过国内三大杀软的一个新鲜病毒

rest1min

扫描结果

扫描结果 :

25%的杀软(9/36)报告发现病毒

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2008.01.20	2008-01-20	-	41.099
AntiVir	7.6.0.48	7.0.2.24	2008-01-21	HEUR/Crypted	23.767
Arcavir	1.0.4	200801211100	2008-01-21	-	8.551
AVAST	1.0.8	080120-1	2008-01-20	-	10.872
AVG	7.5.51.442	269.19.8/1235	2008-01-21	-	16.337
BitDefender	7.60825.975472	7.17047	2008-01-21	Generic.Malware.SB.B60E0278 (suspected)	23.941
CA (VET)	9.0.0.143	31.3.5475	2008-01-21	-	41.113
ClamAV	0.91.2	5506	2008-01-21	PUA.Packed.Expressor	0.020
Comodo	2.11	2.0.0.410	2008-01-20	-	41.428
CP Secure	1.1.0.695	2008.01.21	2008-01-21	-	19.507
Dr.WEB	4.44.0.9170	2008.01.21	2008-01-21	-	13.221
ewido	4.0.0.2	2008.01.21	2008-01-21	-	40.460
F-PROT	4.4.1.52	20080120	2008-01-20	-	4.773
F-SECURE	5.51.6100	2008.01.21.02	2008-01-21	Trojan-Downloader.Win32.Agent.hgs [AVP]	0.137
IKARUS	T3.1.01.15	2008.01.21.70179	2008-01-21	-	40.515
MKS_VIR	2.01	2008.01.21	2008-01-21	-	13.660
NOD32	2.70.10	2811	2008-01-21	-	0.234
NORMAN	5.91.10	5.90	2008-01-20	-	26.169
nProtect	2008-01-21.01	1143382	2008-01-21	-	41.118
Prevx	V2	20080121	2008-01-21	-	42.007
QuickHeal	9.00	2008.01.19	2008-01-19	-	40.681
SOPHOS	2.49.1	4.21	2008-01-08	Mal/Behav-112	29.043
The Hacker	6.2.9	v00191	2008-01-19	-	40.353
VBA32	3.12.2.5	20080120.2143	2008-01-20	Trojan-Downloader.Win32.Agent.hgs	7.910
ViRobot	20080121	2008.01.21	2008-01-21	-	41.531
VirusBuster	4.3.19:9	9.120.5/11.0	2008-01-21	Packed/eXPressor	6.077
卡巴斯基	5.5.10	2008.01.21	2008-01-21	Trojan-Downloader.Win32.Agent.hgs	11.924
安博士V3	2008.01.19.00	2008.01.19	2008-01-19	-	41.136
江民杀毒	10.00.650	2008.01.20	2008-01-20	-	40.983
熊猫卫士	9.04.03.0001	2008.01.20	2008-01-20	-	40.838
瑞星	19.0	20.27.31.00	2008-01-17	-	40.533
赛门铁克	1.3.0.24	20080120.005	2008-01-20	-	4.716
趋势	8.500-1001	4.954.12	2008-01-21	-	0.046
迈克菲	5.2.00	5211	2008-01-18	New Malware.dq	4.169
金山毒霸	2007.6.20.249	2008.1.21	2008-01-21	-	40.529
飞塔	2.81-3.11	8.654	2008-01-21	-	40.763

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

[ 本帖最后由 rest1min 于 2008-1-22 00:08 编辑 ]

剑书

Begin scan in 'K:\MCS.rar'
K:\MCS.rar
  [0] Archive type: RAR
  --> MCS.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      A backup was created as '47e7c478.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

dericyeoh

The requested object is INFECTED. The following viruses Trojan-Downloader.Win32.Agent.hgs were found

sjducker

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:  bbs.kafan.cn/attachment.php?aid=187506
Information:  Contains suspicious code HEUR/Crypted  


--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 7.01.00.13, AVE 7.6.0.48, VDF 7.0.2.24

冷冷

-------------------------------------------------------------------------------IK
I:\virus\MCS.rar:\MCS.exe - Signature 'Backdoor.Win32.Hupigon.mrv' found
I:\virus\MCS.rar
2 Files scanned
   (1 Archiv with 1 file)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.016

-------------------------------------------------------------------------------CAV
I:\virus\test/MCS.exe: PUA.Packed.Expressor FOUND
----------- SCAN SUMMARY -----------
Known viruses: 193059
Engine version: 0.92
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Time: 7.156 sec (0 m 7 s)




[ 本帖最后由 冷_冷 于 2008-1-22 01:29 编辑 ]

king6808

Trojan-Downloader.Win32.Agent.hgs

capsshift

红伞启发了，关红伞运行，微点未报。

醉一生爱妍

on.reg:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify]
"DllName"="wminotify.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
"Startup"="EventStartup"

cmdd.bat
:delit
del "C:\Documents and Settings\Administrator\桌面\MCS.exe"
if exist "C:\Documents and Settings\Administrator\桌面\MCS.exe" goto delit
del "cmdd.bat"

醉一生爱妍

DLL 冷已发

[ 本帖最后由 garyyan456 于 2008-1-22 10:45 编辑 ]

spaceplane

AVAST和大蜘蛛继续低迷