怎样杀Infostealer.Menghuan病毒?_百度知道查看: 2280|回复: 9
3月9日上报卡巴3封邮件,唯独这封没回。
反病毒引擎版本最后更新扫描结果a-squared4.5.0.50-AhnLab-V35.0.0.2-AntiVir8.2.1.180TR/Crypt.XPACK.GenAntiy-***L2.0.3.7-Authentium5.2.0.5-Avast4.8.1351.0Win32:OnLineGames-FPQAvast55.0.332.0Win32:OnLineGames-FPQ***G9.0.0.787-BitDefender7.2-CAT-QuickHeal10.00-Clam***0.96.0.0-git-Comodo4206TrojWare.Win32.Valklik.~BBDrWeb5.0.1.12222-eSafe7.0.17.0-eTrust-Vet35.2.7353-F-Prot4.5.1.85-F-Secure9.0.15370.0-Fortinet4.0.14.0-GData19Win32:OnLineGames-FPQ IkarusT3.1.1.80.0-Jiangmin13.0.900-K7AntiVirus7.10.994-Kaspersky7.0.0.125-McAfee5916-McAfee+Artemis5916-McAfee-GW-Edition6.8.5Trojan.Crypt.XPACK.GenMicrosoft1.5502PWS:Win32/Frethog.AZNOD324934-Norman6.04.08-nProtect.0-Panda10.0.2.2Suspicious filePCTools7.0.3.5-Rising22.38.03.04Trojan.Win32.Generic.51FAD480Sophos4.51.0Mal/Dropper-OSunbelt5822-Symantec.41Infostealer.MenghuanTheHacker6.5.2.0.230-TrendMicro9.120.0.1004PAK_Generic.001VBA323.12.12.2-ViRobot.2221-VirusBuster5.0.27.0-
404 Not Found
404 Not Found
jason_jiang
本帖最后由 ray1106 于
19:21 编辑
[ Changes to filesystem ]
& &* Creates file C:\Program Files\WLmhzx\gameclien.exe
& &* Creates file C:\Program Files\WLmhzx\jietu.exe
& &* Creates file C:\Windows\System32\mhzx.bat
& &* Creates file C:\Windows\System32\mhzx.reg
& &* Creates file C:\Windows\System32\mhzxin.bat
& &* Creates file C:\Windows\System32\sougou.ime
IK miss all 红伞报壳
生成物在这里
本帖最后由 juhone 于
10:10 编辑
Risk name: Trojan.Win32.Generic!BT
小A拦截,还不错
头像被屏蔽
尤金卡巴斯基
2.exe - Trojan-GameThief.Win32.OnLineGames.wibt
以上文件包含恶意代码,下次更新后即可查杀。感谢您的上报。
微点64位的不要测试了,随意过,无任何提示。
kill by avira
viruses: Trojan-GameThief.Win32.OnLineGames.wibt
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,查看: 1471|回复: 8
新东西来了
好象是新东西
大家扫扫看& & 红伞杀剩下3个
[ 本帖最后由 gzg 于
21:45 编辑 ]
本帖子中包含更多资源
才可以下载或查看,没有帐号?
Starting the file scan:
Begin scan in 'F:\病毒样本\桌面.part1.rar'
F:\病毒样本\桌面.part1.rar
&&[0] Archive type: RAR
&&--& 2\C\WINDOWS\SYSTEM32\DHDINS.EXE
& && &[DETECTION] Is the Trojan horse TR/Agent.11399
&&--& 2\C\WINDOWS\SYSTEM32\DHDPRI.DLL
& && &[DETECTION] Is the Trojan horse TR/Spy.Delf.abi
&&--& 3\C\WINDOWS\WINOW.DLL
& && &[DETECTION] Is the Trojan horse TR/PSW.33792.19
&&--& 3\C\WINDOWS\WINOW.EXE
& && &[DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
&&--& 4\C\WINDOWS\SYSTEM32\MYFINS.EXE
& && &[DETECTION] Is the Trojan horse TR/Agent.12917
&&--& 4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
& && &[DETECTION] Is the Trojan horse TR/Spy.Delf.aao.1
&&--& 4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
& && &[DETECTION] Contains suspicious code HEUR/Malware
&&--& 5\C\PROGRAM FILES\NETMEETING\R***WDMON.DAT
& && &[DETECTION] Contains suspicious code HEUR/Malware
&&--& 5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE
& && &[DETECTION] Is the Trojan horse TR/Dropper.Gen
&&--& 6\L\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\K\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\J\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\I\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\H\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\G\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\F\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\E\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\D\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\C\IO.PIF
& && &[DETECTION] Is the Trojan horse TR/Agent.
