今天看各位的投票装了一个mcafee8.0i,更新到最新病毒库,样本区下了两个,两个都没杀,nod32反倒都杀了,所谓最强的盾原来也不过如此,我看连pe的antivir都没的比,难道mcafee只能依靠所谓的规则来增强自己能力?锁定system32这个文件夹来达到防毒的目的大概是我看到的最愚蠢的举动,还有什么不让在××文件夹写入dll文件,在我看来,mcafee虽然升级方便,但是着能力实在是。。。
连国产的都比不过,真不知道每年mcafee的vb100%的成绩是怎么出来的,就用起来明显和卡巴斯基有很大差距,正在开始考虑是不是用antivir pe了,实在受不了mcafee这种“愚蠢”的防守,各位mcafee的fans用你们的转头来砸我吧。。。 
我可怜的电脑
那我至少保证,明天我有空就在样本区测试10个病毒,我们来看看mcafee到底对病毒怎么样,我现在对antivir很满意,如果不是key不能用,我也不会用mcafee来了,同时,我会用virustotal一起来看看,和mcafee处于同一水平的nod32对新的样本的反映是怎么样的,10个样本可足够多了吧,我可以保证antivir至少能杀7个以上,kaspersky应该也差不多,看看mcafee怎么样,就现在的情况来看,mcafee应该只能在5个一下的,对于规则,我认为永远只能做辅助来用,照你们的说法,我找一个软件随便把我的system32这个文件夹锁上了不都比mcafee强多了?让你们见识一下mcafee和真正拥有启发引擎的例如antivir或者dr.web之间的差距,规则是永远不可能战胜病毒库的,不然所有杀毒软件都改行做文件保护好了
现在看法有一点改变了,在样本区测试了另外三个,mcafee还都杀了,感觉开始的时候mcafee的监控没有在干活,我用eicar test file测试了一下之后好像监控和引擎才开始干活,具体测试明天进行,现在好像对mcafee的看法有所改变
不过我还是那个想法,规则是永远不可能战胜病毒库的,不然我们都用别的软件锁system32或者自己在网上找文件名添加进锁定软件让他不能安装好了,明天开始具体测试mcafee
居然有人说让我多用几个杀软再来发,我可以这么和各位说,只要你们听说的大牌的杀软我都用过,免费的或者你们不常用的不能汉化的全英文的杀软我也都用过,mcafee我还会继续使用一段时间,我到底要看看在使用1个月之后mcafee,到底怎么样,还有,规则的问题我说了,任何一个锁软都比mcafee做的强的多,虽然system32文件夹没法改,但是好像我不止要锁system32一个文件夹,难道病毒也会傻的只会进system32文件夹吗?
不然我装卡巴斯基再装一个锁软不是比mcafee强多了?你们所说的mcafee的强大的规则也不过是能锁定一个文件夹禁止他们创建使用之类的一类规则而已,随便一个锁软配合一个杀毒软件都能做到
各位总是说什么杀毒软件都有杀不了的病毒,我也没指望mcafee能全杀,我只是在和各位探讨,你们所谓的mcafee强大的监控和“防御”能力到底强大在哪里,来我看来mcafee不过是一个稍微加了一点文件防护功能的普通杀毒软件而已,规则什么的简直就是可笑,我干脆把我的c盘都锁上得了,按照你们的说法,难道我锁system32文件还要每次在安装新的程序的时候都给再次开开?万一我装的软件正好又病毒,mcafee没查出来,而我在安装的时候又打开的mcafee的system32文件夹防护,请问各位这种时候会出现什么情况??而另外一个人万一用了kaspersky,查出来了病毒,那么他一定就没事情,在我看来,真正想做盾牌杀软,你就要做成ssm那样,安装 一个东西就问你一次,不过这对使用者的要求就高了
并不是鼓励大家用kaspersky,这个文章是完全的技术探讨,我希望哪个高手出来,告诉我,mcafee的防护到底好在哪里,kav6的监控绝对不比mcafee差,而在基本相同的能力面前,为什么还有这么多人在使用mcafee,除了升级方便以外,就是实在不明白了
每个人的回帖我都会认真阅读的,p.s:mcafee是不是有什么特殊的防护,为什么在相同的病毒库的情况下,我的mcafee没有找到,而我用virustotal的时候mcafee就会报a new malware??
