電線電纜產業服務網被植入惡意連結
2007 年 10 月 21 日 – 22:49:00電線電纜產業服務網被植入惡意連結,此惡意程式為 PE_LOOKED.GEN、BKDR_HUPIGON.EVG 和其他惡意程式,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: 匿名網友)
惡意連結是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:
執行之後,有下面的行為:
[Added process]
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\IGW.exe
C:\DOCUME~1\ADMINI~1\JOPEN.EXE
C:\WINDOWS\system32\nslkupi.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\system32\119.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll
C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys
C:\Program Files\Internet Explorer\PLUGINS\WinSys8s.Sys
C:\Program Files\Internet Explorer\SMSS.EXE
C:\Program Files\NetMeeting\avpwl.dat
C:\WINDOWS\Dll.dll
C:\WINDOWS\system32\5E9F0D5.DLL
C:\WINDOWS\system32\avwgcmn.dll
C:\WINDOWS\system32\avwgdmn.dll
C:\WINDOWS\system32\avwlcmn.dll
C:\WINDOWS\system32\avzxdmn.dll
C:\WINDOWS\system32\avzxemn.dll
C:\WINDOWS\system32\cqatl.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\djatl.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\gjatl.dll
C:\WINDOWS\system32\kapjbzy.dll
C:\WINDOWS\system32\kaqhfzy.dll
C:\WINDOWS\system32\kawdbzy.dll
C:\WINDOWS\system32\kvdxdma.dll
C:\WINDOWS\system32\kvdxscma.dll
C:\WINDOWS\system32\kvmxfma.dll
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\NVDispDrv.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\raqjbpi.dll
C:\WINDOWS\system32\rsjzbpm.dll
C:\WINDOWS\system32\rsmyepm.dll
C:\WINDOWS\system32\rsmyfpm.dll
C:\WINDOWS\system32\rsztdpm.dll
C:\WINDOWS\system32\rxjhatl.dll
C:\WINDOWS\system32\sidjazy.dll
C:\WINDOWS\system32\sqmapi32.dll
C:\WINDOWS\system32\twdnwy.dll
C:\WINDOWS\system32\vqjcws.dll
C:\WINDOWS\system32\wdrkzq.dll
C:\WINDOWS\system32\WinForm.dll
C:\WINDOWS\system32\wiscoxgpyhq.dll
C:\WINDOWS\system32\wiscoxgpyhq.dll
C:\WINDOWS\system32\wlatl.dll
C:\WINDOWS\system32\yuhpyz.dll
C:\WINDOWS\system32\zxatl.dll
C:\WINDOWS\system32\zyuimd.dll
[Added service]
NAME: 2FED61CD
DISPLAY: 2FED61CD
FILE: C:\WINDOWS\system32\AE9C6AE4.EXE -d
NAME: Rasautol
DISPLAY: Remote Help Session Manager
FILE: C:\WINDOWS\system32\ntsokele.exe
NAME: WS2IFSL (正常)
DISPLAY: Windows Socket 2.0 Non-IFS Service Provider Support Environment
FILE: \SystemRoot\System32\drivers\ws2ifsl.sys
NAME: Wdswsdewn
DISPLAY: Telephotsgoogle
FILE: C:\WINDOWS\system32\serdst.exe
NAME: WindowsDown
DISPLAY: Telephots google
FILE: C:\WINDOWS\system32\servet.exe
NAME: Windowsmns
DISPLAY: Tele_google
FILE: C:\WINDOWS\system32\MMSN.exe
[Added file]
C:\4NT\_desktop.ini
C:\autorun.inf
C:\Documents and Settings\Administrator\jopen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\$$aBE.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\a1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\a20.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\a6.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\LYLOADER.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\MSDEG32.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp8B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp8E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp92.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp97.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~V5SFDYCLNTKs.ExE
C:\Documents and Settings\Administrator\Local Settings\Temp\~V5SFDYCLNTKs.VbS
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\03[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\104[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\109[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\112[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\117[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\119[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\11[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\1631[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\1634[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\1639[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163a[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163c[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163d[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163f[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163i[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\163k[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\17[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\4[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\6[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\8[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\9038[1].htm
C:\Documents and Settings\Administrator\Local Settings\Tem
