34%的杀软报！！

显示全部楼层 · 发表于 2007-12-5 11:13:40

Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.5.0	2007.12.05	-
AntiVir	7.6.0.34	2007.12.04	HEUR/Malware
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	Win32:Baidubar-B
AVG	7.5.0.503	2007.12.04	SHeur.AEPB
BitDefender	7.2	2007.12.05	-
CAT-QuickHeal	9.00	2007.12.04	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.12.05	-
DrWeb	4.44.0.09170	2007.12.04	-
eSafe	7.0.15.0	2007.12.04	Suspicious File
eTrust-Vet	31.3.5352	2007.12.05	-
Ewido	4.0	2007.12.04	-
FileAdvisor	1	2007.12.05	-
Fortinet	3.14.0.0	2007.12.04	-
F-Prot	4.4.2.54	2007.12.05	-
F-Secure	6.70.13030.0	2007.12.05	W32/Malware.BHXA
Ikarus	T3.1.1.12	2007.12.05	-
Kaspersky	7.0.0.125	2007.12.05	not-a-virus:AdWare.Win32.Ejik.l
McAfee	5177	2007.12.04	-
Microsoft	1.3007	2007.12.03	-
NOD32v2	2701	2007.12.05	-
Norman	5.80.02	2007.12.04	-
Panda	9.0.0.4	2007.12.04	Suspicious file
Prevx1	V2	2007.12.05	Heuristic: Suspicious Self Modifying EXE
Rising	20.21.12.00	2007.12.05	-
Sophos	4.24.0	2007.12.05	-
Sunbelt	2.2.907.0	2007.12.05	VIPRE.Suspicious
Symantec	10	2007.12.05	-
TheHacker	6.2.9.150	2007.12.05	-
VBA32	3.12.2.5	2007.12.04	-
VirusBuster	4.3.26:9	2007.12.04	-
Webwasher-Gateway	6.6.2	2007.12.04	Heuristic.Malware

Additional information
File size: 379721 bytes
MD5: a7630d141d4a9c0b633e5e0856656319
SHA1: 75d2882eca86b71c2669b655c74fc1ee9a532fc4
PEiD: -
packers: PECompact
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://fileinfo.prevx.com/filein ... 5DDC6E86A000D60028D
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

显示全部楼层 · 发表于 2007-12-5 11:18:52

AVAST
报

显示全部楼层 · 发表于 2007-12-5 11:21:17

Starting the file scan:

Begin scan in 'E:\1210.rar'
E:\1210.rar
  [0] Archive type: RAR
  --> 1210.exe
   [DETECTION] Contains suspicious code HEUR/Malware
   [INFO]    The file was deleted!

已上报~

[ 本帖最后由 Graybird 于 2007-12-5 11:22 编辑 ]

显示全部楼层 · 发表于 2007-12-5 11:50:52

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\1210.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\RHLCXRPNVLUMY.DLL
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2007-12-5 12:14:17

哈哈哈，有是什么baidubar……

显示全部楼层 · 发表于 2007-12-5 15:51:14

The file '1210.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Agent.dgb. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2007-12-5 19:58:41

信息 2007-12-05  19:58:22 您此次查毒共查出1个病毒以及危险代码
信息 2007-12-05  19:58:22 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件3个
信息 2007-12-05  19:58:22 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
风险程序 2007-12-05  19:58:22 C:\Documents and Settings\Norways Winter\桌面\1210.rar\1210.exe Win32.Adware.EjokT.ty.849920 跳过，未处理

显示全部楼层 · 发表于 2007-12-5 19:59:51

已刪除: 廣告軟體 not-a-virus:AdWare.Win32.Ejik.m 檔案: C:\Documents and Settings\kato9096\桌面\166549.rar/1210.exe//PE_Patch.PECompact//PecBundle//PECompact

显示全部楼层 · 发表于 2007-12-5 21:39:27

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 1022
Paranoia Database - 49642
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\Uhthn\Desktop\1210.exe

C:\Documents and Settings\Uhthn\Desktop\1210.exe - Suspected MaliciousScope:WIN32.GENERIC.MALWARE.16

1 Files scanned
0 Infected files found
1 Suspected files found
0 Files disinfected
0 Files deleted

显示全部楼层 · 发表于 2007-12-7 05:09:40

* The requested object is INFECTED. The following viruses not-a-virus:AdWare.Win32.Ejik.m were found

[病毒样本] 34%的杀软报！！

本帖子中包含更多资源

回复 3楼 Graybird 的帖子