&&--& 6\C\WINDOWS\KULIONQJ.EXE
& && &[DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
&&--& 6\C\WINDOWS\WMSJ.EXE
& && &[DETECTION] Is the Trojan horse TR/Drop.Agen.26778.A
&&--& 6\C\WINDOWS\SYSTEM32\JHBINS.EXE
& && &[DETECTION] Is the Trojan horse TR/Spy.Delf.aau
&&--& 6\C\WINDOWS\SYSTEM32\MXBSET.EXE
& && &[DETECTION] Is the Trojan horse TR/Agent.17971.1
&&--& 6\C\WINDOWS\SYSTEM32\WLHINS.EXE
& && &[DETECTION] Is the Trojan horse TR/Spy.Delf.UV.135
&&--& 6\C\WINDOWS\SYSTEM32\ZTASET.EXE
& && &[DETECTION] Is the Trojan horse TR/PSW.Lmir.bla
&&--& 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP
& && &[DETECTION] Is the Trojan horse TR/PSW.Steal.47215
&&--& 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
& && &[DETECTION] Is the Trojan horse TR/PSW.Steal.47215
&&--& 1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE
& && &[DETECTION] Is the Trojan horse TR/PSW.Steal.47215
& && &[INFO]& && &The file was deleted!
Begin scan in 'F:\病毒样本\桌面.part2.rar'
wangjay1980
detected: Trojan program Trojan-Spy.Win32.Delf.aax& & & & File: E:\&Nù±¾\4\C\WINDOWS\SYSTEM32\MYFINS.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.aax& & & & File: E:\&Nù±¾\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
detected: Trojan program Trojan-Spy.Win32.Delf.xa& & & & File: E:\&Nù±¾\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bjd& & & & File: E:\&Nù±¾\5\C\PROGRAM FILES\NETMEETING\R***WDMON.DAT
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bgc& & & & File: E:\&Nù±¾\5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\L\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\K\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\J\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\I\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\H\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\G\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\F\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\E\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\D\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: virus Heur.Trojan.Generic& & & & File: E:\&Nù±¾\6\C\IO.PIF//PE_Patch.PECompact//PecBundle//PECompact//PE_Patch.MaskPE
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bja& & & & File: E:\&Nù±¾\6\C\WINDOWS\KULIONQJ.EXE//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.bbr& & & & File: E:\&Nù±¾\6\C\WINDOWS\WMSJ.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.abi& & & & File: E:\&Nù±¾\6\C\WINDOWS\SYSTEM32\JHBINS.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.abi& & & & File: E:\&Nù±¾\6\C\WINDOWS\SYSTEM32\MXBSET.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.uv& & & & File: E:\&Nù±¾\6\C\WINDOWS\SYSTEM32\WLHINS.EXE//UPack
detected: Trojan program Trojan-Spy.Win32.Delf.abi& & & & File: E:\&Nù±¾\6\C\WINDOWS\SYSTEM32\ZTASET.EXE
detected: virus Worm.Win32.QQPass.n& & & & File: E:\&Nù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP//UPX
detected: virus Worm.Win32.QQPass.n& & & & File: E:\&Nù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
detected: virus Worm.Win32.QQPass.n& & & & File: E:\&Nù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE//UPX
detected: virus Worm.Win32.QQPass.n& & & & File: E:\&Nù±¾\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE//UPX
detected: Trojan program Trojan-Spy.Win32.Delf.abi& & & & File: E:\&Nù±¾\2\C\WINDOWS\SYSTEM32\DHDINS.EXE
detected: Trojan program Trojan-Spy.Win32.Delf.abi& & & & File: E:\&Nù±¾\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL
C:\ABC\桌面\1\ArFile.log
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - 特征码 'Trojan-Proxy.Win32.Delf.AN' 被发现
C:\ABC\桌面\2\ArFile.log
C:\ABC\桌面\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - 特征码 'Trojan-Downloader.Agent.YJA' 被发现
C:\ABC\桌面\3\ArFile.log
C:\ABC\桌面\3\C\WINDOWS\WINOW.DLL - 特征码 'Generic.PWS.WoW' 被发现
C:\ABC\桌面\3\C\WINDOWS\WINOW.EXE - 特征码 'Generic.PWS.WoW' 被发现
C:\ABC\桌面\4\ArFile.log
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\DHDINI.DLL
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFINI.DLL
