这个进程可疑吗？

显示全部楼层 · 发表于 2007-3-23 14:11:24

原帖由 EQ2 于 2007-3-22 22:08 发表
LS的这个理论实在是。。。。。。

总比没反应强吧

显示全部楼层 · 发表于 2007-3-23 14:11:26

可以同时传几个附件的..

显示全部楼层 · 发表于 2007-3-23 14:13:49

第一次见到红伞开始真正的用这个来报壳。。。。感慨一下

显示全部楼层 · 发表于 2007-3-23 14:14:39

原帖由 EQ2 于 2007-3-22 22:13 发表
第一次见到红伞开始真正的用这个来报壳。。。。感慨一下

实际上很早就有了，pelock也是

显示全部楼层 · 发表于 2007-3-23 14:16:27

真搞不懂一个流氓加这么多壳干什么？？最多加两个壳就算了。。。。

显示全部楼层 · 发表于 2007-3-23 14:16:54

有问题..

Antivirus	Version	Update	Result
AhnLab-V3	2007.3.23.0	03.22.2007 [td]no virus found
AntiVir	7.3.1.44	03.22.2007 [td]no virus found
Authentium	4.93.8	03.22.2007 [td]no virus found
Avast	4.7.936.0	03.22.2007 [td]no virus found
AVG	7.5.0.447	03.22.2007 [td]no virus found
BitDefender	7.2	03.23.2007 [td]no virus found
CAT-QuickHeal	9.00	03.22.2007 [td]no virus found
ClamAV	devel-20070312	03.23.2007 [td]no virus found
DrWeb	4.33	03.22.2007	Trojan.MulDrop.5218
eSafe	7.0.14.0	03.22.2007	suspicious Trojan/Worm
eTrust-Vet	30.6.3504	03.23.2007 [td]no virus found
Ewido	4.0	03.22.2007 [td]no virus found
FileAdvisor	1	03.23.2007 [td]no virus found
Fortinet	2.85.0.0	03.23.2007	suspicious
F-Prot	4.3.1.45	03.22.2007 [td]no virus found
F-Secure	6.70.13030.0	03.22.2007	Trojan-Clicker.Win32.Flyst.d
Ikarus	T3.1.1.3	03.23.2007	Backdoor.Win32.PcClient.GV
Kaspersky	4.0.2.24	03.23.2007 [td]no virus found
McAfee	4990	03.22.2007 [td]no virus found
Microsoft	1.2306	03.23.2007 [td]no virus found
NOD32v2	2138	03.23.2007 [td]no virus found
Norman	5.80.02	03.22.2007 [td]no virus found
Panda	9.0.0.4	03.22.2007	Suspicious file
Prevx1	V2	03.23.2007 [td]no virus found
Sophos	4.15.0	03.23.2007	Mal/Packer
Sunbelt	2.2.907.0	03.22.2007 [td]no virus found
Symantec	10	03.23.2007 [td]no virus found
TheHacker	6.1.6.079	03.22.2007 [td]no virus found
UNA	1.83	03.16.2007 [td]no virus found
VBA32	3.11.2	03.22.2007	Virus.Win32.ZloyFly.a
VirusBuster	4.3.7:9	03.22.2007	Packed/NSPack
Webwasher-Gateway	6.0.1	03.23.2007	Packer.NSPack

Aditional Information

File size: 763724 bytes

MD5: 0029ea9aaa12d4fd8b49980751ccc21c

SHA1: 7bf3ccee5bd71da765609b05ee43e5e331fa5459

packers: NSPACK

packers: NSPack, PE_Patch

显示全部楼层 · 发表于 2007-3-23 14:20:29

Scanned file: aatievv.exe - Infected

aatievv.exe/krnln.fnr - OK
aatievv.exe/krnln.fnr - OK
aatievv.exe/internet.fne - OK
aatievv.exe/internet.fne - OK
aatievv.exe/eAPI.fne - OK
aatievv.exe/eAPI.fne - OK
aatievv.exe/HtmlView.fne - OK
aatievv.exe/HtmlView.fne - OK
aatievv.exe/shell.fne - OK
aatievv.exe/shell.fne - OK
aatievv.exe/RegEx.fne - OK
aatievv.exe/RegEx.fne - OK
aatievv.exe/Hook.dll - OK
aatievv.exe/script.fly - infected by Trojan-Clicker.Win32.Flyst.d

Statistics:

Known viruses:	284310	Updated:	23-03-2007
File size (Kb):	746	Virus bodies:	1
Files:	14	Warnings:	0
Archives:	1	Suspicious:	0

显示全部楼层 · 发表于 2007-3-23 15:17:44

显示全部楼层 · 发表于 2007-3-23 17:57:53

"NOD32, the greatest heuristics in the world."
某人的签名可能需要重新考虑一下

显示全部楼层 · 发表于 2007-3-23 18:29:20

[病毒样本] 这个进程可疑吗？

vt现在都不准了。。。

本帖子中包含更多资源

本帖子中包含更多资源