TWO（报的不少）

schumi小粉

文件信息

文件名称 :	2.rar
文件大小 :	39889 byte
文件类型 :	RAR archive data, v1d, os
MD5 :	fb913b5124cf132c1556fbf4bf62e9ce
SHA1 :	45f7ed3ae71b296e7ebb6aa8a0331fc274d30e85

扫描结果

扫描结果 :	29%的杀软(11/38)报告发现病毒
时间 :	2009/01/07 15:18:43 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.0.0.29	20090106203145	2009-01-06	Exploit.JS.Axdow!IK	6.285
AntiVir	7.9.0.45	7.1.1.74	2009-01-06	HEUR/Malware	1.725
Authentium	5.1.1	200901061836	2009-01-06	W32/Malware.C.dam!Eldorado (Possible)	1.071
AVAST!	3.0.1	090106-1	2009-01-06	-	0.006
AVG	7.5.52.442	270.10.3/1879	2009-01-06	-	2.428
BitDefender	7.81008.2412473	7.23018	2009-01-07	-	2.215
CA (VET)	9.0.0.143	31.6.6294	2009-01-06	-	13.696
ClamAV	0.94.2	8840	2009-01-07	-	0.016
Comodo	3.0	884	2009-01-06	-	1.375
CP Secure	1.1.0.715	2009.01.07	2009-01-07	-	6.363
Dr.Web	4.44.0.9170	2009.01.07	2009-01-07	-	4.028
ewido	4.0.0.2	2008.12.31	2008-12-31	-	5.545
F-Prot	4.4.4.56	20090106	2009-01-06	W32/Malware.C.dam!Eldorado (generic, not disinfectable)	1.161
F-Secure	5.51.6100	2009.01.07.03	2009-01-07	-	0.143
GData	19.2305/19.175	20090107	2009-01-07	-	9.020
Ikarus	T3.1.01.45	2009.01.06.72109	2009-01-06	Exploit.JS.Axdow	3.576
Microsoft	1.4205	2009.01.06	2009-01-06	Exploit:JS/Axdow.C	7.633
mks_vir	2.01	2009.01.06	2009-01-06	-	2.743
Norman	5.93.01	5.93.00	2009-01-05	W32/Packed_Upack.H	6.305
nProtect	20090106.01	2842139	2009-01-06	Script-JS/W32.Agent.EC	3.751
Quick Heal	10.00	2009.01.06	2009-01-06	-	0.878
Sophos	2.82.1	4.37	2009-01-07	Mal/EncPk-BW	2.113
Sunbelt	4755	4755	2008-12-22	-	4.795
The Hacker	6.3.1.2	v00210	2009-01-06	W32/Behav-Heuristic-060	0.480
VBA32	3.12.8.10	20090106.1018	2009-01-06	-	1.540
ViRobot	20090106	2009.01.06	2009-01-06	-	0.492
VirusBuster	4.5.11.10	10.100.17/761739	2009-01-06	-	1.013
卡巴斯基	5.5.10	2009.01.07	2009-01-07	-	0.085
安博士V3	2009.01.07.02	2009.01.07	2009-01-07	-	1.172
安天	2.0.18	20090105.1950502	2009-01-05	-	0.016
江民杀毒	11.0.706	2009.01.07	2009-01-07	-	3.486
熊猫卫士	9.05.01	2009.01.06	2009-01-06	-	3.016
瑞星	20.0	21.11.20.00	2009-01-07	-	0.832
赛门铁克	1.3.0.24	20090106.004	2009-01-06	-	0.249
趋势科技	8.700-1004	5.752.01	2009-01-06	-	0.033
迈克菲	5.3.00	5487	2009-01-06	New Malware.n	2.875
金山毒霸	2008.9.8.18	2009.1.7.14	2009-01-07	-	0.608
飞塔	2.81-3.117	9.898	2009-01-06	-	0.613

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

The EQs

只将那个脚本发给了超人
Dear Don Johnson,

Thank you for your submission.
The detection for this threat will be included in our next signature update.

Regards,

Senior Virus Researcher
ESET spol. s r.o.

qianwenxiang

这个脚本在哪儿发现的?

关于:某站解密的日志(全体输出-  9):

Level 1>http://某某站点.com/flash.htm
Level 1>http://某某站点.com/as.htm
Level 1>http://某某站点.com/14.htm
Level 1>http://某某站点.com/lz.htm
Level 1>http://某某站点.com/sina.htm
Level 1>http://某某站点.com/office.htm
Level 1>http://某某站点.com/nctaudiofile.htm
Level 1>http://某某站点.com/re10.htm
Level 1>http://某某站点.com/re11.htm

日志由 Redoce1.6第28次修正版于 2009-1-7 19:03:28 生成。

darreol

McAfee Found New Malware.n

Sebastian

Starting the file scan:

Begin scan in 'D:\2'
D:\2\opr00AZK
    [DETECTION] Contains HEUR/Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      A backup was created as '4a246719.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
D:\2\opr00AYN
    [DETECTION] Contains recognition pattern of the JS/Dldr.IFrame.EX Java script virus
    [NOTE]      A backup was created as '4ba26192.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年3月7日  20:20
Used time: 00:06 Minute(s)

The scan has been done completely.

      1 Scanning directories
      2 Files were scanned
      1 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      2 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      2 Notes

尤金卡巴斯基

To KL

Palkia

to rs

kingmuro

浪人哭泣

NOD32 4.0发现一个

ledled

Name: Packed/Upack
Type: Sequence

Description:


Files:
c:\users\administrator\desktop\2\opr00azk