boot.exe [md5:f603fa]

显示全部楼层 · 发表于 2007-12-4 15:04:22

今天最后一个，从一小白的antivir的隔离区拉出来的
File: boot.exe
Status: INFECTED/MALWARE
MD5: f603faad768de48afe9c1213eb9f9eb4
Packers detected: RCRYPTOR
Bit9 reports: File not found

Scanner results
Scan taken on 04 Dec 2007 07:00:35 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Win32/PolyCrypt
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Virus.Packed.Win32.Klone.af
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found Hupigon.gen107
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

显示全部楼层 · 发表于 2007-12-4 15:09:38

heur/crypted
神一般的存在

凡是做免杀的，都知道有这么一个东西多重要，虽然弄掉他也不是没办法。。

显示全部楼层 · 发表于 2007-12-4 15:43:07

NOD32 Found nothing

显示全部楼层 · 发表于 2007-12-4 16:03:09

又是SVKP

显示全部楼层 · 发表于 2007-12-4 16:04:50

脱掉
2007-12-4 16:00:50 1196755250 Administrator 1192 Sign of "Win32:Hupigon-AZX [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\新建文件夹\boot.exe\[RCryptor]\[SVKP]" file.

显示全部楼层 · 发表于 2007-12-4 16:59:02

多引擎做过处理了吧？好几家启发式都报了。

显示全部楼层 · 发表于 2007-12-4 17:30:33

FS扫描没报,沙盘报,显示出了多引擎的威力了,漏了卡吧还有Norman 的沙盘顶住

在文件 F:\迅雷和浏览器下载\BOOT\BOOT.EXE 中发现恶意代码。
感染: Hupigon.gen107

[ 本帖最后由 gogo8989 于 2007-12-4 17:32 编辑 ]

显示全部楼层 · 发表于 2007-12-4 17:59:28

KAV7.0.289
DR.WEB都没报。。。

显示全部楼层 · 发表于 2007-12-4 18:43:11

有点晕．．．
怎么是这个....

显示全部楼层 · 发表于 2007-12-4 18:53:52

RX20.21.11未杀。

[病毒样本] boot.exe [md5:f603fa]

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块