1 20090711

显示全部楼层 · 发表于 2009-7-11 13:31:03

扫描结果 :	21%的杀软(8/38)报告发现病毒
时间 :	2009/07/11 13:23:21 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.1	20090711053138	2009-07-11	Trojan-Downloader.Win32.Perkesh!IK	0.415
AntiVir	8.2.0.204	7.1.4.219	2009-07-10	TR/Rootkit.Gen	0.289
Arcavir	2009	200907101509	2009-07-10	-	0.037
Authentium	5.1.1	200907101647	2009-07-10	-	1.179
AVAST!	4.7.4	090710-0	2009-07-10	-	0.005
AVG	8.5.288	270.13.10/2230	2009-07-11	Win32/Heur	0.324
BitDefender	7.81008.3673923	7.26507	2009-07-11	Dropped:Generic.Malware.PVPk!g.690F9527	3.223
CA (VET)	9.0.0.143	31.6.6607	2009-07-10	-	7.630
ClamAV	0.95.2	9552	2009-07-10	-	0.011
Comodo	3.10	1612	2009-07-11	-	0.723
CP Secure	1.1.0.715	2009.07.08	2009-07-08	-	11.012
Dr.Web	4.44.0.9170	2009.07.11	2009-07-11	-	4.862
F-Prot	4.4.4.56	20090710	2009-07-10	-	1.161
F-Secure	5.51.6100	2009.07.10.11	2009-07-10	-	0.075
GData	19.6384/19.392	20090711	2009-07-11	-	4.313
Ikarus	T3.1.01.64	2009.07.11.73014	2009-07-11	Trojan-Downloader.Win32.Perkesh	3.095
Microsoft	1.4803	2009.07.11	2009-07-11	TrojanDownloader:Win32/Perkesh.gen!A	5.061
mks_vir	2.01	2009.07.11	2009-07-11	-	3.205
Norman	6.01.09	6.01.00	2009-07-09	-	4.008
nProtect	20090711.01	4698350	2009-07-11	-	6.140
Quick Heal	10.00	2009.07.10	2009-07-10	-	1.014
Sophos	2.88.0	4.43	2009-07-11	-	2.806
Sunbelt	5243	5243	2009-07-10	-	1.003
The Hacker	6.3.4.3	v00365	2009-07-10	-	0.659
VBA32	3.12.10.8	20090710.1521	2009-07-10	-	2.051
ViRobot	20090710	2009.07.10	2009-07-10	-	0.410
VirusBuster	4.5.11.10	10.108.3/1853512	2009-07-10	-	2.255
卡巴斯基	5.5.10	2009.07.11	2009-07-11	-	0.061
安博士V3	2009.07.10.01	2009.07.10	2009-07-10	-	0.938
安天	2.0.18	20090711.2612361	2009-07-11	-	0.120
江民杀毒	11.0.800	2009.07.09	2009-07-09	-	3.880
熊猫卫士	9.05.01	2009.07.10	2009-07-10	Trj/Downloader.MDW	1.981
瑞星	20.0	21.37.44.00	2009-07-10	-	0.786
赛门铁克	1.3.0.24	20090710.003	2009-07-10	Trojan.Dropper	0.046
趋势科技	8.700-1004	6.266.08	2009-07-10	-	0.027
迈克菲	5.3.00	5672	2009-07-10	-	2.948
金山毒霸	2009.2.5.15	2009.7.10.21	2009-07-10	-	0.465
飞塔	2.81-3.120	10.593	2009-07-10	-	0.204

	2009-07-10 Found nothing		2009-07-11 Dropped:Generic.Malware.PVPk!g.690F9527
	2009-07-11 Trojan-Downloader.Win32.Perkesh!IK		2009-07-11 Trojan-Downloader.Win32.Perkesh
	2009-07-10 Found nothing		2009-07-11 Found nothing
	2009-07-10 Win32/Heur		2009-07-11 Found nothing
	2009-07-10 TR/Rootkit.Gen		2009-07-10 Found nothing
	2009-07-11 Dropped:Generic.Malware.PVPk!g.690F9527		2009-07-10 Trj/Downloader.MDW
	2009-07-10 Found nothing		2009-07-10 Found nothing
	2009-07-09 Found nothing		2009-07-11 Found nothing
	2009-07-11 Found nothing		2009-07-10 Found nothing
	2009-07-08 Found nothing		2009-07-10 Found nothing
	2009-07-10 Found nothing

