PCSL 可疑恶意网站每日分析 20081126(brother soft上面好多XXXX)

显示全部楼层 · 发表于 2008-11-26 02:20:55

http://upload.turkbaze.org/1337.exe
http://www.searchcasino.net/everestpoker/download/EverestPoker.exe
http://files.brothersoft.com/chat/miscellaneous/zango.im%20Installer79.exe
http://files.brothersoft.com/games/action/Alien_Shooter_56025.exe
http://files.brothersoft.com/dvd_video/misc_multimedia/regular_plugin.exe
http://files.brothersoft.com/business/accounting_software/1_4_all_Account_lite-install-14218.exe
http://jp.brothersoft.com/upload/13/6255.20071120051301.exe
http://files7.brothersoft.com/utilities/optimize_utilities/mechanic.exe
http://files4.brothersoft.com/chat_e-mail/misc_chat/MyEmoticons.exe
http://files5.brothersoft.com/internet/p2p_file_sharing/KDM-Setup.exe
http://www.indev.no/FlashMute_2.exe
http://www.spytech-web.com/spytechonline/Files/spyagent6.zip
http://files.brothersoft.com/RegNow/xpadvancedkeylogger.exe
http://vip-files.brothersoft.com/ek_setup.exe
http://www.widestep.com/files/ek_setup.exe
http://vip-files.brothersoft.com/keysetup.exe
http://msn-checker-sniffer.jp.brothersoft.com/upload/17/8125.20071115231113.exe
http://files.brothersoft.com/RegNow/modemspy.exe
http://www.brothersoft.com/soft/regnow/sasetup19793.exe
http://files.brothersoft.com/security/keylogger/SoftForYou_Keylogger_33203.exe
http://chariot.tucows.com/files7/Anti_Virus.exe
http://files.brothersoft.com/wallpaper/miscellaneous/wallpaper.exe
http://download.speedbit.com/dap86-bros.exe
http://files.brothersoft.com/dvd_video/misc_multimedia/regular_plugin.exe
http://www.pchell.com/downloads/uninstall2.exe
http://www.pchell.com/downloads/lopuninstall.exe
http://www.pchell.com/checkout.shtml16845/IncrediUninstaller.exe

复制代码

显示全部楼层 · 发表于 2008-11-26 15:08:56

番茄兄弟，你用什么工具分析网站挂马滴？

显示全部楼层 · 发表于 2008-11-26 15:37:55

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\1_4_all_Account_lite-install-14218.exe
Type: UPX compressed Win32 Executable / Extension: .EXE
MD5 Hash: 0FDF155AE6ADB512629A610E74D05037

A-squared ----- Trojan.Crypt.Delf.X!IK
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender ----- Trojan.Generic.147449
ClaimWin -----Nothing
Dr.Web ----- BackDoor.Y3krat.29
Eset ----- probably a variant of Win32/TrojanDownloader.Agent trojan
F-prot -----Nothing
Ikarus ----- Trojan.Crypt.Delf.X
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 5/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\1337.exe
Type: Generic Win/DOS Executable / Extension: .EXE
MD5 Hash: 0D66D79BBC383C297EB8F1F7696D4937

A-squared ----- Backdoor.Win32.IRCBot!IK
Avast ----- Win32:Socks-AS [Wrm]
Avg ----- Hosts
AntiVir ----- TR/Spy.Gen
BitDefender ----- Generic.Sdbot.96262AF0
ClamWin ----- Worm.Mytob.AS
Dr.Web ----- WIN.IRC.PWS.WORM.Virus
Eset ----- probably a variant of IRC/SdBot trojan
F-prot ----- W32/OnlineGames.F.gen!Eldorado
Ikarus ----- Backdoor.Win32.IRCBot
Jiangmin -----Nothing
Kaspersky ----- HEUR:Worm.Win32.Generic
Kingsoft -----Nothing
Vba32 -----Nothing

*** 11/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\6255.20071120051301.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: 0BEC77543E8ED6DD0C86F63FB0B0C9D1

