國立歷史博物館網站被植入惡意連結
2008 年 06 月 08 日 – 22:04:43國立歷史博物館網站被植入惡意連結,此惡意程式為 TSPY_ONLINEG.RKQ,,最近有瀏覽這個網頁的網友,請要盡速檢查自己的電腦是否有中毒的情形。(Credit: 天罣)
惡意連結/程式碼是放置在市集保健頁面 (很多頁面都被植入惡意連結,可能要仔細檢查一下囉) 中的:
McAfee SiteAdvisor查詢結果(未發現異狀),如下圖所示:
趨勢科技網頁信譽評等查詢結果(未發現異狀),如下圖所示:
執行之後,有下面的行為:
[Added process]
C:\WINDOWS\system32\tjfyabyt.exe
c:\install.pif
C:\WINDOWS\system32\ec.exe
[DLL injection]
C:\Program Files\Internet Explorer\PLUGINS\WinSys48.Sys
C:\WINDOWS\system32\apzhbtde.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\crugd.dll
C:\WINDOWS\system32\dehkj.dll
C:\WINDOWS\system32\dtrgjy.dll
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\ghthhh.dll
C:\WINDOWS\system32\hfjg.dll
C:\WINDOWS\system32\hfrdzx.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\hjfgth.dll
C:\WINDOWS\system32\hjmh.dll
C:\WINDOWS\system32\isndntio.dll
C:\WINDOWS\system32\jyjlt.dll
C:\WINDOWS\system32\midimapcqsj.dll
C:\WINDOWS\system32\MMKAFNFW1094.dll
C:\WINDOWS\system32\mndhddwd.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpmydapi.dll
C:\WINDOWS\system32\oohxdbyt.dll
C:\WINDOWS\system32\oqrthc.dll
太多…省略…
[Added service]
NAME: kgheb
DISPLAY: kgheb
FILE: \??\C:\WINDOWS\system32\kgheb
NAME: msp2p32
DISPLAY: msp2p32
FILE: \??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\84.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\84.tmp.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\MicroSofts.vbs
C:\Documents and Settings\Administrator\Local Settings\Temp\orz.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp83.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp92.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\1[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\axfs[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\da18[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\dap[2].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\JS_Ajax[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\JS_PostCode[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\JS_Basic[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\JS_CheckChoose[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\JS_Revolve[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\re10[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\uploading[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\ystat[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\am7[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\hp[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ieminwidth[2].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\JS_RegEx[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\vv[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\4561[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\da21[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\hptr[2].js
C:\install.pif
C:\Program Files\Internet Explorer\PLUGINS\SysWin16.Jmp
C:\Program Files\Internet Explorer\PLUGINS\WinSys48.Sys
C:\WINDOWS\fmsjhif.exe
C:\WINDOWS\isndntio.exe
C:\WINDOWS\system32\apzhbtde.dll
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\azzxaime.exe
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\crugd.cfg
C:\WINDOWS\system32\crugd.dll