porary Internet Files\Content.IE5\C13NVBMZ\ax[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\CAKDABCD.htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\down[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\Hosts[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\index[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\ma3[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\new82[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s223[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s3[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\stat[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s[4].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\s[5].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\un460[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\vip[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\xx.9365[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\014[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\01[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\105[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\111[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\113[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\114[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1203774[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\12[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1367652[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\15[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1630[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1633[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1636[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1637[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163b[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163c[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163d[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163f[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163g[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\163j[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\19[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\3[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\5[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\888[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\9[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\a[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\CAQXOBG1.HTM
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\down1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\down[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\dy[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\g1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\g3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\ip[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\ma1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\ma2[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\pop[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\se[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\s[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\vc[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zaza[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\02[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\04[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\100[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\102[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1049603[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\107[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\110[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\112[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\113[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1153797[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\115[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\116[1].exe
C:\Documents and Settings\Administrator\Local Setti
ngs\Temporary Internet Files\Content.IE5\Q08VKCK4\14[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1630[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1632[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1634[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1637[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1638[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1639[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\163e[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\163g[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\163j[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\168[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\18[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\bu1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\CAP8R4HT.HTM
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\de[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\du7[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\g1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\g3[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\hdsl[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\love[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ripi[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\s5[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\s[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\s[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\web.2008yi[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\y[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\014[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\05[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\06[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\0[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\101[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\103[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\106[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\108[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\10[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\111[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\118[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1299644[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1329427[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\13[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1631[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1633[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1636[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1638[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163a[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163b[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163e[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163h[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163i[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\163k[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\16[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\7[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\down2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\kl[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\live[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\s[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\s[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\s[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\vip[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\x[1].htm
C:\Documents and Settings\Administrator\ntuser.com
C:\PegeFile.pif
C:\Program Files\100.exe
C:\Program Files\Hosts.exe
C:\Program Files\Internet Explorer\13Sy.exe
C:\Program Files\Internet Explorer\15Sy.exe
C:\Program Files\Internet Explorer\9Sy.exe
C:\Program Files\Internet Explorer\PLUGINS\NewTemp.bak
C:\Program Files\Internet Explorer\PLUGINS\NewTemp.bkk
C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll
C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys
C:\Program Files\Internet Explorer\PLUGINS\NysWin75.Jmp
C:\Program Files\Internet Explorer\PLUGINS\SysWin7s.Jmp
C:\Program Files\Internet Explorer\PLUGINS\WinSys8s.Sys
C:\Program Files\Internet Explorer\PLUGINS\WinS
ys8s.Tao
C:\Program Files\Internet Explorer\RUNDLL32.exe
C:\Program Files\Internet Explorer\SMSS.EXE
C:\Program Files\NetMeeting\avpwl.dat
C:\Program Files\NetMeeting\avpwl.exe
C:\servet.exe
C:\WINDOWS\124327MM.DLL
C:\WINDOWS\124327WO.DLL
C:\WINDOWS\888
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\Dll.dll
C:\WINDOWS\Fonts\ardaase.fon
C:\WINDOWS\Fonts\ardasase.fon
C:\WINDOWS\Fonts\armease.fon
C:\WINDOWS\Fonts\cadaafx.fon
C:\WINDOWS\Fonts\chqiaur.fon
C:\WINDOWS\Fonts\chreaur.fon
C:\WINDOWS\Fonts\chtiaur.fon
C:\WINDOWS\Fonts\enhuafx.fon
C:\WINDOWS\Fonts\enpoafx.fon
C:\WINDOWS\Fonts\enweafx.fon
C:\WINDOWS\Fonts\gejiand.fon
C:\WINDOWS\Fonts\gemoand.fon
C:\WINDOWS\Fonts\gezeand.fon
C:\WINDOWS\Fonts\msguasd.fon
C:\WINDOWS\Fonts\mswuasd.fon
C:\WINDOWS\Fonts\mszhasd.fon
C:\WINDOWS\GenProtect.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\IGW.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\MsIMMs32.exe
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\rising177.exe
C:\WINDOWS\rundl132.exe
C:\WINDOWS\system32\0.exe
C:\WINDOWS\system32\114.exe
C:\WINDOWS\system32\119.exe
C:\WINDOWS\system32\13.exe
