1个

显示全部楼层 · 发表于 2008-2-3 21:22:29

MD5：534410933f68c79c580db450b6f98215

显示全部楼层 · 发表于 2008-2-3 21:24:35

avast 报win32

[ 本帖最后由 spaceplane 于 2008-2-3 21:32 编辑 ]

显示全部楼层 · 发表于 2008-2-3 21:25:05

mcafee没有反应
？？？

显示全部楼层 · 发表于 2008-2-3 21:25:58

IK
I:\virus\setup.rar:\setup.exe - Signature 'Virus.Win32.Zlob.ZW' found
I:\virus\setup.rar

2 Files scanned
(1 Archiv with 1 file)
1 Signature found
0 Suspect code-parts found
Used time: 0:00.063

显示全部楼层 · 发表于 2008-2-3 21:28:05

ESET
C:\Documents and Settings\GUNDAM\桌面\setup.rar » RAR » setup.exe - probably a variant of Win32/Genetik trojan

显示全部楼层 · 发表于 2008-2-3 21:28:10

rising20.29.62不认识。

显示全部楼层 · 发表于 2008-2-3 21:29:41

扫描报告
2008年2月3日 21:31:50 - 21:31:52

计算机名称: WARCRAFT
扫描类型: 扫描指定目标
目标: D:\TDdownload\setup.rar
结果
没发现恶意软件

统计信息
已扫描:

* 文件: 2
* 未扫描: 0

结果:

* 病毒: 0
* 间谍软件: 0
* 可疑对象: 0
* 危险软件: 0

操作:

* 已杀毒: 0
* 已重命名: 0
* 删除: 0
* 已隔离: 0
* 失败: 0

引导区:

* 已扫描: 0
* 受感染: 0
* 可疑对象: 0
* 已杀毒: 0

选项
病毒定义版本:

* 病毒: 2008-02-03_01
* 间谍软件: 2008-02-03_01

扫描引擎:

* F-Secure AVP: 7.00.171, 2008-02-03
* F-Secure Libra: 2.04.01, 2008-01-31
* F-Secure Orion: 1.02.37, 2008-02-01
* F-Secure Draco: 1.00.35, 2008-01-28

扫描选项:

* 扫描所有文件
* 扫描压缩包内部

操作:

* 病毒: 扫描后询问
* 间谍软件: 扫描后询问

版权 © 1998-2007 产品支持 | 发送病毒样本到 F-Secure
对于 F-Secure 网页上所链接的由第三方创建和发布的材料， F-Secure 不承担任何责任。除非已通过电子邮件或 F-Secure CGI 电子邮件向任一台服务器提交材料以清楚说明情况，您同意通过 F-Secure 网页或硬拷贝发布已有的材料。单击带下划线的链接，可访问 F-Secure 公共网站。此时，系统会在专用访问统计信息中用域名记录您的访问。此信息不会提供给任何第三方。您同意不针对所提交的材料向我们提出诉讼。除非您已明确说明，否则应提交材料以保证 F-Secure 针对可能在 F-Secure 产品/出版物中采用的概念，不承担任何责任。

fs飘了

显示全部楼层 · 发表于 2008-2-3 21:30:02

红伞~~报

Starting the file scan:

Begin scan in 'D:\dd\setup.rar'
D:\dd\setup.rar
  [0] Archive type: RAR
  --> setup.exe
   [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
   [INFO]    The file was deleted!

End of the scan: 2008年2月3日  21:28
Used time: 00:08 min

The scan has been done completely.

   0 Scanning directories
   3 Files were scanned
   1 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-3 21:32:33

Scan Started Sun Feb 03 21:34:37 2008
-------------------------------------------------------------------------------

----------- SCAN SUMMARY -----------
Known viruses: 199614
Engine version: 0.92
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 0

Data scanned: 0.05 MB
Time: 10.125 sec (0 m 10 s)
--------------------------------------
Completed
--------------------------------------
小海螺也飘了

显示全部楼层 · 发表于 2008-2-3 21:41:19

New Files
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf0.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf1.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf2.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf3.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf4.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat

Opened Files
C:\file.exe
\\.\PIPE\lsarpc
c:\autoexec.bat
C:\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\AppPatch\systest.sdb
\Device\NamedPipe\ShimViewer
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf1.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf2.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf3.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf4.exe
\\.\PIPE\wkssvc
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat

Chronological order
Open File: C:\file.exe (OPEN_EXISTING)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf0.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf0.exe
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:\autoexec.bat (OPEN_EXISTING)
Find File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Find File: C:\WINDOWS\system32\Ras\*.pbk
Find File: C:\Documents and Settings\Sandbox\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf1.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf1.exe
Open File: C:\WINDOWS\AppPatch\sysmain.sdb (OPEN_EXISTING)
Open File: C:\WINDOWS\AppPatch\systest.sdb (OPEN_EXISTING)
Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING)
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf1.exe ()
Find File: laf1.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf2.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf2.exe
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf2.exe ()
Find File: laf2.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf3.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf3.exe
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf3.exe ()
Find File: laf3.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf4.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\\laf4.exe
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\laf4.exe ()
Find File: laf4.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off0.bat Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat
Open File: \\.\PIPE\wkssvc (OPEN_EXISTING)
Get File Attributes: C:\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\Sandbox\My Documents\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\All Users\Documents\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\_off1.bat ()
Find File: _off1.bat

INI Files  Read INI File
C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy.A] Owner =
C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy] PersonalizedName =
C:\Documents and Settings\Sandbox\My Documents\desktop.ini [DeleteOnCopy.A] PersonalizedName =
C:\Documents and Settings\All Users\Documents\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Documents\desktop.ini [.ShellClassInfo] LocalizedResourceName =

Mutexes  Creates Mutex: RasPbFile
Opens Mutex: RasPbFile

Registry  Changes
HKEY_CURRENT_USER\Software\Online Add-on "" = C:\Program Files\Online Add-on
HKEY_CURRENT_USER\Software\Online Add-on "" = [REG_DWORD, value: 00000000]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl\CLSID "" = {6BF52A52-394A-11D3-B153-00C04F79FAA6}
HKEY_CURRENT_USER\Software\Online Add-on "" = [REG_DWORD, value: FDB9FAC0]
HKEY_CURRENT_USER\Software\Online Add-on "" = [REG_DWORD, value: 01C61424]
HKEY_CURRENT_USER\Software\Online Add-on "" = [REG_DWORD, value: 024CAB5E]

[病毒样本] 1个

本帖子中包含更多资源