A-squared -----Nothing
Avast ----- Win32:Spyware-gen [Trj]
Avg -----Nothing
AntiVir ----- DR/MyWebSearch.2030834
BitDefender ----- Adware.Mywebsearch.AM
ClamWin ----- Adware.Mywebsearch
Dr.Web -----Nothing
Eset ----- Win32/AdInstaller application
F-prot ----- W32/Malware!1845
Ikarus ----- not-a-virus:AdTool.Win32.MyWebSearch
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:WebToolbar.Win32.MyWebSearch.ak
Kingsoft -----Nothing
Vba32 ----- AdWare.W32.SaveNow

*** 9/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\8125.20071115231113.exe
Type: Win32 Executable PowerBASIC/Win 9.x / Extension: .EXE
MD5 Hash: B5B42F5F0A54DE60E6DF60D87ACB859F

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\Alien_Shooter_56025.exe
Type: UPX compressed Win32 Executable / Extension: .EXE
MD5 Hash: CAEB861FD6C2021ABD48A976698C2B64

A-squared -----Nothing
Avast ----- Win32:180Solutions-G [Trj]
Avg -----Nothing
AntiVir ----- ADSPY/AdSpy.Gen
BitDefender ----- Adware.Zango.O
ClamWin ----- Adware.Zango-1
Dr.Web ----- Trojan.PWS.Mailspy.96
Eset -----Nothing
F-prot -----Nothing
Ikarus ----- not-a-virus:AdTool.Win32.Zango.r
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:WebToolbar.Win32.Zango.b
Kingsoft -----Nothing
Vba32 ----- Adware.Win32.180Solutions

*** 8/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\Anti_Virus.exe
Type: Inno Setup installer / Extension: .EXE
MD5 Hash: D6A786D5AFB7F58D4B52A9B994B61465

A-squared -----Nothing
Avast ----- Win32:Trojan-gen {Other}
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 1/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\dap86-bros.exe
Type: Wise Installer executable / Extension: .EXE
MD5 Hash: 65720DDDDFF1F89B7114DB39A9ED4BB6

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\ek_setup.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: B5EA56A3FBD62153D2F1703F6E794B60

A-squared ----- Virus.Win32.Spyware!IK
Avast ----- Win32:Trojan-gen {Other}
Avg ----- Logger.EMM
AntiVir ----- DR/EliteKeyLogger.21.30
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset ----- probably a variant of Win32/Spy.Agent trojan
F-prot -----Nothing
Ikarus ----- Virus.Win32.Spyware
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:Monitor.Win32.EliteKeylogger.21
Kingsoft -----Nothing
Vba32 -----Nothing

*** 7/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\FlashMute_2.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: A5B0E3FFBBD115886A78DCB4056E914E

A-squared -----Nothing
Avast ----- Win32:Adware-gen [Adw]
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:AdWare.Win32.BetterInternet.ih
Kingsoft -----Nothing
Vba32 ----- AdWare.Win32.BetterInternet.ih

*** 3/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\IncrediUninstaller.exe
Type: Win32 Executable Generic / Extension: .EXE
MD5 Hash: E2E697A5E1F2EDC93FAAD3ED5B84D9FE

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\KDM-Setup.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: F9C7FE76E6CDBE9031808C45C51C3415

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\keysetup.exe
Type: Win32 Executable PowerBASIC/Win 9.x / Extension: .EXE
MD5 Hash: 95E7C205F16B6FEB95CA63809FD397B6

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\lopuninstall.exe
Type: Win32 Dynamic Link Library / Extension: .DLL
MD5 Hash: B1E1516C8E446CD8C8EC6A9D33E97D15

A-squared -----Nothing
Avast ----- Win32:Swizzor-gen [Trj]
Avg -----Nothing
AntiVir ----- TR/Dldr.Swizzor.Gen
BitDefender ----- Adware.Lop.AG
ClamWin ----- Adware.Lop-131
Dr.Web -----Nothing
Eset ----- probably a variant of Win32/Adware.Agent application
F-prot ----- W32/Swizzor.BJA
Ikarus ----- not-a-virus:AdWare.Win32.Lop.bb
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:AdWare.Win32.Lop.ag
Kingsoft -----Nothing
Vba32 ----- AdWare.Win32.Lop.ag

*** 9/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\mechanic.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: C68737AFB312C5A62F9EAEF3BAEAC1FA

