趋近于全过

显示全部楼层 · 发表于 2009-3-3 23:36:55

a-squared	4.0.0.32	20090303200327	2009-03-03	-	2.659
AntiVir	7.9.0.98	7.1.2.111	2009-03-03	HEUR/Crypted	1.903
Authentium	5.1.1	200903022156	2009-03-02	-	1.411
AVAST!	3.0.1	090302-0	2009-03-02	-	0.011
AVG	7.5.52.442	270.11.6/1981	2009-03-03	-	1.990
BitDefender	7.81008.2704084	7.23948	2009-03-03	-	2.532
CA (VET)	9.0.0.143	31.6.6381	2009-03-03	-	6.945
ClamAV	0.94.2	9065	2009-03-03	-	0.029
Comodo	3.8	986	2009-03-03	-	0.895
CP Secure	1.1.0.715	2009.03.03	2009-03-03	-	7.296
Dr.Web	4.44.0.9170	2009.03.03	2009-03-03	-	4.127
F-Prot	4.4.4.56	20090302	2009-03-02	-	1.346
F-Secure	5.51.6100	2009.03.03.04	2009-03-03	-	4.788
GData	19.3607/19.244	20090303	2009-03-03	Win32:Dialer-gen [Trj] [Engine:B]	4.155
Ikarus	T3.1.01.45	2009.03.03.72377	2009-03-03	-	4.357
Microsoft	1.4306	2009.03.03	2009-03-03	-	4.725
mks_vir	2.01	2009.03.03	2009-03-03	-	2.749
Norman	6.00.06	6.00.00	2009-03-02	-	8.009
nProtect	20090303.02	3205724	2009-03-03	-	3.906
Quick Heal	10.00	2009.03.03	2009-03-03	Trojan.Agent.bqlj	0.923
Sophos	2.84.1	4.39	2009-03-03	-	1.999
Sunbelt	5018	5018	2009-03-02	-	0.688
The Hacker	6.3.2.7	v00270	2009-03-02	-	1.430
VBA32	3.12.10.1	20090302.1609	2009-03-02	-	2.042
ViRobot	20090302	2009.03.02	2009-03-02	-	0.414
VirusBuster	4.5.11.10	10.101.31/963898	2009-03-02	-	1.267
卡巴斯基	5.5.10	2009.03.03	2009-03-03	-	0.044
安博士V3	2009.03.04.00	2009.03.04	2009-03-04	-	1.385
安天	2.0.18	20090303.2207153	2009-03-03	-	0.119
江民杀毒	11.0.706	2009.03.03	2009-03-03	Trojan/Agent.cayk	1.644
熊猫卫士	9.05.01	2009.03.02	2009-03-02	-	3.273
瑞星	20.0	21.19.11.00	2009-03-03	-	0.886
赛门铁克	1.3.0.24	20090302.002	2009-03-02	-	0.096
趋势科技	8.700-1004	5.878.05	2009-03-03	-	0.034
迈克菲	5.3.00	5541	2009-03-02	-	2.918
金山毒霸	2009.2.5.15	2009.3.3.20	2009-03-03	-	0.630
飞塔	2.81-3.117	10.107	2009-03-03	-	0.239

Hello,

2r.exe - Trojan.Win32.Agent.bteq

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

显示全部楼层 · 发表于 2009-3-3 23:38:14

nod也过

显示全部楼层 · 发表于 2009-3-3 23:41:25

to VB\MS

楼下也不用这种反应吧……

[ 本帖最后由 ledled 于 2009-3-3 23:47 编辑 ]

显示全部楼层 · 发表于 2009-3-3 23:43:38

To McAfee

显示全部楼层 · 发表于 2009-3-3 23:49:33

File ID Filename Size (Byte) Result
25278008 2r.exe 168.5 KB UNDER ANALYSIS

显示全部楼层 · 发表于 2009-3-3 23:57:49

2009-03-03 23:57:04 修改文件操作:阻止并结束进程
进程路径:E:\virus\2r.exe
文件路径:C:\WINDOWS\system32
触发规则:所有程序规则->03-禁止创建文件的目录（黑名单）->%windir%\*

显示全部楼层 · 发表于 2009-3-4 00:06:07

程序：
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\2R.EXE
木马程序生成以下文件：
1) C:\WINDOWS\SYSTEM32\NT6TO4.DLL
是否删除木马程序及其衍生物?

显示全部楼层 · 发表于 2009-3-4 00:22:12

eset下次升级增加特征码

显示全部楼层 · 发表于 2009-3-4 00:27:50

Warning
--------------------------------------------------------------------------------

In order not to compromise your security, this page will not be accessed

A virus or unwanted program has been detected
in the HTTP data on the requested page.
--------------------------------------------------------------------------------

Requested URL: http://bbs.kafan.cn/attachment.p ... 3b&t=1236097647
Information Contains HEUR/Crypted suspicious code

--------------------------------------------------------------------------------

显示全部楼层 · 发表于 2009-3-4 01:32:52

总算看见一个别人家没入库，江民先入库的东西了。话说这少数样本的入库时间有时候的确不能说明啥问题，信度太低。不过卡饭上还是有人喜欢拿一两个样本说事。

[病毒样本] 趋近于全过

本帖子中包含更多资源