唉，三个月前采摘的病毒，至今卡巴不报...[DD6718]

显示全部楼层 · 发表于 2007-7-27 09:55:53

下面这个U盘病毒是我五一期间帮同学整机时采摘的。看到病毒名rising.exe，想到是常见的病毒，没有理它。直到昨天整理样本时才发现，三个月啦，至今卡巴不报...失望啊...

显示全部楼层 · 发表于 2007-7-27 09:59:59

D:\download\t3\rising.rar:\rising.exe - Signature 'Backdoor.Win32.Agent.ahj' found
D:\download\t3\rising.rar:\autorun.inf
D:\download\t3\rising.rar

3 Files scanned
(1 Archive with 2 files)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.010

显示全部楼层 · 发表于 2007-7-27 10:00:14

F:\rising[1].exe.rar:<RAR>\rising.exe : is suspected of Embedded.Trojan.Popwin

显示全部楼层 · 发表于 2007-7-27 10:01:03

--> rising.exe
[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.ahj.313 Backdoor server programs

显示全部楼层 · 发表于 2007-7-27 10:01:28

fscs pass

显示全部楼层 · 发表于 2007-7-27 10:03:24

反病毒引擎版本最后更新扫描结果AhnLab-V32007.7.27.02007.07.26Win-Trojan/Xema.variantAntiVir7.4.0.502007.07.26BDS/Agent.ahj.313Authentium4.93.82007.07.26-Avast4.7.997.02007.07.27Win32:Agent-HDLAVG7.5.0.4762007.07.27Agent.BAUBitDefender7.22007.07.27Dropped:Backdoor.Agent.AHJCAT-QuickHeal9.002007.07.26(Suspicious) - DNAScanClamAV0.912007.07.26Trojan.Agent-3017DrWeb4.332007.07.27-eSafe7.0.15.02007.07.24suspicious Trojan/WormeTrust-Vet31.1.50082007.07.26-Ewido4.02007.07.26Downloader.Small.emiFileAdvisor12007.07.27-Fortinet2.91.0.02007.07.26W32/Agent.NEO!trF-Prot4.3.2.482007.07.26W32/SecRisk-ProcessPatcher-Sml-based!MaximusF-Secure6.70.13030.02007.07.27W32/Malware.PHTIkarusT3.1.1.82007.07.27Backdoor.Win32.Agent.ahjKaspersky4.0.2.242007.07.27-McAfee50842007.07.26New Malware.ceMicrosoft1.27042007.07.27Backdoor:Win32/Popwin.gen!CNOD32v224242007.07.26probably a variant of Win32/Agent.NEONorman5.80.022007.07.26W32/Malware.PHTPanda9.0.0.42007.07.26Suspicious fileRising19.33.40.002007.07.27Trojan.DL.Delf.ylwPrevx1V22007.07.27-Sophos4.19.02007.07.26Mal/EncPk-AISunbelt2.2.907.02007.07.26VIPRE.SuspiciousSymantec102007.07.27W32.PopwinTheHacker6.1.7.1552007.07.27Backdoor/Agent.ahjVBA323.12.2.12007.07.24suspected of Embedded.Trojan.PopwinVirusBuster4.3.26:92007.07.27Backdoor.Agent.UQN.GenWebwasher-Gateway6.5.32007.07.26Trojan.Agent.ahj.313附加信息File size: 15921 bytesMD5: dd6718a760022d0950b9605e08f7fa85SHA1: 5a8bc9565e99853200555ce4b579d0b7fbdf7800packers: NsPack, NsPack

显示全部楼层 · 发表于 2007-7-27 10:03:47

金山报1个,费尔发现一个病毒,一个后门

微点:
蠕虫名称:Worm.Win32.Agent.afq

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\RISING.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
autorun又是隐藏文件
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
写的什么意思啊

显示全部楼层 · 发表于 2007-7-27 10:05:12

揭露一下,LZ下面那个四川民生药业网有而已代码,点会弹出很多框,网

显示全部楼层 · 发表于 2007-7-27 10:28:25

Kaspersky Anti-Virus 7.0
The requested URL http://bbs.kafan.cn/attachment.php?aid=105573 is infected with Trojan.Generic virus
卡巴对这类病毒不是很敏感

显示全部楼层 · 发表于 2007-7-27 10:47:49

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.DL.Delf.ylw

用户来源：局域网

软件版本：19.33.32

瑞星最恨有病毒和他名字一样，杀的比任何病毒都快

[病毒样本] 唉，三个月前采摘的病毒，至今卡巴不报...[DD6718]

本帖子中包含更多资源

浏览过的版块