C:\WINDOWS\system32\168.exe
C:\WINDOWS\system32\17.exe
C:\WINDOWS\system32\5E9F0D5.DLL
C:\WINDOWS\system32\addrgjhelp.dll
C:\WINDOWS\system32\addrjzhelp.dll
C:\WINDOWS\system32\addrmshelp.dll
C:\WINDOWS\system32\AE9C6AE4.EXE
C:\WINDOWS\system32\AVPSrv.dll
C:\WINDOWS\system32\avwgain.dll
C:\WINDOWS\system32\avwgcmn.dll
C:\WINDOWS\system32\avwgcst.exe
C:\WINDOWS\system32\avwgdmn.dll
C:\WINDOWS\system32\avwgdst.exe
C:\WINDOWS\system32\avwlcin.dll
C:\WINDOWS\system32\avwlcmn.dll
C:\WINDOWS\system32\avwlcst.exe
C:\WINDOWS\system32\avzxain.dll
C:\WINDOWS\system32\avzxdmn.dll
C:\WINDOWS\system32\avzxdst.exe
C:\WINDOWS\system32\avzxein.dll
C:\WINDOWS\system32\avzxemn.dll
C:\WINDOWS\system32\avzxest.exe
C:\WINDOWS\system32\caomsnima.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\config\AppEventw.cfg
C:\WINDOWS\system32\cqatl.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\djatl.dll
C:\WINDOWS\system32\drivers\scvhost.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\ebnozz.dll
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\gjatl.dll
C:\WINDOWS\system32\hello.exe
C:\WINDOWS\system32\IE7.exe
C:\WINDOWS\system32\kapjacs.dll
C:\WINDOWS\system32\kapjbaz.exe
C:\WINDOWS\system32\kapjbzy.dll
C:\WINDOWS\system32\kaqhfaz.exe
C:\WINDOWS\system32\kaqhfcs.dll
C:\WINDOWS\system32\kaqhfzy.dll
C:\WINDOWS\system32\kawdacs.dll
C:\WINDOWS\system32\kawdbaz.exe
C:\WINDOWS\system32\kawdbzy.dll
C:\WINDOWS\system32\kvdxacf.dll
C:\WINDOWS\system32\kvdxdis.exe
C:\WINDOWS\system32\kvdxdma.dll
C:\WINDOWS\system32\kvdxsacf.dll
C:\WINDOWS\system32\kvdxscis.exe
C:\WINDOWS\system32\kvdxscma.dll
C:\WINDOWS\system32\kvmxfcf.dll
C:\WINDOWS\system32\kvmxfis.exe
C:\WINDOWS\system32\kvmxfma.dll
C:\WINDOWS\system32\LYLOADER.EXE
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\MMSN.exe
C:\WINDOWS\system32\MSDEG32.DLL
C:\WINDOWS\system32\mseam.sys
C:\WINDOWS\system32\MsIMMs32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\mstsc32.dll
C:\WINDOWS\system32\nslkupi.exe
C:\WINDOWS\system32\ntsokele.exe
C:\WINDOWS\system32\NVDispDrv.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\raqjani.dll
C:\WINDOWS\system32\raqjbpi.dll
C:\WINDOWS\system32\raqjbtl.exe
C:\WINDOWS\system32\rarjani.dll
C:\WINDOWS\system32\rarjbpi.dll
C:\WINDOWS\system32\rarjbtl.exe
C:\WINDOWS\system32\ratbani.dll
C:\WINDOWS\system32\ratbfpi.dll
C:\WINDOWS\system32\ratbftl.exe
C:\WINDOWS\system32\rsjzafg.dll
C:\WINDOWS\system32\rsjzbpm.dll
C:\WINDOWS\system32\rsjzbsp.exe
C:\WINDOWS\system32\rsmyafg.dll
C:\WINDOWS\system32\rsmyepm.dll
C:\WINDOWS\system32\rsmyesp.exe
C:\WINDOWS\system32\rsmyfpm.dll
C:\WINDOWS\system32\rsmyfsp.exe
C:\WINDOWS\system32\rsztafg.dll
C:\WINDOWS\system32\rsztdpm.dll
C:\WINDOWS\system32\rsztdsp.exe
C:\WINDOWS\system32\rxjhatl.dll
C:\WINDOWS\system32\serdst.exe
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\sidjaaz.exe
C:\WINDOWS\system32\sidjacs.dll
C:\WINDOWS\system32\sidjazy.dll
C:\WINDOWS\system32\sqmapi32.dll
C:\WINDOWS\system32\taimpo.txt
C:\WINDOWS\system32\twdnwy.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\vqjcws.dll
C:\WINDOWS\system32\wdrkzq.dll
C:\WINDOWS\system32\WinForm.dll
C:\WINDOWS\system32\wiscoxgpyhq.dll
C:\WINDOWS\system32\wlatl.dll
C:\WINDOWS\system32\yuhpyz.dll
C:\WINDOWS\system32\zxatl.dll
C:\WINDOWS\system32\zyuimd.dll
C:\WINDOWS\Temp\$$a98.tmp
C:\WINDOWS\Temp\$$a9C.tmp
C:\WINDOWS\Temp\$$aA0.tmp
C:\WINDOWS\Temp\$$aA2.tmp
C:\WINDOWS\Temp\tmpA4.tmp
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\UUUUU12999
C:\WINDOWS\WinForm.exe
C:\WINDOWS\~tmp9343.exe
[Added LSP]
ID: 1031
NAME: MSAPI Tcpip [TCP/IP]
ID: 1034
NAME: MSAPI Tcpip [UDP/IP]
ID: 1035
NAME: MSAPI Tcpip [TCP/IP]
[Added COM/BHO]
{0EA66AD2-CF26-2E23-532B-B292E22F3266}-C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll
{18847374-8323-FADC-B443-4732ABCD3781}-C:\WINDOWS\system32\sidjazy.dll
{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}-C:\WINDOWS\system32\rsjzbpm.dll
{24783410-4F90-34A0-7820-3230ACD05F42}-C:\WINDOWS\system32\raqjbpi.dll
{2598FF45-DA60-F48A-BC43-10AC47853D52}-C:\WINDOWS\system32\rarjbpi.dll
{28907901-1416-3389-9981-372178569982}-C:\WINDOWS\system32\kawdbzy.dll
{2A321487-4977-D98A-C8D5-6488257545A2}-C:\WINDOWS\system32\kapjbzy.dll
{383D0D27-789F-4543-9760-D4E199623476}-C:\WINDOWS\system32\wiscoxgpyhq.dll
{3960356A-458E-DE24-BD50-268F589A56A3}-C:\WINDOWS\system32\avwlcmn.dll
{3A1247C1-53DA-FF43-ABD3-345F323A48D3}-C:\WINDOWS\system32\avwgcmn.dll
{3D561258-45F3-A451-F908-A258458226D3}-C:\WINDOWS\system32\kvdxscma.dll
{434345F1-DACF-3452-CB7D-4620F34A1534}-C:\WINDOWS\system32\rsztdpm.dll
{4859245F-345D-BC13-AC4F-145D47DA34F4}-C:\WINDOWS\system32\avzxdmn.dll
