新帖!!!mm.exe(第160次更新)[附上生成]！

显示全部楼层 · 发表于 2008-11-28 17:19:10

卡巴杀出一头，启发了3个，3.ex2e漏网
小红伞发现一个，启发4个。。。
VBA32和卡巴相反，只杀出3.ex2e
IK查出4头，漏了FLASHMM.EXE

显示全部楼层 · 发表于 2008-11-28 17:22:17

补充一下，IK在我运行FLASHMM.EXE的时候提示发现病毒。。。

显示全部楼层 · 发表于 2008-11-28 23:17:09

第145次更新

显示全部楼层 · 发表于 2008-11-29 00:21:59

C:\Documents and Settings\GUNDAM\桌面\1128-1648mm.rar » RAR » 3.ex2e - Win32/KillFiles.NBR trojan
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm.rar » RAR » 9.exe3 - a variant of Win32/HackTool.Xarp trojan
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm.rar » RAR » flashmm.ex5e - a variant of Win32/AutoRun.WC worm
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm.rar » RAR » x.gif5 » RAR » 照片 .exe - probably a variant of Win32/AutoRun.WC worm
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm.rar » RAR » 1.ex3e - a variant of Win32/Delf.NNM trojan
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm-c.rar » RAR » 362safe.ex3e - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\1128-1648mm-c.rar » RAR » svchost.ex3e - probably a variant of Win32/TrojanDropper.Delf.NIN trojan

1128-2316。rar还以为全飘了，原来是加了密码......

2008-11-29 0:26:55 Real-time file system protection file C:\Documents and Settings\GUNDAM\桌面\1128-2316mm\flashmm.exe3 probably a variant of Win32/AutoRun.WC worm cleaned by deleting - quarantined CHINESE-GUNDAM\GUNDAM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.
2008-11-29 0:26:54 Real-time file system protection file C:\Documents and Settings\GUNDAM\桌面\1128-2316mm\9.ex3e a variant of Win32/HackTool.Xarp trojan cleaned by deleting - quarantined CHINESE-GUNDAM\GUNDAM Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

[ 本帖最后由 leonfg 于 2008-11-29 00:29 编辑 ]

显示全部楼层 · 发表于 2008-11-29 16:14:52

第146次更新

显示全部楼层 · 发表于 2008-11-29 16:20:34

146次

NOD  MISS 1
TO NOD

362safe.exe3       未查明的 NewHeur_PE 病毒
svchost.e3xe       可能是 Win32/TrojanDropper.Delf.NIN 特洛伊木马的变种
dqlongfaa.dl3l       Win32/Delf.NNM 特洛伊木马的变种
3.ex2e       Win32/KillFiles.NBR 特洛伊木马
1.ex3e       Win32/Delf.NNM 特洛伊木马的变种
flashmm.ex3e       可能是 Win32/AutoRun.WC 蠕虫的变种
9.ex3e       Win32/HackTool.Xarp 特洛伊木马的变种

[ 本帖最后由 lingbo110120 于 2008-11-29 16:22 编辑 ]

显示全部楼层 · 发表于 2008-11-29 22:28:25

NOD32 报毒

显示全部楼层 · 发表于 2008-11-29 22:48:58

文件 1112-2309mm-C.rar 接收于 2008.11.29 15:44:54 (CET)
当前状态: 完成
结果: 30/37 (81.09%)

