a.exe

显示全部楼层 · 发表于 2009-8-13 23:16:09

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.3	20090813160201	2009-08-13	-	0.373
AntiVir	8.2.1.1	7.1.5.107	2009-08-13	-	0.468
Arcavir	2009	200908121839	2009-08-12	-	0.055
Authentium	5.1.1	200908131109	2009-08-13	-	1.260
AVAST!	4.7.4	090812-0	2009-08-12	-	0.016
AVG	8.5.288	270.13.54/2300	2009-08-13	-	0.427
BitDefender	7.81008.3836011	7.27143	2009-08-13	-	3.375
CA (VET)	9.0.0.143	31.6.6673	2009-08-13	-	3.784
ClamAV	0.95.2	9689	2009-08-13	-	0.131
Comodo	3.10	1966	2009-08-13	-	1.672
CP Secure	1.1.0.715	2009.08.13	2009-08-13	-	15.238
Dr.Web	4.44.0.9170	2009.08.13	2009-08-13	-	5.734
F-Prot	4.4.4.56	20090813	2009-08-13	-	1.386
F-Secure	7.02.73807	2009.08.13.10	2009-08-13	Trojan-Downloader:W32/Renos.gen!C [FSE]	0.142
GData	19.7092/19.437	20090813	2009-08-13	-	5.261
Ikarus	T3.1.01.64	2009.08.13.73232	2009-08-13	-	4.148
Microsoft	1.4903	2009.08.12	2009-08-12	TrojanDownloader:Win32/Renos.GW	6.753
Norman	6.01.09	6.01.00	2009-08-12	-	4.007
nProtect	20090812.02	4997778	2009-08-12	-	7.208
Quick Heal	10.00	2009.08.13	2009-08-13	-	3.093
Sophos	2.89.1	4.44	2009-08-13	Mal/EncPk-HW	3.152
Sunbelt	5327	5327	2009-08-12	-	6.042
The Hacker	6.3.4.3	v00383	2009-08-12	-	0.891
VBA32	3.12.10.9	20090812.1653	2009-08-12	-	4.118
ViRobot	20090813	2009.08.13	2009-08-13	-	0.594
VirusBuster	4.5.11.10	10.112.3/1827400	2009-08-12	-	5.575
卡巴斯基	5.5.10	2009.08.13	2009-08-13	-	0.158
安博士V3	2009.08.13.03	2009.08.13	2009-08-13	-	1.003
安天	2.0.18	20090813.2698352	2009-08-13	-	0.123
江民杀毒	11.0.800	2009.08.13	2009-08-13	-	9.062
熊猫卫士	9.05.01	2009.08.13	2009-08-13	-	6.286
瑞星	20.0	21.42.34.00	2009-08-13	Packer.Win32.Agent.aq [Suspicious]	2.178
赛门铁克	1.3.0.24	20090812.008	2009-08-12	-	0.099
趋势科技	8.700-1004	6.361.00	2009-08-13	-	0.039
迈克菲	5.3.00	5707	2009-08-12	-	6.785
金山毒霸	2009.2.5.15	2009.8.13.21	2009-08-13	-	0.644
飞塔	2.81-3.120	10.712	2009-08-13	-	0.408

[ 本帖最后由 Palkia 于 2009-8-13 23:17 编辑 ]

显示全部楼层 · 发表于 2009-8-13 23:22:14

To KL

显示全部楼层 · 发表于 2009-8-13 23:24:52

TO LL

显示全部楼层 · 发表于 2009-8-13 23:26:08

mse kill

显示全部楼层 · 发表于 2009-8-13 23:28:12

Hello,

a.exe - Trojan.Win32.FraudPack.qfk

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Best regards, Maxim Makhotkin
Malware Analyst
Kaspersky lab

不到六分钟

显示全部楼层 · 发表于 2009-8-14 02:21:33

Nod 32 kill
a.exe - Win32/Kryptik.ADW

显示全部楼层 · 发表于 2009-8-14 07:01:15

to ThreatExpert

显示全部楼层 · 发表于 2009-8-14 07:47:34

伞MISS~
2009-08-14 07:46:17 创建文件操作:阻止
进程路径:E:\Data\a.exe
文件路径:C:\WINDOWS\system32\msxml71.dll
触发规则:所有程序规则->FD:01…系统文件读写规则Ⅰ->%SystemDrive%\*.dll

2009-08-14 07:46:23 创建文件操作:允许
进程路径:E:\Data\a.exe
文件路径:E:\Local Settings\Temp\msxml71.dll
触发规则:所有程序规则->FD:02…文件创建修改规则->*\*.dll

[ 本帖最后由左手于 2009-8-14 07:48 编辑 ]

显示全部楼层 · 发表于 2009-8-14 08:54:10

to 咖啡
得到回复

AVERT Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5708.0000
Thank you for your submission.

Analysis ID: 5459799

File Name          Findings                      Detection                   Type       Extra
--------------------|------------------------------|----------------------------|------------|-----
a.exe             |new detection                |fakealert-gv             |Trojan    |yes

Attached is a file for extra detection, which will be included in a future DAT set. We
have detected a virus or trojan that can only be detected and removed with the
attached EXTRA.DAT and current scan engine. The EXTRA.DAT must be used with the
current scan engine, and we highly recommend you update to the most current DAT
release. If you are not seeing this with the product you are using, please speak with
technical support so they can help you determine the cause of this discrepancy.

new detection [a.exe]

The file received contains a new virus or trojan. It is recommended that you update
your DAT and engine files and scan your computer again.

To find detailed information about viruses and other malware, please review AVERT抯
Virus Information Library:

http://vil.mcafeesecurity.com

You may wish to submit future malware samples to:

https://www.webimmune.net/default.asp

It may be the best option if you are having a problem with gateway scanners stripping
your sample submission.

If you believe your computer is infected, but are unsure which files should be
submitted to AVERT for review, please visit:

http://vil.mcafeesecurity.com/vil/submit-sample.aspx

For other virus-related information, please review the AVERT homepage at:

http://www.mcafee.com/us/threat_center/default.asp

Support ?nbsp;

Virus Research accepts file-samples for analysis and possible inclusion into AV
signature DAT sets. We are also prepared to answer general virus questions. All
product-related questions and comments can be addressed through technical support and
customer service, including:

* Product installation and update questions
* Product usage questions
* Specific operating system/version questions
* Assistance with detection and cleaning or removal of viruses or trojans

Use the following link to update your DAT and scan engine to the most current version:

http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Use the following links to reach online technical support for McAfee products -

Corporate Customers:

http://www.mcafeesecurity.com/us/support/

Single User/Retail Customers:

http://www.mcafeehelp.com

Note ?nbsp;

Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.

Regards,

McAfee AVERT tm
A division of McAfee, Inc

附带附加病毒库

[ 本帖最后由 saskecn 于 2009-8-14 08:55 编辑 ]

显示全部楼层 · 发表于 2009-8-14 09:08:31

to IObit

[病毒样本] a.exe

本帖子中包含更多资源

本帖子中包含更多资源

回复 1楼 Palkia 的帖子

本帖子中包含更多资源

浏览过的版块