C:\WINDOWS\system32\dehkj.dll
C:\WINDOWS\system32\drivers\Hcv32.sys
C:\WINDOWS\system32\drivers\Hcv32_c.sys
C:\WINDOWS\system32\drivers\Hdv32.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\WINDOWS\system32\dtrgjy.dll
C:\WINDOWS\system32\ec.exe
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\ghthhh.cfg
C:\WINDOWS\system32\ghthhh.dll
C:\WINDOWS\system32\ghwxattb.exe
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hfjg.cfg
C:\WINDOWS\system32\hfjg.dll
C:\WINDOWS\system32\hfrdzx.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\hhrdxd.dll.LoG
C:\WINDOWS\system32\hjfgth.dll
C:\WINDOWS\system32\hjmh.dll
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\isndntio.dll
C:\WINDOWS\system32\jbhxabyt.exe
C:\WINDOWS\system32\jyjlt.cfg
C:\WINDOWS\system32\jyjlt.dll
C:\WINDOWS\system32\lpzhatde.exe
C:\WINDOWS\system32\midimapcqsj.dat
C:\WINDOWS\system32\midimapcqsj.dll
C:\WINDOWS\system32\MMDABLUU1094.dll
C:\WINDOWS\system32\MMDABLUU1094.exe
C:\WINDOWS\system32\MMKAFNFW1094.dll
C:\WINDOWS\system32\MMKAFNFW1094.exe
C:\WINDOWS\system32\mndhddwd.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpmydapi.dll
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\msosmhfp.dat
C:\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\newxbttb.sys
C:\WINDOWS\system32\oohxdbyt.dll
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\oswxcttb.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\pldhadwd.exe
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\sehhter.dll
C:\WINDOWS\system32\sgrefg.dll
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\SysWoWCt.dll
C:\WINDOWS\system32\tiwxattb.sys
C:\WINDOWS\system32\tjfyabyt.exe
C:\WINDOWS\system32\trhth.dll
C:\WINDOWS\system32\tynjder.dll
C:\WINDOWS\system32\ukrth.dll
C:\WINDOWS\system32\vsp.exe
C:\WINDOWS\system32\wefgh.dll
C:\WINDOWS\system32\wininnet.nls
C:\WINDOWS\system32\WINSvr64.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\zxmscwin.dll
C:\WINDOWS\system32\zyzxjime.dll
C:\WINDOWS\WINSvr64.exe
[Added COM/BHO]
{1DB3C525-5271-46F7-887A-D4E1ADAA7632}-C:\WINDOWS\system32\hfrdzx.dll
{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}-C:\WINDOWS\system32\wyrsdj.dll
{2D698451-2015-6358-9871-2015987452D2}-C:\WINDOWS\system32\apzhbtde.dll
{33512378-9874-5641-1025-985420368733}-C:\WINDOWS\system32\oswxcttb.dll
{425882B0-B0BF-11CE-B59F-00AA006CB37D}-C:\WINDOWS\system32\npp\ndisnpp.dll
{461D2AB4-29A5-45C2-9134-D52272D3DE38}-C:\WINDOWS\system32\rfdswc.dll
{4629FF4F-ACDB-5C90-A098-FACB3456A264}-C:\WINDOWS\system32\mpmydapi.dll
{4F4F0064-71E0-4f0d-0024-708476C7815F}-C:\WINDOWS\system32\midimapcqsj.dll
{55694105-5108-9405-3695-954187462155}-C:\WINDOWS\system32\mpwdeapi.dll
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}-C:\WINDOWS\system32\oohxdbyt.dll
{5E907A48-400E-4EA8-9792-FFAE052D59E9}-C:\WINDOWS\system32\pedadt.dll
{6A041F13-A111-12A3-B0CF-F99818AA68A6}-C:\WINDOWS\system32\zxmscwin.dll
{7C8D1401-A58D-A81C-CD24-A5915C4517C7}-C:\WINDOWS\system32\mnmhgsrv.dll
{84143967-B645-4BFF-B873-DA1DC886E9A7}-C:\WINDOWS\system32\cedafb.dll
{8C41B7F7-3168-400D-A702-0E7EFE0BA304}-C:\WINDOWS\system32\sgrefg.dll
{AA59145F-315D-BC23-AC1F-145DF81A34AA}-C:\WINDOWS\system32\zyzxjime.dll
