費爾掃瞄不報運行報

显示全部楼层 · 发表于 2008-2-12 10:58:39

原帖由风雪于 2008-2-12 10:48 发表
怪了被ZA防火墙了阻挡了。

正常，ZA的spy site block能阻挡很多挂马站点

显示全部楼层 · 发表于 2008-2-12 11:18:25

江民1

显示全部楼层 · 发表于 2008-2-12 16:12:23

The file 'sc3023.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Ejik.BM. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 7.00.02.121. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

显示全部楼层 · 发表于 2008-2-12 16:13:33

Threat details:

Web page:
http://yee.js.cn/d/soft_id_723/sc3023.exe

Threat:
a variant of Win32/TrojanDownloader.Adload.NEW trojan

Comment:
Access to the web page was blocked by ESET Smart Security.

显示全部楼层 · 发表于 2008-2-12 18:20:11

发现未知后门程序，是否删除？
程序:
C:\DOCUMENTS AND SETTINGS\WO\桌面\SC3023.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\BLJETKDLHX.DLL
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-2-12 19:43:34

程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\SC3023.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\KXPEXXQRFY.DLL
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2008-2-12 19:50:17

不是病毒！

显示全部楼层 · 发表于 2008-2-12 19:50:51

baidu……何必呢……

[病毒样本] 費爾掃瞄不報運行報

回复 5楼 Graybird 的帖子

8/0