瑞星2008主动防御报的malicious code

宇宙广博

kkgh

瑞星08报了其中的三个，剩下的几个卡7一个报木马外，其余报启发

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 4921
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder

C:\Documents and Settings\uhthn\Desktop\New Folder\avwlast.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\kulionrx.dll - Suspicious of Win32.Trojan-Downloader.Zlob.1
C:\Documents and Settings\uhthn\Desktop\New Folder\logogo.exe - Suspicious of Trojan-PSW.Game.3
C:\Documents and Settings\uhthn\Desktop\New Folder\DbgHlp32.exe - Suspicious of Trojan-PSW.Game.1
C:\Documents and Settings\uhthn\Desktop\New Folder\dat3.tmp - Suspicious of Trojan-Downloader.VB.1
C:\Documents and Settings\uhthn\Desktop\New Folder\dat1C.tmp - Suspicious of Trojan-Downloader.VB.1
C:\Documents and Settings\uhthn\Desktop\New Folder\ravwdmon.exe - Infected with PDB-792 Malware program - Deleted

7 Files scanned
1 Infected files found
6 Suspicious files found
0 Files cured
1 Files deleted

zhourui88

看来瑞星的08新版的主动防御还不错，进步了许多，继续.......

woai_jolin

扫描报告
2007年9月16日 9:28:29 - 9:28:29
计算机名称: C3EF58622174424
扫描类型: 扫描目标
目标: G:\v\瑞星.rar


--------------------------------------------------------------------------------

结果: 找到 4 恶意软件
Trojan-PSW.Win32.WOW.wo (病毒)
G:\v\瑞星.rar\kulionrx.dll
Trojan-PSW.Win32.OnLineGames.cxh (病毒)
G:\v\瑞星.rar\dat3.tmp
G:\v\瑞星.rar\dat1C.tmp
Trojan.Win32.Obfuscated.hw (病毒)
G:\v\瑞星.rar\ravwdmon.exe




--------------------------------------------------------------------------------

统计信息
已扫描:
文件: 8
未扫描: 0
结果:
病毒: 4
间谍软件: 0
可疑项目: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
删除: 0
已隔离: 0
失败: 0
启动扇区:
已扫描: 0
受感染: 0
可疑项目: 0
已杀毒: 0


--------------------------------------------------------------------------------

选项
定义版本:
病毒: 2007-09-15_01
间谍软件: 2007-09-15_01
扫描引擎:
F-Secure AVP: 7.00.171, 2007-09-15
F-Secure Libra: 2.04.01, 2007-09-14
F-Secure Orion: 1.02.37, 2007-09-15
F-Secure Draco: 1.00.35, 2007-09-03
扫描选项:
扫描定义的文件: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
扫描内部存档
操作:
病毒: 扫描后询问
间谍软件: 扫描后询问

fireworld

毒霸扫出来的

coolxll

Antivir
5virus +2 suspicious



AntiVir PersonalEdition Premium
Report file date: 2007年9月16日  10:18

Scanning for 1071077 virus strains and unwanted programs.

Licensed to:      Edogawa Conan
Serial number:    1100683102-PEPWE-0001
Platform:         Windows Vista
Windows version:  (plain)  [6.0.6000]
Username:         Conan
Computer name:    CONAN-PC

Version information:
BUILD.DAT    : 306           17200 Bytes   2007/8/31 13:23:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   2007/8/23 06:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   2007/8/16 05:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes   2007/8/14 08:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes   2007/8/21 05:35:20
ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes   2006/5/31 05:32:40
ANTIVIR1.VDF : 6.39.0.129  7251968 Bytes   2007/7/10 05:32:46
ANTIVIR2.VDF : 6.39.1.120  1918464 Bytes   2007/9/12 13:52:23
ANTIVIR3.VDF : 6.39.1.134   111104 Bytes   2007/9/14 13:52:23
AVEWIN32.DLL : 7.6.0.10    2789888 Bytes   2007/9/14 13:52:24
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2007/2/26 03:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes   2007/7/18 00:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes   2007/4/16 06:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes    2007/8/3 01:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes   2007/7/18 00:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes   2007/8/28 05:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   2007/7/18 00:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes    2007/3/8 04:09:42
RCIMAGE.DLL  : 7.0.1.30    2576424 Bytes    2007/8/7 05:51:06
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   2007/8/21 06:03:18
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   2007/7/23 02:37:21

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\Users\Conan\AppData\Local\Temp\64456112.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007年9月16日  10:18

Starting the file scan:

Begin scan in 'C:\Users\Conan\Desktop\瑞星.rar'
C:\Users\Conan\Desktop\瑞星.rar
  [0] Archive type: RAR
  --> avwlast.exe
      [DETECTION] Contains code of the Windows virus W32/Virut.W
  --> kulionrx.dll
      [DETECTION] Is the Trojan horse TR/PSW.Steal.31232
  --> logogo.exe
      [DETECTION] Contains code of the Windows virus W32/Virut.W
  --> DbgHlp32.exe
      [DETECTION] Contains code of the Windows virus W32/Virut.W
  --> dat3.tmp
      [DETECTION] Contains suspicious code HEUR/Malware
  --> dat1C.tmp
      [DETECTION] Contains suspicious code HEUR/Malware
  --> ravwdmon.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.TF.1
      [INFO]      The file was deleted!


End of the scan: 2007年9月16日  10:18
Used time: 00:09 min

The scan has been done completely.

      0 Scanning directories
      9 Files were scanned
      5 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      4 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

andellm

瑞星08体验报了4个....

绅博周幸

date/time: 2007-9-16 1:13:14
filename: ÈðÐÇ[1].rar
original path: e:\Documents and Settings\fuming1\Local Settings\Temporary Internet Files\Content.IE5\6FON2NE5\
filesize: 185.69 KB
virusname: Trojan-Downloader.Win32.VB.bbi
suggestion: Delete
signatureId: 184786