6x

solcroft

NOD32的网络监控越来越邪恶了， 竟然会屏蔽domain...

C:\Documents and Settings\Limited User\Desktop\1.zip:\atools.txt; Virus found Win32/Agent; Infected
C:\Documents and Settings\Limited User\Desktop\1.zip:\bars.txt; Virus found Win32/Heur; Infected
C:\Documents and Settings\Limited User\Desktop\1.zip:\config.txt; Trojan horse Generic10.RJN; Infected
C:\Documents and Settings\Limited User\Desktop\1.zip:\dumps.txt; Virus found Win32/Heur; Infected
C:\Documents and Settings\Limited User\Desktop\1.zip:\setup.txt; Virus identified I-Worm/Nuwar.R; Infected
C:\Documents and Settings\Limited User\Desktop\1.zip:\xset.txt; Virus found Win32/Heur; Infected

[ 本帖最后由 solcroft 于 2008-5-23 09:50 编辑 ]

mofunzone

杀毒不成自然要想一些阴招

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\1'
C:\Documents and Settings\morgan\My Documents\1\
  atools.txt
      [DETECTION] Is the Trojan horse TR/Pakes.cwv
      [NOTE]      The file was deleted!
  bars.txt
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
  config.txt
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
  dumps.txt
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
  setup.txt
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was deleted!
  xset.txt


End of the scan: 2008年5月22日  17:25
Used time: 00:09 min

The scan has been done completely.

      1 Scanning directories
      6 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      5 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      0 Archives were scanned
      0 Warnings
      5 Notes

mofunzone

没杀的运行后
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Sandbox\morgan\DefaultBox\drive\C\WINDOWS\system32\ntos.exe.
Action performed: Delete file

kingmuro

已删除：木马程序 Trojan.Win32.Pakes.cwv 文件: C:\Documents and Settings\gxf\桌面\1.zip/atools.txt
已删除：木马程序 Trojan-Spy.Win32.Zbot.btw 文件: C:\Documents and Settings\gxf\桌面\1.zip/bars.txt
已删除：木马程序 Trojan-Downloader.Win32.Small.vbt 文件: C:\Documents and Settings\gxf\桌面\1.zip/config.txt
已删除：木马程序 Trojan-PSW.Win32.Agent.aje 文件: C:\Documents and Settings\gxf\桌面\1.zip/dumps.txt//PE_Patch//UPack//PE_Patch.Morphine//Morphine
已删除：木马程序 Packed.Win32.Klone.at 文件: C:\Documents and Settings\gxf\桌面\1.zip/setup.txt

solcroft

要说到阴招的话，我想某人应该深有体会吧，看看堆积成山的TR/Crypt.xxx.Gen报法多多少少可以感受到某人的痛处

电影结束了

扫描系统区域...
扫描所选择的目录和文件...
对象: atools.txt
        在压缩档案里: F:\1.zip
        Status: 已发现病毒
        病毒: Trojan.Dropper.Cutwail.J (BD 引擎)
对象: bars.txt
        在压缩档案里: F:\1.zip
        Status: 已发现病毒
        病毒: Trojan.Crypt.BA (BD 引擎)
对象: dumps.txt
        在压缩档案里: F:\1.zip
        Status: 已发现病毒
        病毒: Trojan.Crypt.CD (BD 引擎)
对象: setup.txt
        在压缩档案里: F:\1.zip
        Status: 已发现病毒
        病毒: Trojan.Peed.PJ (BD 引擎)

mofunzone

这没什么阴险的，不这么杀就被免杀，因为没人能脱掉
况且不靠着这些特征，其他的基因也比渣滓nod强太多了

solcroft

屏蔽domain也一样没什么阴险的，除了网马和exploit什么东西都没有的domain，有什么理由不屏蔽？
大家都黔驴技穷才使出这些手段，半斤八两的就不必来死要面子吧
不靠着这些特征也比渣滓nod强太多？看你的log去掉这些特征的话antivir只杀了一个，要不要我们来猜猜看nod能杀几个？

mofunzone

要不要我留下10天的zlob一起发上来看看nod32杀几个？
留下10天的dnschanger发上来看nod32杀几个？
留下10天的banker看nod32杀几个？
留下10天的vundo看nod32杀几个？
这10天我至少能找到500个样本，nod32算上static能杀到50个我就叫他爷爷
连启发都没胆加到扫描，被免杀到做缩头乌龟，渣滓已经没什么希望了

solcroft

其实你想要说的无非只是这个吧：antivir比nod强
所以antivir的技术不管多黔驴技穷都不算是阴险的，只有nod的才是
你就是都不肯爽快地把话说出来

[ 本帖最后由 solcroft 于 2008-5-23 12:48 编辑 ]