这个肥，流氓搜索工具条，刚抓的

lanvin

想玩就玩
http://www.divshare.com/download/682912-5f3
附件是运行后的衍生物

wangjay1980

deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.at        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3BROVLY.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3HISTSW.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.l        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3HTMLMU.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.af        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3HTTPCT.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3PSSAVR.SCR
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3RESTUB.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3SCHMON.EXE
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.an        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3SCRCTR.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\F3WPHOOK.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\M3OUTLCN.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.as        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\M3PLUGIN.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\MWSOEMON.EXE
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.au        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\MWSOEPLG.DLL
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.aw        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\MWSSRCSP.EXE
deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.i        File: C:\Documents and Settings\Owner\×ÀÃæ\zwinky.rar/zwinky\NPMYWEBS.DLL

mcafee报mws是啥啊。。。

风野胤

Scanning Log
NOD32 version 2277 (20070518) NT
Command line: C:\Documents and Settings\fengyeyin\桌面\ ?
?zwinky.rar
Checking CRC of NOD32.EXE: Status OK
d:\Program Files\Eset\nod32.exe - is OK
Scanning memory: Not performed (option disabled)
Scanning MBR and boot sectors: Not performed (option  ?
?disabled)
Date: 19.5.2007  Time: 23:12:51
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and  ?
?Settings\fengyeyin\桌面\zwinky.rar
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3BROVLY.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3HISTSW.DLL - Win32/FunWeb application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3HTMLMU.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3HTTPCT.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3PSSAVR.SCR - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3RESTUB.DLL - Win32/FunWeb application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3SCHMON.EXE - Win32/FunWeb application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3SCRCTR.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\F3WPHOOK.DLL - Win32/FunWeb application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\M3OUTLCN.DLL - Win32/Toolbar.MyWebSearch  ?
?application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\M3PLUGIN.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\M3SKPLAY.EXE - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\MWSOEMON.EXE - Win32/Toolbar.MyWebSearch  ?
?application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\MWSOEPLG.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\MWSSRCSP.EXE - a variant of Win32/AdInstaller  ?
?application
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar ?RAR  ?
??zwinky\NPMYWEBS.DLL - is OK
C:\Documents and Settings\fengyeyin\桌面\zwinky.rar:Zone. ?
?Identifier - is OK
Number of scanned files: 17
Number of threats found: 7
Time of completion: 23:12:51 Total scanning time: 0 sec  ?
?(00:00:00)

lanvin

原帖由 aprilfoolphoeny 于 2007-5-19 23:09 发表
73062
mcafee报mws是啥啊。。。

malware web searcher
猜的

弓虽，呵呵，睡觉去了，明天见

风野胤

不就是nod报的MyWebSearch嘛

dyw1021

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\zwinky.rar'
C:\Documents and Settings\Administrator\桌面\zwinky.rar
  [0] Archive type: RAR
  --> zwinky\F3BROVLY.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.AT.2
  --> zwinky\F3HISTSW.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.43
  --> zwinky\F3HTMLMU.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.143421
  --> zwinky\F3HTTPCT.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebS.A.60.B
  --> zwinky\F3PSSAVR.SCR
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.46
  --> zwinky\F3RESTUB.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.47
  --> zwinky\F3SCHMON.EXE
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.48
  --> zwinky\F3SCRCTR.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.AN.3
  --> zwinky\F3WPHOOK.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.50
  --> zwinky\M3OUTLCN.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.A.78
  --> zwinky\M3PLUGIN.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebS.A.60.C
  --> zwinky\M3SKPLAY.EXE
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSea.A.61
  --> zwinky\MWSOEMON.EXE
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebS.A.60.A
  --> zwinky\MWSOEPLG.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.319560
  --> zwinky\MWSSRCSP.EXE
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/MyWebSearch.57344
  --> zwinky\NPMYWEBS.DLL
      [DETECTION] Contains signature of the Ad- or Spyware ADSPY/Drop.57343.A
      [INFO]      The file was moved to '46b820f8.qua'!


End of the scan: 2007年5月20日  00:06
Used time: 00:07 min

The scan has been done completely.

      0 Scanning directories
     17 Files were scanned
     16 viruses and/or unwanted programs were found
      0 classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found

hj5abc

里面有很多重复的吧???//

promised

13