很可疑的病毒

显示全部楼层 · 发表于 2008-5-10 02:24:36

很可疑的木马
http://www.namipan.com/d/1.rar/6818417ddac7e579e9e7ef58cbf83b3462a7cc0534e93d00

a-squared	3.5.0.18	2008.05.08	2008-05-08	-	4.096
AntiVir	7.8.0.17	7.0.4.23	2008-05-09	-	4.420
Arcavir	1.0.4	200805091212	2008-05-09	-	7.804
AVAST	1.0.8	080507-0	2008-05-07	-	7.986
AVG	7.5.51.442	269.23.14/1425	2008-05-09	-	5.146
BitDefender	7.60825.1190916	7.18899	2008-05-10	-	8.856
CA (VET)	9.0.0.143	31.4.5772	2008-05-09	-	11.524
ClamAV	0.93	7081	2008-05-09	-	0.000
Comodo	2.11	2.0.0.519	2008-05-09	-	1.942
CP Secure	1.1.0.715	2008.05.10	2008-05-10	-	11.029
Dr.WEB	4.44.0.9170	2008.05.09	2008-05-09	Trojan.DownLoader.origin	11.878
ewido	4.0.0.2	2008.05.09	2008-05-09	-	2.985
F-PROT	4.4.1.52	20080508	2008-05-08	-	2.603
F-SECURE	5.51.6100	2008.05.09.09	2008-05-09	-	7.340
IKARUS	T3.1.01.26	2008.05.09.70725	2008-05-09	Trojan.Dldr.Adload.JM	3.333
Microsoft	1.3408	2008.05.09	2008-05-09	-	11.812
MKS_VIR	2.01	2008.05.09	2008-05-09	-	8.547
NORMAN	5.92.06	5.92.00	2008-05-0815:04:56	-	14.693
nProtect	2008-05-02.00	1445923	2008-05-02	-	16.054
Prevx	V2	20080510	2008-05-10	W32.Malware.gen	5.881
QuickHeal	9.00	2008.05.09	2008-05-09	-	7.481
SOPHOS	2.73.0	4.29	2008-05-10	Mal/EncPk-C	10.529
The Hacker	6.2.92	v00305	2008-05-08	-	2.169
VBA32	3.12.6.5	20080508.0130	2008-05-08	-	14.764
ViRobot	20080509	2008.05.09	2008-05-09	-	0.629
VirusBuster	4.3.19:9	9.127.12/11.0	2008-05-09	Packed/NSPack	17.554
卡巴斯基	5.5.10	2008.05.09	2008-05-09	-	13.744
安博士V3	2008.05.09.00	2008.05.09	2008-05-09	-	1.617
江民杀毒	10.00.650	2008.05.09	2008-05-09	-	2.008
熊猫卫士	9.04.03.0001	2008.05.08	2008-05-08	-	10.027
瑞星	20.0	20.43.42.00	2008-05-09	Backdoor.Win32.Delf.ajp	5.832
赛门铁克	1.3.0.24	20080509.004	2008-05-09	-	0.230
趋势	8.500-1001	5.268.05	2008-05-09	-	0.087
迈克菲	5.2.00	5292	2008-05-09	-	0.000
金山毒霸	2007.6.20.249	2008.5.7	2008-05-07	-	1.199
飞塔	2.81-3.11	9.64	2008-05-10	-	2.409

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

[ 本帖最后由 snoopy2004 于 2008-5-10 02:33 编辑 ]

显示全部楼层 · 发表于 2008-5-10 03:36:25

nsis
囧了。。
运行后antivir砍掉了10多个。。

显示全部楼层 · 发表于 2008-5-10 03:52:48

费尔扫描miss~~~~

不过运行时候动态保护截获了可疑程序

[ 本帖最后由 guoshu520 于 2008-5-10 03:55 编辑 ]

显示全部楼层 · 发表于 2008-5-10 15:29:22

上报卡巴看看

显示全部楼层 · 发表于 2008-5-10 19:31:39

Hello,

1.exe_ - Trojan.Win32.Delf.cep

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-5-10 19:35:01

瑞星真强

显示全部楼层 · 发表于 2008-5-10 19:53:07

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Backdoor.Win32.Delf.ajp
病毒： Backdoor.Win32.Delf.ajp

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.43.52

显示全部楼层 · 发表于 2008-5-13 07:22:30

Starting the file scan:

Begin scan in 'E:\AV\1.rar'
E:\AV\1.rar
  [0] Archive type: RAR
  --> 1.exe
   [DETECTION] Is the Trojan horse TR/Delf.CEP.15
   [NOTE]    The file was deleted!

[病毒样本] 很可疑的病毒

34/3