虚拟机里抓的n个病毒

Shisoft

我不能确定里面全是病毒，各位测一下

电影结束了

扫描系统区域...
扫描所选择的目录和文件...
对象: cmdbcs.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.yq (KAV 引擎), Trojan.PWS.Onlinegames.AYK (BD 引擎)
对象: mppds.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.yq (KAV 引擎), Trojan.PWS.RD (BD 引擎)
对象: my.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.xn (KAV 引擎), Trojan.PWS.Onlinegames.AZE (BD 引擎)
对象: nwizdh.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.Nilage.bjp (KAV 引擎), Trojan.PWS.OnlineGames.AUP (BD 引擎)
对象: NZcqMOX.vbs
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan.VBS.Runner.o (KAV 引擎)
对象: Ravasktao.dll
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.sl (KAV 引擎), Generic.Malware.gPWS.B0A727EE (BD 引擎)
对象: tempaq
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-Dropper.Win32.Agent.ayy (KAV 引擎)
对象: Updaterun.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan-Downloader.Win32.Agent.bdn (KAV 引擎)
对象: 17.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: Trojan.PWS.OnlineGames.AUP (BD 引擎)
对象: hoobhelp.exe
在压缩档案里: C:\Documents and Settings\wangcheng\桌面\新建文件夹\新建文件夹.rar
Status: 已发现病毒
病毒: DeepScan:Generic.Dld.ADL.DEAD6820 (BD 引擎)
对象: 新建文件夹.rar
路径: C:\Documents and Settings\wangcheng\桌面\新建文件夹
Status: 已发现病毒
病毒: Trojan-PSW.Win32.OnLineGames.yq (2x), Trojan-PSW.Win32.OnLineGames.xn, Trojan-PSW.Win32.Nilage.bjp, Trojan.VBS.Runner.o, Trojan-PSW.Win32.OnLineGames.sl, Trojan-Dropper.Win32.Agent.ayy, Trojan-Downloader.Win32.Agent.bdn (KAV 引擎), Trojan.PWS.OnlineGames.AUP (2x), Trojan.PWS.Onlinegames.AYK, DeepScan:Generic.Dld.ADL.DEAD6820, Trojan.PWS.RD, Trojan.PWS.Onlinegames.AZE, Generic.Malware.gPWS.B0A727EE (BD 引擎)
扫描完成: 2007-6-23 12:50
    已检查 1 个文件
    已发现 1 个染毒文件
缩小一点~~~~~~

[ 本帖最后由 电影结束了 于 2007-6-23 12:46 编辑 ]

红心王子

已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.fq        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\Msxo0.dll
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.fq        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\Msxo1.dll
已检测到: 木马程序 Trojan-PSW.Win32.Delf.qc        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\MUEXE.exe/UPX
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.xn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\my.exe/FSG
已检测到: 木马程序 Trojan.VBS.Runner.o        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\NZcqMOX.vbs
已检测到: 木马程序 Trojan-PSW.Win32.Small.cn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\qq.exe/UPX
已检测到: 广告程序 not-a-virus:AdWare.Win32.BHO.av        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\sg.exe/stream/data0001
已检测到: 木马程序 Trojan-Dropper.Win32.Agent.ayy        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\tempaq
已检测到: 木马程序 Trojan-Spy.Win32.Delf.ps        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\wm.exe/FSG
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.yq        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\cmdbcs.exe
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bbb        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\f2.exe
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.yq        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\mppds.exe
已检测到: 木马程序 Trojan-PSW.Win32.Nilage.bjp        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\nwizdh.exe/PE_Patch/UPack
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.sl        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\Ravasktao.dll
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.sl        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\Ravasktao.exe/PE_Patch/UPack
已检测到: 病毒 Worm.Win32.VB.fi        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\rundll.exe
已检测到: 木马程序 Trojan-PSW.Win32.OnLineGames.yr        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\TIMHost.exe
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part04.rar\Updaterun.exe
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part05.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part06.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part07.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part08.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part09.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part01.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part02.rar
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.bdn        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹\22.part03.rar