{4A1247C1-53DA-FF43-ABD3-345F323A48D4}-C:\WINDOWS\system32\avwgdmn.dll
{4C87A354-ABC3-DEDE-FF33-3213FD7447C4}-C:\WINDOWS\system32\kvdxdma.dll
{5859245F-345D-BC13-AC4F-145D47DA34F5}-C:\WINDOWS\system32\avzxemn.dll
{5E32FA58-3453-FA2D-BC49-F340348ACCE5}-C:\WINDOWS\system32\rsmyepm.dll
{66650011-3344-6688-4899-345FABCD1566}-C:\WINDOWS\system32\ratbfpi.dll
{67D81718-1314-5200-2597-587901018076}-C:\WINDOWS\system32\kaqhfzy.dll
{6D47B341-43DF-4563-753F-345FFA3157D6}-C:\WINDOWS\system32\kvmxfma.dll
{6E32FA58-3453-FA2D-BC49-F340348ACCE6}-C:\WINDOWS\system32\rsmyfpm.dll
{774D414D-9457-4707-9730-662C4F8D2856}-C:\Program Files\Internet Explorer\PLUGINS\WinSys8s.Sys
{AAF3B135-E338-491A-B3CB-9D75DA02C5D1}-C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys
[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=KVP
Data=C:\WINDOWS\system32\drivers\svchost.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=AVPSrv
Data=C:\WINDOWS\AVPSrv.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=MsIMMs32
Data=C:\WINDOWS\MsIMMs32.exe
HKLM\=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSys
Data=C:\WINDOWS\IGW.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=GenProtect
Data=C:\WINDOWS\GenProtect.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=svchost
Data=C:\WINDOWS\ctfmo
n.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=cmdbcs
Data=C:\WINDOWS\cmdbcs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=upxdnd
Data=C:\WINDOWS\upxdnd.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=NVDispDrv
Data=C:\WINDOWS\NVDispDrv.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=DbgHlp32
Data=C:\WINDOWS\DbgHlp32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSysM
Data=C:\WINDOWS\IGM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinForm
Data=C:\WINDOWS\WinForm.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=MsPrint32D
Data=C:\WINDOWS\MsPrint32D.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=avpwl
Data=C:\Program Files\NetMeeting\avpwl.exe
HKCU\Software\Microsoft\Internet Explorer\Main
Value=Start Page
Data=HTtp://WWw.94aK.cOM/
HKU\S-1-5-21-515967899-583907252-839522115-500\Software\Microsoft\Internet Explorer\Main
Value=Start Page
Data=HTtp://WWw.94aK.cOM/
到目前為止 (2007/10/17 @ 13:34),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
01[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fhm"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
MSDEG32.dll:
[ Beta_Gen ], "Possible_Crypt-6″
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fgm"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.DVV trojan"
[ Fortinet ], "suspicious"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
LYMANGR.dll:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fgl"
[ McAfee ], "Generic PWS.j"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.DTR trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.Online.agb.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
tmp97.tmp
[ Microsoft ], "Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fij"
[ McAfee ], "PWS-OnlineGames.j"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
tmp92.tmp
[ Beta_Gen ], "Possible_Crypt-6″
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fht"
[ Sophos ], "Mal/Packer"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
tmp9F.tmp
[ Microsoft ], "Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fcx"
[ Nod32 ], "Win32/PSW.OnLineGames.FCG trojan"
[ Fortinet ], "PossibleThreat"
[ HBEDV ], "TR/PSW.OnlineGames.fcx"
[ Norman ], "Trojan W32/OnLineGames.RIO"
tmp9D.tmp
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fcg"
[ McAfee ], "PWS-LegMir.dll"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.BZE"
[ Nod32 ], "Win32/PSW.OnLineGames.FCG trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Spy.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
tmp9B.tmp
[ Microsoft ], "Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fig"
[ McAfee ], "PWS-OnlineGames.j"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
tmp8E.tmp
[ Microsoft ], "Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fht"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
tmp8B.tmp
[ Microsoft ], "Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fcx"
[ Nod32 ], "Win32/PSW.OnLineGames.FCG trojan"
[ Fortinet ], "PossibleThreat"
[ HBEDV ], "TR/PSW.OnlineGames.fcx"
[ Norman ], "Trojan W32/OnLineGames.RIO"
s5[1].js-malscript-eval
[ Alpha_Gen ], "Possible_EncScr"
s3[1].js-malscript-eval
[ Alpha_Gen ], "Possible_EncScr"
[ Beta_Gen ], "Possible_EncScr"
[ Kaspersky ], "PAK:JSPack, PAK:JSPack, unknown format."
