囧~新免杀病毒样本一个（再不发就过期了）~囧

显示全部楼层 · 发表于 2009-10-3 13:50:02

原帖由 hddu 于 2009-10-2 16:14 发表
EQ测试，挨揍规则。rpcnetp.exe自动退出。rpcnet.exe被拦截。

2009-10-02 16:13:39 创建文件操作:阻止
进程路径:E:\新建文件夹\新建文件夹\rpcnet.exe
文件路径:C:\WINDOWS\System32\rpcnetp.exe
触发 ...

干净的文件都能被拦截。。。。。。不知道该说什么好

显示全部楼层 · 发表于 2009-10-3 15:04:26

原帖由囧神于 2009-10-2 20:11 发表

囧~过微点？主动还是扫描？。。。谁来再测试下？(不要更新毒库，可能更新后就已经入库了~囧）

我昨天测试的时候是两个都过了。。。

PS：试用版，更新到10-1~

显示全部楼层 · 发表于 2009-10-3 15:05:55

原帖由 sunnyboybbq 于 2009-10-3 15:04 发表

我昨天测试的时候是两个都过了。。。

PS：试用版，更新到10-1~

囧~又一个过微点的病毒诞生了？~囧囧

显示全部楼层 · 发表于 2009-10-3 15:22:45

可怜的小红伞也挂了汗

显示全部楼层 · 发表于 2009-10-3 15:51:38

囧~虽然2010的扫描也被过了。。。囧~不过木马行为防御还是没让咱失望啊~囧

系统加固+木马行为防御都进行了有效的拦截~
拦截图太多了~只附上一张以作证明。。。囧~成功拦截后样本就直接弹错误报告退出了~囧囧

显示全部楼层 · 发表于 2009-10-3 18:08:16

费尔拦截~~

显示全部楼层 · 发表于 2009-10-3 18:25:31

这个样本很牛啊，楼主在哪找的

显示全部楼层 · 发表于 2009-10-3 18:29:21

这玩意儿什么啊
We received the following archive files:

File ID  Filename Size (Byte) Result
25464058  新建文件夹.rar 75.57 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename Size (Byte) Result
8842691  rpcnet.dll  55.35 KB  KNOWN CLEAN
8842692  rpcnet.exe  55.35 KB  KNOWN CLEAN
1264703  rpcnetp.dll  17 KB  KNOWN CLEAN
2217507  rpcnetp.exe  17 KB  KNOWN CLEAN

Please find a detailed report concerning each individual sample below:

Filename Result
rpcnet.dll  KNOWN CLEAN

The file 'rpcnet.dll' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Computrace'.

Filename Result
rpcnet.exe  KNOWN CLEAN

The file 'rpcnet.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Computrace'.

Filename Result
rpcnetp.dll  KNOWN CLEAN

The file 'rpcnetp.dll' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Computrace'.

Filename Result
rpcnetp.exe  KNOWN CLEAN

The file 'rpcnetp.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Computrace'.

--------------------------------------------------------------------------------

显示全部楼层 · 发表于 2009-10-3 18:33:44

没有任何一个厂商会认为它是MAL的

20楼已经给出真相了，别忙活上报了

显示全部楼层 · 发表于 2009-10-3 18:34:04

全都不是毒，看红伞的回复

[病毒样本] 囧~新免杀病毒样本一个（再不发就过期了）~囧

本帖子中包含更多资源