{b29b839d-0aa5-4190-bce3-84cd428fccb9}-C:\WINDOWS\system32\MMKAFNFW1094.dll
{1AB1F65A-964F-4AE7-B254-05146A0E602E}-C:\Program Files\Internet Explorer\PLUGINS\WinSys48.Sys
{9def521d-f782-4b08-b28b-2f36bfe00ff3}-C:\WINDOWS\system32\MMDABLUU1094.dll
[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=isndntio
Data=C:\WINDOWS\isndntio.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WINSvr64
Data=C:\WINDOWS\WINSvr64.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=fmsjhif
Data=C:\WINDOWS\fmsjhif.exe
到目前為止 (2008/6/5 @ 15:59),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
hfjg.dll:
[ Trend ], "Possible_OLGM-11″
ghthhh.dll:
[ Trend ], "Possible_OLGM-11″
WINSvr64.dll:
[ Trend ], "TSPY_ONLINEG.RKQ"
WINSvr64.exe:
[ Trend ], "TSPY_ONLINEG.RKQ"
dtrgjy.dll:
[ Microsoft ], "PWS:Win32/OnLineGames.EO"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.amjj"
[ Sophos ], "Mal/Generic-A"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NNV trojan"
[ HBEDV ], "TR/Agent.7680″
[ Rising ], "Trojan.PSW.Win32.GameOL.nwc"
[ Ikarus ], "Trojan.Agent.7680″
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASAO"
[ WebWasher ], "Trojan.Agent.7680″
dehkj.dll:
[ Microsoft ], "PWS:Win32/OnLineGames.EO"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.amjj"
[ Sophos ], "Mal/Generic-A"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NNV trojan"
[ HBEDV ], "TR/Agent.7680″
[ Rising ], "Trojan.PSW.Win32.GameOL.nwc"
[ Ikarus ], "Trojan.Agent.7680″
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASAO"
[ WebWasher ], "Trojan.Agent.7680″
midimapcqsj.dll:
[ Symantec ], "Infostealer"
[ Microsoft ], "PWS:Win32/Mapdimp.C!dll"
[ Kaspersky ], "Trojan-PSW.Win32.Nilage.cru"
[ McAfee ], "PWS-OnlineGames.aw.dll"
[ McAfee_Beta ], "PWS-OnlineGames.aw.dll"
[ Sophos ], "Mal/Generic-A"
[ HBEDV ], "TR/PSW.Nilage.cru"
[ Rising ], "Trojan.PSW.Win32.GameOL.nve"
[ Grisoft ], "Trojan horse PSW.Generic6.MWG"
[ vba32 ], "Trojan-PSW.Win32.Nilage.cru"
[ WebWasher ], "Trojan.PSW.Nilage.cru"
Hdv32.sys:
[ Symantec ], "Hacktool.Rootkit"
[ Microsoft ], "Backdoor:WinNT/Farfli.E!sys"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.amax"
[ McAfee ], "PWS-OnlineGames.a"
[ McAfee_Beta ], "PWS-OnlineGames.a"
[ HBEDV ], "TR/PSW.OnlineGames.amax"
[ Ikarus ], "Backdoor.WinNT.Farfli.E"
[ quickheal ], "TrojanPSW.OnLineGames.amax"
[ WebWasher ], "Trojan.PSW.OnlineGames.amax"
hhrdxd.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Tilcun.gen!B"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.ambb"
[ McAfee ], "PWS-OnlineGames.l.dll"
[ McAfee_Beta ], "PWS-OnlineGames.l.dll"
[ CAV ], "Win32/Tilcun!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NOA trojan"
[ HBEDV ], "TR/Spy.Gen"
[ Rising ], "Trojan.PSW.Win32.GameOL.nwf"
[ Ikarus ], "Trojan.Win32.Tilcun.B"
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASGF"
[ WebWasher ], "Trojan.Spy.Gen"
WinSys48.Sys:
[ Microsoft ], "PWS:Win32/QQGame.D"
[ McAfee ], "PWS-OnlineGames.as"
[ McAfee_Beta ], "PWS-OnlineGames.as"
[ Alwil ], "Win32:OnLineGames-BSI [Trj]"
[ CAV ], "Win32/QQPass!generic"
[ Nod32 ], "a variant of Win32/PSW.QQPass.NCZ trojan"
[ HBEDV ], "TR/ATRAPS.Gen"
[ Rising ], "Worm.Win32.PaBug.hk"
