这个病毒有新的进展:
卡巴报告这个文件损坏,无法执行。
很郁闷,的确可以执行的。
或许真的躲过了卡巴的行为分析?
我将继续关注这个东西的上报情况!
以下是上报邮件的副本
Hello.
Executable file is corrupted.
It cannot be executed.
Sincerely yours,
Pavel Zelensky
Virus analyst
Kaspersky Lab Ltd
Moscow, Russia
Tel/Fax: +7 (495) 797-8700
E-mail: newvirus@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com
> Attachment: ncph.ehuupdate.zip
> The file was fixed
> file info:
> MD2_128 : 8ED97246AB3799FDCC770922CE5E42AA
> MD4_128 : 5E3B4E1327D7337484BC78B429A56DD1
> MD5_128 : DD6BC4055BEDB037D2EBD7761C720D5F
> SHA160 : 33827A1A26CC306A66C56ADFF2AAC485E3456A02
> SHA256 : F0A6EDA951320643FDC0F033BC12F369E770A78C388C10ABF36898365EA2FA33
> SHA384 :
> 993D57C4818E9C02E5D740A0871E235AD820402E8B727B75704FBE3463D99EFF4221BF92A755
> F7B1D735175A81F97D27
> SHA512 :
> 11DAEDF697F9ED20B7EF1F9B6DF76F24117A484B2B8ADEFF392004853A776FB56922C204EF3F
> FECCC24C0AC1224BCC6341F183A288DB867E6939634D60D1F2A8
> CRC32 : D19C2C0B
> RIPEMD160: 55C30939822CA01E3296F16EE3A8A5EF10CD4BD2
> Tiger_192: 93D2C4B9B5627C043491D0FA0C8B3BFB19491F4BC8BB4F7C
> PanamaHash_256:
> 71BCD3AD7CC9902A32A291DAB78318BA4E6906274C0C0E2083108C1BAC511B25
> HAVAL(128bit,pass=3): 401DD3378305467395C2121B014138F0
> HAVAL(160bit,pass=3): 50D76FBAB412348DB4BC06DC6FB272C247C6B5C8
> HAVAL(192bit,pass=3): 1379974E443A95E078A9469F4523C70F4C43FA79F34AEDCF
> HAVAL(224bit,pass=3):
> 839C3D00466DFE7CFF3968F72BD7C12A14E90795428755644A48D0B0
> HAVAL(256bit,pass=3):
> 9010E7532552F38B35428FD985D99A7EBCD5BB39070541122FEE581AF654D999
> HAVAL(128bit,pass=4): 6D989786E3CBC8A546ADDD5D2A6585A9
> HAVAL(160bit,pass=4): 151A6363E788CEFC290B6C2C4CA923FC5AA799EF
> HAVAL(192bit,pass=4): 5B4BA511360D244703CC5E1C92A33DFA3FE4D929F58443D3
> HAVAL(224bit,pass=4):
> 3DD3BB79CB229F6EEC384D20295019F70A95DB4AC2C966653CB70D6E
> HAVAL(256bit,pass=4):
> 4DCDC779597B9008BA3B7CD466A2D4D45183FE865BDFB1907C1F6080338C9354
> HAVAL(128bit,pass=5): 5088C6F1E0D646F1B81BC43856194C5A
> HAVAL(160bit,pass=5): BB7FB5121B6ABBE86D9A4CD5E13316C9E8319984
> HAVAL(192bit,pass=5): 6204624E241C011DCDC5DA14DFAD94C17B8510F8BBC6EEEB
> HAVAL(224bit,pass=5):
> EBAD75204F399F35CE826957B25255A726471D6F3E51A2F2854B2508
> HAVAL(256bit,pass=5):
> 8F34231520DA9E0B670771138E2D509CC8CA08811D78D0EB1ED327860C1632AF
>
>
> ==================================================================
> Complete scanning result of " ncph.ehuupdate.zip", processed in VirusTotal
> at 12/10/2006 07:40:57 (CET).
>
> [ file data ]
> * name: miansha.rar
> * size: 168847
> * md5.: af36a824f60a38249ea07df026214e96
> * sha1: 7f22db1b60ed8bdacb6cb48f395219cdde35297c
>
> [ scan result ]
> AntiVir 7.2.0.49/20061208 found [DR/Agent.UT.4.A]
> Authentium 4.93.8/20061208 found nothing
> Avast 4.7.892.0/20061208 found nothing
> AVG 386/20061209 found [Win32/PEPatch]
> BitDefender 7.2/20061210 found nothing
> CAT-QuickHeal 8.00/20061209 found [(Suspicious) - DNAScan]
> ClamAV devel-20060426/20061209 found nothing
> DrWeb 4.33/20061209 found nothing
> eSafe 7.0.14.0/20061207 found [suspicious Trojan/Worm]
> eTrust-InoculateIT 23.73.81/20061209 found nothing
> eTrust-Vet 30.3.3238/20061208 found nothing
> Ewido 4.0/20061209 found nothing
> F-Prot 3.16f/20061208 found nothing
> F-Prot4 4.2.1.29/20061208 found nothing
> Fortinet 2.82.0.0/20061210 found [suspicious]
> Ikarus T3.1.0.26/20061207 found [Trojan-PSW.Win32.QQPass.hb]
> Kaspersky 4.0.2.24/20061210 found nothing
> McAfee 4914/20061208 found nothing
> Microsoft 1.1804/20061210 found nothing
> NOD32v2 1913/20061209 found nothing
> Norman 5.80.02/20061208 found nothing
> Panda 9.0.0.4/20061209 found [Suspicious file]
> Prevx1 V2/20061210 found nothing
> Sophos 4.12.0/20061208 found nothing
> Sunbelt 2.2.907.0/20061130 found [VIPRE.Suspicious]
> TheHacker 6.0.3.130/20061206 found nothing
> UNA 1.83/20061208 found nothing
> VBA32 3.11.1/20061210 found nothing
> VirusBuster 4.3.15:9/20061209 found nothing
>
> [ notes ]
> Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats
> that are deemed suspicious through heuristics.
>
> __________________________________________________
> VirusTotal is a free service offered by Hispasec Sistemas. There are no
> guarantees about the availability and continuity of this service. Do not
> reply to this message. It has been generated by an automatic address that
> will not handle any reply. Although the detection rate afforded by the use
> of multiple antivirus engines is far superior to that offered by just one
> product, these results DO NOT guarantee the harmlessness of a file.
> Currently, there is not any solution that offers a 100% effectiveness rate
> for detecting viruses and malware.
> ============================================================================
> =======================
>
> -----Original Message-----
> From: newvirus@kaspersky.com [mailto:newvirus@kaspersky.com]
> Sent: 2006?12?10? 16:20
> To: Alexander_Blair@163.com
> Subject: RE: newvirus [KLAB-1458817]
>
> Hello.
>
> This file is corrupted.
>
> Sincerely yours,
> Pavel Zelensky
> Virus analyst
>
> Kaspersky Lab Ltd
> Moscow, Russia
> Tel/Fax: +7 (495) 797-8700
> E-mail: newvirus@kaspersky.com
> Internet: http://www.kaspersky.com, http://www.viruslist.com
>
>
> > Attachment: miansha.rar
>
> >
> >
> >
> |
楼主: sunqqq1987
发表于 2006-12-8 19:01:26
发表于 2006-12-9 04:38:20
楼主
现在不知道怎么样了
貌似这个文件已经损坏了吧
