Merry Christmas & a happy new year (5个)

显示全部楼层 · 发表于 2008-12-25 17:31:34

63ffb43a08bda1f7e9639f2af508ecb3  Kieueirnr.exe2
245b8d57998abad0bf0ef2423bfe7ff3  winword.exe3
ce98f7f62f5e2d389bfc9149910e0f76  Kieueirnr.dll3
d65b2b375e6ddc281a980ebe419d4784  Kaspersky.exe3
57fc2f823ebff171fcf0f90b87bfae2c  哥们好~1.EXE2

25/12/2008 17:30:12 已偵測: Trojan.Win32.Agent.agwy C:\Documents and Settings\kato9096\桌面\11141\哥们好~1.EXE2/PE_Patch.UPX/UPX

不报的已上报卡巴

Hello,

Kaspersky.exe_ - Trojan-Downloader.Win32.Agent.axnu,
Kieueirnr.dll3 - Trojan-Spy.Win32.FlyStudio.ani,
Kieueirnr.exe_ - Trojan-Spy.Win32.FlyStudio.anj,
winword.exe_ - Backdoor.Win32.Hupigon.fhgk

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

[ 本帖最后由 sam.to 于 2008-12-25 18:16 编辑 ]

显示全部楼层 · 发表于 2008-12-25 17:40:29

Start of the scan: 2008年12月25日  17:36
Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\桌面\文件'
C:\Documents and Settings\***\桌面\文件\Kaspersky.exe3
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    A backup was created as '49c65495.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\Kieueirnr.exe2
   [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as '49b8549d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\winword.exe3
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE]    A backup was created as '49c1549e.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\哥们好~1.EXE2
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    A backup was created as 'a2d0a321.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
-----------------------------------------------------------------------------------------------------
红伞S版（库V7.01.01.35）杀4个。

显示全部楼层 · 发表于 2008-12-25 17:42:26

File ID Filename Size (Byte) Result
25218677 Kieueirnr.dll3 2.99 MB UNDER ANALYSIS
---------------------------------------------------------------------------------
红伞上报1个。（隐藏文件）

显示全部楼层 · 发表于 2008-12-25 17:43:03

郁闷，F-Secure一个也未能检测到。

显示全部楼层 · 发表于 2008-12-25 17:54:11

相信
哥们好~1.EXE2
是最新被卡巴查出來的

显示全部楼层 · 发表于 2008-12-25 18:16:40

Hello,

Kaspersky.exe_ - Trojan-Downloader.Win32.Agent.axnu,
Kieueirnr.dll3 - Trojan-Spy.Win32.FlyStudio.ani,
Kieueirnr.exe_ - Trojan-Spy.Win32.FlyStudio.anj,
winword.exe_ - Backdoor.Win32.Hupigon.fhgk

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

显示全部楼层 · 发表于 2008-12-25 20:33:15

C:\Documents and Settings\Administrator\桌面\11141.rar > RAR > ???~1.EXE2 - 可能是 Win32/Genetik 特洛伊木马的变种

显示全部楼层 · 发表于 2008-12-25 20:36:14

看来卡巴和ESET都报了同一个

显示全部楼层 · 发表于 2008-12-25 20:39:19

to lab

显示全部楼层 · 发表于 2008-12-25 20:39:38

McAfee  报了2个。。

kaspersky.exe3    new malware.ix
kieueirnr.dll3       no
kieueirnr.exe2    no
winword.exe3    new malware.ix
哥们好~1.EXE2    no

[病毒样本] Merry Christmas & a happy new year (5个)

本帖子中包含更多资源

回复 4楼 kris 的帖子

回复 5楼 sam.to 的帖子

Norman Virus Control 5.99

浏览过的版块