卡6报26个 包括其中一个ad
费尔13个 识别出了一个Ad，剩下基本上都报壳

wangjay1980

多Hello,

17.exed - Trojan-PSW.Win32.OnLineGames.sl,
crasos.exed - Trojan-PSW.Win32.OnLineGames.fq,
g3.exed - Trojan.Win32.StartPage.amd,
hoobhelp.exed - Trojan-Downloader.Win32.QQHelper.rb,
upxdnd.exed - Trojan-PSW.Win32.OnLineGames.es,
wl.exed - Trojan-PSW.Win32.Nilage.ach

These files are already detected. Please update your antivirus bases.

21.exed, 22.exed

These files are corrupted.

default.htmd, ewtRmLR.comd, pop.gifd

No malicious code were found in these files.

LYLOADER.exed, LYMANGR.DLL, MSDEG32.DLL - Trojan-PSW.Win32.OnLineGames.nn

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Denis Maslennikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: bingdu18.zip

[ 本帖最后由 wangjay1980 于 2007-6-23 20:15 编辑 ]

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\22'
C:\Documents and Settings\Administrator\My Documents\22\
  17.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING]   The file was ignored!
  21.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  22.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [WARNING]   The file was ignored!
  cmdbcs.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING]   The file was ignored!
  crasos.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [WARNING]   The file was ignored!
  default.htm
  ewtRmLR.com
  f2.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  g3.exe
  hoobhelp.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  LYLOADER.EXE
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  LYMANGR.DLL
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!
  mppds.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [WARNING]   The file was ignored!
  MSDEG32.DLL
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [WARNING]   The file was ignored!
  Msxo0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING]   The file was ignored!
  Msxo1.dll
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [WARNING]   The file was ignored!
  MUEXE.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.QC.50
      [WARNING]   The file was ignored!
  my.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
  nwizdh.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING]   The file was ignored!
  NZcqMOX.vbs
  pop.gif
  qq.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.31879
      [WARNING]   The file was ignored!
  Ravasktao.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.SL.186
      [WARNING]   The file was ignored!
  Ravasktao.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
      [WARNING]   The file was ignored!
  rundll.exe
      [DETECTION] Is the Trojan horse TR/Luder.Patched.84
      [WARNING]   The file was ignored!
  sg.exe
      [DETECTION] Contains signature of the dropper DR/BHO.AV.249
      [WARNING]   The file was ignored!
  tempaq
      [DETECTION] Is the Trojan horse TR/Dldr.Barbind.2.A
      [WARNING]   The file was ignored!
  TIMHost.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [WARNING]   The file was ignored!
  Updaterun.exe
  upxdnd.exe
      [DETECTION] Is the Trojan horse TR/PSW.RD
      [WARNING]   The file was ignored!
  wl.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [WARNING]   The file was ignored!
  wm.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [WARNING]   The file was ignored!


End of the scan: 2007年6月22日  21:45
Used time: 00:14 min

The scan has been done completely.

      1 Scanning directories
     32 Files were scanned
     26 viruses and/or unwanted programs were found
      6 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
     26 Warnings
      0 Notes
      0 Hidden objects were found

