网马

显示全部楼层 · 发表于 2008-3-10 13:12:09

http://coripastares.com/adw_files/1267/b8bb61a3/install.exe?id=1

显示全部楼层 · 发表于 2008-3-10 13:14:26

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\install.exe'
C:\TDDOWNLOAD\
  install.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-3-10 13:15:22

网页也监控到一个相同的东西。。

显示全部楼层 · 发表于 2008-3-10 13:48:17

我的NOD32现在没法关掉监控了，谁帮忙下载看看静态扫描报不报？

显示全部楼层 · 发表于 2008-3-10 14:01:18

Virus: Trojan.Dropper.Small.NCO
Heuri.Possible/Packed

显示全部楼层 · 发表于 2008-3-10 14:03:10

FS报，可惜没截到扫描日志

显示全部楼层 · 发表于 2008-3-10 14:06:33

真是怪了，扫描不报为什么网络监控会报？
File:  install.exe
Status:  INFECTED/MALWARE
MD5:  2f5bd2d5df6617f96e8c7ab408d86bfe
Packers detected:  -
Bit9 reports:  File not found

Scanner results
Scan taken on 10 Mar 2008 06:05:16 (GMT)
A-Squared  Found nothing
AntiVir  Found TR/Crypt.XPACK.Gen
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Trojan.Dropper.Small.NCO
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found Trojan-Downloader.Win32.FraudLoad.al
Fortinet  Found nothing
Ikarus  Found nothing
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.FraudLoad.al
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Rising Antivirus  Found nothing
Sophos Antivirus  Found Sus/UnkPacker (probable variant)
VirusBuster  Found nothing
VBA32  Found nothing

显示全部楼层 · 发表于 2008-3-10 14:13:06

IMON里加入新启发算法
目前ESET说在测试，以后会加入其他监控和静态扫描模块

显示全部楼层 · 发表于 2008-3-10 14:17:24

你在University of Adelaide?

显示全部楼层 · 发表于 2008-3-10 14:18:42

[已鉴定] 网马

回复 4楼 solcroft 的帖子

回复 7楼 mofunzone 的帖子

回复 8楼 solcroft 的帖子

回复 9楼 mofunzone 的帖子