b34900 附anubis的沙盘报告

显示全部楼层 · 发表于 2007-11-28 23:41:05

http://analysis.seclab.tuwien.ac.at/result.php?taskid=5df1cbb6784b2ab42d89907cabc6ed91&refresh=1

anubis沙盘介绍请看我的blog
http://hi.baidu.com/tomatolabs/blog/item/397fc3af5734fff8fbed50d9.html

显示全部楼层 · 发表于 2007-11-28 23:43:10

Starting the file scan:

Begin scan in 'E:\setup.rar'
E:\setup.rar
  [0] Archive type: RAR
--> setup.exe
   [1] Archive type: RAR SFX (self extracting)
   --> Setup.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-11-28 23:57:13

终于还是稍微的看出了v8和v7的区别了。。
Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\setup.rar'
C:\Users\morgan\Documents\
  setup.rar
[0] Archive type: RAR
   --> setup.exe
      [1] Archive type: Runtime Packed
      --> Object
      --> Setup.exe
      [2] Archive type: RSRC
      --> Object
      --> Object
            [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
            [WARNING] Infected files in archives cannot be repaired!
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-11-29 04:06:03

20.20.22
0个

显示全部楼层 · 发表于 2007-11-29 08:48:45

红伞V7不报呀，V8报了吗？看来真要换V8了？

显示全部楼层 · 发表于 2007-11-29 08:54:38

我的V7报了~

显示全部楼层 · 发表于 2007-11-29 09:08:06

avast! 飘过~

显示全部楼层 · 发表于 2007-11-29 09:15:24

原帖由 Graybird 于 2007-11-29 08:54 发表
我的V7报了~

晕，不是吧

我的
tarting the file scan:
Begin scan in 'C:\Documents and Settings\Administrator\桌面\setup.rar'

End of the scan: 2007年11月29日星期四  09:14
Used time: 00:05 min
The scan has been done completely.
   0 Scanning directories
   3 Files were scanned
   0 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   2 Archives were scanned
   0 Warnings
   0 Notes

我的版本信息是
Productversion build.dat 7.06.00.308 2007-9-19
Search engine avewin32.dll 7.06.00.34 2007-11-27
Virus definition file antivir.vdf 7.00.01.19 2007-11-28
Control Center avcenter.exe 7.02.00.14 2007-11-27
Config Center avconfig.exe 7.02.00.07 2007-8-21
Luke Filewalker avscan.exe 7.00.06.01 2007-8-23
Archive Library avpack32.dll 7.03.00.15 2007-8-3
AntiVir Guard avguard.exe 7.00.00.82 2007-11-27
Filter avgntflt.sys 7.00.00.04 2007-9-17
AntiVir MailGuard avmailc.exe 7.00.01.66 2007-11-27
Engine Service avesvc.exe 7.00.01.04 2007-11-27
Scheduler sched.exe 7.00.00.62 2007-8-28
Updater update.exe 1.02.10.13 2007-8-28
难道没更新？

显示全部楼层 · 发表于 2007-11-29 12:35:56

是个木马吧？

显示全部楼层 · 发表于 2007-11-29 14:07:26

开高启发~

[病毒样本] b34900 附anubis的沙盘报告

本帖子中包含更多资源

回复 5楼 ggcn 的帖子

回复 8楼 ggcn 的帖子