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.18	2009.07.11	Trojan-Downloader.Win32.Perkesh!IK
AhnLab-V3	5.0.0.2	2009.07.10	-
AntiVir	7.9.0.204	2009.07.10	TR/Rootkit.Gen
Antiy-AVL	2.0.3.1	2009.07.10	-
Authentium	5.1.2.4	2009.07.10	-
Avast	4.8.1335.0	2009.07.10	-
AVG	8.5.0.387	2009.07.10	Win32/Heur
BitDefender	7.2	2009.07.11	Dropped:Generic.Malware.PVPk!g.690F9527
CAT-QuickHeal	10.00	2009.07.10	-
ClamAV	0.94.1	2009.07.10	-
Comodo	1612	2009.07.11	-
DrWeb	5.0.0.12182	2009.07.11	-
eSafe	7.0.17.0	2009.07.09	-
eTrust-Vet	31.6.6608	2009.07.10	-
F-Prot	4.4.4.56	2009.07.10	-
F-Secure	8.0.14470.0	2009.07.10	Suspicious:W32/Malware!Gemini
Fortinet	3.120.0.0	2009.07.11	-
GData	19	2009.07.11	Dropped:Generic.Malware.PVPk!g.690F9527
Ikarus	T3.1.1.64.0	2009.07.11	Trojan-Downloader.Win32.Perkesh
Jiangmin	11.0.706	2009.07.09	-
K7AntiVirus	7.10.789	2009.07.10	-
Kaspersky	7.0.0.125	2009.07.11	Trojan.Win32.Agent.cprg
McAfee	5672	2009.07.10	-
McAfee+Artemis	5672	2009.07.10	-
McAfee-GW-Edition	6.8.5	2009.07.10	Heuristic.LooksLike.Win32.A
Microsoft	1.4803	2009.07.11	TrojanDownloader:Win32/Perkesh.gen!A
NOD32	4233	2009.07.11	-
Norman	6.01.09	2009.07.10	-
nProtect	2009.1.8.0	2009.07.11	-
Panda	10.0.0.14	2009.07.10	Trj/Downloader.MDW
PCTools	4.4.2.0	2009.07.10	-
Prevx	3.0	2009.07.11	-
Rising	21.37.44.00	2009.07.10	-
Sophos	4.43.0	2009.07.11	-
Sunbelt	3.2.1858.2	2009.07.10	Trojan-Downloader.Win32.Sfn!cobra (v)
Symantec	1.4.4.12	2009.07.11	Trojan.Dropper
TheHacker	6.3.4.3.365	2009.07.11	-
TrendMicro	8.950.0.1094	2009.07.10	-
VBA32	3.12.10.8	2009.07.11	-
ViRobot	2009.7.11.1830	2009.07.11	-
VirusBuster	4.6.5.0	2009.07.10	-

已报江民

显示全部楼层 · 发表于 2009-7-11 13:33:54

[ General information ]
* Accesses executable file from resource section.
* Creating several executable files on hard-drive.
* File length: 29392 bytes.
* MD5 hash: ad8d78d47bdd3e3833bd9e875795417a.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\TEMP\935Fuck.dll.
* Creates file C:\WINDOWS\SYSTEM32\Drivers\NsDnldr3.sys.
* Creates file C:\WINDOWS\TEMP\55386503.bat.
* Deletes file /f "C:\sample.exe".