是不是要怎么特殊设置一下??
希望有人告诉我,这对我今天下午的测试有很重要的意义,启发模式是一个杀毒软件的技术,我们并不能否定启发,虽然他的误报可能高点。。
测试情况:windows xp sp2简体中文番茄v4版本
mcafee8.0i 加4400引擎 加4785最新病毒库 加patch11
没有加任何规则和附加病毒库
完全原汁原味的mcafee8.0i企业版
抽取部分可疑程式档案的16日和15日的病毒测试
1.[砖头]发现一个
dddd.rar
虽然virustotal的mcafee是报的,但是实际上我的企业版8.0i不管怎么扫都不会报,不相信的可以自己去可疑程式档案那里下载这个病毒看看,可能用mcafee virusscan10的启发或者5000引擎可以杀,但是企业8.0i加4400引擎不行,而且各位请看mcafee报的病毒名称,New Malware.u,不是已知病毒,4400引擎启发无效
TATUS: FINISHEDComplete scanning result of "dddd.rar", received in VirusTotal at 06.16.2006, 02:11:39 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 DR/CV-2006-1359.D.2
Authentium 4.93.8 06.15.2006 no virus found
Avast 4.7.844.0 06.15.2006 JS:CVE-2006-1359.Gen
AVG 386 06.15.2006 no virus found
BitDefender 7.2 06.16.2006 no virus found
CAT-QuickHeal 8.00 06.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Exploit.CVE1359
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Not-A-Virus.Exploit.JS.CVE20061359.l
Fortinet 2.77.0.0 06.16.2006 JS/CVE_2006_1359.L!exploit
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Exploit.JS.CVE-2006-1359.l
McAfee 4785 06.15.2006 New Malware.u
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 W32/Dloadr-AFH
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 W32/Bagle.gen@MM.rar
UNA 1.83 06.15.2006 Exploit.JS.CVE-2006-1359
VBA32 3.11.0 06.15.2006 Exploit.CVE1359
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 16034 bytes
MD5: 73ba65246f8b5d3a6d0d811caaf32263
SHA1: 6481e72008470db438db272d828b2dfb4b4dd9ed
2.[砖头]QQHelper
psinthk.rar
mcafee杀了
STATUS: FINISHEDComplete scanning result of "psinthk.rar", received in VirusTotal at 06.16.2006, 02:19:48 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/PSW.Finder.A
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 no virus found
AVG 386 06.15.2006 no virus found
BitDefender 7.2 06.16.2006 Trojan.Netsnake.I
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 Trojan.Netsnake-3
DrWeb 4.33 06.15.2006 BackDoor.PowerSpider
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Logger.Qeds.a
Fortinet 2.77.0.0 06.16.2006 W32/Netsnake.I!tr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 not-a-virus:PSWTool.Win32.Finder.a
McAfee 4785 06.15.2006 W32/Qeds!keylog
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 HackTool/Finder.A
Sophos 4.06.0 06.15.2006 Troj/Netsnake-I
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 Trojan/Finder.a
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 no virus found
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 4747 bytes
MD5: 3b234c614247eb180ea09d9a280b662c
SHA1: 4dd7f7e5d2764ee8011d3f4c4aab96f0ce3f81c7
3.[转帖]我已经注明是转贴的
2.rar
mcafee无反映
STATUS: FINISHEDComplete scanning result of "2.rar", received in VirusTotal at 06.16.2006, 02:23:29 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/Drop.L.hx.20.E.1
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Hengbang
AVG 386 06.15.2006 Downloader.Agent.DWU
BitDefender 7.2 06.16.2006 Adware.Hengban.A
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.DownLoader.10310
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Adware.Dmedia
Fortinet 2.77.0.0 06.16.2006 W32/Adload.CA!tr.dldr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-Downloader.Win32.Agent.akw
McAfee 4785 06.15.2006 potentially unwanted program Adware-Henbang
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 Win32/Adware.DM
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Trj/Agent.CBM
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 TrojanDownloader.Win32.Adload
