电脑上发现的2个可疑文件

显示全部楼层 · 发表于 2009-9-14 07:49:03

刚刚开机RIS提示这两个文件需要连接网络，但感觉比较陌生，所以拒绝了。大家给帮忙分析下吧

下载地址：http://www.vdisk.cn/down/index/3680080A2412/momeos.rar.html

[ 本帖最后由马力于 2009-9-14 07:54 编辑 ]

显示全部楼层 · 发表于 2009-9-14 10:30:58

显示全部楼层 · 发表于 2009-9-14 22:31:36

McAfee 报了1个。。

显示全部楼层 · 发表于 2009-9-14 23:49:52

http://www.virustotal.com/zh-cn/ ... cf883815-1252885200

To KL

显示全部楼层 · 发表于 2009-9-15 00:38:45

TO KL,LL,MCAFEE,ANTIVIR

Filename Result
dehese.exe MALWARE

The file 'dehese.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/Hupigon.166219. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.01.05.241.
Filename Result
fexos.exe UNDER ANALYSIS

The file 'fexos.exe' has been determined to be 'UNDER ANALYSIS'.

显示全部楼层 · 发表于 2009-9-15 08:01:58

to symantec, sophos, AVG

[ 本帖最后由 jason_jiang 于 2009-9-15 08:04 编辑 ]

显示全部楼层 · 发表于 2009-9-15 11:52:52

Avira AntiVir
momeos.rar
  [0] Archive type: RAR
--> dehese.exe
   [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.166219 back-door program
[NOTE]    A backup was created as '4acf9863.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-15 12:00:36

Hello,

dehese.ex2e - Trojan.Win32.Delf.ovz

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

fexos.ex2e

No malicious code was found in this file.

>
>
Please quote all when answering.

显示全部楼层 · 发表于 2009-9-18 20:36:06

Filename Result dehese.exe MALWARE

The file 'dehese.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/Hupigon.166219. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.01.05.241.
Filename Result fexos.exe DAMAGED FILE (MALWARE)

The file 'fexos.exe' has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments.

显示全部楼层 · 发表于 2009-9-18 20:43:49

to IObit

[病毒样本] 电脑上发现的2个可疑文件

本帖子中包含更多资源