打印结果反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 TR/Delf.fzq
Authentium 5.1.0.4 2008.11.28 W32/Downldr2.DDGJ
Avast 4.8.1281.0 2008.11.28 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.29 Win32/Heur
BitDefender 7.2 2008.11.29 Trojan.Dropper.SFU
CAT-QuickHeal 10.00 2008.11.29 Trojan.Delf.fyt
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 Win32.Delf.fzq
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.28 W32/Downldr2.DDGJ
F-Secure 8.0.14332.0 2008.11.29 Trojan.Win32.Delf.fzq
Fortinet 3.117.0.0 2008.11.29 W32/Delf.FZQ!tr
GData 19 2008.11.29 Trojan.Dropper.SFU
Ikarus T3.1.1.45.0 2008.11.29 Trojan-Dropper.SFU
K7AntiVirus 7.10.538 2008.11.29 Trojan.Win32.Delf.fzq
Kaspersky 7.0.0.125 2008.11.29 Trojan.Win32.Delf.fzq
McAfee 5448 2008.11.28 New Malware.aj
McAfee+Artemis 5448 2008.11.28 New Malware.n
Microsoft 1.4104 2008.11.29 Trojan:Win32/Abndog.A
NOD32 3650 2008.11.28 a variant of Win32/Delf.NNM
Norman 5.80.02 2008.11.28 W32/Delf.CUAA
Panda 9.0.0.4 2008.11.29 Trj/Agent.KFP
PCTools 4.4.2.0 2008.11.29 Packed/Upack
Prevx1 V2 2008.11.29 -
Rising 21.05.52.00 2008.11.29 Worm.Win32.Agent.aac
SecureWeb-Gateway 6.7.6 2008.11.28 Trojan.Delf.fzq
Sophos 4.36.0 2008.11.29 Mal/Generic-A
Sunbelt 3.1.1832.2 2008.11.27 Trojan-Spy.Win32.Banker.etk
Symantec 10 2008.11.29 Trojan Horse
TheHacker 6.3.1.1.166 2008.11.28 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2008.11.28 Possible_DLDER
VBA32 3.12.8.9 2008.11.28 Trojan.Win32.Delf.fzq
ViRobot 2008.11.29.1492 2008.11.29 -
VirusBuster 4.5.11.0 2008.11.28 Packed/Upack
附加信息
File size: 38737 bytes
MD5...: 18b63605f5266b6ade5f9fe60aff0440
SHA1..: 5f226e3a11762340f4c2f7cff6bdcf69ed2739f8
SHA256: 4ae2d22fa6c0ebfe62ab9021466746503740ae325626034130b2d4cf1bc7aac7
SHA512: 34ff98223a0d615d4d09b13fc52dec857cfef1997c8b0c48a2e970ef04d95c00
a00d1bc3af8dc9e168bd73b228223e0120447081a505567227ca7d874412ea16
ssdeep: 768:vdMMQ9H/De0aws443vDRO/1gVttXDSKD6MBc8Bjrqc9CboI7+sHxrKu:vdM3
9K0G3vVOdgjdDt6MWSqcCd+OrN
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (F-Prot): embedded, UPack
packers (Avast): Upack, Upack
packers (Authentium): embedded, UPack

显示全部楼层 · 发表于 2008-11-29 23:19:34

ESET 全
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm.rar » RAR » 9.ex3e - a variant of Win32/HackTool.Xarp trojan
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm.rar » RAR » flashmm.ex3e - probably a variant of Win32/AutoRun.WC worm
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm.rar » RAR » x.g3if » RAR » 照片 .exe - probably a variant of Win32/AutoRun.WC worm
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm.rar » RAR » 1.ex3e - a variant of Win32/Delf.NNM trojan
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm.rar » RAR » 3.ex2e - Win32/KillFiles.NBR trojan
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm-c.rar » RAR » dqlongfaa.dl3l - a variant of Win32/Delf.NNM trojan
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm-c.rar » RAR » svchost.e3xe - probably a variant of Win32/TrojanDropper.Delf.NIN trojan
C:\Documents and Settings\GUNDAM\桌面\1129-1611mm-c.rar » RAR » 362safe.exe3 - probably unknown NewHeur_PE virus

显示全部楼层 · 发表于 2008-11-29 23:34:12

第147次更新

[病毒样本] 新帖!!!mm.exe(第160次更新)[附上生成]！

回复 55楼 sam.to 的帖子