.exe
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '5c7fcff8.qua'!
D:\Download\vir\OneG8169226.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to quarantine directory and named '3023e3c8.qua'!


1x to avira

文件 ID	文件名	大小(字节)	结果
25922888	msctfime.iem	13.55 KB	UNDER ANALYSIS

下面提供了与每个样本相关的详细报告:

文件名	结果
msctfime.iem	UNDER ANALYSIS

幸福的猪猪

卡巴斯基：不能识别数（特征码）：10x  

已经打包上报。

回信时间：2010年10月19日(星期二) 下午5:23

您好，
kpbmgtgjng.txt - Trojan-GameThief.Win32.OnLineGames.bnrx,
msctfime.iem - Trojan-GameThief.Win32.OnLineGames.xgdp,
OneG6556425.exe - Trojan-GameThief.Win32.OnLineGames.xgdr,
OneG6604411.exe - Trojan-GameThief.Win32.OnLineGames.xgds,
OneG6622554.exe - Trojan-GameThief.Win32.OnLineGames.xgdt,
OneG6640868.exe - Trojan-GameThief.Win32.OnLineGames.xgdu,
OneG6664362.exe - Trojan-GameThief.Win32.OnLineGames.xgdv,
OneG6686951.exe - Trojan-GameThief.Win32.OnLineGames.xgdw,
OneG6717637.exe - Trojan-GameThief.Win32.OnLineGames.xgdx,
OneG8169226.txt - Trojan-GameThief.Win32.OnLineGames.bnrw
以上文件包含恶意代码，下次更新后即可查杀。感谢您的上报。
回复时请引用全部邮件。
--
卡巴斯基中国病毒实验室

▕、尕寶′

数字卫士报

jiangbobobo

    过了金山，报安全！

leobluelion

毒霸清空

Anthony198634

金山+mse狂报毒！

rasis

我们收到了以下存档文件:

文件 ID         文件名         大小(字节)         结果
25922921          vir.7z         10.41 KB         OK

以下位置提供了存档中包含的文件及其结果的列表:
文件 ID         文件名         大小(字节)         结果
25922888          msctfime.iem          13.55 KB          MALWARE


下面提供了与每个样本相关的详细报告:
文件名         结果
msctfime.iem          MALWARE

已确定“msctfime.iem”文件是“MALWARE”。 我们的分析人员将这种威胁命名为“TR/Agent.13880.A”。 术语“TR/”指的是能够窥探数据、侵犯您的隐私或对系统进行不需要的修改的特洛伊木马。通过接下来的某次更新，我们的病毒定义文件(VDF)中将添加这项检测。

星晨

BitDefender2011