Choices

woai_jolin

等我用FS试验完了就知道了 把报告贴出来就知道了
我只要TT   口说无凭没有意思

[ 本帖最后由 woai_jolin 于 2008-2-13 14:57 编辑 ]

stonejr

顺便试下NORMAN的SANDBOX,看看多牛B

stonejr

报告来了.重装用的红伞P

Starting the file scan:

Begin scan in 'C:\'
C:\lsass.exe.1791468.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
C:\lsass.exe.270015.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
C:\037589.log
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
C:\AUTORUN.INF
      [DETECTION] Is the Trojan horse TR/Harnig.WA
      [INFO]      The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Administrator\Local Settings\Temp\glbackup\codecxt.dat
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Boran.H.3
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temp\glbackup\codeeb.dat
  [0] Archive type: RAR SFX (self extracting)
  --> EbayShop\EbayShopSetup.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/WebSearch.AJ.2
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temp\glbackup\codecnn.dat
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Cdnup.A.1
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8R9166FM\新建文件夹[1].rar
  [0] Archive type: RAR
  --> 2008×îÐÂÃâ·ÑË¢Q±ÒÈí¼þ.rar                                                                         .exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
  --> °ÖºÍÅ®¶ùÍæ½ÓÎÇ.DVD                                                                         .exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
  --> ÃÃ,¹ýÀ´¸øÎÒÃþÒ»Ãþ.DVD                                                                         .exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
  --> ×îÃÀµÄAVÅ®ÓÅ.DVD                                                                         .exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M5F5DC6Z\Setup[2].zip
  [0] Archive type: ZIP
  --> Setup.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys
      [WARNING]   The file could not be read!
C:\Program Files\F-Secure\Anti-Virus\avpfpi1.dll
      [WARNING]   The file could not be read!
C:\Recycled\Dc6.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
C:\Recycled\Dc7.zip
  [0] Archive type: ZIP
  --> Setup.exe
      [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
      [INFO]      The file was deleted!
Begin scan in 'D:\' <PROGRAM>
D:\pagefile.sys
      [WARNING]   The file could not be opened!
D:\Program Files\webhy\webhy\msetup.dll
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Dudu.a.1.B
      [INFO]      The file was deleted!
D:\Program Files\webhy\webhy\ly2_02.exe
      [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Dudu.a.1.A
      [INFO]      The file was deleted!
Begin scan in 'E:\' <GAME>
E:\AUTORUN.INF
      [DETECTION] Is the Trojan horse TR/Harnig.WA
      [INFO]      The file was deleted!
E:\OPKTools\samples\Oobe\oemhw.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\OPKTools\samples\Oobe\nousbms.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\OPKTools\samples\Oobe\nousbkm.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\OPKTools\samples\Oobe\nousbkbd.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\OPKTools\samples\Oobe\ispsgnup.htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\BattleNet\(PC)BNetMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\BattleNet\(PC)BNetTroubleshooting.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\BattleNet\ChatHelp.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\BattleNet\ClanHelp.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Layout\Index.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Layout\Index2.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Layout\IndexMac.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(Mac)InGame.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(Mac)PatchUninstall.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(Mac)ReadMeMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(Mac)Start.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(Mac)UIMainMenus.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)Addendum.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)InGame.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)PatchUninstall.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)ReadMeMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)Start.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\(PC)UIMainMenus.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\BNTOU.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\Contact.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\EULA.en.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\EULA.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Readme\Games.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(Mac)InstallUninstall.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(Mac)LAN.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(Mac)LockCrashDrivers.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(Mac)Patches.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(Mac)SupportMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(PC)InstallUninstall.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(PC)LAN.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(PC)LockCrashDrivers.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(PC)Patches.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\Support\(PC)SupportMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\(Mac)WorldEditMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\(PC)WorldEditMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\(WEH)WorldEditMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\AIEditor.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\CampaignEditor.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\CreationSet.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\FeaturesNav.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\Menus.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\ObjectEditor.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\SoundEditor.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\TerrainEdit.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\TriggerEdit.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\UnitEdit.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!
E:\Game\Warcraft 3\support\WorldEdit\WorldEditMenu.html
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Xorer
      [INFO]      The file was deleted!


End of the scan: 2008年2月13日  14:59
Used time: 34:26 min

The scan has been done completely.

   5046 Scanning directories
221612 Files were scanned
     69 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     66 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      4 Files cannot be scanned
221543 Files not concerned
   2001 Archives were scanned
      4 Warnings
     11 Notes

woai_jolin

难道你不知道FS的SY提示窗口里有norman对程序的评分 这就是sandbox的威力
我说了这么久你还是不知道
我彻底的被折服了
顺便说说磁盘机会感染非系统盘的exe rar程序
真不知道FS没有拦截成功 你的小红伞是怎末安装上去的

[ 本帖最后由 woai_jolin 于 2008-2-13 15:05 编辑 ]

stonejr

我说了FS的系统控制弹出了几个窗口,看清楚!别再让我重复了.弹窗之后窗口消失,不断报毒,但杀不了.安全模式也挂了.拦截成功了?

stonejr

没看到E盘被感染的HTML?

woai_jolin

看完你的log
发现这个磁盘机的威力太强悍了

woai_jolin

高级里面有sandbox的评分

stonejr

不管你什么评分.我只关心NORMAN能不能拦截到这个样本.就这样,其他的就别浪费口水了

woai_jolin

norman又没有SY

说白了你到现在还没有明白norman的怎样的