中国北京时间今天的3400和3401更新的病毒,明列出来的不多,只有以下一些:
NOD32 - v.3401 (20080829)
Virus signature database updates:
Win32/Kryptik.I, Win32/Spy.Agent.NIO, Win32/Spy.Agent.NIP, Win32/TrojanDownloader.FakeAlert.HX
NOD32 - v.3400 (20080829)Virus signature database updates:
Win32/Adware.NaviPromo, Win32/Adware.Vapsup, Win32/Adware.Vapsup.AS, Win32/Agent.ODA (2), Win32/Agent.ODB (2), Win32/AutoRun.KS, Win32/Bagle.PQ (2), Win32/Bagle.PR (3), Win32/Inject.NBM (2), Win32/Kryptik.H, Win32/PSW.OnLineGames.NNM (2), Win32/Sality.NAT, Win32/Spy.Agent.PZ, Win32/Spy.Nuklus.G, Win32/TrojanDropper.Agent.NNA (2), Win32/Virut.BL
但当我进行扫描过往剩下样本的时候,发现小小的清了一次仓:
Scan Log
Version of virus signature database: 3401 (20080829)
Date: 2008-8-30 Time: 9:21:04
Scanned disks, folders and files: F:\virus\
F:\virus\0816-1154[1]\0816-1154\kr3.int3 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\0816-1154[1]\0816-1154\upAYB.int2 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\1[1]\1.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\install_player\install_player.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\sysdrvwin\sysdrvwin.exe - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\systhosts\systhosts.exe - a variant of Win32/Kryptik.H trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\test20[1]\18 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\test20[1]\4 - probably a variant of Win32/Inject trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\x6\schrars.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-3-3.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-4-0.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-4-2.exe - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-0.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-2.exe - probably a variant of Win32/TrojanClicker.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-5.exe - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A2-23.exe - probably a variant of Win32/Qhost trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A2-51.exe - probably a variant of Win32/TrojanDownloader.Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.24\Kafan VirList[080823]\Kafan VirList[080823]\080823-1-2.exe » ASPack v2.12 - unpack error
F:\virus\8.24\Kafan VirList[080823]\Kafan VirList[080823]\080823-A1-95.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.29\abc\abc.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.163840.B9E15191.v.VaildPE.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.45568.61623543.v.VaildPE.exe - a variant of Win32/Kryptik.H trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.l.705024.468A5C1E.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Bifrose.81408.ED7DC507.v - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Bifrose.92672.DB7F0D8A.v - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.1159168.F88DAB5C.v.VaildPE.exe » ASPack v2.12 - unpack error
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.392704.3BDA0B96.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.81920.D6784260.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.839680.AA8B5D27.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.IRCBot.41984.0063CA11.v.VaildPE.exe - probably a variant of Win32/IRCBot trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Jusi.gq.380928.4D27E2FB.v.VaildPE.exe - probably a variant of Win32/Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\d\f.exe - probably a variant of Win32/TrojanClicker.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0056.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0057.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0065.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0067.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0079.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0089.exe@ - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0101.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0119.exe@ - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0246.exe@ - probably a variant of Win32/Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0260.exe@ - probably a variant of Win32/Rootkit trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0800.exe@ - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\10C57287 - probably a variant of Win32/DNSChanger trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\121D28CD - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\131C518 - probably a variant of Win32/TrojanProxy.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\17F8C1C2 - probably a variant of Win32/Adware.Virtumonde application - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\2C46BF72 - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\2F07B9F7 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\3025D0BB - probably a variant of Win32/TrojanDownloader.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\31DA4FC2 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\43928177 - probably a variant of Win32/TrojanDownloader.Small trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\5536282E - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\5B17CE4C - probably a variant of Win32/TrojanDownloader.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\67FE73A9 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\6AA4AEE7 - probably a variant of Win32/Inject trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\6BD7F9D5 - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7074C68F - probably a variant of Win32/TrojanDropper.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\74A489ED - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7833051D - probably a variant of Win32/TrojanProxy.Horst trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7B1FE7A4 - probably a variant of Win32/Spy.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7C623D25 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7D6235DE - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\815810FD - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\85940B2 - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\87533FFC - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\8C402E38 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\8FC65812 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\99F287AC - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\A23AB7E6 - probably a variant of Win32/Rootkit trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\A5305FA6 - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\B222EFF0 - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\B96B596A - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\CCC209F0 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\D2A8B169 - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\DA911919 - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\F0DFB63B - probably a variant of Win32/Small trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\F8A9B3B6 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\FDE0074E - probably a variant of Win32/TrojanDownloader.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\0.exe@ - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\19.exe@ - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\29.exe@ - probably a variant of Win32/TrojanDownloader.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\53.exe@ - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 487
Number of threats found: 81
Number of cleaned objects: 81
Time of completion: 9:29:58 Total scanning time: 534 sec (00:08:54)
Notes:
[1] Object has been deleted as it only contained the virus body.
如大家所见,有一些例如obfuscated木马和灰鸽子,并没有列入更新的名单中,而3399也只是写swizzor(我不太懂得swizzor跟obfuscated的区别)。但之前提到的两次升级,一共有300多kb,是不是就像之前那个8m、10m那样子包含了没有列出来而背后作出的更新??高启引擎没有变化,还是8月3日的。
上面很多probably a variant of 就是通过启发搞出来的,我也想起m以前说过eset根本没入库,只是启发打擦边球。这点有些道理。然而从另外一个角度来说,eset会不会在入库或引擎更新的时候,如果一条好的启发能够使某一堆病毒被probably a variant of 那就算是都入库呢(注意是有probably的)?eset的threatsense会继续收集probably a variant of 或者是a variant of 这两类。genetik也会搜集,但是eq跟我说过那是什么已经侦测的垃圾代码不用上报给他了(当时是上报给他。他一直到现在为了eset对于中国的事情花了很多心血),那收集有什么用呢?很多人也反映过unknown_PE virus软件它自己上报了,半年后还是unknown_PE virus……
但是话说回来,这两次更新值得赞一下哦……启发有进步了一点点……哎eset现在已经不是退步了,而是别的其他很多杀软都进步了(像卡巴2009 100%主防很令我敬佩,但我也觉得主防会为普通不懂电脑的用户造成困扰),eset要加快步伐啊……
[ 本帖最后由 傻猪猪米走鸡 于 2008-8-30 10:43 编辑 ] |