台北市雜誌商業同業公會又被植入惡意連結,此惡意程式為 W32/Lineage.GLV.worm,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Kao)
惡意連結/程式碼是放置在首頁及中英文首頁 (其他頁面可能要仔細檢查一下囉) 中的:
執行之後,有下面的行為:
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\WINDOWS\124327MM.DLL
C:\WINDOWS\124327WL.DLL
C:\WINDOWS\124327WO.DLL
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\gdchdi32.dll
C:\WINDOWS\system32\gddji32.dll
C:\WINDOWS\system32\gdfyi32.dll
C:\WINDOWS\system32\gdgji32.dll
C:\WINDOWS\system32\gdjzi32.dll
C:\WINDOWS\system32\gdqji32.dll
C:\WINDOWS\system32\gdqqhxi32.dll
C:\WINDOWS\system32\gdtli32.dll
C:\WINDOWS\system32\gdwdi32.dll
C:\WINDOWS\system32\gdwli32.dll
C:\WINDOWS\system32\gdxwtwi32.dll
C:\WINDOWS\system32\gdzxi32.dll
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\NVDispDrv.dll
C:\WINDOWS\system32\videodevice.dll
[Added service]
NAME: PciHardDisk
DISPLAY: PciHardDisk
FILE: \??\C:\WINDOWS\system32\drivers\pcidisk.sys
NAME: comint32
DISPLAY: comint32
FILE: \??\C:\WINDOWS\system32\DRIVERS\comint32.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\LYLOADER.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\MSDEG32.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp89.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp8C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp8D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp98.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpA0.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpA1.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpA4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpAD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\fy[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\go[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\jh[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\jz[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\mh[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\pps[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\wl[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\zx[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\cs[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\new05[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\tl[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\wm2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\xw[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zt[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\014[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\11[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ch[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\cq[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\d3[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\hx[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\my2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\qj[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1299644[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\dh[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\dj[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\haha[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\ki[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\wd1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\wow[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\zy[1].exe
C:\Program Files\conime0.exe
C:\WINDOWS\124327L.exe
C:\WINDOWS\124327M.exe
C:\WINDOWS\124327MM.DLL
C:\WINDOWS\124327W.exe
C:\WINDOWS\124327WL.DLL
C:\WINDOWS\124327WO.DLL
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\GenProtect.exE
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\NVDispDRV.EXE
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\Com\comrepl32.exe
C:\WINDOWS\system32\config\AppEventw.cfg
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\drivers\comint32.sys
C:\WINDOWS\system32\drivers\pcibus.sys
C:\WINDOWS\system32\gdchdi32.cfg
C:\WINDOWS\system32\gdchdi32.dll
C:\WINDOWS\system32\gddji32.cfg
C:\WINDOWS\system32\gddji32.dll
C:\WINDOWS\system32\gdfyi32.cfg
C:\WINDOWS\system32\gdfyi32.dll
C:\WINDOWS\system32\gdgji32.cfg
C:\WINDOWS\system32\gdgji32.dll
C:\WINDOWS\system32\gdjzi32.cfg
C:\WINDOWS\system32\gdjzi32.dll
C:\WINDOWS\system32\gdqji32.cfg
C:\WINDOWS\system32\gdqji32.dll
C:\WINDOWS\system32\gdqqhxi32.cfg
C:\WINDOWS\system32\gdqqhxi32.dll
C:\WINDOWS\system32
\gdtli32.cfg
C:\WINDOWS\system32\gdtli32.dll
C:\WINDOWS\system32\gdwdi32.cfg
C:\WINDOWS\system32\gdwdi32.dll
C:\WINDOWS\system32\gdwli32.cfg
C:\WINDOWS\system32\gdwli32.dll
C:\WINDOWS\system32\gdxwtwi32.cfg
C:\WINDOWS\system32\gdxwtwi32.dll
C:\WINDOWS\system32\gdzhtui32.cfg
C:\WINDOWS\system32\gdzhtui32.dll
C:\WINDOWS\system32\gdzxi32.cfg
C:\WINDOWS\system32\gdzxi32.dll
C:\WINDOWS\system32\GenProtect.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\LYLOADER.EXE
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\MSDEG32.DLL
C:\WINDOWS\system32\NVDispDrv.dll
C:\WINDOWS\system32\videodevice.dll
[Added LSP]
ID: 1016
