对卡巴斯基互联网安全套装7.0表示失望，35个

绅博周幸

RT，今天中了U盘病毒，系统时间被改，KIS7的三层防护（病毒码，启发开到最高，主动防御全开）全部没有拦住这个U盘病毒（因为卡巴已经显示过期，看来还是时间漏洞啊），结果U盘病毒劫持了系统映象并且大量的下载木马，于是我断开网络，格式化系统，结果还是没有用（因为劫持了系统映象，所以除非低格硬盘，一般格式化没用，就算是你重做系统病毒依然存在）。没办法这个U盘病毒真是阴魂不散，下了360专杀把U盘病毒搞定，又在安全模式下隔离了35个下载下来的样本，现在把35个样本分享一下，U盘病毒样本已经被杀掉了，样本没了，但是至少说明卡巴7.0是不安全的（只要卡巴不解决时间漏洞）。

绅博周幸

Starting the file scan:

Begin scan in 'C:\Documents and Settings\wang\My Documents\新建文件夹\新建文件夹.rar'
C:\Documents and Settings\wang\My Documents\新建文件夹\新建文件夹.rar
  [0] Archive type: RAR
  --> jh0619[1].exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> mh0618[1].exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> mosou.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> MsIMMs32.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> MsIMMs32.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> my0616[1].exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> nslookupi.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.alh.14 Backdoor server programs
  --> nwizdh.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> nwizqjsj.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> nwizqjsj.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> nwizwlwzs.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> nwizwlwzs.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> nwizwmgjs.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> nwizwmgjs.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> nwizzhuxians.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> nwizzhuxians.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> qj0617[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> TIMHost.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> TIMHost.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> tl0619[1].exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> vod[1].exe
      [DETECTION] Is the Trojan horse TR/Drop.Small.axi
  --> wd0618[1].exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> WinForm.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> WinForm.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> wl0618[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> wm0612[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> wow0617[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> zt0616[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> ztinetzt.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> zx0616[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> 8B105054.DLL
      [DETECTION] Contains suspicious code HEUR/Malware
  --> AVPSrv.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> AVPSrv.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> dh0616[1].exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGam.QW
  --> dh2104.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was deleted!


End of the scan: 2007年6月30日  07:20
Used time: 00:14 min

The scan has been done completely.

      0 Scanning directories
     36 Files were scanned
     35 viruses and/or unwanted programs were found

还是红伞好啊

The EQs

Scan performed at: 2007-6-30 7:21:03
Scanning Log
NOD32 version 2364 (20070629) NT
Command line: C:\Documents and Settings\EQ2\桌面\新建文件夹.rar
Operating memory - is OK

Date: 30.6.2007  Time: 07:21:08
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\新建文件夹.rar
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?mh0618[1].exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?mosou.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?MsIMMs32.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?MsIMMs32.dll - a variant of Win32/PSW.OnLineGames.NBZ trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?my0616[1].exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nslookupi.exe - Win32/Agent.NEM trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nwizdh.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nwizqjsj.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nwizwlwzs.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nwizwmgjs.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?nwizzhuxians.exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?qj0617[1].exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?TIMHost.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?tl0619[1].exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?vod[1].exe - Win32/TrojanDropper.Delf.NEG trojan - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?wd0618[1].exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?WinForm.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?WinForm.dll - a variant of Win32/PSW.OnLineGames.NBZ trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?wl0618[1].exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?wm0612[1].exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?wow0617[1].exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?zt0616[1].exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?ztinetzt.exe - a variant of Win32/PSW.Agent.NEW trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?zx0616[1].exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?8B105054.DLL - probably a variant of Win32/Agent.NEO trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?AVPSrv.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?AVPSrv.dll - a variant of Win32/PSW.OnLineGames.NBZ trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?dh0616[1].exe - a variant of Win32/PSW.OnLineGames.RC trojan
C:\Documents and Settings\EQ2\桌面\新建文件夹.rar ?RAR ?dh2104.dll - a variant of Win32/PSW.OnLineGames.NCC trojan
Number of scanned files: 36
Number of threats found: 29
Number of files cleaned: 1
Time of completion: 07:21:12 Total scanning time: 4 sec (00:00:04)

mofunzone

我看很多人都在forum.kaspersky.com上说道时间这个问题，但是都说kav的hips可以防御的，你没看见提示还是怎么？？

金剑

风暴胜者是垃圾

[ 本帖最后由 金剑 于 2007-6-30 20:27 编辑 ]

红心王子

别神话了卡巴
失守是常有的事
狮子吃掉22个虫子

金剑

风暴胜者是垃圾

[ 本帖最后由 金剑 于 2007-6-30 20:27 编辑 ]

aerbeisi

卡巴31个。

绅博周幸

原帖由 mofunzone 于 2007-6-30 07:23 发表
我看很多人都在forum.kaspersky.com上说道时间这个问题，但是都说kav的hips可以防御的，你没看见提示还是怎么？？

主动防御是在卡巴还能运行的时候才有用，现在病毒上来就是先把卡巴给禁止了，主动防御也禁止了，然后才做进一步破坏的，所以说卡巴那个主动防御在时间漏洞前面不堪一击

绅博周幸

原帖由 aerbeisi 于 2007-6-30 07:32 发表
卡巴31个。

卡巴最关键的时间漏洞啊，那个U盘病毒自动修改时间，加入启动项，只要开机时间就被改为1993年，卡巴开机就死了，那还管下载下来的木马啊，而且下载下来的都是盗号的