今中ghost.exe病毒，特发样本上来，请各位帮忙分析下

显示全部楼层 · 发表于 2009-11-11 22:02:56

今中ghost.exe病毒，特发样本上来，请各位帮忙分析下。谢谢大家
救援区的帖子：http://bbs.kafan.cn/viewthread.php?tid=590921&page=1&extra=page=1

另外，样本已改为文本后缀。

显示全部楼层 · 发表于 2009-11-11 22:19:31

McAfee W32/Fujacks.ay

显示全部楼层 · 发表于 2009-11-11 22:31:18

Win32:Viking-CD [Wrm]

显示全部楼层 · 发表于 2009-11-11 22:31:48

A2 报毒

显示全部楼层 · 发表于 2009-11-11 22:31:58

　　用在线沙盘试下

显示全部楼层 · 发表于 2009-11-11 22:32:06

这报的AV还是蛮多de
楼主用的哪款AV啊？

File Ghost.rar received on 2009.11.11 14:30:04 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 30/41 (73.18%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.11 -
AhnLab-V3 5.0.0.2 2009.11.11 -
AntiVir 7.9.1.61 2009.11.11 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.11.11 -
Authentium 5.2.0.5 2009.11.11 W32/Autorun.QD
Avast 4.8.1351.0 2009.11.11 Win32:Viking-CD
AVG 8.5.0.423 2009.11.11 SHeur2.BEGD.dropper
BitDefender 7.2 2009.11.11 Win32.Viking.ARA
CAT-QuickHeal 10.00 2009.11.11 W32.Agent.DP
ClamAV 0.94.1 2009.11.11 Worm.Fujack-55
Comodo 2918 2009.11.11 Worm.Win32.Autorun.AntiAV_M0
DrWeb 5.0.0.12182 2009.11.11 Win32.HLLW.Viking.54
eSafe 7.0.17.0 2009.11.11 Suspicious File
eTrust-Vet 35.1.7115 2009.11.11 -
F-Prot 4.5.1.85 2009.11.10 W32/Autorun.QD
F-Secure 9.0.15370.0 2009.11.09 Win32.Viking.AQ
Fortinet 3.120.0.0 2009.11.11 W32/Fujacks.YA
GData 19 2009.11.11 Win32.Viking.ARA
Ikarus T3.1.1.74.0 2009.11.11 Trojan-Downloader.Win32.Jadtre
Jiangmin 11.0.800 2009.11.11 Win32/Agent.j
K7AntiVirus 7.10.893 2009.11.10 -
Kaspersky 7.0.0.125 2009.11.11 Virus.Win32.Agent.dp
McAfee 5798 2009.11.10 W32/Fujacks.ay
McAfee+Artemis 5798 2009.11.10 W32/Fujacks.ay
McAfee-GW-Edition 6.8.5 2009.11.11 Trojan.Dropper.Gen
Microsoft 1.5202 2009.11.11 Virus:Win32/Viking.NG
NOD32 4596 2009.11.11 Win32/AutoRun.AntiAV.M
Norman 6.03.02 2009.11.10 -
nProtect 2009.1.8.0 2009.11.11 -
Panda 10.0.2.2 2009.11.10 W32/Agent.MWO
PCTools 7.0.3.5 2009.11.11 Net-Worm.Fujacks
Prevx 3.0 2009.11.11 -
Rising 22.21.02.09 2009.11.11 Win32.Agent.hb
Sophos 4.47.0 2009.11.11 Mal/Behav-215
Sunbelt 3.2.1858.2 2009.11.11 Worm.Win32.AutoRun.gss
Symantec 1.4.4.12 2009.11.11 W32.Fujacks.CB
TheHacker 6.5.0.2.065 2009.11.11 -
TrendMicro 9.0.0.1003 2009.11.11 PE_JEEFO.C
VBA32 3.12.10.11 2009.11.10 Worm.Win32.AutoRun.gss
ViRobot 2009.11.11.2031 2009.11.11 -
VirusBuster 4.6.5.0 2009.11.10 -

显示全部楼层 · 发表于 2009-11-11 22:32:22

红伞灭
TR/Dropper.Gen

显示全部楼层 · 发表于 2009-11-11 22:39:59

2009/11/11 22:39:07 已清除病毒 Worm.Win32.AutoRun.gss G:\Temp\Virus\Ghost.rar/Ghost.txt//PE_Patch.UPX//UPX

显示全部楼层 · 发表于 2009-11-11 22:57:03

我直接不能下载。。。。

显示全部楼层 · 发表于 2009-11-11 23:12:56

这不是我的pc 。已经中招了，已经用virscan扫过了，在救援区

[ 本帖最后由拿贝马凡于 2009-11-11 23:14 编辑 ]

[病毒样本] 今中ghost.exe病毒，特发样本上来，请各位帮忙分析下

本帖子中包含更多资源

本帖子中包含更多资源