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender ----- Dropped:Adware.VB
ClamWin ----- Adware.BHO-111
Dr.Web -----Nothing
Eset ----- probably a variant of Win32/Adware.BHO application
F-prot -----Nothing
Ikarus ----- not-a-virus:AdWare.Win32.VB.y
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:AdWare.Win32.VB.y
Kingsoft -----Nothing
Vba32 ----- AdWare.Win32.BHO.ba

*** 6/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\modemspy.exe
Type: Generic Win/DOS Executable / Extension: .EXE
MD5 Hash: 6BA68D5C3EA50F5D583136F67B74D53C

A-squared ----- Trojan.CuteSpy!IK
Avast ----- Win32:Trojan-gen {Other}
Avg -----Nothing
AntiVir ----- DR/Cutespy.C
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus ----- Trojan.CuteSpy
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 4/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\MyEmoticons.exe
Type: Win32 Executable Generic / Extension: .EXE
MD5 Hash: 647A4E5A4CE4EE90E73CEDF0FCF2DDA1

A-squared ----- Virus.Win32.VB.AUX!IK
Avast ----- Win32:Adware-gen [Adw]
Avg -----Nothing
AntiVir ----- ADSPY/AdSpy.Gen
BitDefender ----- Application.Generic.12202
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset ----- a variant of Win32/Adware.WhenU.SaveNow application
F-prot -----Nothing
Ikarus ----- Virus.Win32.VB.AUX
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 ----- Embedded.AdWare.W32.SaveNow

*** 7/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\regular_plugin.exe
Type: UPX compressed Win32 Executable / Extension: .EXE
MD5 Hash: F65EA28985BBC85D98948761A84A36D2

A-squared ----- Trojan-Downloader.Win32.IstBar!IK
Avast ----- Win32:IstBar-AU [Trj]
Avg ----- Downloader.Istbar.9.AV
AntiVir ----- TR/Dldr.IstBar.34048.26
BitDefender ----- Generic.Istbar.18E9829A
ClamWin ----- Trojan.Downloader.Istbar-178
Dr.Web ----- Trojan.Isbar.402
Eset ----- a variant of Win32/TrojanDownloader.IstBar trojan
F-prot ----- W32/Istbar.gen10@dl
Ikarus ----- Trojan-Downloader.Win32.IstBar
Jiangmin ----- TrojanDownloader.IstBar.ew
Kaspersky ----- Trojan-Downloader.Win32.IstBar.gen
Kingsoft ----- Win32.TrojDownloader.IstBar.38656
Vba32 ----- Signed-Trojan-Downloader.Win32.IstBar.gen

*** 14/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\SoftForYou_Keylogger_33203.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: C252DCBC7902AC3D1B7BC0B53A4C8C31

A-squared -----Nothing
Avast ----- Win32:Trojan-gen {Other}
Avg ----- Logger.DQP
AntiVir ----- DR/Sfkeylogger.A.2
BitDefender ----- Application.Generic.13188
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot ----- W32/MonitorX.NB
Ikarus ----- not-a-virus:Monitor.Win32.Sfkeylogger.b
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:Monitor.Win32.SfKeylogger.b
Kingsoft -----Nothing
Vba32 -----Nothing

*** 7/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\spyagent6.zip
Type: ZIP compressed archive / Extension: .ZIP
MD5 Hash: D686EE8AA76E982CC286C5A064CF3EB9

A-squared ----- Infected
Avast ----- Win32:Trojan-gen {Other}
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus ----- not-a-virus:Monitor.Win32.SpyAgent.60006
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:Monitor.Win32.SpyAgent.z
Kingsoft -----Nothing
Vba32 -----Nothing

*** 4/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall2.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: CCEC3F20850BEB0DBDF3F929387B55D8

A-squared ----- Trojan.Win32.StartPage!IK
Avast ----- Win32:StartPage-515 [Trj]
Avg ----- Startpage.BJM
AntiVir ----- TR/StartPage.aku.1
BitDefender ----- Trojan.Generic.216332
ClaimWin -----Nothing
Dr.Web ----- Trojan.StartPage.20558
Eset ----- probably a variant of Win32/StartPage trojan
F-prot ----- W32/Trojan.BFAA
Ikarus ----- Trojan.Win32.StartPage
Jiangmin -----Nothing
Kaspersky ----- Trojan.Win32.StartPage.aku
Kingsoft ----- Win32.Troj.StartPage.49152
Vba32 ----- Trojan.Win32.StartPage.aku

