样本2

显示全部楼层 · 发表于 2007-6-7 14:04:14

同上

显示全部楼层 · 发表于 2007-6-7 14:12:30

已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nb 文件: C:\Documents and Settings\Administrator\桌面\winform.rar/winform.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.nb 文件: C:\Documents and Settings\Administrator\桌面\WINDOWS.rar/cmdbs.exe
已删除: 病毒 Invader (变种) 文件: C:\Documents and Settings\Administrator\桌面\WINDOWS.rar/cmdbcs.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rt 文件: C:\Documents and Settings\Administrator\桌面\system32.rar/nwizhx2.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.rt 文件: C:\Documents and Settings\Administrator\桌面\system32.rar/nwizhx2.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.vt 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/nwiztlbb.dll
已删除: 病毒 Virus.Win32.AutoRun.ag 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/515.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.uo 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/mh102.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.uo 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/mh100.exe//PE_Patch//UPack
已删除: 病毒 Trojan.Generic (变种) 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/nwizAsktao.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.qw 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/mydata.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.bs 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/mh104.dll
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.bs 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/dllhost32.exe//PE_Patch//UPack
已删除: 木马程序 Trojan-Spy.Win32.Delf.kl 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/18.dll//NSPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.vm 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/hrpdhe.dll//Petite
已删除: 木马程序 Trojan-PSW.Win32.Nilage.bjp 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/nwiztlbu.exe
已删除: 木马程序 Trojan-PSW.Win32.Nilage.bjp 文件: C:\Documents and Settings\Administrator\桌面\system321.rar/717.exe//PE_Patch//UPack
锻炼锻炼卡巴7报壳的能力

显示全部楼层 · 发表于 2007-6-7 14:16:29

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\system321'
C:\Documents and Settings\Administrator\My Documents\system321\
  1020.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
   [INFO]    The file was deleted!
  18.dll
   [DETECTION] Is the Trojan horse TR/Spy.Delf.KL.74
   [INFO]    The file was deleted!
  515.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
   [INFO]    The file was deleted!
  717.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '469ea33d.qua'!
  cmdbcs.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46cba379.qua'!
  cmdbs.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ARI.188
   [INFO]    The file was deleted!
  devcon.exe
  dllhost32.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.AUP.84
   [INFO]    The file was deleted!
  hrpdhe.dll
   [DETECTION] Is the Trojan horse TR/Agent.15212
   [INFO]    The file was deleted!
  mh100.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.AUP.2
   [INFO]    The file was deleted!
  mh102.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.UO.17
   [INFO]    The file was deleted!
  mh104.dll
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '4698a375.qua'!
  mydata.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was moved to '46cba387.qua'!
  nwizAsktao.dll
   [DETECTION] Is the Trojan horse TR/Agent.8704.30
   [INFO]    The file was deleted!
  nwizAsktao.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.AUP.79
   [INFO]    The file was deleted!
  nwizhx2.dll
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.RT.14
   [INFO]    The file was deleted!
  nwizhx2.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.RT.12
   [INFO]    The file was deleted!
  nwiztlbb.dll
   [DETECTION] Is the Trojan horse TR/Agent.17408.62
   [INFO]    The file was deleted!
  nwiztlbu.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.AUP.3
   [INFO]    The file was deleted!
  winform.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.LC.198
   [INFO]    The file was deleted!

End of the scan: 2007年6月6日  23:17
Used time: 00:10 min

The scan has been done completely.

   1 Scanning directories
   20 Files were scanned
   19 viruses and/or unwanted programs were found
   4 classified as suspicious:
   15 files were deleted
   0 files were repaired
   4 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -3 Files not concerned
   0 Archives were scanned
   0 Warnings
   0 Notes
   0 Hidden objects were found

