Trojan-PSW.Win32.OnLineGames.cur手工分析解决报告

大小: 30720 字节 *6@dYob {  
修改时间: 2007年9月13日, 9:47:16 kFt7  
MD5: 119C2D7E9B941D19F13391E9730231FE 8"i8q /3  
SHA1: 06453033C1964D213B9973E1EB73BEED1DFD7CB0 Ib7so~-  
CRC32: 6675DD20 ()^R<NKkQA  
nr6!V
x  
病毒发作过程： R??`u,  
创建文件项 /w"b7t  
C:\WINNT\mppds.exe *a~?EIZ#e  
C:\WINNT\system32\mppds.dll ,Cbr7s(.t9  
" v &A5Y  
注册表动作 ?U^=^aC  
HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN A@/'#EzmL  
b72)yi[g  
简单清除方法： aWZ7iZ/b  
删除病毒创建在系统盘的病毒文件mppds.exe，mppds.dll r/N4XIo%  
请在安全模式下操作。开机按F8进入安全模式 9C-szj/  
最后删除病毒注册表动作，即可。 (IJQ\]uR$_  
m|ka\:{v+  
File:  mppds.exe  'Eg o#z(;  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's G"?g.Z!.  
'ku'w@.  
scan results will not be stored in the database)  Ri;,/~L  
MD5:  119c2d7e9b941d19f13391e9730231fe  %lG:'GS  
Packers detected:  - 7_(>gpMnVi  
Bit9 reports:  Not analyzed yet (more info)  c`Q)?C  
H!}-T#X  
Scanner results  gBX^wQ5  
Scan taken on 05 Oct 2007 14:45:31 (GMT)  {A5+jnJM  
A-Squared  Found nothing y
Y!Ko8s  
AntiVir  Found TR/OnLineGames.23552.1  82jVMrj  
ArcaVir  Found nothing iZU75%  
Avast  Found Win32:Onlinegames-AUJ  L%#kt`ke  
AVG Antivirus  Found Generic7.KYW  YWe^QE(_H7  
BitDefender  Found DeepScan:Generic.PWS.Games.1.A20C0005  m  D f\  
ClamAV  Found Trojan.Spy-12790  >Y/?L%wjG  
CPsecure  Found Troj.PSW.W32.OnLineGames.cur  U8+RC`)J  
Dr.Web  Found Trojan.PWS.Gamania.3990  O'H3w U4  
F-Prot Antivirus  Found nothing zXyL)JFB  
F-Secure Anti-Virus  Found Trojan-PSW.Win32.OnLineGames.cur  :C3.,LC6  
Fortinet  Found W32/Dropper.CUR!tr.pws  rT\0T~0}  
Kaspersky Anti-Virus  Found Trojan-PSW.Win32.OnLineGames.cur  }y.#W|ME  
NOD32  Found a variant of Win32/PSW.OnLineGames.NFL  %:^ons4u  
Norman Virus Control  Found W32/OnLineGames.MNK  1'! YAW  
Panda Antivirus  Found Trj/Lineage.FJU  w;8vMtV  
Rising Antivirus  Found Trojan.PSW.Win32.OnlineGames.ypz  ,_~]c'fUS  
Sophos Antivirus  Found Mal/Gampass-A, Mal/Dropper-P   ]@0f^  
VirusBuster  Found Trojan.OnlineGames.Gen.43  w}a(y/  
VBA32  Found MalwareScope.Trojan-PSW.Game.12  8Iw*?G  
uL"U_aLEt  
病毒样本位置： -BQXi$  
http://avfbbs.80port.net/read-htm-tid-18373.html