某瑞星用户中毒，截获几个

moonsilver

某瑞星用户中毒，截获几个

残缺的唯美

2008-3-27        14:40:38        未采取操作         EKINCHENG        D:\Documents and Settings\EKINCHENG\桌面\my_70530.rar\MY_70530.EXE        StartPage-JU.dldr.gen(特洛伊)

The EQs

To EVL。。。

aerbeisi

[Found downloader]         <W32/Downldr2.BCPE (exact)>        C:\test\krnln.fne
[Deleted]        C:\test\krnln.fne
[Found downloader]         <W32/Downloader.D.gen!Eldorado (not disinfectable, generic)>        C:\test\my_70530.exe
[Quarantined]        C:\test\my_70530.exe
[Found Trojan]         <W32/Trojan2.HYS (exact)>        C:\test\Service0.dll
[Deleted]        C:\test\Service0.dll

HC303

Begin scan in 'E:\Virus Test\Internet_Explorer.rar'
Begin scan in 'E:\Virus Test\my_70530.rar'
E:\Virus Test\my_70530.rar
  [0] Archive type: RAR
  --> my_70530.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [WARNING]   The file was ignored!
Begin scan in 'E:\Virus Test\Service0.rar'
E:\Virus Test\Service0.rar
  [0] Archive type: RAR
  --> Service0.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm
  --> Service0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm
      [WARNING]   The file was ignored!
漏一个，上报。

HC303

2244216  dp1.fne  56 KB  FALSE POSITIVE
532169  eAPI.fne  328 KB  MALWARE
1109277  eGrid.fne  420 KB  MALWARE
1109278  EThread.fne  48 KB  MALWARE
3801568  Exmlrpc.fne  34 KB  UNDER ANALYSIS
1003991  HtmlView.fne  224 KB  MALWARE
1109279  iext.fnr  212 KB  KNOWN CLEAN
2244214  IJL105.DLL  51 KB  CLEAN
199358  internet.fne  192 KB  FALSE POSITIVE
2215590  krnln.fne  1.05 MB  CLEAN
3801569  krnln.fnr  406 KB  UNDER ANALYSIS
1003993  shell.fne  56 KB  KNOWN CLEAN
553474  shellEx.fne  13 KB  FALSE POSITIVE
1313843  spec.fne  80 KB  KNOWN CLEAN
1109281  xplib.fne  76 KB  MALWARE

gaojun7206

Virus: Trojan.Generic.59313 (Engine B)
Virus: Trojan-Spy.Win32.FlyStudio.e, Trojan.Win32.FlyStudio.bi (Engine A), Dropped:Trojan.Generic.59313 (Engine B)
my_70530未检测出

sharkkong

已检测到: 木马程序 Trojan-Spy.Win32.FlyStudio.e        URL: http://bbs.kafan.cn/attachment.php?aid=226525//Service0.dll

边缘vip

瑞星啊,瑞星

hj5abc

若干..

Sign of "Win32:Trojan-gen {Other}" has been found in "F:\Internet\dp1.fne" file.  
Sign of "Win32:FlyStudio-S [Trj]" has been found in "F:\Internet\IJL105.DLL" file.  
Sign of "Win32:Agent-TOF [Trj]" has been found in "F:\Internet\krnln.fnr" file.  
Sign of "Win32:FlyStudio-S [Trj]" has been found in "F:\Service0.rar\Service0.exe\[UPX]\[Embedded#2eb85]" file.