NAME: MSAPI Tcpip [UDP/IP]
ID: 1017
NAME: MSAPI Tcpip [TCP/IP]
[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=GenProtect
Data=C:\WINDOWS\GenProtect.exE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=cmdbcs
Data=C:\WINDOWS\cmdbcs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSysM
Data=C:\WINDOWS\124327M.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSysW
Data=C:\WINDOWS\124327L.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSys
Data=C:\WINDOWS\124327W.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=NVDispDrv
Data=C:\WINDOWS\NVDispDRV.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=DbgHlp32
Data=C:\WINDOWS\DbgHlp32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=LotusHlp
Data=C:\WINDOWS\LotusHlp.exe
到目前為止 (2007/11/28 @ 02:35),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
pcibus.sys:
[ Symantec ], "W32.Fujacks.L"
[ Microsoft ], "Exploit:Win32/Siveras.E"
[ Sophos ], "[FILE:0000\FILE:0000]:Mal/Behav-160″
[ Panda ], "W32/Lineage.GLV.worm"
[ Panda_Beta ], "W32/Lineage.GLV.worm"
[ Nod32 ], "a variant of Win32/Jalous worm"
[ Fortinet ], "W32/DcomRpc.BK!worm"
[ HBEDV ], "TR/Dldr.Agent.45056″
[ Norman ], "Trojan W32/DLoader.EHRE"
[ Rising ], "Trojan.Win32.Mnless.znb"
[ Ikarus ], "Worm.Win32.Downloader.bk"
[ Grisoft ], "Trojan horse Dropper.Small.29.AR"
[ quickheal ], "Worm.Downloader.bk"
[ WebWasher ], "Trojan.Dldr.Agent.45056″
014[1].exe:
[ IntelliTrap ], "PAK_Generic.005″
[ Alpha_Gen ], "Possible_HUPIGON"
[ Symantec ], "W32.Fujacks.L"
[ Microsoft ], "[->(NSPack)]:Exploit:Win32/Siveras.E"
[ Kaspersky ], "PAK:NSPack"
[ McAfee ], "New Malware.aq !!"
[ McAfee_Beta ], "New Malware.aq !!"
[ Sophos ], "[FILE:0000\FILE:0000\FILE:0000]:Mal/Behav-160, Mal/Packer"
[ Nod32 ], "Win32/Jalous.O worm"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Dldr.Agent.45056″
[ Norman ], "Security Risk W32/Suspicious_N.gen"
[ Ikarus ], "Packed.Win32.Klone.af"
[ Grisoft ], "Trojan horse Dropper.Generic.SIN"
[ eAladdin ], "Suspicious File [101]"
[ quickheal ], "Worm.Downloader.bi"
[ vba32 ], "Worm.Win32.Downloader.bi"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Dldr.Agent.45056″
pps[1].htm:
[ Alpha_Gen ], "Possible_EncScr"
[ Beta_Gen ], "Possible_EncScr"
[ HBEDV ], "EXP/RealPlay.B"
[ Rising ], "Hack.Exploit.Script.JS.Agent.bz"
[ Authentium ], "JS/RealPlay.B"
[ WebWasher ], "Exploit.RealPlay.B"
new05[1].htm:
[ Sophos ], "Mal/Iframe-A"
[ Rising ], "Trojan.DL.Script.JS.Agent.lst"
haha[1].htm:
[ Rising ], "Trojan.Script.JS.Agent.m"
[ WebWasher ], "BlockReason.46 (suspicious)"
11[1].js:
[ HBEDV ], "JS/Dldr.Agent.YA"
[ WebWasher ], "Script.Dldr.Agent.YA"
tmpAD.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.7″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.7″
gdfyi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.r"
[ McAfee_Beta ], "PWS-OnlineGames.r"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Spy.Win32.Delf.uv"
[ Grisoft ], "Trojan horse PSW.Generic5.ZFW"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
gdchdi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Spy.Win32.Delf.uv"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
fy[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Spy.Win32.Delf.uv"
[ Grisoft ], "Trojan horse SHeur.ADQI"
[ eAladdin ], "Suspicious File [100]"
[ quickheal ], "TrojanPSW.OnLineGames.iub"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
comint32.sys:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "BlockReason.46 (suspicious)"
ch[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Troj
an horse SHeur.ADQG"
[ eAladdin ], "Suspicious File [104]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
gdjzi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Trojan Horse"
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "W32/OnLineGames.NHF!tr.pws"
[ HBEDV ], "TR/CrashSystem.C"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.CrashSystem.C"
NVDispDrv.dll:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.ihi"
[ McAfee ], "PWS-Zhengtu.dll"
[ McAfee_Beta ], "PWS-Zhengtu.dll"
[ Panda ], "Trj/Lineage.GLX"
[ Panda_Beta ], "Trj/Lineage.GLX"
[ Alwil ], "Win32:OnLineGames-BHW [Trj]"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.HCV trojan"
[ Fortinet ], "W32/OnLineGames.IHI!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.ihi"
[ Norman ], "Trojan W32/OnLineGames.WLG"
[ Rising ], "Trojan.PSW.Win32.GameOnline.akv"
[ Ikarus ], "Trojan-PWS.Win32.OnLineGames.es"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TNE"
[ quickheal ], "TrojanPSW.OnLineGames.ihi"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.12″
[ WebWasher ], "Trojan.PSW.OnlineGames.ihi"
[ bitdefender ], "Generic.Malware.PWS.7EF9E12D"
tmpA1.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "BlockReason.46 (suspicious)"
tmpA0.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.4″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.4″
