[病毒样本] 2

显示全部楼层 · 发表于 2007-11-27 15:25:37

金山 nothing has been found

显示全部楼层 · 发表于 2007-11-27 15:26:41

Starting the file scan:

Begin scan in 'E:\桌面.rar'
E:\桌面.rar
  [0] Archive type: RAR
  --> gdisvc.exe
   [DETECTION] Contains suspicious code HEUR/Malware
  --> top.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Sma.30048.B
   [INFO]    The file was deleted!

已上报~

[ 本帖最后由 Graybird 于 2007-11-27 15:33 编辑 ]

显示全部楼层 · 发表于 2007-11-27 15:28:01

学校的nod报

显示全部楼层 · 发表于 2007-11-27 15:31:17

掃描結果 :	56%的防毒軟體(20/36)報告發現病毒
時間 :	2007/11/27 15:27:21 (HKT)

軟體名稱	引擎版本	特徵庫版本	特徵庫日期	掃描結果	時間
a-squared	3.0.0.126	2007.11.26	2007-11-26	-	2.900
AhnLab V3	2007.11.24.00	2007.11.24	2007-11-24	-	0.929
Arcavir	1.0.4	200711262202	2007-11-26	Heur.Win32.I	1.754
Avast	1.0.8	071125-0	2007-11-25	-	4.707
AVG	7.5.49.442	269.16.8/1153	2007-11-26	-	2.454
BitDefender	7.60825.956698	7.15980	2007-11-27	BehavesLike:Trojan.ShellHook	4.135
CA(VET)	9.0.0.143	31.3.5329	2007-11-27	-	0.805
ClamAV	0.91.2	4928	2007-11-27	PUA.Packed.UPack-2	0.249
Comodo	2.11	2.0.0.356	2007-11-27	-	1.413
CP Secure	1.1.0.655	2007.11.27	2007-11-27	-	5.334
ewido	4.0.0.2	2007.11.25	2007-11-25	-	2.386
F-Port	4.4.1.52	20071127	2007-11-27	Possible W32/Heuristic-162!Eldorado (damaged, not disinfectable)	3.438
F-SECURE	5.51.6100	2007.11.26.07	2007-11-26	-	0.317
Fortinet	2.81-3.11	8.422	2007-11-26	Suspicious	2.519
IKARUS	T3.1.01.15	2007.11.26.69895	2007-11-26	Virus.Win32.VB.FGK	1.402
MKS_VIR	2.01	2007.11.27	2007-11-27	Heur.Win32	5.862
NOD32	2.70.10	2687	2007-11-26	a variant of Win32/TrojanDownloader.Satray.AA trojan	0.509
nProtect	2007-11-26.01	1062855	2007-11-26	Trojan-Downloader/W32.Zlob.14820	10.165
Prevx	V2	20071127	2007-11-27	W32.MALWARE.GEN	9.282
QuickHeal	9.00	2007.11.26	2007-11-26	Suspicious - DNAScan	3.610
Rising	19.0	20.20.10.00	2007-11-27	-	2.040
SOPHOS	2.49.1	4.21	2007-11-27	Mal/Packer	7.172
The Hacker	6.2.9	v00142	2007-11-26	W32/Behav-Heuristic-060	1.056
VBA32	3.12.2.5	20071126.1048	2007-11-26	-	10.282
ViRobot	20071126	2007.11.26	2007-11-26	-	0.757
VirusBuster	4.3.19:9	9.115.11/11.0	2007-11-26	Packed/Upack	3.715
卡巴斯基	5.5.10	2007.11.27	2007-11-27	-	14.313
大蜘蛛	4.44.0.9170	2007.11.26	2007-11-26	Trojan.DownLoader.origin	5.370
小紅傘	7.6.0.35	7.0.1.9	2007-11-26	TR/Dldr.Sma.30048.B	2.520
江民科技	10.00.650	2007.11.26	2007-11-26	-	1.257
熊貓	9.04.03.0001	2007.11.26	2007-11-26	Suspicious file	3.736
諾曼	5.91.08	5.90	2007-11-25	W32/Suspicious_U.gen	15.618
賽門鐵克	1.3.0.24	20071126.021	2007-11-26	-	0.378
趨勢科技	8.500-1001	4.850.03	2007-11-26	TROJ_SATRAY.AD	0.083
邁克菲	5.2.00	5171	2007-11-26	New Malware.aj	8.238
金山毒霸	2007.6.20.249	2007.11.27	2007-11-27	-	1.661

注意: 就算報告發現病毒，也可能是防毒軟體誤報，請根據檢查結果自行判斷

http://virscan.org/report/a979563a7d51ab1c05d9f03027698125.html

已上报给卡巴

显示全部楼层 · 发表于 2007-11-27 15:41:48

detected: virus Heur.Invader (modification) URL: http://bbs.kafan.cn/attachment.p ... xe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-11-27 15:41:58

symantec:
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:

filename: top.exe
machine: Machine
result: This file is detected as Downloader. http://www.symantec.com/avcenter/venc/data/downloader.html

显示全部楼层 · 发表于 2007-11-27 15:42:05

检测到：病毒 Heur.Invader (修改) 文件　: F:\du\桌面.rar/top.exe//PE_Patch//UPack

显示全部楼层 · 发表于 2007-11-27 15:47:24

C:\��.rar\gdisvc.exe - infected with Trojan.Click.4645
C:\��.rar\top.exe - infected with Trojan.DownLoader.origin

Archive contains 2 infected items

DRWEB 4.44

显示全部楼层 · 发表于 2007-11-27 17:00:28

The file 'gdisvc.exe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.VB.BTX.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.01.13. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

[ 本帖最后由 Graybird 于 2007-11-28 16:22 编辑 ]

[病毒样本] 2

本帖子中包含更多资源

回复 3楼 Graybird 的帖子