VBA32 3.11.0 06.15.2006 Trojan-Downloader.Win32.Agent.akw
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 382350 bytes
MD5: 3eeda87487b97f8c3f89498938acaaa2
SHA1: 131e694190e55d28ff12599a9dbd705c09c46d12
4.[转帖]Chuanhua
内注明热血木马
mcafee有反映
STATUS: FINISHEDComplete scanning result of "dddd.rar", received in VirusTotal at 06.16.2006, 02:26:59 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/PSW.QQShou.BN.240
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Trojan-gen. {Other}
AVG 386 06.15.2006 PSW.Generic.VZV
BitDefender 7.2 06.16.2006 no virus found
CAT-QuickHeal 8.00 06.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.PWS.Qqshou
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Trojan.QQShou.bn
Fortinet 2.77.0.0 06.16.2006 W32/QQShou.BN!tr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-PSW.Win32.QQShou.bn
McAfee 4785 06.15.2006 PWS-QQPass
Microsoft 1.1441 06.16.2006 PWS:Win32/QQShou.gen
NOD32v2 1.1601 06.15.2006 a variant of Win32/PSW.QQShou
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 Trojan/PSW.QQShou.bn
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 Trojan-PSW.Win32.QQShou.bn
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 43456 bytes
MD5: 6fe528322a4fe328cf3fa78739b8d707
SHA1: 35d7fd92b24e74dba7e5ffb3ed5828c1f743e7ab
5.[转帖]测过的会员不要测了
我老婆的自拍.rar
mcafee无反映
因为virustotal无法显示中文文件名,所以显示为数字,没有错误,报告为正确的
STATUS: FINISHEDComplete scanning result of "__25105", received in VirusTotal at 06.16.2006, 02:36:16 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 BDS/Hupigon.lp.16
Authentium 4.93.8 06.16.2006 W32/Hupigon.GW
Avast 4.7.844.0 06.15.2006 no virus found
AVG 386 06.15.2006 no virus found
BitDefender 7.2 06.16.2006 Backdoor.Hupigon.ACK
CAT-QuickHeal 8.00 06.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.15.2006 Worm.Mytob.IS
DrWeb 4.33 06.15.2006 Trojan.PWS.Vipgsm
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 no virus found
Fortinet 2.77.0.0 06.16.2006 W32/Small.APX!tr
F-Prot 3.16f 06.15.2006 security risk named W32/Hupigon.GW
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-Dropper.Win32.Small.apx
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 Backdoor:Win32/Hupigon!2168
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 no virus found
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 349947 bytes
MD5: 5065682315026298c9058817cc368ac1
SHA1: 7ab1e074c896472aafb62597670598e1700ef511
6.[转帖]江民时时监控立即报了
WINNT.rar
mcafee有反映
STATUS: FINISHEDComplete scanning result of "WINNT.rar", received in VirusTotal at 06.16.2006, 02:51:09 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/PSW.Lineage.PH.3
Authentium 4.93.8 06.16.2006 W32/Wowcraft.G
Avast 4.7.844.0 06.15.2006 Win32:QQpass-X
AVG 386 06.15.2006 PSW.Generic2.FL
BitDefender 7.2 06.16.2006 MemScan:Trojan.PSW.Wayi.A
CAT-QuickHeal 8.00 06.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.PWS.Lineage
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Trojan.Lineage.ph
Fortinet 2.77.0.0 06.16.2006 Lineage.RK!tr
F-Prot 3.16f 06.15.2006 security risk named W32/Wowcraft.G
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-PSW.Win32.Lineage.ph
McAfee 4785 06.15.2006 PWS-LegMir.gen.b
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 probably a variant of Win32/PSW.Lineage.DN
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Trj/WoW.O
Sophos 4.06.0 06.15.2006 Troj/Lineage-RK
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 Trojan/PSW.Lineage.ph
