23个一大包[MD5: 66A8A4 72AA75等等]

显示全部楼层 · 发表于 2007-6-7 17:49:45

不是我一连想发23个，而是这二十三个是一起的一个病毒

完整[MD5: 66A8A4 72AA75 B9D2AF 7CD3C7 884D96 2547F7 8A4B75 5C7B3F 29C35C A61024 1E8D06 7E3E5B ACB51F 3BF25A A1E354 C3EE49 C245FB E6A0A9 81A211 5B687D 8FC800 816B03 AA5081]
跟这个帖子里面的有重复http://bbs.kafan.cn/viewthread.php?tid=93170&;extra=&highlight=66A8A4%2B72AA75%2BB9D2AF%2B7CD3C7%20OR&page=1
怎么回事？？

用Windows清理助手抓到的

VT结果如下～～
注意：图片上有结果不意味着23个都被侦测到，比如卡巴漏了4个～～
顺便同情一下NOD32

愣是…………
VirusTotal结果显示加了UPX～～
刚刚又作了个扫描，ClamAV devel-20070416 06.07.2007 Trojan.Packed-51
嗯～～

[ 本帖最后由 yzt1004 于 2007-6-7 17:52 编辑 ]

显示全部楼层 · 发表于 2007-6-7 17:57:02

原帖由 yzt1004 于 2007-6-7 17:49 发表
不是我一连想发23个，而是这二十三个是一起的一个病毒
完整[MD5: 66A8A4 72AA75 B9D2AF 7CD3C7 884D96 2547F7 8A4B75 5C7B3F 29C35C A61024 1E8D06 7E3E5B ACB51F 3BF25A A1E354 C3EE49 C245FB E6A0A9 ...

这个就是那个毒窝

下载他们的病毒nod32是不会放过的

不用担心

也不用楼主同情

显示全部楼层 · 发表于 2007-6-7 18:01:56

我记得nod一直只肯报那个svchost.exe
不知道为什么

显示全部楼层 · 发表于 2007-6-7 18:02:46

原帖由 风野胤 于 2007-6-7 18:01 发表
我记得nod一直只肯报那个svchost.exe
不知道为什么

呵呵
很对啊

显示全部楼层 · 发表于 2007-6-7 18:08:54

Virus: Trojan-PSW.Win32.OnLineGames.wm (16x), Trojan-PSW.Win32.OnLineGames.fq (3x)

Virus found while downloading Web content.

Address: bbs.kafan.cn

显示全部楼层 · 发表于 2007-6-7 18:22:57

通吃了。。闪人。。迟到了。。

显示全部楼层 · 发表于 2007-6-7 18:24:18

小红伞一个不落，23个。

显示全部楼层 · 发表于 2007-6-7 18:26:02

dr.web4.44 发现18个。。
快跑了。。。

[Scan path] C:\Documents and Settings\Administrator\桌面\样本
C:\Documents and Settings\Administrator\桌面\样本\DASO0.DLL infected with Trojan.PWS.Lineage
C:\Documents and Settings\Administrator\桌面\样本\FYSO0.DLL infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\JTSO0.DLL infected with Trojan.PWS.Gamania
>C:\Documents and Settings\Administrator\桌面\样本\MHSO.EXE - decompression error
>C:\Documents and Settings\Administrator\桌面\样本\MHSO0.DLL - decompression error
>C:\Documents and Settings\Administrator\桌面\样本\NWIZZHUXIANS.DLL - decompression error
C:\Documents and Settings\Administrator\桌面\样本\QJSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\QJSO0.DLL infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\RXSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\TLSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\TLSO0.DLL infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WDSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WDSO0.DLL infected with Trojan.PWS.Gamania
C:\Documents and Settings\Administrator\桌面\样本\WGSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WGSO0.DLL infected with Trojan.PWS.Gamania
C:\Documents and Settings\Administrator\桌面\样本\WLSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WLSO0.DLL infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WMSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WMSO0.DLL infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WOSO.EXE infected with Trojan.PWS.Wsgame
C:\Documents and Settings\Administrator\桌面\样本\WOSO0.DLL infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\Administrator\桌面\样本\ZTSO.EXE - decompression error
>C:\Documents and Settings\Administrator\桌面\样本\ZTSO0.DLL - decompression error

显示全部楼层 · 发表于 2007-6-7 19:01:07

通杀
C:\
C:\ABC\...\NWIZZHUXIANS.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\QJSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\QJSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\RXSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\TLSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\TLSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WDSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WDSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WGSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WGSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WLSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WLSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WMSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WMSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WOSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\WOSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\ZTSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\ZTSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\DASO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\FYSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\JTSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\MHSO0.DLL : infected Trojan-PSW.Win32.OnLineGames.tc
C:\ABC\样本.rar:<RAR>\MHSO.EXE : infected Trojan-PSW.Win32.OnLineGames.tc

显示全部楼层 · 发表于 2007-6-7 19:14:58

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.rar'
C:\Documents and Settings\Administrator\桌面\样本.rar
  [0] Archive type: RAR
  --> NWIZZHUXIANS.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> QJSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> QJSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> RXSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> TLSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> TLSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WDSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WDSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WGSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WGSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WLSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WLSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WMSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WMSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WOSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> WOSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> ZTSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> ZTSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> DASO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> FYSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> JTSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> MHSO0.DLL
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> MHSO.EXE
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [INFO]    The file was moved to '46965028.qua'!

End of the scan: 2007年6月7日  00:16
Used time: 00:10 min

[病毒样本] 23个一大包[MD5: 66A8A4 72AA75等等]

本帖子中包含更多资源

评分

本帖子中包含更多资源

浏览过的版块