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - 特征码 'Trojan-Spy.Win32.Bancos.ha' 被发现
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\桌面\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - 特征码 'Trojan-Spy.Win32.Delf.uv' 被发现
C:\ABC\桌面\5\ArFile.log
C:\ABC\桌面\5\C\PROGRAM FILES\NETMEETING\R***WDMON.DAT - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\桌面\6\ArFile.log
C:\ABC\桌面\6\C\AUTORUN.INF
C:\ABC\桌面\6\C\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\C\WINDOWS\KULIONQJ.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\WMSJ.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\桌面\6\D\AUTORUN.INF
C:\ABC\桌面\6\D\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\E\AUTORUN.INF
C:\ABC\桌面\6\E\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\F\AUTORUN.INF
C:\ABC\桌面\6\F\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\G\AUTORUN.INF
C:\ABC\桌面\6\G\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\H\AUTORUN.INF
C:\ABC\桌面\6\H\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\I\AUTORUN.INF
C:\ABC\桌面\6\I\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\J\AUTORUN.INF
C:\ABC\桌面\6\J\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\K\AUTORUN.INF
C:\ABC\桌面\6\K\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
C:\ABC\桌面\6\L\AUTORUN.INF
C:\ABC\桌面\6\L\IO.PIF - 特征码 'Win32.SuspectCrc' 被发现
& & & & 47 文件被扫描
& & & && &(0 压缩档 0 文件)
& & & & 29 特征码被侦测
& & & & 0 可疑代码段被发现
& & & & 耗时: 0:00.766
Result: 13 malware found
Trojan-Spy.Win32.Delf.abi (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\2\C\WINDOWS\SYSTEM32\DHDINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\JHBINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\MXBSET.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\ZTASET.EXE
Trojan-Spy.Win32.Delf.aax (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\MYFINS.EXE
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL
Trojan-Spy.Win32.Delf.xa (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL
Trojan-PSW.Win32.OnLineGames.bgc (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE
Trojan-PSW.Win32.OnLineGames.bbr (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\WMSJ.EXE
Trojan-Spy.Win32.Delf.uv (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\6\C\WINDOWS\SYSTEM32\WLHINS.EXE
Worm.Win32.QQPass.n (virus)
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS
C:\Documents and Settings\ssy\×ÀÃæ\1.part1.rar\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE
好多马 卡巴杀
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - Suspicious of Win32.Trojan-PSW.QQPass.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\3\C\WINDOWS\WINOW.DLL - Suspicious of Win32.Backdoor.Hupigon.5
C:\Documents and Settings\uhthn\Desktop\New Folder\3\C\WINDOWS\WINOW.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\DHDINI.DLL - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFINI.DLL - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - Suspicious of Win32.Trojan-PSW.OnLineGames.3
C:\Documents and Settings\uhthn\Desktop\New Folder\5\C\PROGRAM FILES\NETMEETING\R***WDMON.DAT - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE - Suspicious of Trojan-PSW.OnLineGames.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\KULIONQJ.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\WMSJ.EXE - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - Suspicious of Trojan-Spy.Delf.2
C:\Documents and Settings\uhthn\Desktop\New Folder\6\D\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\E\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\F\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\G\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\H\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\I\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\J\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\K\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
C:\Documents and Settings\uhthn\Desktop\New Folder\6\L\IO.PIF - Suspicious of Win32.Trojan-PSW.Game.16
Scan performed at:
Scanning Log
NOD32 version 01) NT
