RootKit×1 过了好多 但瑞星居然报了

gomu887

瑞星居然报了

我宁愿它是误报



文件 Beep.SYS 接收于 2009.01.02 04:52:12 (CET)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.73	2008.12.31	-
AhnLab-V3	2008.12.31.0	2009.01.02	-
AntiVir	7.9.0.45	2009.01.01	-
Authentium	5.1.0.4	2009.01.01	-
Avast	4.8.1281.0	2009.01.01	-
AVG	8.0.0.199	2008.12.31	-
BitDefender	7.2	2009.01.02	-
CAT-QuickHeal	10.00	2009.01.02	-
ClamAV	0.94.1	2009.01.02	-
Comodo	851	2008.12.31	-
DrWeb	4.44.0.09170	2009.01.02	-
eTrust-Vet	31.6.6287	2009.01.01	-
Ewido	4.0	2008.12.31	-
F-Prot	4.4.4.56	2008.12.30	-
F-Secure	8.0.14470.0	2009.01.02	-
Fortinet	3.117.0.0	2009.01.02	suspicious
GData	19	2008.12.31	-
Ikarus	T3.1.1.45.0	2009.01.02	-
K7AntiVirus	7.10.572	2008.12.31	-
Kaspersky	7.0.0.125	2009.01.02	-
McAfee	5481	2009.01.02	-
McAfee+Artemis	5479	2008.12.30	-
Microsoft	1.4205	2009.01.01	TrojanDownloader:Win32/Perkesh.gen!A
NOD32	3725	2008.12.31	probably a variant of Win32/TrojanDownloader.Agent.OMQ
Norman	5.80.02	2009.01.01	-
Panda	9.0.0.4	2009.01.01	-
PCTools	4.4.2.0	2008.12.31	-
Prevx1	V2	2009.01.02	-
Rising	21.10.22.00	2008.12.31	RootKit.Win32.Undef.bgl
SecureWeb-Gateway	6.7.6	2008.12.31	-
Sophos	4.37.0	2009.01.02	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.31	-
TheHacker	6.3.1.4.204	2009.01.02	-
TrendMicro	8.700.0.1004	2008.12.31	-
VBA32	3.12.8.10	2009.01.01	-
ViRobot	2008.12.30.1540	2008.12.31	-
VirusBuster	4.5.11.0	2009.01.01	-
附加信息
File size: 12288 bytes
MD5...: 839178ee6c4038c22ad30a7a133cef8e
SHA1..: 1d6ef3b66734b1ca90c29efd25bb38007d31e382
SHA256: 384b45805d93f3e01b659dffe027f3fbfbe33fb3177116dd7c511bcb5f189c69
SHA512: 192d49126e52ded7eeed6cb24679b2b1cbb12e097026d78ebdff09d4e8d95507<BR>9c3b066fa93a963355814332a4115f628a6de59e499d6d85c43dcfb533216a49<BR>
ssdeep: 96:WCbqMJoVcnqepoNEQuOqTP9elDQhuHqa4JBuAzHLRVyMaE1Q1Ms7UO12s3HiJ<BR>YlS:EyomnKw9eVUT8uWOOL3cmeA3MkKH<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x15005<BR>timedatestamp.....: 0x4958ebac (Mon Dec 29 15:24:28 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c92 0x1e00 6.06 34eb5259d0c1d95175500cd9c67e74f0<BR>.rdata 0x3000 0x34d 0x400 3.32 9d74299d846ac100e5c2516ba4709101<BR>.data 0x4000 0x274 0x200 0.14 5e50a0906bf8a8f8184a59d10913e9bd<BR>INIT 0x5000 0x478 0x600 4.43 9766d7006e7038947649427314912fa4<BR>.reloc 0x6000 0x1ee 0x200 5.38 a77ed0dd676ebd47741e040060b7a4c3<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: IoFreeMdl, MmUnlockPages, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, _stricmp, strrchr, ExFreePoolWithTag, ExAllocatePoolWithTag, ZwQuerySystemInformation, ObfDereferenceObject, IoDriverObjectType, MmGetSystemRoutineAddress, ZwOpenProcess, ZwClose, ZwTerminateJobObject, ZwAssignProcessToJobObject, ZwCreateJobObject, IoCreateFile, KeSetEvent, ZwQueryInformationFile, KeWaitForSingleObject, KeGetCurrentThread, MmProbeAndLockPages, IoAllocateMdl, IoAllocateIrp, KeInitializeEvent, IofCompleteRequest, ObReferenceObjectByHandle, IoFileObjectType, _allmul, KeServiceDescriptorTable, ZwOpenFile, RtlAppendUnicodeToString, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, ZwReadFile, IoFreeIrp<BR>> HAL.dll: KeStallExecutionProcessor<BR><BR>( 0 exports ) <BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=839178ee6c4038c22ad30a7a133cef8e' target='_blank'>http://research.sunbelt-software ... ad30a7a133cef8e&;lt;/a>

[ 本帖最后由 gomu887 于 2009-1-2 11:58 编辑 ]

hackersean

瑞星发狂了。

dreams521

TO KL

hackersean

nod32不愧是靠启发式杀毒的。

Palkia

金山 0

gomu887

Thank you for your email to Avira's virus lab.
Tracking number: INC00242415.




We received the following archive files:


File ID  Filename Size (Byte) Result
25222210  Beep123.rar 5.32 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename Size (Byte) Result
25222211  Beep.SYS  12 KB  MALWARE


Please find a detailed report concerning each individual sample below:

Filename Result  Beep.SYS  MALWARE

The file 'Beep.SYS' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dldr.Perkesh.12288A. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.01.01.59.

法外制裁者

费尔报

小邪邪

咖啡8.5i+扩展库灭之

saga3721

把这玩意儿存电脑里有什么后果吗？

hao8219

Access to the data has been denied!

Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:        http://bbs.kafan.cn/attachment.p ... 92&t=1230886693
Information:        Is the TR/Dldr.Perkesh.12288A Trojan
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.45, VDF 7.1.1.61