UNA 1.83 06.15.2006 Trojan.PSW.Win32.Lineage
VBA32 3.11.0 06.15.2006 Trojan-PSW.Win32.Lineage.ph
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 349518 bytes
MD5: cafa3cb6fc0dea20de53c915bdf2eeb6
SHA1: 596650f833028ce7bbcee15e8455dfda89b64149
7.[转帖]来个小红伞不报的
fff.rar
mcafee无反映
STATUS: FINISHEDComplete scanning result of "fff.rar", received in VirusTotal at 06.16.2006, 02:58:01 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 no virus found
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 no virus found
AVG 386 06.15.2006 Worm/Delf.GV
BitDefender 7.2 06.16.2006 Win32.Revolnam.A
CAT-QuickHeal 8.00 06.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 no virus found
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 no virus found
Fortinet 2.77.0.0 06.16.2006 W32/Delf.S
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Virus.Win32.Delf.s
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 Win32.Delf.s
VBA32 3.11.0 06.15.2006 suspected of Backdoor.Delf.105 (paranoid heuristics)
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 12321 bytes
MD5: b4ada75b1fc9a61449fe32be366ce940
SHA1: bd1e9da8a641846bd7a1d6adb47079e08064c2ee
8.[砖头]瑞星KILL
winsys.rar
mcafee无反映
STATUS: FINISHEDComplete scanning result of "winsys.rar", received in VirusTotal at 06.16.2006, 03:01:32 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/Agent.QW
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Trojan-gen. {Other}
AVG 386 06.15.2006 Generic.SZA
BitDefender 7.2 06.16.2006 Trojan.Agent.QW
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.Click.1131
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Trojan.Agent.qw
Fortinet 2.77.0.0 06.16.2006 W32/Agent.QW!tr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan.Win32.Agent.qw
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 Win32/Agent.GW
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 no virus found
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 Trojan/Agent.qw
UNA 1.83 06.15.2006 Trojan.Win32.Agent
VBA32 3.11.0 06.15.2006 Trojan.Win32.Agent.qw
VirusBuster 4.3.7:9 06.15.2006 Trojan.Agent.CKL
Aditional Information
File size: 203823 bytes
MD5: eec1800871d3e1f9d0a2601440e7e1ce
SHA1: 08b2667084147fe7fef114bfadd44a24586fb6b9
9.[砖头]抓到u盘毒一个
RavMonE.rar
u盘病毒,用mcafee的人小心了,mcafee挂
STATUS: FINISHEDComplete scanning result of "RavMonE.rar", received in VirusTotal at 06.16.2006, 03:07:20 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 no virus found
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 no virus found
AVG 386 06.15.2006 no virus found
BitDefender 7.2 06.16.2006 no virus found
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.Iespy
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 no virus found
Fortinet 2.77.0.0 06.16.2006 no virus found
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Worm.Win32.RJump.a
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 no virus found
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 Worm.Win32.RJump.a
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 2257560 bytes
MD5: da76e9e720b54a708c4cc55e57cc38b8
SHA1: eb70ce33e29fecc76795240f017a0e0fd5a2b525
10.又发现一个
sssssssssssssss.rar
mcafee继续挂
哇哈哈,斑竹居然没加标题,晕,zane看见提醒周幸一下吧
STATUS: FINISHEDComplete scanning result of "sssssssssssssss.rar", received in VirusTotal at 06.16.2006, 03:59:54 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 no virus found
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 no virus found
AVG 386 06.15.2006 BackDoor.Generic2.AARR
