卡巴报警，大家看看是不是误警~！

显示全部楼层 · 发表于 2008-8-31 21:00:23

一个塞班手机制作签名的证书的东东~！

显示全部楼层 · 发表于 2008-8-31 21:04:50

不是误报

显示全部楼层 · 发表于 2008-8-31 21:05:50

[Scanning : C:\Download Files]

C:\Download Files\1205435.rar<RAR>:S60证书签名专家(开心智能版)1.2.0.exe <- Trojan.Bifrose.Ykz : No action
C:\Download Files\1205435.rar<RAR>:S60证书签名专家(开心智能版)1.2.0.exe<DLLRES>:file1.exe<FSG>:file1.exe <- Trojan.Bifrose.Ab : No action

Scanned objects : 17

Infected objects : 2

显示全部楼层 · 发表于 2008-8-31 21:06:36

[发现后门：] <W32/Backdoor2.BJVB (确切, not disinfectable)> C:\Download Files\1205435.rar->1205435\S60证书签名专家(开心智能版)1.2.0.exe

显示全部楼层 · 发表于 2008-8-31 21:08:40

显示全部楼层 · 发表于 2008-8-31 21:10:14

小红伞也报

显示全部楼层 · 发表于 2008-8-31 21:10:50

捆绑了

捆绑文件

文件 TINTSE.EXE 接收于 2008.08.31 15:10:33 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.8.29.0	2008.08.29	Win-Trojan/Bifrose.57344
AntiVir	7.8.1.23	2008.08.30	BDS/Bifrose.d.2
Authentium	5.1.0.4	2008.08.30	W32/Bifrost.C.gen!Eldorado
Avast	4.8.1195.0	2008.08.30	Win32:Bifrose-T
AVG	8.0.0.161	2008.08.30	BackDoor.Bifrose.M
BitDefender	7.2	2008.08.31	Generic.Malware.SE!.A3C13521
CAT-QuickHeal	9.50	2008.08.29	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.08.31	Trojan.Bifrose-269
DrWeb	4.44.0.09170	2008.08.31	BackDoor.Bifrost.11
eSafe	7.0.17.0	2008.08.28	Suspicious File
eTrust-Vet	31.6.6057	2008.08.29	Win32/Bifrost!generic
Ewido	4.0	2008.08.31	Backdoor.Bifrose.ao
F-Prot	4.4.4.56	2008.08.30	W32/Bifrost.C.gen!Eldorado
F-Secure	7.60.13501.0	2008.08.31	Backdoor.Win32.Bifrose.la
Fortinet	3.14.0.0	2008.08.31	-
GData	19	2008.08.31	Backdoor.Win32.Bifrose.la
Ikarus	T3.1.1.34.0	2008.08.31	-
K7AntiVirus	7.10.433	2008.08.30	-
Kaspersky	7.0.0.125	2008.08.31	Backdoor.Win32.Bifrose.la
McAfee	5373	2008.08.29	BackDoor-CEP.svr
Microsoft	1.3807	2008.08.25	Backdoor:Win32/Bifrose
NOD32v2	3401	2008.08.30	a variant of Win32/Bifrose
Norman	5.80.02	2008.08.29	Suspicious_F.gen
Panda	9.0.0.4	2008.08.31	Bck/Bifrose.ES
PCTools	4.4.2.0	2008.08.31	Backdoor.Bifrose.AAU
Prevx1	V2	2008.08.31	Suspicious
Rising	20.59.61.00	2008.08.31	Backdoor.Bifrose.fj
Sophos	4.33.0	2008.08.31	Troj/Bckdr-CER
Sunbelt	3.1.1592.1	2008.08.30	VIPRE.Suspicious
Symantec	10	2008.08.31	Backdoor.Bifrose
TheHacker	6.3.0.6.068	2008.08.30	Backdoor/CEP
TrendMicro	8.700.0.1004	2008.08.29	BKDR_BIFROSE.AQJ
VBA32	3.12.8.4	2008.08.30	Backdoor.Win32.Bifrose.la
ViRobot	2008.8.30.1357	2008.08.30	Backdoor.Win32.Bifrose.73263
VirusBuster	4.5.11.0	2008.08.30	Backdoor.Bifrose.AAU
Webwasher-Gateway	6.6.2	2008.08.30	Trojan.Backdoor.Bifrose.d.2

