过瑞星 NOD32

雪落的瞬间

晕

雪落的瞬间

[file]
file1=http://218.75.91.254/yeSetup.exe
filename1=yeSetup.exe
fexec1=1
ftype1=lvs
ftime1=3
fcrc1=lvs
file2=http://218.75.91.254/my_70145.exe
filename2=my_70145.exe
fexec2=1
ftype2=ok8848
ftime2=2
fcrc2=ok8848
file3=http://61.160.208.114/dodo/dodolook591.exe
filename3=dodolook591.exe
fexec3=1
ftype3=dodo591
ftime3=0
fcrc3=dodo591
file4=http://61.160.208.114/admin6_ver0111.exe
filename4=admin6_ver0111.exe
fexec4=1
ftype4=zh2
ftime4=10
fcrc4=zh2
file5=http://218.75.91.254/ad_2517.exe
filename5=ad_2517.exe
fexec5=1
ftype5=cx
ftime5=5
fcrc5=cx
count=5
file=1

0675

过红伞，费尔报启发

wolffshen

这个基本确认是病毒，自己的沙盘没跑起来，可能被FS挡了，在线沙盘结果比较夸张，呵呵
A-Squared         
Found nothing
AntiVir        
Found HEUR/Malware
ArcaVir        
Found Heur.Win32.I
Avast        
Found Win32:Agent-GRW
AVG Antivirus        
Found nothing
BitDefender        
Found nothing
ClamAV        
Found PUA.Packed.UPack-2
CPsecure        
Found nothing
Dr.Web        
Found Trojan.Resun.origin
F-Prot Antivirus        
Found nothing
F-Secure Anti-Virus        
Found nothing
Fortinet        
Found nothing
Ikarus        
Found nothing
Kaspersky Anti-Virus        
Found nothing
NOD32        
Found nothing
Norman Virus Control        
Found W32/Suspicious_U.gen
Panda Antivirus        
Found nothing
Rising Antivirus        
Found nothing
Sophos Antivirus        
Found Mal/Packer
VirusBuster        
Found nothing
VBA32        
Found nothing

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\an006.rar'
C:\Documents and Settings\Administrator\My Documents\
  an006.rar
    [0] Archive type: RAR
      --> an006.exe
        [1] Archive type: Runtime Packed
        --> Object
      [WARNING]   The file was ignored!
  an006.rar:Zone.Identifier

mofunzone

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\yeSetup.exe'
C:\TDDOWNLOAD\
  yeSetup.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\ad_2517.exe'
C:\TDDOWNLOAD\
  ad_2517.exe
      [DETECTION] Contains detection pattern of the dropper DR/Boran.DQ
      [INFO]      The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\admin6_ver0111.exe'
C:\TDDOWNLOAD\
  admin6_ver0111.exe
      [DETECTION] Is the Trojan horse TR/PSW.Wow.alk
      [INFO]      The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\dodolook591.exe'
C:\TDDOWNLOAD\
  dodolook591.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.1805
      [INFO]      The file was deleted!
Begin scan in 'C:\TDDOWNLOAD\my_70145.exe'
C:\TDDOWNLOAD\
  my_70145.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [INFO]      The file was deleted!


End of the scan: 2008年2月20日  11:59
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
      5 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      5 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

Graybird

Starting the file scan:

Begin scan in 'E:\Antivir\an006.rar'
E:\Antivir\an006.rar
  [0] Archive type: RAR
  --> an006.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was deleted!

上报~

wangjay1980

to kl shou ..

Hello,

2008020113TestHttp.exek

No malicious code was found in this file.

3.exek - Trojan-Downloader.Win32.Small.imt,
5.exek - Backdoor.Win32.Agent.eqc,
52vip_yoyo1012.exek - Backdoor.Win32.Rbot.htn,
an006.exek - Trojan-Downloader.Win32.Agent.jhx,
exe.exek - Trojan-Downloader.Win32.Agent.jhy,
mrofinu565.exek - Trojan-Downloader.Win32.Agent.jhv,
niu.ex4e - Worm.Win32.AutoRun.cpy,
qq.exek - Trojan.Win32.Pakes.cew,
www.hmhk.cn.exek - Backdoor.Win32.Hupigon.axet

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

73e1.exek - not-a-virus:AdWare.Win32.BHO.abi

This file is an Advertizing Tool, it is detected by
extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
[:1:]

[ 本帖最后由 wangjay1980 于 2008-2-21 11:36 编辑 ]

spaceplane

http://research.sunbelt-software.com/ViewMalware.aspx?id=3166869

fishx

没过吧