autorun.inf:
[ McAfee ], "Generic!atr"
[ Nod32 ], "Win32/AutoRun.NAB virus"
stat[1].htm-stat
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
g3[1].htm-malurls-malscript
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
web.2008yi[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
vc[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
se[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
s[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
s223[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
pop[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
new82[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
ma3[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
index[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hif
rm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
hdsl[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HTML/Dldr.Agent.380″
[ Rising ], "Trojan.DL.Ieframe.co"
g1[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Symantec ], "Trojan.Maliframe!html"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
dy[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
du7[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
down[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
de[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
CAQXOBG1.HTM-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
CAKDABCD.htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
ax[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
9038[1].htm-malurls
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Psyme-EX"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
y[1].htm-malscript
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
ma2[1].htm-malscript
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_EncScr"
[ Symantec ], "Trojan.Webkit!html"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
ma1[1].htm-malscript
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_EncScr"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ McAfee ], "[0000001a.vbs]:VBS/Psyme"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
[ Ewido ], "Downloader.Psyme.dh"
love[1].htm-malscript
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Downloader.JS.Agent.yh"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
bu1[1].htm-malscript
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
x[1].htm:
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Exploit.JS.Agent.bq"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
live[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2″
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
kl[1].htm:
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
1[1].htm:
[ Alpha_Gen ], "Heur_Infrm:"
[ Beta_Gen ], "Possible_Hifrm"
[ Kaspersky ], "Trojan-Clicker.HTML.IFrame.cw"
[ Sophos ], "Troj/Fujif-Gen"
[ HBEDV ], "HEUR/Exploit.HTML"
[ Rising ], "Trojan.DL.Ieframe.co"
vip[1].exe:
[ HBEDV ], "HEUR/Crypted"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Downloader"
servet.exe:
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fubalca.E"
[ Microsoft ], "[->(UPX)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-Downloader.Win32.Baser.w"
[ McAfee ], "[GenUnp]:Downloader-AZG"
[ Nod32 ], "Win32/Delf.NDV worm"
[ Fortinet ], "W32/Versie.W!tr.dldr"
[ HBEDV ], "TR/Dldr.Baser.W.2″
[ Norman ], "Trojan W32/Malware.AMWF"
[ Ewido ], "Downloader.Baser.w"
LYLOADER.exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:TrojanSpy:Win32/Agent.HZ"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack, Trojan-PSW.Win32.OnLineGames.fgk"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.gen"
[ Nod32 ], "Win32/PSW.Agent.NEC trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.Online.agb.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
JOPEN.EXE:
[ HBEDV ], "HEUR/Crypted"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Downloader"
a6.exe:
[ Symantec ], "W32.Gammima.AG"
[ Microsoft ], "[->(UPX)]:Trojan:Win32/Zlob!4C80″
[ Kaspersky ], "PAK:UPX"
[ McAfee ], "[0000b4f8.EXE]:PWS-QQGame"
[ Panda ], "Suspicious file"
[ Nod32 ], "probably a variant of Win32/AutoRun.Q worm"
[ HBEDV ], "DR/Delphi.Gen"
[ Norman ], "Trojan W32/Malware.AZYN"
a1.exe:
[ Microsoft ], "[->(FSG-v2.0)]:Trojan:Win32/Anomaly.gen!B"
[ Kaspersky ], "PAK:FSG, PAK:PEPatch"
[ Sophos ], "Mal/EncPk-AP"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/StartPa.Delf.D.2″
[ Norman ], "Security Risk Suspicious_F.gen"
1639[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "PWS
:Win32/Frethog.gen!D"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fbo"
[ McAfee ], "PWS-OnlineGames.a"
[ Sophos ], "Mal/Dropper-P"
[ Panda ], "Trj/Lineage.BZE"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/Dropper.FBO!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.fby.1″
[ Norman ], "Trojan W32/OnLineGames.RGW"
1637[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack, Trojan-PSW.Win32.OnLineGames.fcg"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.FCG trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.fcx"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
1633[1].exe:
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.fib"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NFL trojan"
[ HBEDV ], "TR/Dropper.Gen"
1630[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->[RSRCEmb]->(Upack)]:TrojanSpy:Win32/Agent.HZ"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fgr"
[ McAfee ], "[00000c80.EXE]:New Malware.aj !!"
