应该是新的后门程序，两个，MD5略了

显示全部楼层 · 发表于 2007-7-15 20:32:41

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B64X7CKM\virus[1].rar\1.exe\data001 - probably infected with NSPACK
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B64X7CKM\virus[1].rar\2.exe\data001 - infected with BackDoor.Rpcs

Archive contains 2 infected items

显示全部楼层 · 发表于 2007-7-15 20:33:15

probably infected with NSPACK

显示全部楼层 · 发表于 2007-7-15 20:57:40

原帖由 promised 于 2007-7-15 20:33 发表
probably infected with NSPACK

这个是蜘蛛吧..

显示全部楼层 · 发表于 2007-7-15 20:59:42

Hello,

1.exe_,
2.exe_ - Trojan-Clicker.Win32.BHO.n

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Dmitry Shvetsov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: virus.rar

显示全部楼层 · 发表于 2007-7-15 21:00:20

BETA版不是这么报的
1.exe\data001;C:\ABC\virus.rar\1.exe;Probably WIN.WORM.Virus;;
1.exe;C:\ABC\virus.rar;Archive contains infected objects;;
2.exe\data001;C:\ABC\virus.rar\2.exe;BackDoor.Rpcs;;
2.exe;C:\ABC\virus.rar;Archive contains infected objects;;
virus.rar;C:\ABC;Archive contains infected objects;;

显示全部楼层 · 发表于 2007-7-15 21:00:32

1.exe,
2.exe_ - Trojan-Clicker.Win32.BHO.n,

显示全部楼层 · 发表于 2007-7-15 21:07:45

Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// 创建在: 15/07/2007 15:07:55
//
//-----------------------------------------------------------------

病毒统计

扫描路径 : D:\下载文件夹\virus.rar
文件夹 : 0
文件 : 4
存档 : 1
被压缩的文件 : 1
被识别的病毒 : 2
被感染文件 : 2
警告 : 0
可疑文件 : 0
被清除过的文件 : 0
被删除的文件 : 2
已拷贝的文件 : 0
被移动的文件 : 0
被重命名的文件 : 0
I/O 错误 : 0
扫描时间 : 00:00:04
扫描速度(文件/秒) : 1

病毒定义 : 859525787

显示全部楼层 · 发表于 2007-7-15 21:23:12

红伞挂,上报

显示全部楼层 · 发表于 2007-7-15 21:31:51

AhnLab-V3	2007.7.14.0	2007.07.14	no virus found
AntiVir	7.4.0.39	2007.07.13	no virus found
Authentium	4.93.8	2007.07.13	no virus found
Avast	4.7.997.0	2007.07.13	Win32:BHO-FG
AVG	7.5.0.476	2007.07.14	no virus found
BitDefender	7.2	2007.07.15	DeepScan:Generic.PWS.WoW.6A6E96F8
CAT-QuickHeal	9.00	2007.07.14	(Suspicious) - DNAScan
ClamAV	devel-20070416	2007.07.15	no virus found
DrWeb	4.33	2007.07.15	Win32.HLLW.MyBot
eSafe	7.0.15.0	2007.07.10	Suspicious Trojan/Worm
eTrust-Vet	30.8.3784	2007.07.14	no virus found
Ewido	4.0	2007.07.14	no virus found
FileAdvisor	1	2007.07.15	no virus found
Fortinet	2.91.0.0	2007.07.14	no virus found
F-Prot	4.3.2.48	2007.07.13	no virus found
Ikarus	T3.1.1.8	2007.07.15	BehavesLikeWin32.ExplorerHijack
Kaspersky	4.0.2.24	2007.07.15	no virus found
McAfee	5074	2007.07.13	no virus found
Microsoft	1.2704	2007.07.15	no virus found
NOD32v2	2399	2007.07.14	no virus found
Norman	5.80.02	2007.07.13	no virus found
Panda	9.0.0.4	2007.07.15	Suspicious file
Sophos	4.19.0	2007.07.06	no virus found
Sunbelt	2.2.907.0	2007.07.14	VIPRE.Suspicious
Symantec	10	2007.07.15	no virus found
TheHacker	6.1.6.146	2007.07.13	no virus found
VBA32	3.12.0.2	2007.07.14	no virus found
VirusBuster	4.3.23:9	2007.07.14	no virus found
Webwasher-Gateway	6.0.1	2007.07.15	Win32.Malware.gen#PECompact (suspicious)

显示全部楼层 · 发表于 2007-7-15 21:58:04

微点报:Trojan-PSW.Win32.QQRob.cnl Trojan-PSW.Win32.Legendmir.yj

[病毒样本] 应该是新的后门程序，两个，MD5略了

回复 #11 1688388728 的帖子

回复 #13 hj5abc 的帖子