[ Ikarus ], "Trojan-Proxy.Win32.Delf.AN"
[ Grisoft ], "Trojan horse PSW.Generic6.MPS"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.7″
[ Authentium ], "W32/InfoStealer!Generic"
[ WebWasher ], "Trojan.ATRAPS.Gen"
[ bitdefender ], "Win32.Worm.Autorun.FF"
da18[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(UPX)]:PWS:Win32/QQGame.D"
[ Kaspersky ], "PAK:UPX, Trojan-PSW.Win32.QQPass.cci"
[ McAfee ], "[0000a4f8.EXE]:PWS-OnlineGames.as"
[ McAfee_Beta ], "[0000a4f8.EXE]:PWS-OnlineGames.as"
[ Panda ], "Trj/Lineage.IQE"
[ Panda_Beta ], "Trj/Lineage.IQE"
[ CAV ], "Win32/QQPass!generic"
[ Nod32 ], "a variant of Win32/PSW.QQPass.NCZ trojan"
[ HBEDV ], "TR/ATRAPS.Gen"
[ Norman ], "Trojan W32/Malware.CVEP"
[ Rising ], "[>>upx_c>>FILE]:Worm.Win32.PaBug.hk"
[ Grisoft ], "Trojan horse PSW.Generic6.MPT"
[ eAladdin ], "Suspicious File [101]"
[ quickheal ], "TrojanPSW.QQPass.cci"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.7″
[ WebWasher ], "Trojan.ATRAPS.Gen"
[ bitdefender ], "Generic.PWStealer.84BD79F5″
MMDABLUU1094.exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "Possible_Troj551″
[ Symantec ], "Trojan.Farfli"
[ Microsoft ], "[->(Upack)]:Backdoor:WinNT/Farfli.E!sys"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack, Trojan-PSW.Win32.OnLineGames.ambu"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Behav-191″
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.XZN trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Spy.Gen"
[ Norman ], "Trojan W32/Suspicious_U.gen"
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASFS"
[ eAladdin ], "Suspicious File [104]"
[ quickheal ], "Win32.Trojan-PSW.OnLineGames.ajbr.3″
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Spy.Gen"
[ bitdefender ], "Trojan.PWS.OnlineGames.YXF"
MMDABLUU1094.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Symantec ], "Trojan.Farfli"
[ Microsoft ], "[->(Upack)]:Backdoor:Win32/Farfli.G"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.ambt"
[ McAfee ], "PWS-OnlineGames.s"
[ McAfee_Beta ], "PWS-OnlineGames.s"
[ Sophos ], "Mal/Dloadr-E, Mal/EncPk-BW, Mal/Behav-010″
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.PBQ trojan"
[ Fortinet ], "W32/OnlineGames.SOU!tr.pws"
[ HBEDV ], "TR/Spy.Gen"
[ Norman ], "Trojan W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic6.NDA"
[ eAladdin ], "Win32.Looked.gen"
[ quickheal ], "TrojanPSW.OnLineGames.ambt"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Spy.Gen"
[ bitdefender ], "Generic.Malware.SBdld.4610416A"
hfrdzx.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Tilcun.gen!B"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.amba"
[ McAfee ], "PWS-OnlineGames.l.dll"
[ McAfee_Beta ], "PWS-OnlineGames.l.dll"
[ CAV ], "Win32/Tilcun!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NOA trojan"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "Trojan.PSW.Win32.GameOL.nwi"
[ Ikarus ], "Trojan.Win32.Tilcun.B"
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASBI"
[ quickheal ], "TrojanPSW.OnLineGames.amba"
[ WebWasher ], "BlockReason.46 (suspicious)"
fmsjhif.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "PWS:Win32/Frethog.AQ"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.amdd"
