在系统目录放二个文件特像木马？？？

显示全部楼层 · 发表于 2009-6-15 16:48:48

在系统目录放二个文件特像木马？？？

下载：ht tp://ha3.newhua.com/down/Calendar_24138.rar
如果不能下载则访问：ht tp://www.onlinedown.net/soft/24138.htm

VirSCAN.org Scanned Report :
Scanned time : 2009/06/15 16:27:42 (CST)
Scanner results: 8%的杀软(3/38)报告发现病毒
File Name    : IEXPLORE.EXE
File Size    : 61535 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : 3fdba472d708369db3f2dc7895d39eac
SHA1          : c4f1f249b2451a564d10850746e02bbfc561f442
Online report  : ht tp://virscan.org/report/e70c365ecb6b953fc86af339bb483771.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.5.0.1       20090614213204 2009-06-14  2.51 -
安博士V3    2009.06.15.00 2009.06.15       2009-06-15  1.71 -
AntiVir       8.2.0.187    7.1.4.91       2009-06-15  0.39 -
安天          2.0.18       20090615.2540363  2009-06-15  0.12 -
Arcavir       2009          200906141032    2009-06-14  0.09 -
Authentium    5.1.1          200906141749    2009-06-14  1.22 W32/CrazyCrunch-based!Maximus (Heuristic)
AVAST!       4.7.4          090614-0       2009-06-14  0.01 -
AVG          8.5.286       270.12.69/2176 2009-06-15  3.58 -
BitDefender 7.81008.3348627 7.25991          2009-06-15  3.03 -
CA (VET)    9.0.0.143    31.6.6555       2009-06-13  4.58 -
ClamAV       0.95.1       9465             2009-06-14  0.02 -
Comodo       3.9          1333             2009-06-15  0.87 -
CP Secure    1.1.0.715    2009.06.15       2009-06-15  10.20  -
Dr.Web       4.44.0.9170    2009.06.15       2009-06-15  4.81 -
F-Prot       4.4.4.56       20090614       2009-06-14  1.18 Possible W32/CrazyCrunch-based!Maximus
F-Secure    5.51.6100    2009.06.15.03    2009-06-15  0.09 -
飞塔          2.81-3.117    10.499          2009-06-14  0.22 -
GData       19.5844/19.364  20090615       2009-06-15  4.99 -
ViRobot       20090613       2009.06.13       2009-06-13  0.91 -
Ikarus       T3.1.01.59    2009.06.15.72868  2009-06-15  3.24 -
江民杀毒    11.0.706       2009.06.15       2009-06-15  2.13 -
卡巴斯基    5.5.10       2009.06.15       2009-06-15  0.08 -
金山毒霸    2009.2.5.15    2009.6.15.14    2009-06-15  0.65 -
迈克菲       5.3.00       5646             2009-06-14  3.07 -
Microsoft    1.4701       2009.06.15       2009-06-15  4.35 -
mks_vir       2.01          2009.06.15       2009-06-15  3.27 -
Norman       6.01.09       6.01.00          2009-06-12  4.01 -
熊猫卫士    9.05.01       2009.06.14       2009-06-14  1.86 -
趋势科技    8.700-1004    6.194.02       2009-06-14  0.03 -
Quick Heal    10.00          2009.06.15       2009-06-15  1.23 -
瑞星          20.0          21.34.01.00    2009-06-15  0.96 AdWare.Win32.Nodef.hk
Sophos       2.87.1       4.42             2009-06-15  2.49 -
Sunbelt       5187          5187             2009-06-13  1.05 -
赛门铁克    1.3.0.24       20090614.004    2009-06-14  0.06 -
nProtect    20090614.01    4249058          2009-06-14  6.07 -
The Hacker    6.3.4.3       v00345          2009-06-12  0.76 -
VBA32       3.12.10.7    20090614.1156    2009-06-14  2.12 -
VirusBuster 4.5.11.10    10.107.13/1629186 2009-06-14  2.91 -

其它多引擎分析结果：
ht tp://virusscan.jotti.org/en/scanresult/2ac50dac2a2744b6fe85621e1e2b44d5ea842f35
ht tp://www.virustotal.com/zh-cn/analisis/07a72ec6e2925e114f3e84ee0a57503c076d8d9532ba7c8a0ea6902611a59789-1245054878

