[08.03.10]国内三大杀软及卡巴不杀的一个病毒

rest1min

RT

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2008.03.09	2008-03-09	-	5.151
AntiVir	7.6.0.73	7.0.3.5	2008-03-07	TR/Spy.Gen	2.348
Arcavir	1.0.4	200803090958	2008-03-09	-	1.482
AVAST	1.0.8	080309-0	2008-03-09	-	3.057
AVG	7.5.51.442	269.21.7/1322	2008-03-09	Generic9.AXVO	2.087
BitDefender	7.60825.986247	7.16189	2008-03-09	-	3.700
CA (VET)	9.0.0.143	31.3.5597	2008-03-08	-	15.213
ClamAV	0.92	6184	2008-03-09	-	0.010
Comodo	2.11	2.0.0.459	2008-03-09	-	0.855
CP Secure	1.1.0.715	2008.03.04	2008-03-04	-	6.220
Dr.WEB	4.44.0.9170	2008.03.09	2008-03-09	BACKDOOR.Trojan	3.940
ewido	4.0.0.2	2008.03.09	2008-03-09	-	2.612
F-PROT	4.4.1.52	20080308	2008-03-08	Possible W32/Heuristic-400!Eldorado (not disinfectable)	1.512
F-SECURE	5.51.6100	2008.03.09.02	2008-03-09	-	3.481
IKARUS	T3.1.01.20	2008.03.03.70398	2008-03-03	Trojan.Download.Win32.BackSlash	1.295
Microsoft	1.3301	2008.03.08	2008-03-08	-	7.447
MKS_VIR	2.01	2008.03.09	2008-03-09	-	2.937
NORMAN	5.91.10	5.90	2008-03-07	-	5.148
nProtect	2008-03-08.00	1196668	2008-03-08	-	5.512
Prevx	V2	20080310	2008-03-10	Generic9.AXVO	3.896
QuickHeal	9.00	2008.03.08	2008-03-08	-	3.197
SOPHOS	2.71.3	4.27	2008-03-04	-	4.700
The Hacker	6.2.92	v00238	2008-03-08	-	1.151
VBA32	3.12.6.2	20080307.2305	2008-03-07	-	3.439
ViRobot	20080307	2008.03.07	2008-03-07	-	0.386
VirusBuster	4.3.19:9	9.121.29/11.0	2008-03-03	-	2.195
卡巴斯基	5.5.10	2008.03.09	2008-03-09	-	5.647
安博士V3	2008.03.08.00	2008.03.08	2008-03-08	Win-Trojan/Xema.variant	0.982
江民杀毒	10.00.650	2008.03.07	2008-03-07	-	1.329
熊猫卫士	9.04.03.0001	2008.03.09	2008-03-09	Suspicious file	4.891
瑞星	20.0	20.34.62.00	2008-03-09	-	1.891
赛门铁克	1.3.0.24	20080308.006	2008-03-08	-	0.853
趋势	8.500-1001	5.146.51	2008-03-09	-	0.043
迈克菲	5.2.00	5243	2008-03-03	-	1.765
金山毒霸	2007.6.20.249	2008.3.8	2008-03-08	-	0.761
飞塔	2.81-3.11	8.824	2008-03-08	-	1.925

[ 本帖最后由 rest1min 于 2008-3-10 01:48 编辑 ]

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\BACKUP.rar'
C:\Documents and Settings\Administrator\My Documents\
  BACKUP.rar
    [0] Archive type: RAR
    --> BACKUP.exe
        [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was deleted!

bobgod2000

费尔过

capsshift

红伞，又见红伞杀毒，一刀下去，又快又准。

傻猪猪米走鸡

D:\firefox download\BACKUP.rar » RAR » BACKUP.exe - probably unknown NewHeur_PE virus - was a part of the deleted object
D:\firefox download\BACKUP.rar - probably unknown NewHeur_PE virus - deleted - quarantined

肉丸子

趨勢cpr beta版 5.148.01病毒碼沒有反應....

sharkkong

2008-3-10 11:07:58        进程 C:\Sandbox\紫枫\DefaultBox\user\current\Local Settings\Temp\Rar$EX01.031\BACKUP.exe （PID: 5020）: 可疑操作，试图创建系统启动时的自动执行模块列表 (键:HKEY_USERS\SANDBOX_紫枫_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Run  值:runauto
  数据:C:\WINDOWS\server.exe
)。
2008-3-10 11:08:08        进程 C:\Sandbox\紫枫\DefaultBox\user\current\Local Settings\Temp\Rar$EX01.031\BACKUP.exe （PID: 5020）: 试图创建系统启动时的自动执行模块列表 (键:HKEY_USERS\SANDBOX_紫枫_DEFAULTBOX\machine\software\microsoft\Windows\CurrentVersion\Run  值:runauto
  数据:C:\WINDOWS\server.exe
)被允许。
2008-3-10 11:08:28        进程 C:\Sandbox\紫枫\DefaultBox\user\current\Local Settings\Temp\Rar$EX01.031\BACKUP.exe （PID: 5020）: 试图执行可疑操作被允许。
卡巴扫描不报，不过好在还有主防

wangjay1980

TO KL 看来库有点老

Hello,

BACKUP.exek - Trojan-Spy.Win32.KeyLogger.aaa,

These files are already detected. Please update your antivirus bases.

[:1:]

[ 本帖最后由 wangjay1980 于 2008-3-10 18:59 编辑 ]

kfbt

nod32报了～  不过也不出所料～ 标题写明了 国内三软和卡巴暂时不报罢了～

taiw_1144

发现未知间谍软件，是否删除？
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.656\BACKUP.EXE
是否删除木马程序及其衍生物