附加信息
File size: 73264 bytes
MD5...: fbc3b4ee71b33ff316335942ed729994
SHA1..: 7d6f5fe89c1b8f94ac5f1d77c6b2ae23965e211d
SHA256: e82d6c7cfd3c32917ce832ea7d7b5976c6d7367f01793712c5ba1aeec6f1e6fa
SHA512: 2e61264e474c1f420c7fd61af0bac24dfa9448e8854c15ca88e99cbd9b902d56<BR>81151abee778ff127adc6d307ed2740da49d426bfd6cb72e5a4e3c998e368d30
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification<BR>Win32 Executable Generic (67.9%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Targa bitmap (Original TGA Format) (0.0%)<BR>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x400154<BR>timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>0xc000 0x6000 0x5171 7.86 5be2669975aeba1eadd1780ea3e537db<BR><BR>( 1 imports ) <BR>> KERNEL32.dll: LoadLibraryA, GetProcAddress<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogr ... 176C0BCAB00072FF6AE
packers (Authentium): FSG
packers (F-Prot): FSG
packers (Kaspersky): FSG
packers (Avast): FSG

[ 本帖最后由 wangjay1980 于 2008-8-31 21:13 编辑 ]

显示全部楼层 · 发表于 2008-8-31 21:12:58

病毒 2008-08-31 21:12:42 C:\Documents and Settings\Administrator\桌面\1205435.rar\1205435\S60证书签名专家(开心智能版)1.2.0.exe Win32.PSWTroj.OnLineGames.184108 清除成功

显示全部楼层 · 发表于 2008-8-31 21:15:45

原帖由 wangjay1980 于 2008-8-31 21:10 发表
捆绑了

捆绑文件

文件 TINTSE.EXE 接收于 2008.08.31 15:10:33 (CET)
反病毒引擎版本最后更新扫描结果AhnLab-V32008.8.29.02008.08.29Win-Trojan/Bifrose.57344AntiVir7.8.1.232008. ...

IK又低迷了

显示全部楼层 · 发表于 2008-8-31 21:29:19

原帖由 allinwonderi 于 2008-8-31 21:15 发表

IK又低迷了

也没有，IK把主文件杀了。。。

文件 S60______________________________ 接收于 2008.08.31 15:26:45 (CET)
当前状态: 正在读取 ... 队列中等待中扫描中完成未发现停止

结果: 26/36 (72.23%)

AhnLab-V3	2008.8.29.0	2008.08.29	Win-Trojan/Inject.43033
AntiVir	7.8.1.23	2008.08.30	BDS/Bifrose.d.2
Authentium	5.1.0.4	2008.08.30	W32/Backdoor2.BJVB
Avast	4.8.1195.0	2008.08.30	Win32:Bifrose-T
AVG	8.0.0.161	2008.08.30	BackDoor.Bifrose.ABY
BitDefender	7.2	2008.08.31	Trojan.Delf.Inject.N
CAT-QuickHeal	9.50	2008.08.29	-
ClamAV	0.93.1	2008.08.31	Trojan.Bifrose-269
DrWeb	4.44.0.09170	2008.08.31	Trojan.MulDrop.12876
eSafe	7.0.17.0	2008.08.28	Suspicious File
eTrust-Vet	31.6.6057	2008.08.29	Win32/Jonstro.A
Ewido	4.0	2008.08.31	Backdoor.Ciadoor.aec
F-Prot	4.4.4.56	2008.08.30	W32/Backdoor2.BJVB
F-Secure	7.60.13501.0	2008.08.31	Backdoor.Win32.Bifrose.la
Fortinet	3.14.0.0	2008.08.31	-
GData	19	2008.08.31	Backdoor.Win32.Bifrose.la
Ikarus	T3.1.1.34.0	2008.08.31	Packer.YodaBased.B
K7AntiVirus	7.10.433	2008.08.30	Backdoor.Win32.Ciadoor.aec
Kaspersky	7.0.0.125	2008.08.31	Backdoor.Win32.Bifrose.la
McAfee	5373	2008.08.29	BackDoor-CEP
Microsoft	1.3807	2008.08.25	Backdoor:Win32/Bifrose
NOD32v2	3401	2008.08.30	a variant of Win32/Bifrose
Norman	5.80.02	2008.08.29	-
Panda	9.0.0.4	2008.08.31	Suspicious file
PCTools	4.4.2.0	2008.08.31	Packed/FSG
Prevx1	V2	2008.08.31	-
Rising	20.59.61.00	2008.08.31	Dropper.Win32.Agent.gdc
Sophos	4.33.0	2008.08.31	Troj/Bckdr-CER
Sunbelt	3.1.1592.1	2008.08.30	-
Symantec	10	2008.08.31	-
TheHacker	6.3.0.6.068	2008.08.30	-
TrendMicro	8.700.0.1004	2008.08.29	-
VBA32	3.12.8.4	2008.08.30	BackDoor.Pigeon.6620
ViRobot	2008.8.30.1357	2008.08.30	-
VirusBuster	4.5.11.0	2008.08.30	-
Webwasher-Gateway	6.6.2	2008.08.30	Trojan.Backdoor.Bifrose.d.2

[病毒样本] 卡巴报警，大家看看是不是误警~！

ArcaVir2008

F-Prot 4.4.4

Avira