[ Sophos ], "[FILE:0000]:Mal/Packer, Mal/PWS-N"
[ Nod32 ], "Win32/PSW.Agent.NEC trojan"
[ HBEDV ], "TR/PSW.Online.agb.2″
[ Norman ], "Trojan W32/Malware.BBVC"
888[1].exe:
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fubalca.E"
[ Microsoft ], "TrojanDownloader:Win32/Baser.A"
[ Kaspersky ], "Trojan-Downloader.Win32.Murlo.hs"
[ McAfee ], "Downloader-AZG"
[ Nod32 ], "a variant of Win32/Delf.NDV worm"
[ Fortinet ], "W32/AutoRun.OM!tr"
[ HBEDV ], "TR/Dldr.Murlo.HS"
[ Norman ], "Trojan W32/Murlo.TL"
163k[1].exe:
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fubalca.E"
[ Microsoft ], "[->(UPX)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-Downloader.Win32.Baser.w"
[ McAfee ], "[GenUnp]:Downloader-AZG"
[ Nod32 ], "Win32/Delf.NDV worm"
[ Fortinet ], "W32/Versie.W!tr.dldr"
[ HBEDV ], "TR/Dldr.Baser.W.2″
[ Norman ], "Trojan W32/Malware.AMWF"
[ Ewido ], "Downloader.Baser.w"
163g[1].exe:
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.ffi"
[ McAfee ], "PWS-OnlineGames.a"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NFL trojan"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Trojan W32/OnLineGames.RNL"
163a[1].exe:
[ Symantec ], "W32.Gammima.AG"
[ Microsoft ], "[->(UPX)]:Trojan:Win32/Zlob!4C80″
[ Kaspersky ], "PAK:UPX"
[ McAfee ], "[0000b4f8.EXE]:PWS-QQGame"
[ Panda ], "Suspicious file"
[ Nod32 ], "probably a variant of Win32/AutoRun.Q worm"
[ HBEDV ], "DR/Delphi.Gen"
[ Norman ], "Trojan W32/Malware.AZYN"
119[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Aspack v2.12)]:Trojan:Win32/Lmir.BMN"
[ Kaspersky ], "PAK:ASPack, Trojan-PSW.Win32.Lmir.bnw"
[ McAfee ], "[0000b63c.EXE]:New DLL-b !!"
[ Nod32 ], "probably unknown NewHeur_PE virus [7]"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
118[1].exe:
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fubalca.E"
[ Kaspersky ], "Trojan-Downloader.Win32.Murlo.hs"
[ McAfee ], "Downloader-AZG"
[ Nod32 ], "a variant of Win32/Delf.NDV worm"
[ Fortinet ], "W32/AutoRun.OM!tr"
[ HBEDV ], "TR/Dldr.Murlo.HS"
[ Norman ], "Trojan W32/Murlo.TL"
116[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack, Trojan-PSW.Win32.OnLineGames.fhy"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
115[1].exe:
[ Symantec ], "Infostealer.Perfwo"
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.fbx"
[ Sophos ], "Mal/Dropper-P"
[ Panda ], "Trj/Lineage.BZE"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/OnlineGames.KAV!tr"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Trojan W32/OnLineGames.RFT"
112[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fbi"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.fbi"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ewido ], "Trojan.OnLineGames.dzq"
111[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fcw"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.fcw"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
109[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer"
[ Microsoft ], "[->(Upack)]:PWS:Win32/Frethog.gen!A"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Wow.gen"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NEP trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
108[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.fgz"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.YA trojan"
[ Fortinet ], "W32/Agent.KAV!tr"
[ HBEDV ], "TR/Dropper.Gen"
107[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.ffe"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.YA trojan"
[ Fortinet ], "W32/OnlineGames.DRP!tr.pws"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ],
"[Heuristic Sandbox detection]:Virus W32/Malware"
106[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.ebf"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.FSC"
[ Nod32 ], "Win32/PSW.OnLineGames.EBF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ebf"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ewido ], "Trojan.OnLineGames.dwe"
105[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fbo"
[ Sophos ], "Mal/Dropper-P"
[ Panda ], "Trj/Lineage.FVU"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Trojan W32/OnLineGames.RGW"
103[1].exe:
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.fda"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.YA trojan"
[ HBEDV ], "TR/Dropper.Gen"
102[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack, Trojan-PSW.Win32.OnLineGames.fei"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.fei"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
