这个是毒吗? (virsan扫描扫得我很迷茫)

显示全部楼层 · 发表于 2009-2-15 14:28:33

一个叫SpiritBuilder软件里面的两个东西...

File information

File Name :	Uninstall.exe
File Size :	483369 byte
File Type :	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :	13d3de27005cb085911b0955b7991248
SHA1 :	b8660e3268ebdc0c4adb6e558d8d0d49c25c98cd

Scanner results

Scanner results :	43% Scanner(16/37) found malware!
Time :	2009/02/15 14:18:38 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
a-squared	4.0.0.29	20090214000148	2009-02-14	Trojan-Spy.Win32.Banker.gxl!IK	7.712
AhnLab V3	2009.02.15.00	2009.02.15	2009-02-15	Win-Trojan/PcClient.516643	1.299
AntiVir	7.9.0.79	7.1.2.25	2009-02-13	SPR/DoubiousHandle.BC	1.782
Antiy	2.0.18	20090215.2186042	2009-02-15	-	0.119
Authentium	5.1.1	200902141427	2009-02-14	W32/Backdoor.BDZE (Exact)	1.080
AVAST!	3.0.1	090213-0	2009-02-13	Win32:Trojan-gen {Other}	0.020
AVG	7.5.52.442	270.10.23/1953	2009-02-14	PSW.Agent.BDM	2.078
BitDefender	7.81008.2665048	7.23678	2009-02-15	Backdoor.Pcclient.LR	2.585
CA (VET)	9.0.0.143	31.6.6358	2009-02-14	-	6.173
ClamAV	0.94.2	8992	2009-02-14	-	0.410
Comodo	3.0	977	2009-02-14	-	1.124
CP Secure	1.1.0.715	2009.02.15	2009-02-15	BackDoor.W32.Bifrose.acl	6.891
Dr.Web	4.44.0.9170	2009.02.15	2009-02-15	-	4.432
F-Prot	4.4.4.56	20090214	2009-02-14	W32/Backdoor.BDZE (exact)	1.075
F-Secure	5.51.6100	2009.02.13.04	2009-02-13	-	0.201
Fortinet	2.81-3.117	10.41	2009-02-14	Backdoor!tr	0.144
GData	19.3108/19.224	20090215	2009-02-15	Win32:Trojan-gen {Other} [Engine:B]	9.180
Ikarus	T3.1.01.45	2009.02.15.72302	2009-02-15	Trojan-Spy.Win32.Banker.gxl	3.732
JiangMin	11.0.706	2009.02.15	2009-02-15	-	1.565
Kaspersky	5.5.10	2009.02.15	2009-02-15	-	0.581
KingSoft	2008.9.8.18	2009.2.14.21	2009-02-14	-	0.898
McAfee	5.3.00	5526	2009-02-14	-	3.385
Microsoft	1.4306	2009.02.15	2009-02-15	-	5.196
mks_vir	2.01	2009.02.14	2009-02-14	-	2.703
Norman	6.00.02	6.00.00	2009-02-13	W32/Agent.AMQF	8.010
nProtect	20090215.01	3150113	2009-02-15	Trojan/W32.Genlot.3102764	4.649
Panda	9.05.01	2009.02.14	2009-02-14	-	3.060
Quick Heal	10.00	2009.02.13	2009-02-13	-	0.988
Rising	20.0	21.16.60.00	2009-02-15	-	1.208
Sophos	2.83.3	4.38	2009-02-15	-	2.845
Sunbelt	4809	4809	2009-02-11	-	3.021
Symantec	1.3.0.24	20090214.003	2009-02-14	-	0.194
The Hacker	6.3.1.85	v00257	2009-02-14	-	0.611
Trend Micro	8.700-1004	5.844.09	2009-02-14	-	0.139
VBA32	3.12.8.12	20090213.2053	2009-02-13	AdWare.Win32.Boran.m	1.974
ViRobot	20090213	2009.02.13	2009-02-13	-	0.414
VirusBuster	4.5.11.10	10.101.13/904116	2009-02-15	Backdoor.Agent.DUKB	1.114

File information

File Name :	Update.exe
File Size :	15872 byte
File Type :	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :	433ecef6a2da2ae8583e013c6a178c79
SHA1 :	53c28a791d485fb1e16945215eadd0bd50047f1d