tl[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse SHeur.ADQH"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
gdtli32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.r"
[ McAfee_Beta ], "PWS-OnlineGames.r"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.ZFV"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
tmp9D.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "BlockReason.46 (suspicious)"
tmp9C.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.13″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.13″
tmp9B.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.4″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.4″
hx[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.7″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Rising ], "Trojan.PSW.Win32.QQHX.tsg"
[ Ikarus ], "Backdoor.Win32.Rbot.aeu"
[ Grisoft ], "Trojan horse SHeur.ADQJ"
[ eAladdin ], "Suspicious File [104]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.7″
gdqqhxi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.r"
[ McAfee_Beta ], "PWS-OnlineGames.r"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.7″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.ZFF"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.7″
wl[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSA"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.2″
tmp98.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "BlockReason.46 (suspicious)"
gdwli32.dll:
[ IntelliTrap ], "PAK
_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSD"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.2″
wm2[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer"
[ Microsoft ], "[->(Upack)]:PWS:Win32/OnLineGames.CPK"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NGU trojan"
[ Fortinet ], "W32/OnLineGames.IQQ!tr.pws"
[ HBEDV ], "TR/CrashSystem.C"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TND"
[ eAladdin ], "Suspicious File [104]"
[ quickheal ], "TrojanPSW.OnLineGames.fb"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.CrashSystem.C"
tmpA4.tmp:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ CAV ], "Win32/Spibe!generic"
[ Nod32 ], "Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "W32/OnlineGames.QSG!tr.pws"
[ HBEDV ], "TR/PSW.Wow.adu.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Dropper.Win32.Agent.ane"
[ Grisoft ], "Trojan horse PSW.OnlineGames.THU"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.Wow.adu.2″
gdgji32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Trojan Horse"
[ Microsoft ], "[->(Upack)]:PWS:Win32/Frethog.X.dll"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.j"
[ McAfee_Beta ], "PWS-OnlineGames.j"
[ Sophos ], "Mal/Packer"
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "W32/OnLineGames.IKY!tr.pws"
[ HBEDV ], "TR/CrashSystem.C"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.YYY"
[ eAladdin ], "Suspicious File [100]"
[ quickheal ], "TrojanPSW.OnLineGames.iqq"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.CrashSystem.C"
gddji32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.j"
[ McAfee_Beta ], "PWS-OnlineGames.j"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/CrashSystem.C"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.ZGF"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.CrashSystem.C"
dj[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/CrashSystem.C"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Trojan horse SHeur.ADQO"
[ eAladdin ], "Suspicious File [104]"
[ quickheal ], "TrojanDownloader.Zlob.gen"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.CrashSystem.C"
tmp8D.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.12″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.12″
tmp8C.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "BlockReason.46 (suspicious)"
qj[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Grisoft ], "Trojan horse SHeur.ADQK"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl"
gdqji32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.r"
[ McAfee_Beta ], "PWS-OnlineGames.r"
[ Sophos ], "Mal/Packer"
[ Panda ], "Suspicious file"
[ Panda_Beta ], "Suspicious file"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.ZEY"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl"
zx[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen
], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.9″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSA"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.9″
tmp89.tmp:
[ Nod32 ], "Win32/PSW.OnLineGames.NIU trojan"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.12″
[ Grisoft ], "Trojan horse PSW.OnlineGames.TSL"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.12″
gdzxi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.9″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.9″
124327WO.dll:
[ Symantec ], "Infostealer.Gampass"
[ McAfee ], "New DLL-b !!"
[ McAfee_Beta ], "New DLL-b !!"
