AV终结者...

显示全部楼层 · 发表于 2007-7-3 15:13:29

Aditional Information

File size: 432065 bytes

MD5: 20f91de4639c55291643f1b6f89c3154

SHA1: dd2e087dffdfa7fcba11e056f37dd0ca0f7269c3

packers: Upack, Upack

packers: UPACK, BINARYRES

packers: RAR, UPack

norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 432065 bytes.

[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:WINDOWS.
* Creates directory C:WINDOWSTEMP.
* Creates directory C:WINDOWSTEMPRarSFX0.
* Creates file C:WINDOWSTEMPRarSFX0ind_50425.exe.
* Creates file C:WINDOWSTEMPRarSFX0oolan94.exe.
* Creates file C:WINDOWSTEMPRarSFX0ad_2207.exe.

[ Changes to registry ]
* Creates key "HKCUSoftwareWinRAR SFX".
* Sets value "C%%Program Files"="C:WINDOWSTEMPRarSFX0" in key "HKCUSoftwareWinRAR SFX".

[ Signature Scanning ]
* C:WINDOWSTEMPRarSFX0ind_50425.exe (20480 bytes) : no signature detection.
* C:WINDOWSTEMPRarSFX0oolan94.exe (111612 bytes) : W32/Suspicious_U.gen.

Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

我朋友昨天中的病毒...不错嘛...搞了我一天,总算搞好了...全部杀毒软件不能安装...后来要手动找病毒改注册表才可以运行装红伞...真郁闷!

出事时候是用卡巴的...

无奈...出事后卡巴消失了....

出事的病毒!!!(可以拿去玩玩,哈!)

显示全部楼层 · 发表于 2007-7-3 16:38:09

因为它修改了系统时间...貌似卡巴斯基一直没有很好的办法对付这个,只有删除修改系统时间的权限.

显示全部楼层 · 发表于 2007-7-8 13:38:52

BitDefender没有发现病毒……郁闷……

显示全部楼层 · 发表于 2007-7-8 15:00:11

NOD32和AVAST可以杀AV啦！？

显示全部楼层 · 发表于 2007-7-9 12:16:24

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

不给我下。。然后发现病毒

显示全部楼层 · 发表于 2007-7-15 17:44:52

tart of the scan: 2007年7月15日  17:43

Starting the file scan:

Begin scan in 'D:\MyTemp\Inetinf.rar'
D:\MyTemp\Inetinf.rar
  [0] Archive type: RAR
--> Inetinf.exe
   [1] Archive type: RAR SFX (self extracting)
   --> bind_50425.exe
      [DETECTION] Is the Trojan horse TR/Dldr.QQHelper.NDD
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-7-20 17:26:54

俺的AVAST!杀了~~~

显示全部楼层 · 发表于 2007-7-20 22:07:48

detected: adware not-a-virus:AdWare.Win32.Boran.ai URL: http://bbs.kafan.cn/attachment.p ... e//stream//data0001

显示全部楼层 · 发表于 2007-7-20 22:09:54

Starting the file scan:

Begin scan in 'F:\病毒样本\Inetinf.rar'
F:\病毒样本\Inetinf.rar
  [0] Archive type: RAR
--> Inetinf.exe
   [1] Archive type: RAR SFX (self extracting)
   --> bind_50425.exe
      [DETECTION] Is the Trojan horse TR/Dldr.QQHelper.NDD
   --> boolan94.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-7-20 22:17:01

扫描开始时间: 2007-7-20 22:16:30
扫描日志
NOD32 版本 2409 (20070720) NT
命令行: C:\Documents and Settings\Martin\桌面\Inetinf.rar
系统内存<病毒 - >

日期: 2007年7月20日时间: 22:16:36
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Martin\桌面\Inetinf.rar
C:\Documents and Settings\Martin\桌面\Inetinf.rar ?RAR ?Inetinf.exe ?RAR ?bind_50425.exe<病毒 - Win32/TrojanDownloader.QQHelper.NCO 木马变种> - 是删除目标的一部分
C:\Documents and Settings\Martin\桌面\Inetinf.rar ?RAR ?Inetinf.exe ?RAR ?ad_2207.exe ?NSIS ?insshell.exe<病毒 - Win32/Adware.Boran 应用程序> - 是删除目标的一部分
已扫描文件数量: 4
已发现病毒数量: 2
已清除病毒的文件数量: 1
完成时间: 22:16:41 总共扫描时间: 5 秒 (00:00:05)

[病毒样本] AV终结者...

本帖子中包含更多资源