BitDefender 7.2 06.16.2006 no virus found
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 BackDoor.FireFly
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Backdoor.Delf.aiz
Fortinet 2.77.0.0 06.16.2006 W32/FireFly.G!tr.bdr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Backdoor.Win32.FireFly.g
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 no virus found
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Constructor/FTPServ.A
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 Backdoor.FireFly
VBA32 3.11.0 06.15.2006 Backdoor.Win32.FireFly.g
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 390701 bytes
MD5: c419dc77654b02eb8faad079ea814460
SHA1: e7fdb39cca143b8c46ff343cd835ebd00a6e0f5a
11.[砖头]小心冒牌的小红伞安装包,本人已中标
jiekshijf.rar
mcafee有反映
STATUS: FINISHEDComplete scanning result of "jiekshijf.rar", received in VirusTotal at 06.16.2006, 04:04:40 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/Click.VB.MS
Authentium 4.93.8 06.16.2006 W32/Downloader.AAOZ
Avast 4.7.844.0 06.15.2006 Win32:Trojan-gen. {Other}
AVG 386 06.15.2006 Clicker.CAR
BitDefender 7.2 06.16.2006 Trojan.Downloader.Quyl.A
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 Trojan.Downloader.Small-1537
DrWeb 4.33 06.15.2006 Trojan.Click.1186
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Hijacker.VB.ms
Fortinet 2.77.0.0 06.16.2006 Adware/VB!019
F-Prot 3.16f 06.15.2006 security risk named W32/Downloader.AAOZ
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-Clicker.Win32.VB.ms
McAfee 4785 06.15.2006 Generic Downloader.ak
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Trj/Clicker.PQ
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 Trojan-Clicker.Win32.VB.ms
VirusBuster 4.3.7:9 06.15.2006 Trojan.CL.VB.VNL
Aditional Information
File size: 2597053 bytes
MD5: faf78b79fd24845160dd0daa73abe0a8
SHA1: fd19046d7b5dea49c1f61d19440ec8117b8dd676
12.[砖头]小红伞金山毒霸全挂
0E0054AD.rar
mcafee继续挂
STATUS: FINISHEDComplete scanning result of "0E0054AD.rar", received in VirusTotal at 06.16.2006, 04:07:21 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 no virus found
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Trojan-gen. {Other}
AVG 386 06.15.2006 no virus found
BitDefender 7.2 06.16.2006 Application.Targetsavers.C
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.DownLoader.5289
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 no virus found
Fortinet 2.77.0.0 06.16.2006 W32/TSUpdate.F!tr.dldr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan-Downloader.Win32.TSUpdate.n
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 TargetSaver (threat-c)
NOD32v2 1.1601 06.15.2006 Win32/TrojanDownloader.TSUpdate.N
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Adware/Sqwire
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 no virus found
VBA32 3.11.0 06.15.2006 Trojan-Downloader.Win32.TSUpdate.p
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 839426 bytes
MD5: c123a698b4e0c79d0bf866c6ea2f4edb
SHA1: 29e4eb743921fbad7fd48e25a9578b2d0f586c03
13.[砖头]今天的最后一个
mcafee继续挂,没什么好新鲜的了
STATUS: FINISHEDComplete scanning result of "ss.rar", received in VirusTotal at 06.16.2006, 04:18:09 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 BDS/Prosti.BE
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Prosti-H
AVG 386 06.15.2006 BackDoor.Generic2.XEN
BitDefender 7.2 06.16.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 BackDoor.Insti.54
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Backdoor.Prosti.be