Command line: C:\Documents and Settings\Don johnson\桌面\桌面
Operating memory - is OK
Date: 1.9.2007&&Time: 21:58:05
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\桌面\
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSWIN64.JMP - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\WINSYS64.SYS - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\Y93PLPLL.EXE - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\1\C\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\YM1ZNVHI.EXE - a variant of Win32/AutoRun.Q worm
C:\Documents and Settings\Don johnson\桌面\桌面\2\C\WINDOWS\SYSTEM32\DHDINS.EXE - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\2\C\WINDOWS\SYSTEM32\DHDPRI.DLL - a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\3\C\WINDOWS\WINOW.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\MYFINS.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\MYFPRI.DLL - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\4\C\WINDOWS\SYSTEM32\WLHPRI.DLL - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\5\C\PROGRAM FILES\NETMEETING\R***WDMON.EXE - a variant of Win32/PSW.OnLineGames.NEP trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\KULIONQJ.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\WMSJ.EXE - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\JHBINS.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\MXBSET.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\WLHINS.EXE - probably a variant of Win32/PSW.OnLineGames.NEN trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\C\WINDOWS\SYSTEM32\ZTASET.EXE - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Don johnson\桌面\桌面\6\D\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\E\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\F\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\G\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\H\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\I\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\J\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\K\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
C:\Documents and Settings\Don johnson\桌面\桌面\6\L\AUTORUN.INF - INF/Autorun virus - quarantined - unable to clean - deleted
Number of scanned files: 47
Number of threats found: 27
Number of files cleaned: 27
Time of completion: 21:58:11 Total scanning time: 6 sec (00:00:06)
[7] File is probably infected with an unknown virus.
&&扫描时间: 20
&&扫描选项:
&&扫描目标: C:\virus\桌面.rar
& &扫描的项目总数: 48
& &- 文件和目录: 48
& &- 注册表项: 0
& &- 进程和启动项目: 0
& &- 网络和浏览器项目: 0
& &- 其他: 0
& &检测到的安全风险总数: 17
& &已解决的项目总数: 0
& &需要注意的项目总数: 17
已解决的风险:
未解决的风险:
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[syswin64.jmp] 位于[c:\virus\桌面.rar] - 已感染
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[winsys64.sys] 位于[c:\virus\桌面.rar] - 已感染
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[y93plpll.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer
病毒 ID: 24770
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[ym1znvhi.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[dhdins.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[dhdpri.dll] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[winow.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[dhdini.dll] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[myfins.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[myfpri.dll] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[ravwdmon.exe] 位于[c:\virus\桌面.rar] - 已感染
病毒 ID: 39130
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[io.pif] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[jhbins.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Menghuan
病毒 ID: 18938
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[mxbset.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[wlhins.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[ztaset.exe] 位于[c:\virus\桌面.rar] - 已感染
Infostealer.Gampass
病毒 ID: 40673
类型: 已压缩
风险: 高 (高 隐蔽性,高 清除,高 性能,高 隐私)&&
类别: 病毒
状态: 删除失败
-----------
[wmsj.exe] 位于[c:\virus\桌面.rar] - 已感染
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,