量子版CS：S被报毒样本在4楼

显示全部楼层 · 发表于 2008-6-24 11:50:16

求达人鉴定一下

VirSCAN.org Scanned Report :
Scanner results: 28%的杀软(10/36)报告发现病毒
File Name    : cstrike.exe
File Size    : 2373546 byte
File Type    : MS-DOS executable (EXE)
MD5          : d11e59dc0a984ea43c578198f47e142b
SHA1          : eb060202417ee8e618535b15d79d8ffc9b7d26b6
Online report  : http://virscan.org/report/e4f1c34867773fda0f6e454626467ea3.html
Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2007.11.09       2007-11-09  2.98 -
安博士V3    2007.11.09.01 2007.11.09       2007-11-09  2.08 Win32/EntryZero.suspicious
AntiVir       7.6.0.34       7.0.0.197       2007-11-09  3.35 TR/Crypt.XPACK.Gen
Arcavir       1.0.4          200711091245    2007-11-09  2.72 -
AVAST!       1.0.8          071109-0       2007-11-09  5.03 Win32:Agent-FMH [Trj]
AVG          7.5.49.442    269.15.27/1121 2007-11-09  3.67 -
BitDefender 7.60825.938285  7.15751          2007-11-10  10.13  -
CA (VET)    9.0.0.143    31.2.5284       2007-11-10  2.66 -
ClamAV       0.91.2       4740             2007-11-10  3.27 -
Comodo       2.11          2.0.0.338       2007-11-08  1.31 -
CP Secure    1.1.0.655    2007.11.10       2007-11-10  16.83  -
Dr.Web       4.44.0.9170    2007.11.09       2007-11-09  10.16  -
ewido       4.0.0.2       2007.11.09       2007-11-09  2.19 -
F-Prot       4.4.1.52       20071109       2007-11-09  2.63 -
F-Secure    5.51.6100    2007.11.08.03    2007-11-08  1.34 -
飞塔          2.81-3.11    8.344          2007-11-09  2.91 -
ViRobot       20071109       2007.11.09       2007-11-09  0.60 -
Ikarus       T3.1.01.15    2007.07.26.69260  2007-07-26  1.49 MalwareScope.Backdoor.Hupigon.3
江民杀毒    10.00.650    2007.11.08       2007-11-08  2.79 -
卡巴斯基    5.5.10       2007.11.10       2007-11-10  12.05  -
金山毒霸    2007.6.20.249 2007.11.9       2007-11-09  0.88 -
迈克菲       5.2.00       5160             2007-11-09  2.63 New Malware.co
mks_vir       2.01          2007.11.09       2007-11-09  4.06 -
NOD32       2.70.10       2651             2007-11-10  0.79 -
Norman       5.91.08       5.90             2007-11-08  6.36 W32/Agent.CWKQ
熊猫卫士    9.04.03.0001 2007.11.08       2007-11-08  6.33 -
趋势科技    8.500-1001    4.820.15       2007-11-09  0.05 -
Prevx       V2             20071109       2007-11-09  20.65  TROJAN.DOWNLOADER.GEN
Quick Heal    9.00          2007.11.09       2007-11-09  5.21 -
瑞星          19.0          20.17.42.00    2007-11-09  2.09 -
Sophos       2.49.1       4.21             2007-11-10  5.75 Mal/Packer
赛门铁克    1.3.0.24       20071109.017    2007-11-09  0.26 -
nProtect    2007-11-10.00 1028494          2007-11-10  9.77 -
The Hacker    6.2.9          v00122          2007-11-09  1.47 W32/Behav-Heuristic-068
VBA32       3.12.2.4       20071108.0429    2007-11-08  5.58 BackDoor.Pigeon.1604
VirusBuster 4.3.19:9       9.114.3/11.0    2007-11-10  8.49 -