Fortinet 2.77.0.0 06.16.2006 W32/HUPIGON!tr.bdr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Backdoor.Win32.Prosti.be
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 Backdoor/Prosti.be
UNA 1.83 06.15.2006 Backdoor.Prosti
VBA32 3.11.0 06.15.2006 Backdoor.Win32.Prosti.be
VirusBuster 4.3.7:9 06.15.2006 no virus found
Aditional Information
File size: 89752 bytes
MD5: 75acc5b359b09c830f211d28ad873302
SHA1: 98e2b510ccb54548c72c775030d73ac13e74ac35
14.[转帖]感谢QQBEAU提供病毒样本
soul.rar
mcafee继续挂,没什么好说的
STATUS: FINISHEDComplete scanning result of "soul.rar", received in VirusTotal at 06.16.2006, 04:21:36 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 TR/Small.HW.2
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Trojan-gen. {UPX!}
AVG 386 06.15.2006 Generic.SQJ
BitDefender 7.2 06.16.2006 Trojan.Small.HW
CAT-QuickHeal - 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 no virus found
DrWeb 4.33 06.15.2006 Trojan.Noho.3
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Trojan.Small.hw
Fortinet 2.77.0.0 06.16.2006 W32/Small.HW!tr
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Trojan.Win32.Small.hw
McAfee 4785 06.15.2006 no virus found
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1601 06.15.2006 Win32/Small.HW
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Trj/Small.SL
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 Trojan.Win32.Small
VBA32 3.11.0 06.15.2006 Trojan.Win32.Small.hw
VirusBuster 4.3.7:9 06.15.2006 Trojan.Small.BPZ
Aditional Information
File size: 24823 bytes
MD5: 001fe19f72eb20a5416bc3984d6bc270
SHA1: 925e1ad40af84a970596062c4e89601b4468285b
15.[砖头]今山发现的灰鸽子
DDOS.rar
mcafee终于又有反映了,难得呀。。。
STATUS: FINISHEDComplete scanning result of "DDOS.rar", received in VirusTotal at 06.16.2006, 04:34:11 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.15.2006 BDS/Agent.WD
Authentium 4.93.8 06.16.2006 no virus found
Avast 4.7.844.0 06.15.2006 Win32:Delf-ALG
AVG 386 06.15.2006 BackDoor.Generic2.PBP
BitDefender 7.2 06.16.2006 Backdoor.Delf.AOW
CAT-QuickHeal 8.00 06.15.2006 no virus found
ClamAV devel-20060426 06.15.2006 Trojan.Lmir-57
DrWeb 4.33 06.15.2006 BackDoor.Beizhu
eTrust-InoculateIT 23.72.40 06.16.2006 no virus found
eTrust-Vet 12.6.2257 06.15.2006 no virus found
Ewido 3.5 06.15.2006 Backdoor.Agent.wd
Fortinet 2.77.0.0 06.16.2006 BDoor.ARR!bdr!06
F-Prot 3.16f 06.15.2006 no virus found
Ikarus 0.2.65.0 06.15.2006 no virus found
Kaspersky 4.0.2.24 06.16.2006 Backdoor.Win32.Delf.aow
McAfee 4785 06.15.2006 BackDoor-ARR.svr
Microsoft 1.1441 06.16.2006 no virus found
NOD32v2 1.1602 06.16.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.15.2006 no virus found
Panda 9.0.0.4 06.16.2006 Suspicious file
Sophos 4.06.0 06.15.2006 no virus found
Symantec 8.0 06.16.2006 no virus found
TheHacker 5.9.8.159 06.15.2006 no virus found
UNA 1.83 06.15.2006 Backdoor.Agent
VBA32 3.11.0 06.15.2006 Backdoor.Win32.Agent.wd
VirusBuster 4.3.7:9 06.15.2006 Backdoor.Delf.QOB
Aditional Information
File size: 210908 bytes
MD5: 8eef8284c091460d9d644061f9528042
SHA1: d354c29c127a98b3c9e2089535973bc8b1ac025a
现在来公布一下今日的测试结果,一共是15个样本
mcafee:5/15
nod32:9/15
antivir:11/15
dr.web:14/15
kaspersky:15/15
ewido:11/15
norton(symantec):0/15
antivir,dr.web,kaspersky,ewido的结果都不错,都在10个以上,在我看来,这些产品是值得信赖的,nod32同学还凑合,刚刚及格了
再说说mcafee吧,现在的人,不怕病毒,最害木马了,中worm我ghost一下就好了,中木马轻则丢游戏帐号qq密码,重则连银行的money都没了,这次测试的样本基本上全部都是木马,看看mcafee的成绩吧各位,你们所谓的最强“防守”不过如此,现在你们觉得他安全,等你们真的中木马了,我看看你们到时候丢东西之后是什么表情吧,还有,我想问问各位,你们mcafee到底制定了什么规则都??