显示全部楼层 · 发表于 2007-6-7 14:18:08

请按新版规发帖
14个
C:\...\nwizhx2.exe : is suspected of Embedded.Trojan-PSW.Win32.OnLineGames.rt
C:\ABC\system32.rar:<RAR>\nwizhx2.dll : infected Trojan-PSW.Win32.OnLineGames.r
C:\ABC\...\nwiztlbb.dll : infected Trojan-PSW.Win32.OnLineGames.vt
C:\ABC\system321.rar:<RAR>\515.exe : infected Trojan-PSW.Win32.WOW.et
C:\ABC\system321.rar:<RAR>\mh102.dll : infected Trojan.PWS.Wsgame
C:\ABC\...\mh100.exe : is suspected of Embedded.Trojan.PWS.Wsgame
C:\ABC\system321.rar:<RAR>\nwizAsktao.dll : is suspected of Downloader.Small.16
C:\ABC\system321.rar:<RAR>\nwizAsktao.exe : is suspected of Downloader.Small.16
C:\ABC\...\mydata.exe : is suspected of Embedded.Trojan-PSW.Win32.OnLineGames.u
C:\ABC\system321.rar:<RAR>\18.dll : infected Trojan-Spy.Win32.Delf.kl
C:\ABC\system321.rar:<RAR>\1020.exe : infected Win32.HLLW.Autoruner
C:\ABC\system321.rar:<RAR>\nwiztlbu.exe : infected Trojan.PWS.Lineage
C:\ABC\WINDOWS.rar:<RAR>\cmdbs.exe : infected Trojan-PSW.Win32.OnLineGames.nb
C:\ABC\winform.rar:<RAR>\winform.exe : infected Trojan-PSW.Win32.OnLineGames.lc

[ 本帖最后由 promised 于 2007-6-7 14:25 编辑 ]

显示全部楼层 · 发表于 2007-6-7 14:30:31

新版规发帖！！！

显示全部楼层 · 发表于 2007-6-7 14:42:04

扫描文件

E:\病毒库\winform.rar 确定
E:\病毒库\winform.rar=>winform.exe 感染: Trojan.PWS.OnLineGames.ASY
E:\病毒库\winform.rar=>winform.exe 杀毒失败
E:\病毒库\winform.rar=>winform.exe 杀毒失败
E:\病毒库\winform.rar=>:Zone.Identifier 确定
E:\病毒库\WINDOWS.rar 确定
E:\病毒库\WINDOWS.rar=>cmdbs.exe 感染: Trojan.PWS.OnlineGames.EZ
E:\病毒库\WINDOWS.rar=>cmdbs.exe 杀毒失败
E:\病毒库\WINDOWS.rar=>cmdbs.exe 杀毒失败
E:\病毒库\WINDOWS.rar=>cmdbcs.exe 感染: Trojan.PWS.OnLineGames.AXX
E:\病毒库\WINDOWS.rar=>cmdbcs.exe 杀毒失败
E:\病毒库\WINDOWS.rar=>cmdbcs.exe 杀毒失败
E:\病毒库\WINDOWS.rar=>devcon.exe 确定
E:\病毒库\WINDOWS.rar=>:Zone.Identifier 确定
E:\病毒库\system32.rar 确定
E:\病毒库\system32.rar=>nwizhx2.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system32.rar=>nwizhx2.exe 杀毒失败
E:\病毒库\system32.rar=>nwizhx2.exe 杀毒失败
E:\病毒库\system32.rar=>nwizhx2.dll 感染: Trojan.PWS.OnLineGames.FM
E:\病毒库\system32.rar=>nwizhx2.dll 杀毒失败
E:\病毒库\system32.rar=>nwizhx2.dll 杀毒失败
E:\病毒库\system32.rar=>:Zone.Identifier 确定
E:\病毒库\system321.rar 确定
E:\病毒库\system321.rar=>nwiztlbb.dll 感染: Generic.Malware.gPWS.FCAEF096
E:\病毒库\system321.rar=>nwiztlbb.dll 杀毒失败
E:\病毒库\system321.rar=>nwiztlbb.dll 杀毒失败
E:\病毒库\system321.rar=>515.exe 确定
E:\病毒库\system321.rar=>mh102.dll 感染: Trojan.PWS.Onlinegames.AXJ
E:\病毒库\system321.rar=>mh102.dll 杀毒失败
E:\病毒库\system321.rar=>mh102.dll 杀毒失败
E:\病毒库\system321.rar=>mh100.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system321.rar=>mh100.exe 杀毒失败
E:\病毒库\system321.rar=>mh100.exe 杀毒失败
E:\病毒库\system321.rar=>nwizAsktao.dll 感染: Generic.Malware.gPWS.D95079F3
E:\病毒库\system321.rar=>nwizAsktao.dll 杀毒失败
E:\病毒库\system321.rar=>nwizAsktao.dll 杀毒失败
E:\病毒库\system321.rar=>nwizAsktao.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system321.rar=>nwizAsktao.exe 杀毒失败
E:\病毒库\system321.rar=>nwizAsktao.exe 杀毒失败
E:\病毒库\system321.rar=>mydata.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system321.rar=>mydata.exe 杀毒失败
E:\病毒库\system321.rar=>mydata.exe 杀毒失败
E:\病毒库\system321.rar=>mh104.dll 确定
E:\病毒库\system321.rar=>dllhost32.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system321.rar=>dllhost32.exe 杀毒失败
E:\病毒库\system321.rar=>dllhost32.exe 杀毒失败
E:\病毒库\system321.rar=>18.dll 感染: Generic.PWStealer.70929D14
E:\病毒库\system321.rar=>18.dll 杀毒失败
E:\病毒库\system321.rar=>18.dll 杀毒失败
E:\病毒库\system321.rar=>hrpdhe.dll 感染: Generic.Malware.gPWS.192ADCE0
E:\病毒库\system321.rar=>hrpdhe.dll 杀毒失败
E:\病毒库\system321.rar=>hrpdhe.dll 杀毒失败
E:\病毒库\system321.rar=>1020.exe 感染: DeepScan:Generic.Malware.dld!!.8BD07520
E:\病毒库\system321.rar=>1020.exe 杀毒失败
E:\病毒库\system321.rar=>1020.exe 杀毒失败
E:\病毒库\system321.rar=>nwiztlbu.exe 感染: Trojan.PWS.OnlineGames.AUP
E:\病毒库\system321.rar=>nwiztlbu.exe 杀毒失败
E:\病毒库\system321.rar=>nwiztlbu.exe 杀毒失败
E:\病毒库\system321.rar=>717.exe 确定
E:\病毒库\system321.rar=>:Zone.Identifier 确定

