14网马

显示全部楼层 · 发表于 2007-5-27 15:27:36

扫描日志
NOD32版本 2291 (20070525) NT
命令行： C:\Documents and Settings\morgan\My Documents\ ?
?TDDOWNLOAD.rar
正在检查NOD32.EXE文件的CRC：状态正常
D:\Eset\nod32.exe - 是正常的
扫描系统内存中：没有进行 (选项已关闭)
扫描MBR及引导区中：没有进行 (选项已关闭)
日期： 27.5.2007  时间：00:24:58
已关闭反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\ ?
?morgan\My Documents\TDDOWNLOAD.rar
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>TASKMRG.exe - Win32/PSW.Agent.NEW 木马的变种
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>ADOBESVC.exe - 是正常的
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>ALP.exe - Win32/PSW.Agent.NEW 木马的变种
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>AVG.exe - Win32/PSW.OnLineGames.TE 木马
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>CFTMON.exe - Win32/PSW.Agent.NCC 木马
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>COMIME.exe - Win32/PSW.OnLineGames.NAG  ?
?木马的变种
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>DATSC.exe - 是正常的
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>INETINF.exe - Win32/PSW.OnLineGames.SX 木马
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>LSASSS.exe - 可能是 Win32/Pacex.Gen 病毒  ?
?的一个变种
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>MSTCS.exe >>FSG v2.0 - 是正常的
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>SOUND.exe - Win32/PSW.Agent.NEA 木马
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>SPOOLVS.exe >>FSG v2.0 - 是正常的
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>SVCHOTS.exe - 是正常的
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD. ?
?rar >>RAR >>0.exe - Win32/TrojanDownloader.Delf.BHO  ?
?木马的变种
已扫描的文件数目：15
已发现的病毒数目：9
活动的病毒数目：1
完成时间： 00:25:06 总扫描时间：8 秒 (00:00:08)

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar'
C:\Documents and Settings\morgan\My Documents\
  TDDOWNLOAD.rar
[0] Archive type: RAR
--> TASKMRG.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.SY
      [WARNING] Infected files in archives cannot be repaired!
--> ADOBESVC.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> ALP.exe
      [DETECTION] Is the Trojan horse TR/Agent.8192.136
      [WARNING] Infected files in archives cannot be repaired!
--> AVG.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.TE.8
      [WARNING] Infected files in archives cannot be repaired!
--> CFTMON.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.QQ.5
      [WARNING] Infected files in archives cannot be repaired!
--> COMIME.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.QY.133
      [WARNING] Infected files in archives cannot be repaired!
--> DATSC.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.2548
      [WARNING] Infected files in archives cannot be repaired!
--> INETINF.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.SX.7
      [WARNING] Infected files in archives cannot be repaired!
--> LSASSS.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> MSTCS.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.NW.28
      [WARNING] Infected files in archives cannot be repaired!
--> SOUND.exe
      [DETECTION] Is the Trojan horse TR/PSW.Small.CF.27
      [WARNING] Infected files in archives cannot be repaired!
--> SPOOLVS.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [WARNING] Infected files in archives cannot be repaired!
--> SVCHOTS.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.2577
      [WARNING] Infected files in archives cannot be repaired!
--> 0.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年5月27日  00:25
Used time: 00:10 min

The scan has been done completely.

   0 Scanning directories
   15 Files were scanned
   14 viruses and/or unwanted programs were found
   1 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   0 Files not concerned
   1 Archives were scanned
   15 Warnings
   0 Notes
   0 Hidden objects were found

[Scan path] C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\TASKMRG.exe probably infected with MULDROP.Trojan
>>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe\data001 - Ok
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe\data002 - Ok
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe\data003 - Ok
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe\data004 - Ok
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe\data005 - Ok
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ADOBESVC.exe - Ok
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\ALP.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\AVG.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\CFTMON.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\COMIME.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\DATSC.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\INETINF.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\LSASSS.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\MSTCS.exe infected with Trojan.PWS.Legmir.914
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\SOUND.exe infected with Trojan.PWS.Wsgame
>>>>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\SPOOLVS.exe infected with Trojan.PWS.Soul
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\SVCHOTS.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar\0.exe infected with BackDoor.WebDor
C:\Documents and Settings\morgan\My Documents\TDDOWNLOAD.rar - archive contains infected objects

