[MD5: C980E2]鸽子

显示全部楼层 · 发表于 2007-10-19 14:50:59

卡巴最新结果，认为是鸽子。

[ 本帖最后由 caocao 于 2007-10-19 17:12 编辑 ]

显示全部楼层 · 发表于 2007-10-19 14:56:44

理论来说应该是灰鸽子，在windows文件夹下生成Win_server.exe
但是我运行Win_server.exe发现添加服务之后直接crash了，上报之后是这个回复。。
A listing of files alongside their results can be found below:
File ID       Filename       Size (Byte)       Result
2215760       Win_server.exe       780.72 KB       CLEAN

Please find a detailed report concerning each individual sample below:
Filename       Result
Win_server.exe       CLEAN

The file 'Win_server.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

显示全部楼层 · 发表于 2007-10-19 14:58:07

谢谢，再瞧瞧。

显示全部楼层 · 发表于 2007-10-19 15:30:16

AhnLab-V3 2007.10.19.0 2007.10.18 Win32/NSAnti.suspicious
AntiVir 7.6.0.27 2007.10.18 -
Authentium 4.93.8 2007.10.19 Possibly a new variant of W32/Generic-Malware-based!Maximus
Avast 4.7.1051.0 2007.10.18 -
AVG 7.5.0.488 2007.10.19 BackDoor.Hupigon3.AZF
BitDefender 7.2 2007.10.19 -
CAT-QuickHeal 9.00 2007.10.18 -
ClamAV 0.91.2 2007.10.17 Trojan.Packed-19
DrWeb 4.44.0.09170 2007.10.19 -
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm
eTrust-Vet 31.2.5220 2007.10.18 -
Ewido 4.0 2007.10.18 -
FileAdvisor 1 2007.10.19 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.19 W32/Generic-Malware-based!Maximus
F-Secure 6.70.13030.0 2007.10.19 W32/Hupigon.gen67
Ikarus T3.1.1.12 2007.10.19 Backdoor.Win32.Agent.ahj
Kaspersky 7.0.0.125 2007.10.19 -
McAfee 5144 2007.10.18 New Malware.bl
Microsoft 1.2908 2007.10.19 TrojanDropper:Win32/Hupigon.gen!A
NOD32v2 2601 2007.10.18 -
Norman 5.80.02 2007.10.18 W32/Hupigon.gen67
Panda 9.0.0.4 2007.10.18 -
Prevx1 V2 2007.10.19 Malware.Gen
Rising 19.45.41.00 2007.10.19 -
Sophos 4.22.0 2007.10.19 Mal/GrayBird
Sunbelt 2.2.907.0 2007.10.18 -
Symantec 10 2007.10.19 -
TheHacker 6.2.9.098 2007.10.19 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.18 -
Webwasher-Gateway 6.6.1 2007.10.19 Win32.Malware.gen (suspicious)

显示全部楼层 · 发表于 2007-10-19 15:40:38

nSPack 2.1 - 2.5

跑不起来

显示全部楼层 · 发表于 2007-10-19 15:45:40

还是上报卡巴看看吧

显示全部楼层 · 发表于 2007-10-19 15:48:59

嗯，正在等卡巴的回复。

显示全部楼层 · 发表于 2007-10-19 17:11:03

Hello,

update.exe_ - Backdoor.Win32.Hupigon.sxd

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Dmitry Shvetsov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2007-10-19 17:53:13

fs 报

显示全部楼层 · 发表于 2007-10-19 18:10:44

C:\ABC\样本\update.exe - 特征码 'Backdoor.Win32.Agent.ahj' 被发现

1 文件被扫描
(0 压缩档 0 文件)
1 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.015

F-PROT Antivirus version 6.2.1
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.3.3.49
Virus signatures: 200710182254b2ac0f29b5bd19f5ec2abdb035cc10af
(C:\Documents and Settings\All Users.WINDOWS\Application Data\FRISK Software\F-PROT Antivirus for Windows\antivir.def)

[Found possible virus] <W32/Generic-Malware-based!Maximus> C:\ABC\样本\update.exe

Results:

Files: 1
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 1
Infected objects: 1
Files with errors: 0
Disinfected: 0

Running time: 00:02

[病毒样本] [MD5: C980E2]鸽子

本帖子中包含更多资源

回复 2楼 mofunzone 的帖子

回复 6楼 wangjay1980 的帖子

浏览过的版块