显示全部楼层 · 发表于 2007-6-7 14:43:54

* avast! 报告
* 这个文件自动被产生
*
* 任务 '简易用户界面' 被使用
* 开始于 2007年6月7日 14:44:29
* VPS: 000747-3, 2007-06-06
*

E:\病毒库\system32.rar\nwizhx2.exe\[Upack] [L] Win32:OnLineGames-XH [Trj] (0)
E:\病毒库\system321.rar\515.exe [L] Win32:Detnat-AZ [Wrm] (0)
E:\病毒库\system321.rar\mh100.exe\[Upack] [L] Win32:OnLineGames-XV [Trj] (0)
E:\病毒库\system321.rar\nwizAsktao.exe\[Upack] [L] Win32:Wow-HU [Trj] (0)
E:\病毒库\system321.rar\18.dll\[NsPack] [L] Win32:Banker-BSK [Trj] (0)
E:\病毒库\system321.rar\1020.exe [L] Win32:Tibs-ADO [Trj] (0)
E:\病毒库\system321.rar\nwiztlbu.exe [L] Win32:Nilage-GM [Trj] (0)
E:\病毒库\WINDOWS.rar\cmdbs.exe [L] Win32:OnLineGames-SK [Trj] (0)
E:\病毒库\WINDOWS.rar\cmdbcs.exe\[Embedded#1e60] [L] Win32:OnLineGames-SK [Trj] (0)
E:\病毒库\WINDOWS.rar\cmdbcs.exe [L] Win32:OnLineGames-SK [Trj] (0)
E:\病毒库\winform.rar\winform.exe\[Upack] [L] Win32:OnLineGames-PL [Trj] (0)
已感染文件: 11
总共文件: 43
总共文件夹: 1
总共大小: 854.4 KB

*
* 任务被停止: 2007年6月7日 14:44:35
* 运作时间是 6 秒

显示全部楼层 · 发表于 2007-6-7 17:54:26

Virus: Trojan-PSW.Win32.OnLineGames.nb

Virus found while downloading Web content.

Virus: Win32:OnLineGames-SK [Trj] (2x)

Virus found while downloading Web content.

Address: bbs.kafan.cn

Virus: Trojan-PSW.Win32.OnLineGames.rt (2x)

Virus found while downloading Web content.

Address: bbs.kafan.cn

Virus: Trojan-PSW.Win32.OnLineGames.vt, Virus.Win32.AutoRun.ag, Trojan-PSW.Win32.OnLineGames.uo (2x), Trojan-PSW.Win32.OnLineGames.qw, Trojan-PSW.Win32.OnLineGames.bs (2x), Trojan-Spy.Win32.Delf.kl, Trojan-PSW.Win32.OnLineGames.vm, Trojan-PSW.Win32.Nilage.bjp (2x)

Virus found while downloading Web content.

Address: bbs.kafan.cn

显示全部楼层 · 发表于 2007-6-7 23:46:24

下载都拦截了

显示全部楼层 · 发表于 2007-6-7 23:54:50

PC-cillin 2005DIY版殺17個
其中
12個已知
4個啟發
1個報殼

[ 本帖最后由 harry_chang2003 于 2007-6-7 23:56 编辑 ]

[病毒样本] 样本2

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块