[ Sophos ], "Troj/PSWEY-Gen"
[ CAV ], "Win32/Frethog.BDO"
[ Nod32 ], "Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/OnLineGames.NVI!tr"
[ HBEDV ], "TR/PSW.OnlineGames.NVI.234″
[ Norman ], "Trojan W32/OnLineGames.BEQN"
[ Rising ], "Trojan.PSW.Win32.GameOL.nuz"
[ Clamav ], "Trojan.Spy-36940″
[ Ikarus ], "Trojan-PWS.OnlineGames.NVI"
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASAQ"
[ quickheal ], "TrojanPSW.OnLineGames.amdd"
[ WebWasher ], "Trojan.PSW.OnlineGames.NVI.234″
[ bitdefender ], "Trojan.PWS.OnLineGames.NVI"
fmsjhif.exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_Bits"
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(FSG-v2.0)]:PWS:Win32/Frethog.AP"
[ Kaspersky ], "PAK:FSG, Trojan-PSW.Win32.OnLineGames.alna"
[ McAfee ], "Generic PWS.y"
[ McAfee_Beta ], "Generic PWS.y"
[ Sophos ], "Mal/EncPk-C"
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "Win32/PSW.OnLineGames.NWC trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.alna"
[ Norman ], "Trojan Suspicious_F.gen"
[ Rising ], "Trojan.PSW.Win32.GameOL.nvb"
[ Ikarus ], "Generic.PWS.Games.4″
[ Grisoft ], "Trojan horse PSW.OnlineGames.ARQT"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.alna"
[ bitdefender ], "Generic.PWS.Games.4.456AB7B5″
sgrefg.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Tilcun.gen!B"
[ Kaspersky ], "ARC:EmbeddedEXE"
[ McAfee ], "PWS-OnlineGames.l.dll"
[ McAfee_Beta ], "PWS-OnlineGames.l.dll"
[ CAV ], "Win32/Tilcun!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NOA trojan"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "Trojan.PSW.Win32.GameOL.nwf"
[ Ikarus ], "Trojan.Win32.Tilcun.B"
[ WebWasher ], "BlockReason.46 (suspicious)"
MMKAFNFW1094.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Symantec ], "Trojan.Farfli"
[ Microsoft ], "[->(Upack)]:Backdoor:Win32/Farfli.G"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.akvm"
[ McAfee ], "PWS-OnlineGames.s"
[ McAfee_Beta ], "PWS-OnlineGames.s"
[ Sophos ], "Mal/Dloadr-E, Mal/EncPk-BW, Mal/Behav-010″
[ Panda ], "Generic"
[ Panda_Beta ], "Generic"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.PBQ trojan"
[ Fortinet ], "W32/OnlineGames.SOU!tr.pws"
[ HBEDV ], "TR/Spy.Gen"
[ Norman ], "Trojan W32/Suspicious_U.gen"
[ Rising ], "Trojan.PSW.Win32.GameOL.nsa"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic6.MID"
[ eAladdin ], "Win32.Looked.gen"
[ quickheal ], "TrojanPSW.OnLineGames.akvm"
[ vba32 ], "Trojan-PSW.Win32.OnLineGames.akvm"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Spy.Gen"
[ bitdefender ], "Generic.Malware.SBdld.B1E5E6FD"
cedafb.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Tilcun.gen!B"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.alux"
[ McAfee ], "PWS-OnlineGames.l.dll"
[ McAfee_Beta ], "PWS-OnlineGames.l.dll"
[ CAV ], "Win32/Tilcun!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NOA trojan"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "Trojan.PSW.Win32.GameOL.nwi"
[ Ikarus ], "Trojan.Win32.Tilcun.B"
[ Grisoft ], "Trojan horse PSW.OnlineGames.ASEH"
[ quickheal ], "TrojanPSW.OnLineGames.alux"
[ WebWasher ], "BlockReason.46 (suspicious)"
太多…省略…