希望在下面的人可以和我说说看,我倒是要看看mcafee能制定的简单规则怎么来防止木马的进入,对于mcafee现在我已经无话可说,等我彻底的put in mcafee's shoes的时候,也就是mcafee从我电脑消失的时候,来吧各位,对这个结果请你们发表一下你们的看法,我倒是要看看各位现在还有什么好辩解我的结论的,别和我说杀毒没用,不然他mcafee就把它anti-virus的名字给我删掉,专心的给我做一个稍微有点功能的锁软吧,那我就不怪mcafee了
可笑的mcafee。。。
大概这也是为什么我从来没有看见有人用mcafee在样本区测试的原因,一方面是mcafee的无能实际上大家都知道,另一方面就是各位mcafee的fans都满足在mcafee所谓的“世界第一的防御”的能力上,真正判别一个杀毒软件的好坏只能在实战上判断,不要和我说mcafee擅长防守,在杀毒上,只有两个结果,不是你死,就是我亡,如果你们继续这么认为,那我只能在这里说,mcafee有愧于anti-virus software这个名字,充其量不过是一个defense-virus software,从此不要叫杀毒软件,改名叫防毒软件比较好,各位mcafee的fans,有勇气拿起你的mcafee冲向样本区吗??
我晕,我已经彻底无语了,居然还有人说着15个样本不能说明什么,居然还有mcafee的fans说这个,还说我没领会mcafee精髓,mcafee有什么精髓?文件保护??我已经说了,那个根本对真正的不替换system32文件的病毒无效,而且我要是放木马的我也不会选择出了1年的放,谁都能查出来了都,mcafee对新的木马的反映能力就是如此,事实胜于雄辩。。。。
QUOTE:
引用第68楼king_hh于2006-06-17 01:23发表的“”:
mcafee的确很多都查不出来呀,明知捆绑了病毒的软件一点反应都没有实在让人失望。现在也不是强迫人家不要用mcafee,只是把它的不好的一面剖析一下,让人知道罢了,Lz的观点我是比较认同的。上面有很多人说几个样本不能反映什么,但长时间留意一下样本区和自己实际使用,mcafee察觉病毒的能力的确有点名过其实。假如说防御是咖啡的精华,那么文件夹锁定和规则是最重要的了~可以说,如果一个杀软不能有效检测病毒,那么就会相当的被动。除非你永远不写文件夹,否则就有机会被病毒入侵,同时用起来也不方便。至于规则封端口等的确是有起作用,但是不是真的高枕无忧直到商榷,而且设置起来不见得有多少个高手能够真正做的精确。
整体来说咖啡还是优秀的,要不也不会如此有名,但我们也应该正视一些问题。很多人都说:“萝卜青菜各有所爱”,但我认为大部分人还是菜鸟,他们开始没有足够的判断力来选择最爱,这时候就是我们的批判家出来的时候了……
这正式我发这个帖子的目的,非常简单,菜鸟就不要用mcafee,不要相信mcafee所谓的防御能力,除非你认为你有精力天天上网搜集样本来添加到规则里面,看看mcafee区的规则,最后的更新时间都是2005年年底的,高手用我不反对,但是规则永远是辅助的,病毒库才是真正主要的,不然mcafee会永远的被动下去
各位都看看这个帖子吧http://bbs.hypost.cn/read.php?tid=44489&page=e&#a
看看用mcafee的同学是怎么被人把它的autoexec.bat文件替换的,这种替换只可能是远程连接到服务器替换的,mcafee空虚的规则理论果然是存在漏洞的,只要你不防好一个地方,病毒马上就能攻进来
看了各位对mcafee8.5都这么期待,到时候我会在mcafee8.5推出的第一时间再做这个测试的,现在对10月份满期待的。。 |
发表于 2007-2-7 09:47:45
发表于 2007-2-7 10:41:33
楼主
那是Mofunzone写的。。。