脑残星4号..

显示全部楼层 · 发表于 2008-6-9 22:42:40

原帖由 aarwwefdds 于 2008-6-9 22:31 发表
记得好像先是装死...
然后大规模繁殖

关键是无法运行

显示全部楼层 · 发表于 2008-6-10 00:07:44

可以殺了~
Begin scan in 'C:\Documents and Settings\Administrator\桌面\ccc.rar'
C:\Documents and Settings\Administrator\桌面\ccc.rar
  [0] Archive type: RAR
--> fuckrising.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
--> fuckjiangmin.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
--> fuckduba.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
   [NOTE]    A backup was created as '48b055ac.qua'  ( QUARANTINE )
   [NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-6-10 00:35:42

坏的

显示全部楼层 · 发表于 2008-6-10 00:43:03

费尔扫描过了~动态防御拦截住，但是上传扫描说没发现病毒……

显示全部楼层 · 发表于 2008-6-10 01:55:39

是好的那个报错是假象，生成物卡8能杀
2008-06-10 1:48:51       已清除       病毒Virus.Win32.VB.lc       C:\fuck__Duba.com
2008-06-10 1:48:51       已清除       病毒Virus.Win32.VB.lc       C:\fuck__Duba.com//PE_Patch.UPX//UPX
2008-06-10 1:49:09       已清除       病毒Virus.Win32.VB.lc       C:\fuck__JiangMin.com
2008-06-10 1:49:09       已清除       病毒Virus.Win32.VB.lc       C:\fuck__JiangMin.com//PE_Patch.UPX//UPX
2008-06-10 1:49:22       已清除       病毒Virus.Win32.VB.lc       C:\fuck__Rising.com
2008-06-10 1:49:22       已清除       病毒Virus.Win32.VB.lc       C:\fuck__Rising.com//PE_Patch.UPX//UPX

主防处理有点糗，也不怪卡巴，这行为好像有点太简单
2008-06-10 1:49:22             C:\Documents and Settings\GUNDAM\桌面\ccc\       fuckrising.exe       3744       "C:\Documents and Settings\GUNDAM\桌面\ccc\fuckrising.exe"       放置到组中       低受限       启发式分析计算得到了较高安全等级
2008-06-10 1:49:08             C:\Documents and Settings\GUNDAM\桌面\ccc\       fuckjiangmin.exe       2240       "C:\Documents and Settings\GUNDAM\桌面\ccc\fuckjiangmin.exe"       放置到组中       低受限       启发式分析计算得到了较高安全等级
2008-06-10 1:48:51             C:\Documents and Settings\GUNDAM\桌面\ccc\       fuckduba.exe       2876       "C:\Documents and Settings\GUNDAM\桌面\ccc\fuckduba.exe"       放置到组中       低受限       启发式分析计算得到了较高安全等级

[ 本帖最后由 leonfg 于 2008-6-10 01:59 编辑 ]

显示全部楼层 · 发表于 2008-6-10 02:02:27

你的電腦多少錢

显示全部楼层 · 发表于 2008-6-10 04:26:44

原帖由 sbbdms 于 2008-6-9 21:56 发表
Hello,

fuckduba.exe_ - Trojan-Dropper.Win32.VB.asw,
fuckjiangmin.exe_ - Trojan-Dropper.Win32.VB.asx,
fuckrising.exe_ - Trojan-Dropper.Win32.VB.asy

New malicious software was found in these f ...

要是有第四个的话，是不是应该叫Trojan-Dropper.Win32.VB.asz 啊？

显示全部楼层 · 发表于 2008-6-10 09:49:02

红伞杀之

显示全部楼层 · 发表于 2008-6-10 10:10:12

找不到所请求的 URL

在尝试检索 URL 时:

http://bbs.kafan.cn/attachment.php?aid=
282651&k=8013fce8e2049c93026ef93b088288a
6&t=1213062655

遇到了下列错误:

所请求的对象已被感染了下列病毒: Trojan-Dropper.Win32.VB.asy

如果您认为这是不正确的,请联系您的服务提供商。
生成于:
Tue Jun 10 10:10:19 2008
Kaspersky Internet Security 2009

显示全部楼层 · 发表于 2008-6-10 10:43:21

Begin scan in 'C:\Documents and Settings\haha\桌面\ccc.rar'
C:\Documents and Settings\haha\桌面\ccc.rar
  [0] Archive type: RAR
--> fuckrising.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
--> fuckjiangmin.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
--> fuckduba.exe
   [1] Archive type: RSRC
   --> Object
         [DETECTION] Is the Trojan horse TR/VB.dek.1
   [NOTE]    A backup was created as '48b0ea92.qua'  ( QUARANTINE )

[病毒样本] 脑残星4号..

浏览过的版块