Antivirus Version Last Update Result
AhnLab-V3 - - Win32/EntryZero.suspicious
AntiVir - - BDS/Agent.SN.2
Authentium - - -
Avast - - Win32:Agent-FMH
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - W32/Agent.CWKQ
FileAdvisor - - -
Fortinet - - -
Ikarus - - MalwareScope.Backdoor.Hupigon.3
Kaspersky - - -
McAfee - - New Malware.co
Microsoft - - -
NOD32v2 - - -
Norman - - W32/Agent.CWKQ
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - Mal/Packer
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - W32/Behav-Heuristic-068
VBA32 - - BackDoor.Pigeon.1604
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: d11e59dc0a984ea43c578198f47e142b
SHA1: eb060202417ee8e618535b15d79d8ffc9b7d26b6
SHA256: 90aebd3c9a9902509443bdcac0960ad7acca75ff86e34970047b37ac0706abcd
SHA512: 53bc9224dc2c0a6097892a3bad5fe0d0cebb2474984cda7db0c91370db228cbcaef164b73d60434a46cd70541c4c58d87fec7b3cb62d9a535f78d0588798884e

[ 本帖最后由 yuuto 于 2008-6-24 12:28 编辑 ]

显示全部楼层 · 发表于 2008-6-24 11:55:02

样本？

显示全部楼层 · 发表于 2008-6-24 12:08:58

基本都是说壳有问题

显示全部楼层 · 发表于 2008-6-24 12:26:57

原帖由 无尽藏海 于 2008-6-24 11:55 发表
样本？

晕，发现附件没传上来

显示全部楼层 · 发表于 2008-6-24 12:42:20

HL.EXE

2008-6-24 JAY12:37:14 hl.exe  Process exit C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:37:08 hl.exe  Create C:\Documents and Settings\Owner\桌面\tier0.dll
2008-6-24 JAY12:37:08 hl.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\桌面\tier0.dll
2008-6-24 JAY12:37:08 hl.exe  Process start C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:35:15 hl.exe  Process exit C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:35:13 hl.exe  Create C:\Documents and Settings\Owner\桌面\tier0.dll
2008-6-24 JAY12:35:13 hl.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\桌面\tier0.dll
2008-6-24 JAY12:35:12 hl.exe  Process start C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:35:12 hl.exe  Placed in group Low Restricted
2008-6-24 JAY12:35:00 量子游戏css.exe  Create C:\Documents and Settings\Owner\桌面\hl.exe

CSS.EXE

2008-6-24 JAY12:35:13 量子游戏css.exe  Process exit C:\Documents and Settings\Owner\桌面\量子游戏css.exe
2008-6-24 JAY12:35:00 量子游戏css.exe  Create C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:35:00 量子游戏css.exe : KLSystemData/FD-C/ Create C:\Documents and Settings\Owner\桌面\hl.exe
2008-6-24 JAY12:34:59 量子游戏css.exe  Modification C:\Documents and Settings\Owner\Local Settings\Temp\E_4\eAPI.fne
2008-6-24 JAY12:34:59 量子游戏css.exe : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\E_4\eAPI.fne
2008-6-24 JAY12:34:59 量子游戏css.exe  Modification C:\Documents and Settings\Owner\Local Settings\Temp\E_4\iext2.fne
2008-6-24 JAY12:34:59 量子游戏css.exe : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\E_4\iext2.fne
2008-6-24 JAY12:34:59 量子游戏css.exe  Modification C:\Documents and Settings\Owner\Local Settings\Temp\E_4\krnln.fnr
2008-6-24 JAY12:34:59 量子游戏css.exe : KLSystemData/FD-C/ Create C:\DOCUME~1\Owner\LOCALS~1\Temp\E_4\krnln.fnr
2008-6-24 JAY12:34:59 量子游戏css.exe  Process start C:\Documents and Settings\Owner\桌面\量子游戏css.exe
2008-6-24 JAY12:34:59 量子游戏css.exe  Placed in group Low Restricted
2008-6-24 JAY12:34:51 WinRAR.exe  Create C:\Documents and Settings\Owner\桌面\量子游戏css.exe

没问题

显示全部楼层 · 发表于 2008-6-24 14:09:23

感谢ls的

显示全部楼层 · 发表于 2008-6-24 21:28:15

误报。

[病毒样本] 量子版CS：S被报毒样本在4楼

本帖子中包含更多资源

[病毒样本] 量子版CS：S被报毒 样本在4楼

本帖子中包含更多资源

[病毒样本] 量子版CS：S被报毒样本在4楼