QQ校友开心农场外挂

小难民

刚刚别人传给我的，大家看看

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.101	2009.04.28	Backdoor.Win32.HacDef.073.B!IK
AhnLab-V3	5.0.0.2	2009.04.27	-
AntiVir	7.9.0.156	2009.04.27	HEUR/Crypted
Antiy-AVL	2.0.3.1	2009.04.27	-
Authentium	5.1.2.4	2009.04.27	W32/Heuristic-210!Eldorado
Avast	4.8.1335.0	2009.04.27	-
AVG	8.5.0.287	2009.04.27	-
BitDefender	7.2	2009.04.28	-
CAT-QuickHeal	10.00	2009.04.27	-
ClamAV	0.94.1	2009.04.27	-
Comodo	1138	2009.04.27	-
DrWeb	4.44.0.09170	2009.04.28	-
eSafe	7.0.17.0	2009.04.27	Win32.SusComPack.c
eTrust-Vet	31.6.6478	2009.04.27	-
F-Prot	4.4.4.56	2009.04.27	W32/Heuristic-210!Eldorado
F-Secure	8.0.14470.0	2009.04.28	-
Fortinet	3.117.0.0	2009.04.28	PossibleThreat
GData	19	2009.04.28	-
Ikarus	T3.1.1.49.0	2009.04.28	Backdoor.Win32.HacDef.073.B
K7AntiVirus	7.10.717	2009.04.27	-
Kaspersky	7.0.0.125	2009.04.28	-
McAfee	5598	2009.04.27	-
McAfee+Artemis	5598	2009.04.27	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.04.28	Heuristic.Crypted
Microsoft	1.4602	2009.04.27	-
NOD32	4038	2009.04.27	-
Norman	6.00.06	2009.04.27	-
nProtect	2009.1.8.0	2009.04.28	-
Panda	10.0.0.14	2009.04.27	-
PCTools	4.4.2.0	2009.04.27	Packed/ExeSt
Prevx1	3.0	2009.04.28	-
Rising	21.27.10.00	2009.04.28	-
Sophos	4.41.0	2009.04.28	Mal/PWS-Fam
Sunbelt	3.2.1858.2	2009.04.24	-
Symantec	1.4.4.12	2009.04.28	-
TheHacker	6.3.4.1.315	2009.04.27	-
TrendMicro	8.700.0.1004	2009.04.27	-
VBA32	3.12.10.3	2009.04.27	-
ViRobot	2009.4.27.1710	2009.04.27	-
VirusBuster	4.6.5.0	2009.04.27	Packed/ExeStealth

wsmurderer

没反应，貌似误报

pk狂人001

Starting the file scan:

Begin scan in 'C:\Users\kuangren\Desktop\QQ伴侣.rar'
C:\Users\kuangren\Desktop\QQ伴侣.rar
  [0] Archive type: RAR
    --> QQﾰ￩ￂￂ.exe
      [1] Archive type: RSRC
      [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE]      The file was moved to '992a9d3c.qua'!


End of the scan: 2009年4月28日  14:06
Used time: 00:00 Minute(s)

The scan has been done completely.

      0 Scanned directories
      2 Files were scanned
      0 Viruses and/or unwanted programs were found
      1 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes

小伞报了。。。

kingsheet

卡巴不报

lingbo110120

2009-4-28 17:32:23    创建文件    允许
进程: c:\documents and settings\administrator\桌面\qq伴侣.exe
目标: C:\WINDOWS\system32\VSListview.ocx
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.ocx
2009-4-28 17:32:25    创建文件    允许
进程: c:\documents and settings\administrator\桌面\qq伴侣.exe
目标: C:\WINDOWS\system32\MSWINSCK.OCX
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.ocx




[ 本帖最后由 lingbo110120 于 2009-4-28 17:34 编辑 ]

Palkia

不是病毒

328397663

Dear Guangdongsz,

Thank you for your submission.
The detection for this threat will be included in our next signature update.

Regards,

Tomasz Smolarek
Virus Researcher
ESET spol. s r.o.

难道eset的工程师分析错了?

BING126

经分析一下   没发现异常行为。。

HKLHF

外挂就算了吧，又不是盗号的，放掉算了！

lingbo110120

ESET会有失误...上次我上报了一个 其实是误报 可是竟然入库了..
然后再发一封 误报的样本 我昏死