*** 12/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\wallpaper.exe
Type: WinRAR Self Extracting archive / Extension: .EXE
MD5 Hash: 074375086487184DD6103A98BCBFF011

A-squared ----- Trojan-Dropper.Agent!IK
Avast ----- Win32:Trojan-gen {Other}
Avg ----- Downloader.Generic5.BDG
AntiVir ----- TR/Dldr.AGE
BitDefender ----- Trojan.Downloader.AGE
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset ----- a variant of Win32/Adware.2Search application
F-prot ----- W32/Downldr2.CZMS
Ikarus ----- Trojan-Dropper.Agent
Jiangmin -----Nothing
Kaspersky ----- Trojan-Downloader.Win32.Agent.qym
Kingsoft -----Nothing
Vba32 ----- Trojan-Downloader.Win32.Agent.qym

*** 10/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\xpadvancedkeylogger.exe
Type: Generic Win/DOS Executable / Extension: .EXE
MD5 Hash: 5C71B54417B455CBCCF04016067CE27B

A-squared -----Nothing
Avast ----- Win32:Adware-gen [Adw]
Avg -----Nothing
AntiVir -----Nothing
BitDefender ----- Application.XPTools.Keylogger.A
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus ----- not-a-virus:.FraudTool.Win32.SpywareDetector
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:Client-SMTP.Win32.JMail.43
Kingsoft -----Nothing
Vba32 -----Nothing

*** 4/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\zango.im Installer79.exe
Type: Wise Installer executable / Extension: .EXE
MD5 Hash: B297B7A5FC22655C2A5FEFCA6BF7DEAE

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir ----- DR/180Solutions.BN.3
BitDefender ----- Trojan.Generic.387896
ClamWin ----- Adware.180Solutions-16
Dr.Web -----Nothing
Eset -----Nothing
F-prot -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky ----- not-a-virus:AdWare.Win32.180Solutions.bn
Kingsoft -----Nothing
Vba32 ----- Signed-AdWare.Win32.180Solutions.i

*** 5/14 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/11/26 三 15:37:35.03
Note: The results might be different from that of the GUI version.

显示全部楼层 · 发表于 2008-11-26 18:08:51

看LS
未杀的TO KL

本以为一下午能有人打包

[ 本帖最后由伊卡洛斯于 2008-11-26 18:10 编辑 ]

显示全部楼层 · 发表于 2008-11-26 18:48:26

我来打包

下载地址:

http://www1.100g.cc/ContentPane.aspx?down=ok&filepath=boyss/新建文件夹.rar

[ 本帖最后由 gzg 于 2008-11-26 21:07 编辑 ]

显示全部楼层 · 发表于 2008-11-26 19:47:49

原帖由 will 于 2008-11-26 15:37 发表

楼主毒霸的病毒库旧了

显示全部楼层 · 发表于 2008-11-26 19:48:12

原帖由 gzg 于 2008-11-26 18:48 发表
我来打包

下载地址:ftp://121.228.210.185/新建文件夹.rar

http://www1.100g.cc/ContentPane.aspx?down=ok&filepath=boyss/新建文件夹.rar

第一个下载地址下载了不能打开

显示全部楼层 · 发表于 2008-11-26 20:22:25

Kingsoft Trusted Authentication Summary

The Summary Was Created by Kingsoft Trusted Authentication Viewer

==========================================

FileName :          1337.exe
FileMD5Checksum : 0d66d79bbc383c297eb8f1f7696d4937
FileSecurityLevel :  Unknown

FileName :          1_4_all_Account_lite-install-14218.exe
FileMD5Checksum : 0fdf155ae6adb512629a610e74d05037
FileSecurityLevel :  Safe(*)

FileName :          6255.20071120051301.exe
FileMD5Checksum : 0bec77543e8ed6dd0c86f63fb0b0c9d1
FileSecurityLevel :  Suspect

FileName :          8125.20071115231113.exe
FileMD5Checksum : b5b42f5f0a54de60e6df60d87acb859f
FileSecurityLevel :  Safe(*)

FileName :          Alien_Shooter_56025.exe
FileMD5Checksum : caeb861fd6c2021abd48a976698c2b64
FileSecurityLevel :  RiskWare

