卡巴报有毒，nod32报无毒，向各位求教

田纳西

很大可能是后门。

文件 SETUP.rar 接收于 2008.03.06 17:38:49 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止


结果: 10/32 (31.25%)


AhnLab-V3 2008.3.4.0 2008.03.06 -
AntiVir 7.6.0.73 2008.03.06 -
Authentium 4.93.8 2008.03.06 -
Avast 4.7.1098.0 2008.03.06 -
AVG 7.5.0.516 2008.03.06 -
BitDefender 7.2 2008.03.06 -
CAT-QuickHeal 9.50 2008.03.06 -
ClamAV 0.92.1 2008.03.06 -
DrWeb 4.44.0.09170 2008.03.06 BackDoor.Bifrost.11
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5591 2008.03.06 -
Ewido 4.0 2008.03.06 Backdoor.Bifrose.la
FileAdvisor 1 2008.03.06 -
Fortinet 3.14.0.0 2008.03.06 -
F-Prot 4.4.2.54 2008.03.05 -
F-Secure 6.70.13260.0 2008.03.06 Trojan.Win32.Pakes.cfl
Ikarus T3.1.1.20 2008.03.06 Backdoor.Win32.Agent.ahj
Kaspersky 7.0.0.125 2008.03.06 Trojan.Win32.Pakes.cfl
McAfee 5245 2008.03.05 New Malware.ct
Microsoft 1.3301 2008.03.06 -
NOD32v2 2927 2008.03.06 -
Norman 5.80.02 2008.03.06 -
Panda 9.0.0.4 2008.03.06 -
Prevx1 V2 2008.03.06 Heuristic: Suspicious File With Covert Attributes
Rising 20.34.32.00 2008.03.06 -
Sophos 4.27.0 2008.03.06 Sus/UnkPacker
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.06 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 Backdoor.Win32.Hupigon.uiy
VirusBuster 4.3.26:9 2008.03.06 -
Webwasher-Gateway 6.6.2 2008.03.06 Win32.Malware.gen (suspicious)

注：红伞运行后能查到，但是扫描不到，可能是被加了特殊的壳的原因。

Scan taken on 06 Mar 2008 16:53:27 (GMT)  
A-Squared  Found nothing
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found Troj.W32.Pakes.cfl  
Dr.Web  Found BackDoor.Bifrost.11  
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found Trojan.Win32.Pakes.cfl  
Fortinet  Found nothing
Ikarus  Found nothing
Kaspersky Anti-Virus  Found Trojan.Win32.Pakes.cfl  
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Rising Antivirus  Found nothing
Sophos Antivirus  Found Sus/UnkPacker (probable variant)  
VirusBuster  Found nothing
VBA32  Found Backdoor.Win32.Hupigon.uiy

david4362

我想把这个文件上报，nod32如何上报？

KIS_Fans

干吗差不出来就说是别的杀软误报呢
搞笑

david4362

我重装了卡巴7之后，病毒库为2007年10月1日，扫描该文件，报无毒
当卡巴7病毒库升级到最新版本后，再扫描，报病毒

用瑞星最新版本扫描后，报无毒

[ 本帖最后由 david4362 于 2008-3-7 11:44 编辑 ]

spaceplane

对的，是后门

在运行setup时，有个nwiz.EXE在运行。nwiz.EXE是后门

ynyxjj

卡巴误报，红伞误报，他们两款杀软最牛逼就在这里。

yaotaiyan

backdoor

田纳西

红伞已确认是加壳型木马。

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00128252.




We received the following archive files:



File ID  Filename  Size (Byte) Result
3785165  SETUP.rar 630.62 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3785166  SETUP.EXE  633.74 KB  MALWARE


Please find a detailed report concerning each individual sample below:

Filename Result
SETUP.EXE  MALWARE

The file 'SETUP.EXE' has been determined to be 'MALWARE'. Our analysts named the threat TR/Pakes.cfl.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

雷切

頂一個．．

fengyaochen

宁可相信卡巴也不要相信nod32