MD5: 7C9B40]

自由

AVG	7.5.48.442	269.13.7/992	2007-09-06	Generic7.FNH	1.438
BitDefender	7.60825.867651	7.14658	2007-09-07	DeepScan:Generic.Sdbot.2CBDDFAF	5.374

IKARUS

T3.1.1.12

2007.09.07.69465

2007-09-07

Generic.Sdbot

1.266

NOD32

2.70.8

2512

2007-09-07

probably a variant of Win32/Packed.Themida application

8.891

QuickHeal

9.00

2007.09.07

2007-09-07

Backdoor.SdBot.gen

2.513

The Hacker

6.1.9

v00180

2007-09-06

W32/Behav-Heuristic-064

0.683

VirusBuster

4.3.19:9

9.103.1/11.0

2007-09-07

Worm.RBot.ONZ

1.570

小红伞

7.6.0.5

6.39.1.104

2007-09-07

Worm/Sdbot.406528.1

2.289

趋势

8.500-1001

4.701.00

2007-09-06

TROJ_Generic.A

0.037

熊猫卫士

9.04.03.0001

2007.09.06

2007-09-06

Suspicious file

3.506

kaba  Hello,
mravsc32.exe_ - Backdoor.Win32.SdBot.bvt
New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.
微点也杀。。。。。。

1688388728

-09-08 00:31:05    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:05    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:05    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:20    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:20    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:20    创建文件      操作:阻止
进程路径:D:\病毒库\样本\mravsc32.exe
文件路径:C:\WINDOWS\system32\dllcache\mravsc32.exe
触发规则:所有程序规则->文件规则->%systemdrive%\*.exe


2007-09-08 00:31:20    安装服务或者驱动      操作:阻止
进程路径:C:\WINDOWS\system32\services.exe
文件路径:"C:\WINDOWS\system32\dllcache\mravsc32.exe"
触发规则:所有程序规则->*

平淡

费尔又挂了。。

taihuxian

HEUR/Crypted

残缺的唯美

扫描进行于：2007-9-8 6:52:35
扫描日志
NOD32版本 2513 (20070907) NT
命令行： D:\Documents and Settings\EKINCHENG\桌面\样本.rar

日期： 8.9.2007  时间：06:52:38
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：D:\Documents and Settings\EKINCHENG\桌面\样本.rar
D:\Documents and Settings\EKINCHENG\桌面\样本.rar >>RAR >>mravsc32.exe - 可能是 Win32/Packed.Themida 应用程序 的一个变种
已扫描的文件数目：2
已发现的病毒数目：1
已清除病毒的文件数目：1
完成时间： 06:52:52 总扫描时间：14 秒 (00:00:14)

红心王子

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\样本.rar'
C:\Documents and Settings\Administrator\桌面\样本.rar
  [0] Archive type: RAR
  --> mravsc32.exe
      [DETECTION] Contains detection pattern of the worm WORM/Sdbot.406528.1
      [INFO]      The file was deleted!


End of the scan: 2007年9月8日  08:11
Used time: 00:10 min

The scan has been done completely.

      0 Scanning directories
      2 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

残缺的唯美

The requested URL http://bbs.kafan.cn/attachment.php?aid=125031 is infected with Backdoor.Win32.SdBot.bvt virus

king6808

检测到：木马程序 Backdoor.Win32.SdBot.bvt        URL: http://bbs.kafan.cn/attachment.php?aid=125031//mravsc32.exe