FileName :          Anti_Virus.exe
FileMD5Checksum : d6a786d5afb7f58d4b52a9b994b61465
FileSecurityLevel :  Unknown

FileName :          ek_setup(1).exe
FileMD5Checksum : 821b16ce52a0c28ce97c21ab73ce0e35
FileSecurityLevel :  Safe(*)

FileName :          ek_setup.exe
FileMD5Checksum : b5ea56a3fbd62153d2f1703f6e794b60
FileSecurityLevel :  Safe(*)

FileName :          FlashMute_2.exe
FileMD5Checksum : a5b0e3ffbbd115886a78dcb4056e914e
FileSecurityLevel :  Safe(*)

FileName :          IncrediUninstaller.exe
FileMD5Checksum : e2e697a5e1f2edc93faad3ed5b84d9fe
FileSecurityLevel :  Unknown

FileName :          KDM-Setup.exe
FileMD5Checksum : f9c7fe76e6cdbe9031808c45c51c3415
FileSecurityLevel :  Safe

FileName :          keysetup.exe
FileMD5Checksum : 95e7c205f16b6feb95ca63809fd397b6
FileSecurityLevel :  Safe(*)

FileName :          lopuninstall.exe
FileMD5Checksum : b1e1516c8e446cd8c8ec6a9d33e97d15
FileSecurityLevel :  Virus

FileName :          mechanic.exe
FileMD5Checksum : c68737afb312c5a62f9eaef3baeac1fa
FileSecurityLevel :  Virus

FileName :          modemspy.exe
FileMD5Checksum : 6ba68d5c3ea50f5d583136f67b74d53c
FileSecurityLevel :  Unknown

FileName :          MyEmoticons.exe
FileMD5Checksum : 647a4e5a4ce4ee90e73cedf0fcf2dda1
FileSecurityLevel :  Unknown

FileName :          regular_plugin.exe
FileMD5Checksum : f65ea28985bbc85d98948761a84a36d2
FileSecurityLevel :  Virus

FileName :          sasetup19793.exe
FileMD5Checksum : 8b6c2716c51d67e320d69811c1e60fc3
FileSecurityLevel :  Unknown

FileName :          SoftForYou_Keylogger_33203.exe
FileMD5Checksum : c252dcbc7902ac3d1b7bc0b53a4c8c31
FileSecurityLevel :  Unknown

FileName :          spyagent6.zip
FileMD5Checksum : d686ee8aa76e982cc286c5a064cf3eb9
FileSecurityLevel :  Unknown

FileName :          uninstall2.exe
FileMD5Checksum : ccec3f20850beb0dbdf3f929387b55d8
FileSecurityLevel :  Suspect

FileName :          wallpaper.exe
FileMD5Checksum : 074375086487184dd6103a98bcbff011
FileSecurityLevel :  Suspect

FileName :          xpadvancedkeylogger.exe
FileMD5Checksum : 5c71b54417b455cbccf04016067ce27b
FileSecurityLevel :  Unknown

==========================================

Summary Done

显示全部楼层 · 发表于 2008-11-26 20:31:04

病毒库始终是最新的
毒霸的cls不能检出riskware spyware adware grayware罢了~

显示全部楼层 · 发表于 2008-11-26 20:51:16

25197487    Anti_Virus.exe    1.66 MB    CLEAN
25151371    FlashMute_2.exe    233.06 KB    CLEAN
25197490    IncrediUninstaller.exe    313.04 KB    CLEAN
25197491    KDM-Setup.exe    226.81 KB    CLEAN
25197704    mp3tagv242setup.exe    1.65 MB    UNDER ANALYSIS
5708196    1_4_all_Account_l...18.exe    223 KB    KNOWN CLEAN
25197489    keysetup.exe    3.77 MB    CLEAN
3816548    xpadvancedkeylogger.exe    1.57 MB    CLEAN
25197932    dap86-bros.exe    6.91 MB    UNDER ANALYSIS

[ 本帖最后由 Kitman 于 2008-11-26 21:01 编辑 ]

[已鉴定] PCSL 可疑恶意网站每日分析 20081126(brother soft上面好多XXXX)

评分

回复 6楼 hzqedison 的帖子