101[1].exe:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(UPX)]:PWS:Win32/Frethog.gen!D"
[ Kaspersky ], "PAK:PE_Patch.UPX, PAK:UPX, Trojan-PSW.Win32.OnLineGames.fbk"
[ Sophos ], "Mal/Dropper-P"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NFL trojan"
[ HBEDV ], "TR/Dropper.Gen"
100[1].exe:
[ Symantec ], "W32.Gammima.AG"
[ Kaspersky ], "PAK:UPX, Trojan-PSW.Win32.QQGame.ao"
[ McAfee ], "[0000b4f8.EXE]:PWS-QQGame"
[ Nod32 ], "probably a variant of Win32/AutoRun.Q worm"
[ HBEDV ], "DR/Delphi.Gen"
[ Norman ], "Trojan W32/Malware.BAPS"
17[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fdz"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.FDZ trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/FWDisable.21068″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ewido ], "Trojan.Agent"
014[1].exe:
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fubalca.E"
[ Kaspersky ], "PAK:PE_Patch, Trojan-Downloader.Win32.Baser.ad"
[ McAfee ], "W32/Autorun.worm.af"
[ Panda ], "Trj/Downloader.MDW"
[ Nod32 ], "Win32/TrojanDownloader.Baser.AD trojan"
[ Fortinet ], "W32/Heuri.E!worm"
[ HBEDV ], "TR/Dldr.Baser.AD"
[ Norman ], "Trojan W32/Malware.BBEE"
[ Ewido ], "Downloader.Baser.w"
9[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fhm"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
8[1].exe:
[ Microsoft ], "[->(Upack)]:PWS:Win32/Frethog.O"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.fhz"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.WOW.WU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
06[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.NGP trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
05[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.eop"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
04[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.eop"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
03[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.eop"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
02[1].exe:
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:Trojan:Win32/AgentBypass.gen!G"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.eop"
[ McAfee ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "Win32/PSW.OnLineGames.FAJ trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnLineGa.dmj"
[ Norman ], "Trojan W32/OnLineGames.RJE"
1[1].exe:
[ Trend ], "PE_LOOKED.GEN"
0[1].exe:
[ Trend ], "TSPY_ONLINEG.GUV"
ntuser.com:
[ Trend ], "PE_LOOKED.GEN"
PegeFile.pif:
[ Trend ], "Possible_Infostl"
zaza[1].js:
[ Trend ], "JS_DLOADER.VHZ"
xx.9365[1].htm:
[ Trend ], "HTML_IFRAME.IO"
un460[1].htm:
[ Trend ], "HTML_IFRAME.IQ"
ip[1].exe:
[ Trend ], "BKDR_HUPIGON.EVG"
Hosts[1].exe:
[ Trend ], "TROJ_DELF.DQM"
down2[1].exe:
[ Trend ], "Possible_Infostl"
down1[1].exe:
[ Trend ], "Possible_Infostl"
a20.exe:
[ Trend ], "BKDR_DELF.HBW"
1638[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
1636[1].exe:
[ Trend ], "TSPY_ONLINEG.JPV"
1634[1].exe:
[ Trend ], "TSPY
_ONLINEG.GVT"
1631[1].exe:
[ Trend ], "TROJ_Generic.A"
168[1].exe:
[ Trend ], "PE_LOOKED.ACX-O"
163j[1].exe:
[ Trend ], "BKDR_AGENT.ABIP"
163i[1].exe:
[ Trend ], "BKDR_KOLMAT.D"
163f[1].exe:
[ Trend ], "TROJ_AGENTBYP.L"
163e[1].exe:
[ Trend ], "TSPY_ONLINEG.IDH"
163d[1].exe:
[ Trend ], "TSPY_LEGMIR.CLJ"
163c[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
163b[1].exe:
[ Trend ], "TSPY_ONLINEG.JOQ"
117[1].exe:
[ Trend ], "TSPY_ONLINEG.JRP"
114[1].exe:
[ Trend ], "TROJ_RISK.BD"
113[1].exe:
[ Trend ], "BKDR_KOLMAT.F"
110[1].exe:
[ Trend ], "Possible_OLGM-4″
104[1].exe:
[ Trend ], "Possible_OLGM-4″
19[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
18[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
16[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
15[1].exe:
[ Trend ], "TROJ_ONLINEG.GFB"
14[1].exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
13[1].exe:
[ Trend ], "TROJ_ONLINEG.FYB"
12[1].exe:
[ Trend ], "TSPY_ONLINEG.IOX"
11[1].exe:
[ Trend ], "TSPY_ONLINEG.JLN"
10[1].exe:
[ Trend ], "TROJ_SYSTEMHI.NR"
7[1].exe:
[ Trend ], "TSPY_ONLINEG.IDU"
6[1].exe:
[ Trend ], "TSPY_WOW.AIW"
5[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
4[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
3[1].exe:
[ Trend ], "TROJ_SYSTEMHI.OP"
2[1].exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