Shisoft

连威金都有

woai_jolin

2007/6/23 12:36:42        Scanning Log
2007/6/23 12:36:42        Version of virus signature database: 2346 (20070622)
2007/6/23 12:36:42        Date: 23.6.2007  Time: 12:36:42
2007/6/23 12:36:42        Scanned disks, folders and files: D:\virus\
2007/6/23 12:36:44        D:\virus\crasos.exe - a variant of Win32/PSW.Agent.NDP trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:45        D:\virus\f2.exe - probably a variant of Win32/TrojanDownloader.Agent.BBB trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:46        D:\virus\g3.exe - a variant of Win32/Rootkit.Agent.NAU trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:48        D:\virus\LYLOADER.EXE - a variant of Win32/PSW.Agent.NEC trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:49        D:\virus\Msxo0.dll - probably a variant of Win32/Pacex.Gen virus - deleted - quarantined
2007/6/23 12:36:50        D:\virus\Msxo1.dll - probably a variant of Win32/Pacex.Gen virus - deleted - quarantined
2007/6/23 12:36:51        D:\virus\MUEXE.exe - a variant of Win32/PSW.Delf.NHI trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:52        D:\virus\qq.exe - probably a variant of Win32/PSW.QQPass.VD trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:53        D:\virus\Ravasktao.exe - a variant of Win32/PSW.Agent.NEW trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:54        D:\virus\rundll.exe - Win32/Luder.Gen virus - deleted - quarantined
2007/6/23 12:36:55        D:\virus\sg.exe - a variant of Win32/Adware.BHO.AV application - deleted - quarantined
2007/6/23 12:36:55        D:\virus\sg.exe » NSIS:SFX=32256 » cpush.dll - a variant of Win32/Adware.BHO.AV application
2007/6/23 12:36:56        D:\virus\TIMHost.exe - Win32/PSW.OnLineGames.NBX trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:57        D:\virus\upxdnd.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:58        D:\virus\wl.exe - probably a variant of Win32/PSW.OnLineGames.NAV trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:59        D:\virus\wm.exe - a variant of Win32/PSW.OnLineGames.NAV trojan - cleaned by deleting - quarantined [1]
2007/6/23 12:36:59        Number of scanned files: 33
2007/6/23 12:36:59        Number of threats found: 15
2007/6/23 12:36:59        Time of completion: 12:36:59  Total scanning time: 17 sec (00:00:17)
2007/6/23 12:36:59        Notes:
2007/6/23 12:36:59        [1] File has been deleted as it contained only the virus body.

电影结束了

压解出来一共17个病毒

mofunzone

你错了，实际一共28个，antivir少了2个，已经上报了

promised

20
C:\ABC\22\17.exe : infected MalwareScope.Trojan-PSW.Game.9
C:\ABC\22\cmdbcs.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\22\crasos.exe : is suspected of Embedded.MalwareScope.Trojan-PSW.Game.4
C:\...\LYLOADER.EXE : is suspected of Trojan-PSW.Game.32 (paranoid heuristics)
C:\ABC\22\LYMANGR.DLL : is suspected of Trojan-PSW.Game.38 (paranoid heuristics)
C:\ABC\22\mppds.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\22\MSDEG32.DLL : is suspected of Trojan-PSW.Game.32 (paranoid heuristics)
C:\ABC\22\Msxo0.dll : infected Trojan-PSW.Win32.OnLineGames.fq
C:\ABC\22\Msxo1.dll : infected Trojan-PSW.Win32.OnLineGames.fq
C:\ABC\22\MUEXE.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\ABC\22\my.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\22\nwizdh.exe : is suspected of Downloader.Small.160
C:\ABC\22\qq.exe : infected MalwareScope.Trojan-PSW.Game.7
C:\ABC\22\Ravasktao.dll : infected Trojan-PSW.Win32.OnLineGames.sl
C:\ABC\22\Ravasktao.exe : infected Trojan-PSW.Win32.OnLineGames.sl
C:\ABC\22\rundll.exe : infected Virus.Win32.Luder.B
C:\ABC\22\rundll.exe : infected Worm.Win32.VB.fi
C:\ABC\22\TIMHost.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\22\upxdnd.exe : infected MalwareScope.Trojan-PSW.Game.3
C:\ABC\22\wl.exe : infected MalwareScope.Trojan-PSW.Game.16
C:\ABC\22\wm.exe : infected MalwareScope.Trojan-PSW.Game.16