[ Changes to registry ]
* Creates key "HKLM\System\CurrentControlSet\Services\MY260".
* Sets value "ImagePath"="C:\WINDOWS\SYSTEM32\Drivers\NsDnldr3.sys" in key "HKLM\System\CurrentControlSet\Services\MY260".
* Sets value "DisplayName"="MY260" in key "HKLM\System\CurrentControlSet\Services\MY260".
* Accesses Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost".

[ Process/window information ]
* Enumerates running processes.
* Enumerates running processes several parses....
* Attempts to access service "MY260".
* Creates service "MY260 (MY260)" as "C:\WINDOWS\SYSTEM32\Drivers\NsDnldr3.sys".
* Installing kernel driver "\Device\MY260".
* Driver "\Device\MY260" hooks kernel IRP "CREATE".
* Driver "\Device\MY260" hooks kernel IRP "CREATE_NAMED_PIPE".
* Driver "\Device\MY260" hooks kernel IRP "CLOSE".
* Driver "\Device\MY260" hooks kernel IRP "READ".
* Driver "\Device\MY260" hooks kernel IRP "WRITE".
* Driver "\Device\MY260" hooks kernel IRP "QUERY_INFORMATION".
* Driver "\Device\MY260" hooks kernel IRP "SET_INFORMATION".
* Driver "\Device\MY260" hooks kernel IRP "QUERY_EA".
* Driver "\Device\MY260" hooks kernel IRP "SET_EA".
* Driver "\Device\MY260" hooks kernel IRP "FLUSH_BUFFERS".
* Driver "\Device\MY260" hooks kernel IRP "QUERY_VOLUME_INFORMATION".
* Driver "\Device\MY260" hooks kernel IRP "SET_VOLUME_INFORMATION".
* Driver "\Device\MY260" hooks kernel IRP "DIRECTORY_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "FILE_SYSTEM_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "DEVICE_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "INTERNAL_DEVICE_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "SHUTDOWN".
* Driver "\Device\MY260" hooks kernel IRP "LOCK_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "CLEANUP".
* Driver "\Device\MY260" hooks kernel IRP "CREATE_MAILSLOT".
* Driver "\Device\MY260" hooks kernel IRP "QUERY_SECURITY".
* Driver "\Device\MY260" hooks kernel IRP "SET_SECURITY".
* Driver "\Device\MY260" hooks kernel IRP "POWER".
* Driver "\Device\MY260" hooks kernel IRP "SYSTEM_CONTROL".
* Driver "\Device\MY260" hooks kernel IRP "DEVICE_CHANGE".
* Driver "\Device\MY260" hooks kernel IRP "QUERY_QUOTA".
* Driver "\Device\MY260" hooks kernel IRP "SET_QUOTA".
* Attemps to open C:\WINDOWS\TEMP\55386503.bat NULL.
* Creates process "CMD.EXE".

[ Signature Scanning ]
* C:\WINDOWS\TEMP\935Fuck.dll (25600 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\Drivers\NsDnldr3.sys (2192 bytes) : no signature detection.
* C:\WINDOWS\TEMP\55386503.bat (61 bytes) : no signature detection.

显示全部楼层 · 发表于 2009-7-11 13:36:31

to kl,ll

显示全部楼层 · 发表于 2009-7-11 13:41:11

过卡巴6.0，看来卡巴的病毒数据不是同步更新啊，卡巴7.0可以杀

显示全部楼层 · 发表于 2009-7-11 13:46:49

显示全部楼层 · 发表于 2009-7-11 13:48:32

过大蜘蛛

显示全部楼层 · 发表于 2009-7-11 13:51:39

D:\TDDownload\1.rar/1.exe 已检测: Trojan-Downloader.Win32.Perkesh!IK

显示全部楼层 · 发表于 2009-7-11 13:57:39

奇怪，卡巴10竟然被过了

To KL

显示全部楼层 · 发表于 2009-7-11 14:07:49

瑞星 Trojan.Win32.Generic.11EA5387

显示全部楼层 · 发表于 2009-7-11 14:12:14

to mpav

[病毒样本] 1 20090711

本帖子中包含更多资源

回复 1楼 killloop 的帖子

本帖子中包含更多资源