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 20
Infected objects found: 12
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 308 Kb/s
Scan time: 00:00:02

显示全部楼层 · 发表于 2007-5-27 15:28:57

难道非要让我拿出杀手锏－－AVK？？？？？，NOD32全部过

[:14:]

显示全部楼层 · 发表于 2007-5-27 15:30:19

C:\
C:\ABC\...\TASKMRG.exe : infected Trojan-PSW.Win32.OnLineGames.sy
C:\ABC\...\ALP.exe : is suspected of Embedded.Trojan-PSW.Win32.WOW.qp
C:\ABC\TDDOWNLOAD.rar:<RAR>\AVG.exe : infected Trojan-PSW.Win32.OnLineGames.te
C:\ABC\TDDOWNLOAD.rar:<RAR>\CFTMON.exe : infected Trojan.Win32.PSW.Agent.NCC
C:\ABC\...\COMIME.exe : infected Trojan-PSW.Win32.OnLineGames.qy
C:\ABC\TDDOWNLOAD.rar:<RAR>\DATSC.exe : infected Trojan-PSW.Win32.OnLineGames.es
C:\ABC\...\INETINF.exe : infected Trojan-PSW.Win32.OnLineGames.sx
C:\ABC\TDDOWNLOAD.rar:<RAR>\LSASSS.exe : infected Trojan.PWS.Wsgame
C:\ABC\TDDOWNLOAD.rar:<RAR>\SOUND.exe : infected Trojan-PSW.Win32.Small.cf
C:\ABC\...\SVCHOTS.exe : infected Trojan-PSW.Win32.OnLineGames.es
C:\ABC\TDDOWNLOAD.rar:<RAR>\0.exe : is suspected of Trojan-Dropper.Agent.35
Program execution terminated by user

Directories    : 4    Files in archives:    Files on disks:
Archives:                - total    : 16    - total    : 22
- scanned       : 3    -  scanned : 16    - scanned    : 22
- contain viruses : 1    -  infected : 9    - infected : 1
- deleted       : 0    -  suspicious : 2    - suspicious  : 0

Startup : 15:29:45 27-05-2007
End       : 15:29:53 27-05-2007
Total time : 00:00:08
终止批处理操作吗(Y/N)?
11

显示全部楼层 · 发表于 2007-5-27 15:31:58

回头一看，偶没升级NOD32的病毒库

显示全部楼层 · 发表于 2007-5-27 15:32:00

风暴胜者V2 测试版本(http://www.v0day.com)
_________您的安全是我们的责任_______________
载入病毒库…进行整理…分配内存…可以使用
蜜罐检测:正常 OK!
===============================================
___________病毒查杀结果__________________

===============================================
2007年5月27日15时32分32秒开始查杀C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD
威胁性文件：C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\TASKMRG.exe
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\TASKMRG.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\TASKMRG.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\ADOBESVC.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\ADOBESVC.exe 操作:阻止运行
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\ALP.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\ALP.exe 操作:阻止运行
  未知的可疑率60%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\AVG.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\AVG.exe 操作:阻止运行
威胁性文件：C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\CFTMON.exe
威胁性文件：C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\LSASSS.exe
  未知的可疑率80%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\MSTCS.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\MSTCS.exe 操作:阻止运行
  未知的可疑率60%的文件(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\SPOOLVS.exe 操作:阻止运行
  未知的木马病毒(启发)C:\Documents and Settings\root\桌面\virus\TDDOWNLOAD\SPOOLVS.exe 操作:阻止运行
=========================================
_________文件性质分析结果________________
"带壳"仅指文件性质,仅供专业人员分析使用。