VirSCAN.org Scanned Report :
Scanned time : 2009/06/15 16:37:04 (CST)
Scanner results: 全部的杀毒软件报告没有发现病毒!
File Name    : irmon32.dll
File Size    : 49152 byte
File Type    : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5          : 4f4ab67b99b2c1f9a9bff5862a4de649
SHA1          : 655aa080226807b58f5b4503d411156ac4786f10
Online report  : ht tp://virscan.org/report/61d089f2ebf2ee4d3d9973338ec80e9e.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.5.0.1       20090614213204 2009-06-14  2.52 -
安博士V3    2009.06.15.00 2009.06.15       2009-06-15  0.82 -
AntiVir       8.2.0.187    7.1.4.91       2009-06-15  0.53 -
安天          2.0.18       20090615.2540363  2009-06-15  0.12 -
Arcavir       2009          200906141032    2009-06-14  0.05 -
Authentium    5.1.1          200906141749    2009-06-14  1.40 -
AVAST!       4.7.4          090614-0       2009-06-14  0.01 -
AVG          8.5.286       270.12.69/2176 2009-06-15  3.42 -
BitDefender 7.81008.3348627 7.25991          2009-06-15  3.00 -
CA (VET)    9.0.0.143    31.6.6555       2009-06-13  6.23 -
ClamAV       0.95.1       9465             2009-06-14  0.03 -
Comodo       3.9          1333             2009-06-15  0.91 -
CP Secure    1.1.0.715    2009.06.15       2009-06-15  10.75  -
Dr.Web       4.44.0.9170    2009.06.15       2009-06-15  4.77 -
F-Prot       4.4.4.56       20090614       2009-06-14  1.19 -
F-Secure    5.51.6100    2009.06.15.03    2009-06-15  0.10 -
飞塔          2.81-3.117    10.499          2009-06-14  0.22 -
GData       19.5844/19.364  20090615       2009-06-15  4.77 -
ViRobot       20090613       2009.06.13       2009-06-13  0.43 -
Ikarus       T3.1.01.59    2009.06.15.72868  2009-06-15  3.27 -
江民杀毒    11.0.706       2009.06.15       2009-06-15  2.05 -
卡巴斯基    5.5.10       2009.06.15       2009-06-15  0.09 -
金山毒霸    2009.2.5.15    2009.6.15.14    2009-06-15  0.55 -
迈克菲       5.3.00       5646             2009-06-14  3.13 -
Microsoft    1.4701       2009.06.15       2009-06-15  4.63 -
mks_vir       2.01          2009.06.15       2009-06-15  3.28 -
Norman       6.01.09       6.01.00          2009-06-12  4.01 -
熊猫卫士    9.05.01       2009.06.14       2009-06-14  2.20 -
趋势科技    8.700-1004    6.194.02       2009-06-14  0.03 -
Quick Heal    10.00          2009.06.15       2009-06-15  1.17 -
瑞星          20.0          21.34.01.00    2009-06-15  0.78 -
Sophos       2.87.1       4.42             2009-06-15  2.45 -
Sunbelt       5187          5187             2009-06-13  0.86 -
赛门铁克    1.3.0.24       20090614.004    2009-06-14  0.05 -
nProtect    20090614.01    4249058          2009-06-14  6.29 -
The Hacker    6.3.4.3       v00345          2009-06-12  0.91 -
VBA32       3.12.10.7    20090614.1156    2009-06-14  1.98 -
VirusBuster 4.5.11.10    10.107.13/1629186 2009-06-14  1.97 -

其它多引擎分析结果：
ht tp://www.virustotal.com/zh-cn/analisis/3a8328b2ad7b0f5d0552c9dadc61cf5a69426f1eea8f8459c46d145ad990cfb3-1245055114
ht tp://virusscan.jotti.org/en/scanresult/49ae9045117a03493b38be8fec863fa34ec206ee

显示全部楼层 · 发表于 2009-6-15 17:57:29

to kl

显示全部楼层 · 发表于 2009-6-15 18:10:50

卡巴不报

显示全部楼层 · 发表于 2009-6-15 18:12:24

"Infections"
"File";"Infection";"Result"
"E:\收集区\todo.exe";"Trojan horse Agent2.DMG";"Infected"
"E:\收集区\todo.exe:\$CF\mssup.exe";"Trojan horse Agent2.DMG";"Infected"

显示全部楼层 · 发表于 2009-6-15 18:14:58

mpav miss,to

显示全部楼层 · 发表于 2009-6-15 18:27:54

原帖由 J-F-F 于 2009-6-15 18:00 发表
两个广告程序
下载
http://www.bjtgzs.cn/msie/x1/todo.exe

卡巴报trojan

显示全部楼层 · 发表于 2009-6-15 18:28:59

原帖由 J-F-F 于 2009-6-15 18:00 发表
两个广告程序
下载
http://www.bjtgzs.cn/msie/x1/todo.exe

dw
todo.exe\data006;C:\Documents and Settings\all\桌面\todo.exe;Adware.AdTraffic.origin;;
todo.exe;C:\Documents and Settings\all\桌面;Archive contains infected objects;;

显示全部楼层 · 发表于 2009-6-15 18:31:22

原帖由 J-F-F 于 2009-6-15 18:00 发表
两个广告程序
下载
http://www.bjtgzs.cn/msie/x1/todo.exe

Starting the file scan:

Begin scan in 'D:\kafan\todo.exe'
D:\kafan\todo.exe
[DETECTION] Contains recognition pattern of the DR/BHO.qqa dropper
--> ProgramFilesDir/mssup.exe
   [DETECTION] Is the TR/BHO.qqa Trojan
[NOTE]    The file was deleted!

End of the scan: 2009年6月15日  18:33
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   8 Files were scanned
   2 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   1 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   6 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2009-6-15 20:45:02

to McAfee

显示全部楼层 · 发表于 2009-6-16 00:00:07

nod miss

[可疑文件] 在系统目录放二个文件特像木马？？？

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块