[病毒样本] 2

显示全部楼层 · 发表于 2008-6-24 13:41:48

1

2

显示全部楼层 · 发表于 2008-6-24 14:53:04

D:\virus\2.rar:\1.exe - 特征码 'BehavesLike.Trojan.WinlogonHook' 被发现
D:\virus\2.rar:\2.exe
D:\virus\2.rar

3 文件被扫描
(1 压缩档 2 文件)
1 特征码被侦测
0 可疑代码段被发现
耗时: 0:00.172

显示全部楼层 · 发表于 2008-6-24 14:57:54

2008.06.24 06:55:50 {820} (0110) [1624] Delete SHeur.BSGF Delete; D:\VIRUS\2.rar:\2.exe

显示全部楼层 · 发表于 2008-6-24 15:08:30

VirSCAN.org Scanned Report :
Scanned time : 2008/06/24 15:01:07 (CST)
Scanner results: 11%的杀软(4/36)报告发现病毒
File Name    : 2.rar
File Size    : 67024 byte
File Type    : RAR archive data, v1d, os
MD5          : bdcdb6e91588e30bee115b0eb9d8d0bd
SHA1          : 23ff22eaab52645b6de6b419d36d863b2eb778db
Online report  : http://virscan.org/report/df32f1c0de4dd2cd1ec62418e73bb7db.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.5.0.18       2008.06.23       2008-06-23  2.38 -
安博士V3    2008.06.24.01 2008.06.24       2008-06-24  0.96 -
AntiVir       7.8.0.59       7.0.4.241       2008-06-23  5.85 -
Arcavir       1.0.4          200806231927    2008-06-23  3.33 -
AVAST!       1.0.8          080623-1       2008-06-23  4.59 -
AVG          7.5.51.442    270.4.1/1515    2008-06-23  2.63 SHeur.BSGF
BitDefender 7.60825.1262669 7.19678          2008-06-24  8.86 -
CA (VET)    9.0.0.143    31.6.5897       2008-06-23  0.70 -
ClamAV       0.93          7546             2008-06-24  0.03 -
Comodo       2.11          2.0.0.565       2008-06-24  0.58 -
CP Secure    1.1.0.715    2008.06.24       2008-06-24  11.74  -
Dr.Web       4.44.0.9170    2008.06.23       2008-06-23  6.23 -
ewido       4.0.0.2       2008.06.23       2008-06-23  2.22 -
F-Prot       4.4.1.52       20080623       2008-06-23  1.57 -
F-Secure    5.51.6100    2008.06.24.02    2008-06-24  4.66 -
飞塔          2.81-3.11    0.0             2008-06-24  0.26 -
ViRobot       20080623       2008.06.23       2008-06-23  0.53 -
Ikarus       T3.1.01.26    2008.06.24.70968  2008-06-24  3.03 BehavesLike.Trojan.WinlogonHook
江民杀毒    11.0.706       2008.06.17       2008-06-17  1.19 -
卡巴斯基    5.5.10       2008.06.24       2008-06-24  0.06 -
金山毒霸    2008.1.14.15 2008.6.24.14    2008-06-24  0.72 -
迈克菲       5.2.00       5323             2008-06-23  2.36 -
Microsoft    1.3604       2008.06.22       2008-06-22  4.85 -
mks_vir       2.01          2008.06.23       2008-06-23  5.35 -
Norman       5.92.08       5.92.00          2008-06-23  11.57  -
熊猫卫士    9.04.03.0001 2008.06.18       2008-06-18  1.53 -
趋势科技    8.700-1004    5.356.20       2008-06-22  0.06 -
Quick Heal    9.50          2008.06.23       2008-06-23  1.52 Suspicious - DNAScan
瑞星          20.0          20.50.10.00    2008-06-24  0.89 -
Sophos       2.74.1       4.30             2008-06-24  3.75 Troj/Addler-Fam
Sunbelt       3.0.1153.1    2093             2008-06-13  0.52 -
赛门铁克    1.3.0.24       20080623.004    2008-06-23  0.24 -
nProtect    2008-06-24.00 1553273          2008-06-24  3.05 -
The Hacker    6.2.92       v00358          2008-06-21  0.57 -
VBA32       3.12.6.8       20080623.1030    2008-06-23  1.61 -
VirusBuster 4.5.11.10    10.79.1/594378 2008-06-19  1.12 -

显示全部楼层 · 发表于 2008-6-24 15:37:28

全杀

显示全部楼层 · 发表于 2008-6-24 15:45:50

2.exe
2008-6-24 15:45:43 Real-time file system protection file C:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: G:\v\2.exe.

显示全部楼层 · 发表于 2008-6-24 21:08:25

Sent to Avira
25056594 1.exe 43.5 KB UNDER ANALYSIS
25056595 2.exe 32.5 KB UNDER ANALYSIS

显示全部楼层 · 发表于 2008-6-24 21:08:32

RS20.50.10未杀！

显示全部楼层 · 发表于 2008-6-25 01:13:23

晕

[病毒样本] 2

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

3/0