过卡巴，过NOD32，过诺顿，过蜘蛛，过瑞星，过avast，过AVG，我过过过！

elite_zyj

不是广告：“红伞，我看行”

VIRUSTOTAL 3月7日，报告结果如下：

http://www.virustotal.com/analisis/21cf0a9ca293dc8e36ffabb6b3e6c973

[ 本帖最后由 elite_zyj 于 2008-3-7 20:54 编辑 ]

hyxuzhimin

Access to the data has been denied!Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:	http://bbs.kafan.cn/attachment.php?aid=215513
Information:	Is the Trojan horse TR/Crypt.XPACK.Gen

Generated by AntiVir WebGuard 8.0.9.0, AVE 8.1.0.14, VDF 7.0.2.33

spatra

红伞监控不认识，扫描才认识（高启发）

ALEXBLAIR

果然不是好东西
卡巴的主动过
v8的同学使用一下

～～～～～
主要方式，通过help文件释放和调用，在temp下生成程序（组策略防御，无法继续测试～～～）
给出释放出来的１６mb的巨大生成物包，保留了目录信息。

IllusionWing

UG扫描不认识(不支持CHM。。)
不过把那个exe抠出来就认识了
APS搞定

allinwonderi

[Found possible virus]         <W32/PWStealer3!Generic (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\test.rar->test.chm->~DF2CF7#tmp.exe
[Contains infected objects]        C:\Documents and Settings\All Users\Documents\Test\test.rar
[Quarantined]        C:\Documents and Settings\All Users\Documents\Test\test.rar->test.chm->#STRINGS

---------------------------------------------------------------------
Scan ended:        2008-3-7, 19:25:09
Duration:        0:00:01

Scan result:

Scanned files:                 1
Infected objects:         1
Disinfected objects:         0
Quarantined files:         1
---------------------------------------------------------------------

IllusionWing

这个病毒想干啥..... 从BE000000读到70000000。。手工建立输入表么？

28654621

D:\download\test.exe>>test.chm>>newproject.htm        HTML.Object.Exploit.B        病毒        还未处理

BING126

McAfee Exploit-CodeBase.chm

wangjay1980

越来越垃圾

test.chm_ - Backdoor.Win32.Hupigon.bdyo

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Namestnikov Yury
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 wangjay1980 于 2008-3-7 22:56 编辑 ]