8个马,md5内见

显示全部楼层 · 发表于 2007-9-2 08:40:54

文件: E:\Downloads\01.exe
大小: 16200 字节
MD5: 5066F244FF7998C1FA71FBFD20D1871D
文件: E:\Downloads\02.exe
大小: 12884 字节
MD5: 806F93D8BC925DA0F1FD2CFFEA6D5373
文件: E:\Downloads\03.exe
大小: 17436 字节
MD5: 0F3D9A3CCFF65D82E3950DB381B51D2F
文件: E:\Downloads\04.exe
大小: 15124 字节
MD5: 4BD17E00A648745DDACD6E39DD9BBEF4
文件: E:\Downloads\05.exe
大小: 14820 字节
MD5: 438CD0FB3E048B37A60A857BEDE8BDD0
文件: E:\Downloads\06.exe
大小: 33433 字节
MD5: 89651D45EAB46D75D7AFE5F55EF88008
文件: E:\Downloads\07.exe
大小: 16992 字节
MD5: DF3DA294521AE41CD6AF61E9E18F811C
文件: E:\Downloads\08.exe
大小: 16000 字节
MD5: B37D106A4DAF092A657D7BC1E2A0D64D

显示全部楼层 · 发表于 2007-9-2 08:41:58

MicroVita AntiSpyware 100 C
_____________________________________________

         风暴微塔反间谍
[强力查杀各种Win32位的病毒,木马,蠕虫,恶意软件]
               http://221.10.254.214/
----------------------------------------------
开始扫描……

正在检查启动……
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\08.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\02.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\03.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\04.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\05.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\06.exe]
                  …………特征码引擎[1]发现病毒
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\07.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
[C:\Documents and Settings\Administrator\桌面\virus\Downloads\01.exe]
                  …………引擎[2]发现病毒:Win32.Unknow
文件数:8 病毒数:8  比重:1
OK  扫描完毕！

显示全部楼层 · 发表于 2007-9-2 08:42:06

Starting the file scan:

Begin scan in 'F:\病毒样本\Downloads.rar'
F:\病毒样本\Downloads.rar
  [0] Archive type: RAR
  --> 08.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 02.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 03.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 04.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 05.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 06.exe
   [DETECTION] Contains signature of the dropper DR/Delphi.Gen
  --> 07.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 01.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-2 08:42:42

不愧是报壳王

显示全部楼层 · 发表于 2007-9-2 08:44:15

咖啡也8个全报。。。

显示全部楼层 · 发表于 2007-9-2 08:48:54

已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/08.exe//PE_Patch//UPack
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/02.exe//PE_Patch//UPack
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/03.exe//PE_Patch//UPack
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/04.exe//PE_Patch//UPack
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/07.exe//PE_Patch//UPack
已隔离: 病毒 Heur.Trojan.Generic (变种) 文件: J:\Downloads.rar/01.exe//PE_Patch//UPack

卡巴 7.0.0.125 高启发报6个。

显示全部楼层 · 发表于 2007-9-2 08:52:33

kv2008只报1个

显示全部楼层 · 发表于 2007-9-2 09:06:38

脱壳就是不如报壳方便啊
脱出来了还要看病毒库有没有

Scanning Log
NOD32 version 2497 (20070901) NT
Command line: R:\Downloads.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Date: 2.9.2007  Time: 09:04:49
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\Downloads.rar
R:\Downloads.rar ?RAR ?08.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\Downloads.rar ?RAR ?02.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\Downloads.rar ?RAR ?03.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\Downloads.rar ?RAR ?04.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\Downloads.rar ?RAR ?06.exe - a variant of  ?
?Win32/AutoRun.Q worm
R:\Downloads.rar ?RAR ?07.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
R:\Downloads.rar ?RAR ?01.exe - probably a variant of  ?
?Win32/PSW.OnLineGames.NEP trojan
Number of scanned files: 8
Number of threats found: 7
Time of completion: 09:04:51 Total scanning time: 2 sec  ?
?(00:00:02)

显示全部楼层 · 发表于 2007-9-2 09:07:43

原帖由 风野胤 于 2007-9-2 09:06 发表
脱壳就是不如报壳方便啊
脱出来了还要看病毒库有没有

Scanning Log
NOD32 version 2497 (20070901) NT
Command line: R:\Downloads.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not ...

就象是某个杀软那样脱了半天FOUND NOTHING

显示全部楼层 · 发表于 2007-9-2 10:15:44

Hello,

01.exe_ - Trojan-PSW.Win32.OnLineGames.bkr,
02.exe_ - Trojan-Downloader.Win32.Small.fjk,
03.exe_ - Trojan-Downloader.Win32.Agent.csd,
04.exe_ - Trojan-PSW.Win32.OnLineGames.bko,
05.exe_ - Trojan-PSW.Win32.Agent.pc,
06.exe_ - Backdoor.Win32.WinterLove.bi,
07.exe_ - Trojan-PSW.Win32.OnLineGames.bkq,
08.exe_ - Trojan-Downloader.Win32.Small.fjm

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

[病毒样本] 8个马,md5内见

本帖子中包含更多资源