再来18个,md5自己去查

显示全部楼层 · 发表于 2007-6-22 06:37:28

呵呵

显示全部楼层 · 发表于 2007-6-22 06:39:57

Virus: Win32:Lmir-FR [Trj], Win32:Agent-HHP [Trj] (2x), Win32:Onlinegames-ACS [Trj] (9x), Win32:Small-EKC [Trj], Win32:OnLineGames-SR [Trj], Win32:Onlinegames-ACD [Trj], Win32:Agent-ESW [Trj]

Virus found while downloading Web content.

Address: bbs.kafan.cn

显示全部楼层 · 发表于 2007-6-22 07:07:02

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\Downloads.rar'
C:\Documents and Settings\Administrator\My Documents\
  Downloads.rar
[0] Archive type: RAR
--> 201.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING] Infected files in archives cannot be repaired!
--> 202.exe
      [DETECTION] Is the Trojan horse TR/Agent.22016.B
      [WARNING] Infected files in archives cannot be repaired!
--> 203.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 204.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 205.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING] Infected files in archives cannot be repaired!
--> 206.exe
      [DETECTION] Is the Trojan horse TR/Agent.abf.827
      [WARNING] Infected files in archives cannot be repaired!
--> 207.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 208.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 209.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING] Infected files in archives cannot be repaired!
--> 210.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 211.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 212.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 213.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 214.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [WARNING] Infected files in archives cannot be repaired!
--> 215.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 216.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING] Infected files in archives cannot be repaired!
--> 217.exe
      [DETECTION] Is the Trojan horse TR/Hijack.A.12800.A
      [WARNING] Infected files in archives cannot be repaired!
--> 218.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.ES.2908
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2007年6月21日  16:10
Used time: 00:12 min

The scan has been done completely.

   0 Scanning directories
   19 Files were scanned
   18 viruses and/or unwanted programs were found
   2 classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -1 Files not concerned
   1 Archives were scanned
   19 Warnings
   0 Notes
   0 Hidden objects were found

扫描日志
NOD32版本 2340 (20070620) NT
命令行： C:\Documents and Settings\Administrator\My  ?
?Documents\Downloads.rar
正在检查NOD32.EXE文件的CRC：状态正常
D:\Eset\nod32.exe - 是正常的
扫描系统内存中：没有进行 (选项已关闭)
扫描MBR及引导区中：没有进行 (选项已关闭)
日期： 21.6.2007  时间：16:10:28
已关闭反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\ ?
?Administrator\My Documents\Downloads.rar
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>201.exe - Win32/PSW.Legendmir.NEP  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>202.exe - Win32/Agent.NIK 木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>203.exe - Win32/PSW.Agent.NEW  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>204.exe - 可能是 Win32/Genetik  ?
?木马的一个变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>205.exe - Win32/PSW.Agent.NEC  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>206.exe - Win32/Agent.NIK 木马
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>207.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>208.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>209.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>210.exe - Win32/PSW.Agent.NEW  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>211.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>212.exe - Win32/PSW.Agent.NEW  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>213.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>214.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>215.exe - Win32/PSW.Agent.NEW  ?
?木马的变种
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>216.exe - 是正常的
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>217.exe - Win32/Delf.NEY 木马
C:\Documents and Settings\Administrator\My Documents\ ?
?Downloads.rar >>RAR >>218.exe - Win32/TrojanDropper. ?
?Delf.NES 木马
已扫描的文件数目：18
已发现的病毒数目：11
完成时间： 16:10:34 总扫描时间：6 秒 (00:00:06)

[Scan path] C:\Documents and Settings\Administrator\My Documents\Downloads.rar
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\201.exe infected with Trojan.PWS.Legmir.976
>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\202.exe infected with Trojan.Havedo
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\203.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\204.exe infected with BackDoor.Twin
>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\205.exe infected with Trojan.MulDrop.6973
>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\206.exe infected with Trojan.Havedo
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\207.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\208.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\209.exe probably infected with MULDROP.Trojan
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\210.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\211.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\212.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\213.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\214.exe - Ok
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\215.exe infected with Trojan.PWS.Wsgame
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\216.exe infected with Trojan.PWS.Wsgame
>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\217.exe infected with Trojan.Addurl
>>C:\Documents and Settings\Administrator\My Documents\Downloads.rar\218.exe infected with Trojan.DownLoader.24173
C:\Documents and Settings\Administrator\My Documents\Downloads.rar - archive contains infected objects

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 20
Infected objects found: 16
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 218 Kb/s
Scan time: 00:00:02

显示全部楼层 · 发表于 2007-6-22 08:27:32

显示全部楼层 · 发表于 2007-6-22 08:29:28

斧头KV砍掉17个，还不错

显示全部楼层 · 发表于 2007-6-22 08:33:02

20个

显示全部楼层 · 发表于 2007-6-22 09:04:06

detected: Trojan program Trojan-Proxy.Win32.Small.du File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/202.exe//KLAVME.DAT//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ql File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/203.exe//PE_Patch//UPack
detected: Trojan program Trojan-Downloader.Win32.Small.czl File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/204.exe//UPack//USBINE.SYS//PE-Crypt.XorPE
detected: virus Invader (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/205.exe
detected: Trojan program Trojan-Dropper.Win32.Small.axt File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/206.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rc File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/207.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.Nilage.bki File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/208.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.yn File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/209.exe
detected: Trojan program Trojan-PSW.Win32.OnLineGames.rc File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/210.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.Nilage.bjp File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/211.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.sl File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/212.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.sc File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/213.exe//PE_Patch//UPack
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/215.exe//PE_Patch//UPack
detected: virus Trojan.Generic (modification) File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/216.exe//PE_Patch//UPack
detected: Trojan program Trojan.Win32.Agent.adr File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/217.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.OnLineGames.es File: C:\Documents and Settings\Owner\×ÀÃæ\Downloads.rar/218.exe//UPack

显示全部楼层 · 发表于 2007-6-22 09:49:58

病毒: Win32:Lmir-FR [Trj], Win32:Agent-HHP [Trj] (2x), Win32:Onlinegames-ACS [Trj] (9x), Win32:Small-EKC [Trj], Win32:OnLineGames-SR [Trj], Win32:Onlinegames-ACD [Trj], Win32:Agent-ESW [Trj]
文件: Downloads[1].rar
目录: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TEWQ801G
进程: GreenBrowser.exe

显示全部楼层 · 发表于 2007-6-22 10:22:03

我这里更新怎么老是慢
Hello,

201.exe_ - Trojan-PSW.Win32.OnLineGames.mk,
202.exe_ - Trojan-Proxy.Win32.Small.du,
204.exe_ - Trojan-Downloader.Win32.Small.czl,
205.exe_ - Trojan-PSW.Win32.OnLineGames.nn,
214.exe_ - Trojan-PSW.Win32.Delf.vd,
215.exe_, 216.exe_ - Trojan-PSW.Win32.OnLineGames.qw

These files are already detected. Please update your antivirus bases.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: Downloads.zip

显示全部楼层 · 发表于 2007-6-22 11:23:32

NOD +fs同时监控漏了209和214两个

[病毒样本] 再来18个,md5自己去查

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源