[ Sophos ], "Mal/Behav-010″
[ Panda ], "Trj/Legmir.ATW"
[ Panda_Beta ], "Trj/Legmir.ATW"
[ Alwil ], "Win32:Lmir-OK [Trj]"
[ Nod32 ], "a variant of Win32/PSW.Legendmir.NFF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "Trojan W32/DLoader.EGIF"
[ Ikarus ], "Trojan-PWS.Win32.OnLineGames.hlu"
[ Grisoft ], "Virus found PSW.OnlineGames"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
124327W.exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Kaspersky ], "Trojan-PSW.Win32.Lmir.boy"
[ McAfee ], "[000056d4.EXE]:New DLL-b !!"
[ McAfee_Beta ], "[000056d4.EXE]:New DLL-b !!"
[ Sophos ], "[FILE:0000]:Mal/Behav-010″
[ Panda ], "Trj/Wow.RN"
[ Panda_Beta ], "Trj/Wow.RN"
[ Alwil ], "Win32:Lmir-OK [Trj]"
[ CAV ], "Win32/Zuten.AO"
[ Nod32 ], "Win32/PSW.WOW.WU trojan"
[ Fortinet ], "W32/OnLineGames.IOY!tr.pws"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Malware"
[ Rising ], "Trojan.PSW.Win32.LMir.yys"
[ Ikarus ], "Trojan-PWS.Win32.WOW.vd"
[ Ewido ], "Trojan.Lmir.boy"
[ Grisoft ], "Trojan horse PSW.Generic5.XIC"
[ quickheal ], "TrojanPSW.Lmir.boy"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.16″
[ virusbuster ], "Trojan.DR.Lmir.Gen.4″
[ Authentium ], "W32/Blocker-based!Maximus"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
[ bitdefender ], "Trojan.PWS.Lmir.ULP"
124327MM.dll:
[ Symantec ], "Infostealer.Lemir.G"
[ Microsoft ], "PWS:Win32/Lmir.BMO"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.ieg"
[ McAfee ], "PWS-LegMir"
[ McAfee_Beta ], "PWS-LegMir"
[ Sophos ], "Mal/Behav-010″
[ Panda ], "Trj/Legmir.ATU"
[ Panda_Beta ], "Trj/Legmir.ATU"
[ Alwil ], "Win32:Lmir-OK [Trj]"
[ Nod32 ], "Win32/PSW.Legendmir.NFF trojan"
[ Fortinet ], "W32/OnLineGames.IEG!tr.pws"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "Trojan W32/DLoader.EGES"
[ Rising ], "Trojan.PSW.Win32.LMir.yyy"
[ Ikarus ], "Trojan-PWS.Win32.OnLineGames.ieg"
[ Grisoft ], "Trojan horse PSW.Legendmir.IXE"
[ quickheal ], "TrojanPSW.OnLineGames.ieg"
[ vba32 ], "Trojan-PSW.Win32.OnLineGames.ieg"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
124327M.exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Symantec ], "Infostealer.Lemir.G"
[ Kaspersky ], "Trojan-PSW.Win32.Lmir.boy"
[ McAfee ], "[000056d4.EXE]:PWS-LegMir"
[ McAfee_Beta ], "[000056d4.EXE]:PWS-LegMir"
[ Sophos ], "[FILE:0000]:Mal/Behav-010″
[ Panda ], "Trj/Legmir.ATU"
[ Panda_Beta ], "Trj/Legmir.ATU"
[ Alwil ], "Win32:Lmir-OK [Trj]"
[ CAV ], "Win32/Zuten.AO"
[ Nod32 ], "Win32/PSW.WOW.WU trojan"
[ Fortinet ], "W32/OnLineGames.IOY!tr.pws"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Malware"
[ Rising ], "Trojan.PSW.Win32.LMir.yys"
[ Ikarus ], "Trojan-PWS.Win32.WOW.vd"
[ Ewido ], "Trojan.Lmir.boy"
[ Grisoft ], "Trojan horse PSW.Generic5.XIC"
[ quickheal ], "TrojanPSW.Lmir.boy"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.16″
[ virusbuster ], "Trojan.DR.Lmir.Gen.4″
[ Authentium ], "W32/Blocker-based!Maximus"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
[ bitdefender ], "Trojan.PWS.Lmir.ULP"
cmdbcs.dll:
[ Alwil ], "Win32:OnLineGames-BHW [Trj]"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/OnLineGames.NFL!tr.pws"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "Trojan.PSW.Win32.GameOnline.amm"
[ Ikarus ], "Virus.Win32.OnLineGames.BHW"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TTF"
[ quickheal ], "TrojanPSW.OnLineGames.inw"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.12″
[ virusbuster ], "Trojan.OnlineGames.Gen.43″
[ WebWasher ], "BlockReason.46 (suspicious)"
[ bitdefender ], "DeepScan:Generic.PWS.Games.1.6CE89BFA"
jh[1].exe:
[ IntelliTrap ], "PAK_Generic.005″
[ Kaspersky ], "PAK:NSPack, PAK:PE_Patch"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/OnLineGames.INW!tr.pws"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Security Risk W32/Suspicious_N.gen"
[ Ikarus ], "Packed.Win32.Klone.af"
[ eAladdin ], "Suspicious File [101]"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.3″
