2008年11月16日下午收集的11个可疑样本

will

Multi Command-Line Scanner Report
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\ad7546.exe   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   
MD5 Hash: EE3F9E178FEF4AB16C26A0ABF8489473   

A-squared ----- Nothing   
Avast ----- Win32:BHO-GG [Adw]    
Avg ----- Puper.H     
Antivir ----- DR/BHO.dxc.2    
BitDefender ----- Dropped:Adware.Sogou.Gen    
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- a variant of Win32/Adware.Cinmus application    
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- not-a-virus:AdWare.Win32.BHO.dxc    
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 6/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\B.exe   
Type: DOS Executable Generic / Extension: .EXE   
MD5 Hash: 444E1B7993E1475263B6AEDE7AF38338   

A-squared ----- Trojan.Zlob!IK    
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- TR/Dropper.Gen    
BitDefender ----- Trojan.AgentMB.TRQF7503984    
ClamWin ----- Nothing   
Dr.Web ----- BACKDOOR.Trojan    
Eset ----- Nothing   
Ikarus ----- Trojan.Zlob    
Jiangmin ----- Trojan/PSW.Delphi.Gen    
Kaspersky ----- Nothing   
Kingsoft ----- Win32.Troj.Agent.ks.217088    
Vba32 ----- Nothing   

*** 7/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\data.exe   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   
MD5 Hash: AB88A609A9D7354BC7837071187FEFF2   

A-squared ----- BHO.Win32.BaiduSobar!IK    
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- TR/Drop.BaiduBar.E    
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Nothing   
Ikarus ----- BHO.Win32.BaiduSobar    
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 3/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\ddv.exe   
Type: Win32 Executable Microsoft Visual Basic 6 / Extension: .EXE   
MD5 Hash: 5E25AB8B623FDDFD77696C4FFE948A54   

A-squared ----- Nothing   
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- Nothing   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Nothing   
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 0/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\fd.css   
Type: Win32 EXE Yoda's Crypter / Extension: .EXE   
MD5 Hash: 193FBB996D9CF0638D5774E8B82CBAE5   

A-squared ----- Trojan-Downloader.Win32.Isnev!IK    
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- TR/Dropper.Gen    
BitDefender ----- Trojan.Peed.Gen    
ClamWin ----- Nothing   
Dr.Web ----- DLOADER.Trojan    
Eset ----- a variant of Win32/TrojanDownloader.Agent.NYP trojan    
Ikarus ----- Trojan-Downloader.Win32.Isnev    
Jiangmin ----- Nothing   
Kaspersky ----- Heur.Trojan.Generic    
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 7/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\LODCTR.EXE   
Type: Win64 Executable Generic / Extension: .EXE   
MD5 Hash: FC70085CDDFE25D9BE88595364DD5A5D   

A-squared ----- Nothing   
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- Nothing   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Nothing   
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- Backdoor.Win32.Small.gra    
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 1/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\setup500.exe   
Type: Win32 Executable Generic / Extension: .EXE   
MD5 Hash: F774EC232D3F0B5F695C163E7F386713   

A-squared ----- Trojan-Downloader!IK    
Avast ----- Nothing   
Avg ----- SHeur2.BPU     
Antivir ----- TR/Crypt.FKM.Gen    
BitDefender ----- Backdoor.Agent.ZZA    
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Nothing   
Ikarus ----- Trojan-Downloader    
Jiangmin ----- Nothing   
Kaspersky ----- HEUR:Trojan.Win32.Generic    
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 6/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\SkypeClient.exe   
Type: Win64 Executable Generic / Extension: .EXE   
MD5 Hash: 43FCAF18249B9E6B1A211F4D4D08163D   

A-squared ----- Nothing   
Avast ----- Win32:Baidubar-B [Trj]    
Avg ----- Downloader.Generic8.BGX     
Antivir ----- Nothing   
BitDefender ----- Nothing   
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Nothing   
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Nothing   
Vba32 ----- Nothing   

*** 2/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\wp.exe   
Type: DOS Executable Generic / Extension: .EXE   
MD5 Hash: 4EEB210BD33FBF8CF347D53024F15D83   

A-squared ----- Trojan-Spy.Win32.Banker.anv!IK    
Avast ----- Nothing   
Avg ----- Nothing   
Antivir ----- TR/Dldr.Delphi.Gen    
BitDefender ----- Trojan.Agent.Delf.GY    
ClamWin ----- Nothing   
Dr.Web ----- Nothing   
Eset ----- Win32/TrojanDownloader.Delf.OJD trojan    
Ikarus ----- Trojan-Spy.Win32.Banker.anv    
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Nothing   
Vba32 ----- Win32.Trojan.Downloader    

*** 6/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   

Task done @ 2008/11/16 日 18:45:49.42   

BING126

McAfee  报了3个。。

ad7546.exe             no  
b.exe                       new malware.n              
data.exe                  no  
ddv.exe                   no  
fd.css                      no  
lodctr.exe                no  
setup500.exe          no  
skypeclient.exe       tomskype                    
versionie.swf           no  
wp.exe                     new malware.n              
yiqilailyrics1.4.0.exe no

08红伞威点

ddv  3%的杀软(1/39)报告发现病毒
LODCTR  8%的杀软(3/39)报告发现病毒
SkypeClient  10%的杀软(4/39)报告发现病毒
versionie  13%的杀软(5/39)报告发现病毒
YiqilaiLyrics1.4.0  5%的杀软(2/39)报告发现病毒
-----------------------------------------------
红伞上报5个。