-----------------------------------------
2007年5月27日15时32分37秒收起线程…100% 查杀完毕！
扫描文件：14查杀病毒：9

显示全部楼层 · 发表于 2007-5-27 15:32:17

原帖由 mofunzone 于 2007-5-27 15:27 发表
扫描日志
NOD32版本 2291 (20070525) NT
命令行： C:\Documents and Settings\morgan\My Documents\ ?
?TDDOWNLOAD.rar
正在检查NOD32.EXE文件的CRC：状态正常
D:\Eset\nod32.exe - 是正常的
扫描系统内存 ...

为什么你的NOD32只有9个

Scan performed at: 2007-5-27 15:30:37
Scanning Log
NOD32 version 2292 (20070525) NT
Command line: C:\ABC\TDDOWNLOAD.rar
Operating memory - is OK
Date: 27.5.2007 Time: 15:30:58
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\ABC\TDDOWNLOAD.rar
C:\ABC\TDDOWNLOAD.rar ?RAR ?TASKMRG.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?ALP.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?AVG.exe - Win32/PSW.OnLineGames.TE trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?CFTMON.exe - Win32/PSW.Agent.NCC trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?COMIME.exe - a variant of Win32/PSW.OnLineGames.NAG trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?DATSC.exe - Win32/PSW.OnLineGames.NAL trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?INETINF.exe - Win32/PSW.OnLineGames.SX trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?LSASSS.exe - probably a variant of Win32/Pacex.Gen virus
C:\ABC\TDDOWNLOAD.rar ?RAR ?SOUND.exe - Win32/PSW.Agent.NEA trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?SVCHOTS.exe - Win32/PSW.OnLineGames.NAL trojan
C:\ABC\TDDOWNLOAD.rar ?RAR ?0.exe - a variant of Win32/TrojanDownloader.Delf.BHO trojan
Number of scanned files: 16
Number of threats found: 11
Number of active threats: 1
Time of completion: 15:31:04 Total scanning time: 6 sec (00:00:06)

显示全部楼层 · 发表于 2007-5-27 15:32:52

显示全部楼层 · 发表于 2007-5-27 15:34:40

KIS7.0.0.119

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rt 文件: F:\TDDOWNLOAD.rar/TASKMRG.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.vi 文件: F:\TDDOWNLOAD.rar/ADOBESVC.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.up 文件: F:\TDDOWNLOAD.rar/ALP.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.te 文件: F:\TDDOWNLOAD.rar/AVG.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rc 文件: F:\TDDOWNLOAD.rar/CFTMON.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qy 文件: F:\TDDOWNLOAD.rar/COMIME.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: F:\TDDOWNLOAD.rar/DATSC.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.sx 文件: F:\TDDOWNLOAD.rar/INETINF.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.fb 文件: F:\TDDOWNLOAD.rar/LSASSS.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nw 文件: F:\TDDOWNLOAD.rar/MSTCS.exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.Small.cf 文件: F:\TDDOWNLOAD.rar/SOUND.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.vi 文件: F:\TDDOWNLOAD.rar/SPOOLVS.exe//FSG
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: F:\TDDOWNLOAD.rar/SVCHOTS.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.bkx 文件: F:\TDDOWNLOAD.rar/0.exe

显示全部楼层 · 发表于 2007-5-27 15:38:21

金山报10个

显示全部楼层 · 发表于 2007-5-27 15:47:46

Dr.Web-13
0.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;BackDoor.WebDor;;
ALP.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
AVG.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
CFTMON.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
COMIME.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
DATSC.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
INETINF.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
LSASSS.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
MSTCS.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Legmir.914;;
SOUND.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
SPOOLVS.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Soul;;
SVCHOTS.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Trojan.PWS.Wsgame;;
TASKMRG.exe;C:\Documents and Settings\Mahaijun\桌面\TDDOWNLOAD;Probably MULDROP.Trojan;;

[病毒样本] 14网马

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源