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Dropper.Gen"
[ bitdefender ], "Generic.PWS.Games.4.6545F469″
cmdbcs.exe:
[ IntelliTrap ], "PAK_Generic.005″
[ Kaspersky ], "PAK:NSPack, PAK:PE_Patch"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "W32/OnLineGames.INW!tr.pws"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Security Risk W32/Suspicious_N.gen"
[ Ikarus ], "Packed.Win32.Klone.af"
[ eAladdin ], "Suspicious File [101]"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.3″
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Dropper.Gen"
[ bitdefender ], "Generic.PWS.Games.4.6545F469″
wd1[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Trojan horse SHeur.ADQR"
[ eAladdin ], "Suspicious File [104]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
gdwdi32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "PWS-OnlineGames.r"
[ McAfee_Beta ], "PWS-OnlineGames.r"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.Generic5.ZGI"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "BlockReason.46 (suspicious)"
zt[1].exe:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)->[RSRCEmb]]:VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.12″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TTI"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.12″
gdzhtui32.dll:
[ IntelliTrap ], "PAK_Generic.001″
[ Alpha_Gen ], "Possible_Crypt-6″
[ Beta_Gen ], "Possible_Crypt-6″
[ Microsoft ], "VirTool:Win32/Obfuscator.C"
[ Kaspersky ], "PAK:UPack"
[ Sophos ], "Mal/Packer"
[ CAV ], "Win32/Zuten!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NHF trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/PSW.OnlineGames.ivl.12″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-PWS.Win32.Small.br"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TTJ"
[ eAladdin ], "Suspicious File [100]"
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.PSW.OnlineGames.ivl.12″
my2[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)]:PWS:Win32/Lmir.BMQ"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.GMN"
[ Panda_Beta ], "Trj/Lineage.GMN"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TOL"
[ eAladdin ], "Suspicious File [104]"
[ quickheal ], "TrojanPSW.OnLineGames.isb"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.3″
[ Sunbelt ], "Trojan-PWS.Games.4″
[ WebWasher ], "Trojan.Dropper.Gen"
[ bitdefender ], "Generic.PWS.Games.4.F769E0BB"
GenProtect.exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "AP_MALPK-2″
[ Beta_Gen ], "AP_MALPK-2″
[ Microsoft ], "[->(Upack)]:PWS:Win32/Lmir.BMQ"
[ Kaspersky ], "PAK:PE_Patch, PAK:UPack"
[ McAfee ], "New Malware.aj !!"
[ McAfee_Beta ], "New Malware.aj !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.GMN"
[ Panda_Beta ], "Trj/Lineage.GMN"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "probably a variant of Win32/PSW.OnLineGames.NFL trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Dropper.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Downloader.Win32.Zlob.and"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TOL"
[ eAladdin ], "Suspicious File [104]"
[ quickheal ], "TrojanPSW.OnLineGames.isb"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.3″
[ Sunbelt ], "Trojan-PWS.Games.4″
[ WebWasher ], "Trojan.Dropper.Gen"
[ bitdefender ], "Generic.PWS.Games.4.F769E0BB"
GenProtect.dll:
[ Microsoft ], "PWS:Win32/Lmir.BMQ"
[ Panda ], "Trj/Lineage.GMN"
[ Panda_Beta ], "Trj/Lineage.GMN"
[ Alwil ], "Win32:OnLineGames-BHW [Trj]"
[ CAV ], "Win32/Frethog!generic"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.HCV trojan"
[ Fortinet ], "W32/OnLineGames.IQW!tr.pws"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "Trojan.PSW.Win32.GameOnline.aqc"
[ Ikarus ], "Trojan-PWS.Win32.OnLineGames.es"
[ Grisoft ], "Trojan horse PSW.OnlineGames.TOM"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.1″
[ WebWasher ], "BlockReason.46 (suspicious)"
LYMANGR.DLL:
[ Trend ], "TSPY_ONLINEG.LYE"
LYLOADER.EXE:
[ Trend ], "TSPY_ONLINEG.LYE"
