过卡巴！

显示全部楼层 · 发表于 2008-4-25 19:19:06

先发一病毒生成物，今天玩qq堂，下载外挂时微点拦截到的
卡巴用户请上报！
付扫描报告：

AhnLab-V3	2008.4.25.2	2008.04.25	-
AntiVir	7.8.0.10	2008.04.25	HEUR/Malware
Authentium	4.93.8	2008.04.25	-
Avast	4.8.1169.0	2008.04.24	-
AVG	7.5.0.516	2008.04.25	-
BitDefender	7.2	2008.04.25	-
CAT-QuickHeal	9.50	2008.04.24	-
ClamAV	0.92.1	2008.04.25	-
DrWeb	4.44.0.09170	2008.04.25	modification of Win32.HLLM.Generic.349
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5733	2008.04.25	-
Ewido	4.0	2008.04.24	-
F-Prot	4.4.2.54	2008.04.24	-
F-Secure	6.70.13260.0	2008.04.25	-
FileAdvisor	1	2008.04.25	-
Fortinet	3.14.0.0	2008.04.25	-
Ikarus	T3.1.1.26	2008.04.25	-
Kaspersky	7.0.0.125	2008.04.25	-
McAfee	5281	2008.04.24	New Malware.d
Microsoft	None	2008.04.22	-
NOD32v2	3054	2008.04.25	-
Norman	5.80.02	2008.04.24	-
Panda	9.0.0.4	2008.04.25	-
Prevx1	V2	2008.04.25	-
Rising	20.41.40.00	None..	-
Sophos	4.28.0	2008.04.25	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.25	-
TheHacker	6.2.92.291	2008.04.24	-
VBA32	3.12.6.5	2008.04.24	-
VirusBuster	4.3.26:9	2008.04.24	-
Webwasher-Gateway	6.6.2	2008.04.25	Heuristic.Malware

附加信息

File size: 18064 bytes

MD5...: d9882600ba186ed54cbecb9a8ad9356d

SHA1..: 3cc64666dcae56906ff02b68d5e5818b103c0e14

SHA256: 4844b27b77592c8c05cd4d85182d4de7964ef6aa0ed9458ff0078a3dbabe4b54

SHA512: 45e4b4b26a4e98700de8d96fc7d99fb845e6695cf41e45598ea71fd795ec5f69
1eb7012b66e8dfac8339ce55064a2cf7b2a0a04d109ac8a08ae33858c0daae07

PEiD..: -

PEInfo: -

付：病毒的扫描报告
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.25 HEUR/Crypted
Authentium 4.93.8 2008.04.25 -
Avast 4.8.1169.0 2008.04.24 -
AVG 7.5.0.516 2008.04.25 -
BitDefender 7.2 2008.04.25 -
CAT-QuickHeal 9.50 2008.04.24 Win32.Backdoor.IRCBot.cgu.4
ClamAV 0.92.1 2008.04.25 PUA.Packed.Themida
DrWeb 4.44.0.09170 2008.04.25 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5733 2008.04.25 -
Ewido 4.0 2008.04.24 -
F-Prot 4.4.2.54 2008.04.24 W32/Heuristic-162!Eldorado
F-Secure 6.70.13260.0 2008.04.25 SDBot.gen8
FileAdvisor 1 2008.04.25 -
Fortinet 3.14.0.0 2008.04.25 -
Ikarus T3.1.1.26.0 2008.04.25 MemScanBackdoor.Bifrose.NQ
Kaspersky 7.0.0.125 2008.04.25 -
McAfee 5281 2008.04.24 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3054 2008.04.25 -
Norman 5.80.02 2008.04.24 -
Panda 9.0.0.4 2008.04.25 -
Prevx1 V2 2008.04.25 -
Rising 20.41.40.00 2008.04.25 -
Sophos 4.28.0 2008.04.25 Sus/ComPack
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.25 -
TheHacker 6.2.92.291 2008.04.24 W32/Behav-Heuristic-064
VBA32 3.12.6.5 2008.04.24 -
VirusBuster 4.3.26:9 2008.04.24 Packed/Themida
Webwasher-Gateway 6.6.2 2008.04.25 Heuristic.Crypted
附加信息
File size: 1178164 bytes
MD5...: f7138d5683f87c49f1863da94ed4f41a
SHA1..: 33b9830b921090f8e898cf3a55df01f5141f874b
SHA256: 805e97eb6650103c7eca6b8b0a38bf60b2e7fb8d4bc889898ac30dfab1518892
SHA512: 1b8961538fdf75d63cb9c355519d983e40cd91def3637ca410357844a29bb0f6
ffca08d42640376429ca9605d72a3f60ee37c2954a5e18927079dcb3a292265e
PEiD..: -
PEInfo: -
packers (F-Prot): Themida

[ 本帖最后由快乐男孩6 于 2008-4-25 19:34 编辑 ]

显示全部楼层 · 发表于 2008-4-25 19:20:46

Starting the file scan:

Begin scan in 'E:\AV\��.rar'
E:\AV\��.rar
  [0] Archive type: RAR
  --> 1989.EXE
   [DETECTION] Contains suspicious code HEUR/Malware
  --> 1989[1].EXE
   [DETECTION] Contains suspicious code HEUR/Malware
  --> WEN.EXE
   [DETECTION] Contains suspicious code HEUR/Malware
   [NOTE]    The file was deleted!

The file '1989.EXE' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 Exia 于 2008-4-25 21:08 编辑 ]

显示全部楼层 · 发表于 2008-4-25 19:24:14

金山0

显示全部楼层 · 发表于 2008-4-25 19:26:00

TO KL

Ps.为什么点了，卡巴的主防没反应？

显示全部楼层 · 发表于 2008-4-25 19:28:09

大的话，分卷嘛~~

显示全部楼层 · 发表于 2008-4-25 19:30:35

卡巴主防没反应！

显示全部楼层 · 发表于 2008-4-25 19:33:45

原帖由 快乐男孩6 于 2008-4-25 19:30 发表
卡巴主防没反应！

对啊~我也点了....
难道过了09的主防？
不过，被09分到低权限的

显示全部楼层 · 发表于 2008-4-25 19:36:34

Starting the file scan:

Begin scan in 'E:\AV\QQ堂刷喇叭挂.exe'
E:\AV\QQ堂刷喇叭挂.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The fund was classified as suspicious.
   [NOTE]    The file was moved to 'a013c30d.qua'!

显示全部楼层 · 发表于 2008-4-25 19:49:01

mark 一下

金山 0

显示全部楼层 · 发表于 2008-4-25 20:00:57

dr.web报了,金山,NOD32,CLAMWIN,安铁诺都没报

[病毒样本] 过卡巴！

本帖子中包含更多资源

回复 4楼 zwl2828 的帖子

本帖子中包含更多资源