Scanner results

Scanner results :	51% Scanner(19/37) found malware!
Time :	2009/02/15 14:23:42 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
a-squared	4.0.0.29	20090214000148	2009-02-14	Trojan-PWS.Win32.QQShou.CI!IK	2.436
AhnLab V3	2009.02.15.00	2009.02.15	2009-02-15	-	1.264
AntiVir	7.9.0.79	7.1.2.25	2009-02-13	TR/Crypt.ULPM.Gen	1.788
Antiy	2.0.18	20090215.2186042	2009-02-15	-	0.120
Authentium	5.1.1	200902141427	2009-02-14	W32/Heuristic-210!Eldorado (Heuristic)	1.093
AVAST!	3.0.1	090213-0	2009-02-13	Win32:Trojan-gen {Other}	0.003
AVG	7.5.52.442	270.10.23/1953	2009-02-14	Downloader.Generic6.AAF	1.902
BitDefender	7.81008.2665048	7.23678	2009-02-15	Trojan.Downloader.Agentsmall.A	2.475
CA (VET)	9.0.0.143	31.6.6358	2009-02-14	-	5.070
ClamAV	0.94.2	8992	2009-02-14	-	0.022
Comodo	3.0	977	2009-02-14	-	0.930
CP Secure	1.1.0.715	2009.02.15	2009-02-15	-	6.946
Dr.Web	4.44.0.9170	2009.02.15	2009-02-15	-	4.039
F-Prot	4.4.4.56	20090214	2009-02-14	Possible W32/Heuristic-210!Eldorado (not disinfectable)	1.077
F-Secure	5.51.6100	2009.02.13.04	2009-02-13	-	0.147
Fortinet	2.81-3.117	10.41	2009-02-14	Dloader.A!tr	0.143
GData	19.3108/19.224	20090215	2009-02-15	Win32:Trojan-gen {Other} [Engine:B]	3.343
Ikarus	T3.1.01.45	2009.02.15.72302	2009-02-15	Trojan-PWS.Win32.QQShou.CI	3.676
JiangMin	11.0.706	2009.02.15	2009-02-15	-	1.748
Kaspersky	5.5.10	2009.02.15	2009-02-15	-	0.137
KingSoft	2008.9.8.18	2009.2.14.21	2009-02-14	-	0.620
McAfee	5.3.00	5526	2009-02-14	Downloader.gen.a	3.213
Microsoft	1.4306	2009.02.15	2009-02-15	TrojanDownloader:Win32/Agentsmall.A	4.378
mks_vir	2.01	2009.02.14	2009-02-14	-	2.688
Norman	6.00.02	6.00.00	2009-02-13	W32/DLoader.ATVY	8.009
nProtect	20090215.01	3150113	2009-02-15	Trojan.Downloader.Agentsmall.A	3.752
Panda	9.05.01	2009.02.14	2009-02-14	-	1.624
Quick Heal	10.00	2009.02.13	2009-02-13	Suspicious - DNAScan	1.448
Rising	20.0	21.16.60.00	2009-02-15	Trojan.PSW.QQSpy.d	0.905
Sophos	2.83.3	4.38	2009-02-15	Mal/Generic-A	2.551
Sunbelt	4809	4809	2009-02-11	Trojan.Crypt.ULPM.Gen	0.515
Symantec	1.3.0.24	20090214.003	2009-02-14	Downloader	0.051
The Hacker	6.3.1.85	v00257	2009-02-14	-	0.577
Trend Micro	8.700-1004	5.844.09	2009-02-14	-	0.052
VBA32	3.12.8.12	20090213.2053	2009-02-13	-	1.643
ViRobot	20090213	2009.02.13	2009-02-13	-	0.397
VirusBuster	4.5.11.10	10.101.13/904116	2009-02-15	-	1.162

显示全部楼层 · 发表于 2009-2-15 14:44:19

名称: Backdoor.Agent.DUKB
类型: Trojan

描述:

文件:
c:\users\administrator\desktop\uninstall.exe

显示全部楼层 · 发表于 2009-2-15 15:02:49

Uninstall.exe to McAfee

显示全部楼层 · 发表于 2009-2-15 15:06:11

这么多报了估计89不离10

显示全部楼层 · 发表于 2009-2-15 15:19:53

to kaba kill,waiting for reply。。。

显示全部楼层 · 发表于 2009-2-16 00:14:24

谢谢LS几位
拿不准是因为卡巴没报；伞，BD却都检了

重新看了下那表，惊奇的发现RIS居然检到了一个..orz

显示全部楼层 · 发表于 2009-2-16 00:18:48

趨勢沒有偵測到

已經上報趨勢了

显示全部楼层 · 发表于 2009-2-16 04:18:05

Uninstall.exe,
Update.exe

No malicious code were found in these files.

显示全部楼层 · 发表于 2009-2-16 05:55:53

不对，不对！我对楼上几位的看法有异议，我一眼看到的就是AVAST!报的名称里面有“{Other}”这个东西出现。这个东西我印象非常深刻，凡是小A有这个出现的报的不是黄毒就是破解的，再不是就是含有不良政治成分的东西，我觉得对这个应该听其言观其行，观察他有什么行为才能作出判断是否病毒。

显示全部楼层 · 发表于 2009-2-16 09:14:14

这么多的都报了，毒的可能性很大

[病毒样本] 这个是毒吗? (virsan扫描扫得我很迷茫)

本帖子中包含更多资源

回复 1楼皮卡风暴的帖子

浏览过的版块

[病毒样本] 这个是毒吗? (virsan扫描扫得我很迷茫)

本帖子中包含更多资源

回复 1楼 皮卡风暴 的帖子

浏览过的版块

回复 1楼皮卡风暴的帖子