关于woai_jolin版主做的免杀 （Result: 0/32 (0%)）

XANADU

这是原文：
免杀后
File 014.exe received on 01.30.2008 08:02:58 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)

Loading server information...
Your file is queued in position: 3.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.

Compact
Print results

Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.   

Email:

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.30.11	2008.01.30	-
AntiVir	7.6.0.57	2008.01.29	-
Authentium	4.93.8	2008.01.30	-
Avast	4.7.1098.0	2008.01.30	-
AVG	7.5.0.516	2008.01.30	-
BitDefender	7.2	2008.01.30	-
CAT-QuickHeal	9.00	2008.01.29	-
ClamAV	0.91.2	2008.01.29	-
DrWeb	4.44.0.09170	2008.01.29	-
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5497	2008.01.30	-
Ewido	4.0	2008.01.29	-
FileAdvisor	1	2008.01.30	-
Fortinet	3.14.0.0	2008.01.30	-
F-Prot	4.4.2.54	2008.01.29	-
F-Secure	6.70.13260.0	2008.01.30	-
Ikarus	T3.1.1.20	2008.01.29	-
Kaspersky	7.0.0.125	2008.01.30	-
McAfee	5218	2008.01.29	-
Microsoft	1.3109	2008.01.28	-
NOD32v2	2834	2008.01.30	-
Norman	5.80.02	2008.01.29	-
Panda	9.0.0.4	2008.01.29	-
Prevx1	V2	2008.01.30	-
Rising	20.29.20.00	2008.01.30	-
Sophos	4.25.0	2008.01.30	-
Sunbelt	2.2.907.0	2008.01.30	-
Symantec	10	2008.01.30	-
TheHacker	6.2.9.201	2008.01.28	-
VBA32	3.12.2.6	2008.01.29	-
VirusBuster	4.3.26:9	2008.01.29	-
Webwasher-Gateway	6.6.2	2008.01.30	-

Additional information

File size: 7376 bytes

MD5: 398925e211ba70e516a8cdb0dafc7cf5

SHA1: 4aa70a6551d01f7a10759916c4c67572209ab7ee

PEiD: -

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

=================================================================================

下载时卡巴杀了
检测到：木马程序 Trojan-Downloader.Win32.Small.hsh URL: http://bbs.kafan.cn/attachment.php?aid=193141//014.exe//PE_Patch//UPack

但是你看他上面的在线扫描结果，是全部过。。。。。这是什么免杀啊 ？

运行了一下，生成这些个文件





没有注册表动作，没有自启动
又把生成物运行了一下，没有任何不良反应

[ 本帖最后由 XANADU 于 2008-1-30 15:54 编辑 ]

XANADU

原帖  http://bbs.kafan.cn/viewthread.p ... age%3D1&page=12

woai_jolin

拜托 我主要这是在线scan 有时候引擎会出问题

醉一生爱妍

掛檔~~

讀取磁盤內部操作。。

貌似。。。

[ 本帖最后由 garyyan456 于 2008-1-30 16:00 编辑 ]

woai_jolin

这是原病毒
我就加了个小东西
File 014.exe received on 01.29.2008 12:03:23 (CET)
Current status: finished
Result: 27/32 (84.38%)


Compact
Print results  





Antivirus Version Last Update Result
AhnLab-V3 - - Win-Trojan/Downloader.7376.D
AntiVir - - TR/Dldr.Small.hsh.4
Authentium - - -
Avast - - -
AVG - - Downloader.Generic6.AELN
BitDefender - - DeepScan:Generic.Malware.dld!!.5E6E4379
CAT-QuickHeal - - TrojanDownloader.Small.hsh
ClamAV - - PUA.Packed.UPack-3
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - Win32/Zuten!generic
Ewido - - Downloader.Small.hsh
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/Heuristic-162!Eldorado
F-Secure - - W32/Agent.DZNK
Ikarus - - Trojan-Spy.Win32.Delf.PD
Kaspersky - - Trojan-Downloader.Win32.Small.hsh
McAfee - - Generic Downloader.u
Microsoft - - Trojan:Win32/Agent.ZAN
NOD32v2 - - a variant of Win32/TrojanDownloader.Small.NZK
Norman - - W32/Agent.DZNK
Panda - - Trj/Downloader.SEG
Prevx1 - - W32.Malware.gen
Rising - - Trojan.PSW.Win32.OnlineGames.GEN
Sophos - - Mal/Dropper-Y
Sunbelt - - VIPRE.Suspicious
Symantec - - Infostealer
TheHacker - - Trojan/Downloader.Small.hsh
VBA32 - - Trojan-Downloader.Win32.Small.hsh
VirusBuster - - Packed/Upack
Webwasher-Gateway - - Trojan.Dldr.Small.hsh.4
Additional information
MD5: 0d40b0ef1f544c9c572ed68c295c4921
SHA1: 708f4f5038f07ee0458124add806094d65c54465
SHA256: 48714de9f9a15945a4c5b3566a2e62e9d71923e4d2116538fd480f27d537f628
SHA512: 2c24d5d0f6d28cea1fef8e51e28c2786849a1177d62b3de1f918f3ae511cd48b 4814a093c8b70592997fcae402829c673e6a6283fd28660027a7917cc5cdb287

[ 本帖最后由 woai_jolin 于 2008-1-30 16:21 编辑 ]

啊弥陀佛

微点砍掉

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.Win32.OnlineGames.GEN

用户来源：互联网

软件版本：20.29.20

冷冷

I:\virus\test/014.exe: PUA.Packed.UPack-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 198580
Engine version: 0.92
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 6.296 sec (0 m 6 s)

[ 本帖最后由 冷_冷 于 2008-1-30 16:14 编辑 ]

XANADU

反正是杀了  管它是在线还是下载  

NOD是在线也不报，下载也不报

PS：别测5楼的样本，测那个免杀过的
http://bbs.kafan.cn/viewthread.php?tid=195889&extra=page%3D1&page=12   114楼

[ 本帖最后由 XANADU 于 2008-1-30 16:14 编辑 ]

woai_jolin

这才是我免杀的病毒