扫描我的电脑时发现的

显示全部楼层 · 发表于 2007-11-18 06:18:46

昨晚无聊，搞了一次全盘扫描，以测试我不开杀毒软件的安全情况，C:\Documents and Settings\All Users\Favorites 中卡巴将一个plugin文件加中文件报马，顺藤摸瓜，找到了这个
AhnLab-V3 2007.11.17.0 2007.11.16 -
AntiVir 7.6.0.34 2007.11.16 TR/Delf.18944
Authentium 4.93.8 2007.11.17 -
Avast 4.7.1074.0 2007.11.17 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.11.17 -
BitDefender 7.2 2007.11.17 -
CAT-QuickHeal 9.00 2007.11.17 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.17 -
DrWeb 4.44.0.09170 2007.11.17 DLOADER.Trojan
eSafe 7.0.15.0 2007.11.14 Win32.Virut.b
eTrust-Vet 31.2.5304 2007.11.17 -
Ewido 4.0 2007.11.17 -
FileAdvisor 1 2007.11.17 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.16 -
F-Secure 6.70.13030.0 2007.11.17 -
Ikarus T3.1.1.12 2007.11.17 Packed.Win32.Klone.af
Kaspersky 7.0.0.125 2007.11.17 -
McAfee 5165 2007.11.16 New Malware.aq
Microsoft 1.3007 2007.11.17 -
NOD32v2 2665 2007.11.17 probably a variant of Win32/Genetik
Norman 5.80.02 2007.11.16 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.11.17 Suspicious file
Prevx1 V2 2007.11.17 W32.Malware.gen
Rising 20.18.51.00 2007.11.17 Trojan.DL.Win32.Agent.bds
Sophos 4.23.0 2007.11.17 Mal/Packer
Sunbelt 2.2.907.0 2007.11.17 -
Symantec 10 2007.11.17 -
TheHacker 6.2.9.133 2007.11.17 W32/Behav-Heuristic-063
VBA32 3.12.2.5 2007.11.16 BackDoor.Pigeon.775
VirusBuster 4.3.26:9 2007.11.17 Packed/NSPack
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.Delf.18944

显示全部楼层 · 发表于 2007-11-18 06:19:57

似乎是个新品，高手确认后赶紧上报去换奖品

显示全部楼层 · 发表于 2007-11-18 06:21:14

已报给kaspersky了
就不要重复上报

显示全部楼层 · 发表于 2007-11-18 06:27:54

怎么不能直接上传附件？dll已报毒

[ 本帖最后由 jehovah_king 于 2007-11-18 06:30 编辑 ]

显示全部楼层 · 发表于 2007-11-18 06:29:53

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\wanzheng.rar'
C:\Users\morgan\Documents\
  wanzheng.rar
[0] Archive type: RAR
--> wanzheng\netservice.exe
      [DETECTION] Is the Trojan horse TR/Delf.18944
      [WARNING] Infected files in archives cannot be repaired!
--> wanzheng\plugin\001.dll
      [DETECTION] Is the Trojan horse TR/Delf.18944
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-11-18 06:32:20

newvirus@kaspersky.com  致我
显示详细信息  6:21 (9分钟前)

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: avp.zip

>
>  ???????????????????x 7

卡巴就是速度快

显示全部楼层 · 发表于 2007-11-18 07:29:54

KILL PASS

显示全部楼层 · 发表于 2007-11-18 07:32:00

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:31:53 2007-11-18

+ Scan result:

C:\Documents and Settings\Administrator\桌面\wanzheng.rar/wanzheng\plugin\001.dll -> Backdoor.Delf.bqe : No action taken.

::Report end

显示全部楼层 · 发表于 2007-11-18 09:03:49

D:\firefox下载的文件\wanzheng.rar » RAR » wanzheng\netservice.exe - probably a variant of Win32/Genetik trojan
D:\firefox下载的文件\wanzheng.rar » RAR » wanzheng\plugin\001.dll » UPX v12_m2_dll - is OK

显示全部楼层 · 发表于 2007-11-18 09:48:21

卡巴说这不是病毒

[病毒样本] 扫描我的电脑时发现的

本帖子中包含更多资源

发个完整的（即exe+dll)

本帖子中包含更多资源

回复 6楼 jehovah_king 的帖子

浏览过的版块