实验中的技术（更新至3.5）

su-tt

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00120333.




We received the following archive files:



File ID  Filename  Size (Byte) Result
3718998  virus3.0.rar 655.67 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3718996  virus3.0.exe  977.26 KB  CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result
virus3.0.exe  CLEAN

The file 'virus3.0.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.


Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=120333

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... jR36vX2NXj4VntRrzXm


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

ALEXBLAIR

detected: Trojan program Trojan-Dropper.BAT.Agent.q        URL: http://bbs.kafan.cn/attachment.p ... //data.rar//vir.bat
报bat的
估计是你那个bat没有修改的关系

Graybird

The file 'virus4.0.exe' has been determined to be 'MALWARE'. Our analysts named the threat DR/Agent.QE. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection will be added to our virus definition file (VDF) with one of the next updates.

jehovah_king

bat本来就没改
因为主要更新的是切片
你看看大小


不过今早的vt还是全免

原帖被封了、换了个地方
http://bbs.kafan.cn/viewthread.php?tid=197784&extra=page%3D2

jehovah_king

感谢大家一直以来的关注与支持

这是这项技术的最后一次更新
从此停止更深入的探究
因为这可能已经是这项免杀技术的极致了
由于我不了解内存方面的技术，又除了qbasic以外不会编程，一直过不了监控，下一次关于这的测试就遥遥无期了，也许是几个月，也许是几年，也许永远没有了 谁知道呢  


大家尽可以上报到任何反病毒厂商，因为这病毒似乎没什么明显的特征码好提的
如果报的是病毒切片（几乎不可能，看看切片文件大小就知道了 ）大不了再切小点，
如果报的是.bat那就更简单了随便加几个 ver\shutdown -a\...就又免杀了

su-tt

Begin scan in 'C:\Documents and Settings\Administrator\桌面\virus3[1].5.rar'
C:\Documents and Settings\Administrator\桌面\virus3[1].5.rar
  [0] Archive type: RAR
  --> virus4.0.exe
      [DETECTION] Contains detection pattern of the dropper DR/Drop.Agent.Q
      [WARNING]   The file was ignored!


End of the scan: 2008年2月4日  18:41
Used time: 00:17 min

The scan has been done completely.

      0 Scanning directories
   2279 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
   2278 Files not concerned
      2 Archives were scanned
      1 Warnings
      0 Notes

su-tt

大蜘蛛继续无视

醉一生爱妍

费尔无视··

貌似这个东西生成碎片的时候占的CPU都是100

配置不好的容易生成时候崩溃掉

yitp

Begin scan in 'C:\Documents and Settings\Administrator\桌面\virus3[1].5.rar'
C:\Documents and Settings\Administrator\桌面\virus3[1].5.rar
  [0] Archive type: RAR
  --> virus4.0.exe
      [DETECTION] Contains detection pattern of the dropper DR/Drop.Agent.Q
      [INFO]      The file was deleted!

yitp

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00120265.



A listing of files alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3718872  virus.com  495.42 KB  MALWARE


Please find a detailed report concerning each individual sample below:

Filename Result
virus.com  MALWARE

The file 'virus.com' has been determined to be 'MALWARE'. Virus name is DROPPER (en) Detection will be added to our virus definition file (VDF) with one of the next updates.


Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=120265

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... BWWw4JrOBFYR00ExgC7


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------