本帖最后由 c5132902 于 2010-1-24 19:20 编辑
每天上报三次
2010 1.24 [#2192820] virus
Hello ,
Thank you for contacting Sophos Technical Support.
This threat is now detected as Troj/KillAV-GH
The IDE to detect this threat is published in auto-ays.ide
Please update Sophos Anti-Virus, verify the IDE file mentioned above is located in C:\Program Files\Sophos\Sophos Anti-Virus\, and run a Full System Scan to clean up this threat.
---
To create a new Full System Scan to clean up threats, please perform the following:
You should turn off System Restore before running a Full System Scan. Go to Start > Control Panel > Performance and Maintenance. Double-click System and then select the System Restore tab. Select the Turn off System Restore on all drives checkbox, then click Apply and then Yes.
Right click the blue Sophos shield on the taskbar and choose "Open Sophos Anti-Virus"
Click on "Set up a new scan". Give the scan a name, ensure you have checkmarked all of the local hard drives and removable drives under My Computer and click on "Configure this scan" at the bottom.
On the Options tab, ensure that Scanning level is set to "Normal (recommended)". Under Scanning options, ensure that "Scan all files", "Scan for adware/PUAs" and "Scan for suspicious files and rootkits" are checkmarked.
Click on the Cleanup tab. Ensure that "Automatically clean up items that contain virus/spyware" is checkmarked and the two radio buttons are set to "Do nothing" (which actually means to leave the virus there, but block all access to it if cleanup fails). Checkmark "Automatically clean up adware/PUAs" and click OK.
Click on "Save and Start". Reboot the computer once the scan completes.
---
Alternatively, create a Sophos Bootable Anti-Virus CD and scan the machine from the bootable environment.
Sophos Bootable Anti-Virus: download and CD creation instructions:
http://www.sophos.com/support/knowledgebase/article/52011.html
You can download the Sophos Bootable Anti-Virus CD from the following URL:
https://secure.sophos.com/support/updates/dp/full/sbav_10_sfx.exe
Please submit any additional samples as per the following KB:
Submitting samples of suspicious files to Sophos
http://www.sophos.com/support/knowledgebase/article/11490.html
Regards,
Martin Merriman
Sophos Technical Support
www.sophos.com/support/
SOPHOS - simply secure
...............................................................................................................
2010 1.24 [#2192820] virus
Hello,
Thank you for sending samples to Sophos.
Please find below the details and new detections for your submitted samples.
virus.zip => archive
1 (1).txt => identity associated (New detection: Troj/Dropr-CO)
1.tmp => identity associated (New detection: Troj/Agent-MGN)
(dropped to %WINDOWS%\Temp\1.tmp by 1 (1).txt)
1 (11).txt => identity associated (New detection: Troj/DwnLdr-IAC)
x1c92055.dll => clean
(dropped to %WINDOWS%\Temp\x1c92055.dll by 1 (11).txt)
(dropped to %WINDOWS%\Temp\mpj74662.dll by 1 (13).txt)
1 (12).txt => identity associated (New detection: Troj/VB-EMH)
irc.txt => not detect-worthy
(dropped to %WINDOWS%\irc.txt by 1 (12).txt)
1 (13).txt => identity associated (New detection: Chk/MD5-JUX)
1 (14).txt => identity associated (New detection: Troj/Agent-MGO)
1 (8).txt => identity associated (New detection: Troj/Dropr-CN)
msdnomki.dll => detected as Mal/PdfExDr-B, Mal/Behav-170 (all product versions)
(dropped to %SYSTEM32%\msdnomki.dll by 1 (8).txt)
loaderadv705.exe => identity associated (New detection: Troj/Bredo-AG)
Recycle.exe => not detect-worthy
You can find the relevant virus details updated on our Sophos website.
Regards,
Alan Yeoh
Sophos Technical Support
www.sophos.com/support/
SOPHOS - simply secure
-----Original Message-----
From: suke.cl@qq.com
Sent: 24-Jan-2010 02:45 PM
To: samples@sophos.com,
Cc:
________________________________
WARNING: One or more of the attachments (virus.zip) in this e-mail have been removed because they might exhibit potentially malicious behaviour.
The original attachments have been automatically sent to SophosLabs for analysis. If the attachments are clean, you should receive them within 30 minutes of this e-mail.
If you have not received the attachments within 60 minutes of this e-mail and wish to receive them, please contact your local IT Service Desk and state the following:
ID: 4B5BC252_9871_3278_1
Server: uk-pmx2.brown.sophos
|
发表于 2010-1-24 16:20:04
楼主
自己的沙发 ·~
发表于 2010-1-24 16:22:02
VIP用戶的待遇就是好......
剩一个被HIPS 干掉了