IEXPLORER 伪装 + rose变种sal.xls.exe

显示全部楼层 · 发表于 2007-3-26 08:46:46

RTRTRRTRTRTRRT

[ 本帖最后由 Snorelax 于 2007-3-26 08:48 编辑 ]

显示全部楼层 · 发表于 2007-3-26 08:47:26

Scan performed at: 2007-3-26 8:47:39
Scanning Log
NOD32 version 2144 (20070325) NT
Command line: C:\Documents and Settings\EQ2\桌面\小说.htm.rar
Operating memory - is OK

Date: 26.3.2007 Time: 08:47:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\小说.htm.rar
C:\Documents and Settings\EQ2\桌面\小说.htm.rar ?RAR ?sal.xls.rar ?RAR ?sal.xls.exe - Win32/VB.EL worm - was a part of the deleted object
Number of scanned files: 3
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 08:47:43 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-3-26 08:49:16

好难得看到XX真正的报启发
AntiVir  Found WORM/VB.EL.1, HEUR-DBLEXT/Worm.Gen
ArcaVir  Found Worm.Vb.El
Avast  Found Win32:Delf-DRO
AVG Antivirus  Found Worm/VB.AIF
BitDefender  Found Win32.Almsfir.VB.A
ClamAV  Found nothing
Dr.Web  Found Trojan.Igidak
F-Prot Antivirus  Found unknown virus, W32/Backdoor.VXI (probable variant)
F-Secure Anti-Virus  Found Worm.Win32.VB.el
Fortinet  Found W32/VB.CYJ!worm
Kaspersky Anti-Virus  Found Worm.Win32.VB.el
NOD32  Found Win32/VB.EL
Norman Virus Control  Found nothing
Panda Antivirus  Found Trj/VB.RR
VirusBuster  Found Worm.VB.ZQF
VBA32  Found Worm.Win32.VB.el

显示全部楼层 · 发表于 2007-3-26 08:56:01

啊拉学校没杀软,搞死我了这两个

显示全部楼层 · 发表于 2007-3-26 08:57:31

AntiVir  Found WORM/VB.EL.1
ArcaVir  Found Worm.Vb.El
Avast  Found Win32:VB-CMX
AVG Antivirus  Found Worm/VB.AIF
BitDefender  Found Win32.Almsfir.VB.A
ClamAV  Found nothing
Dr.Web  Found Trojan.Igidak
F-Prot Antivirus  Found W32/Backdoor.VXI
F-Secure Anti-Virus  Found Worm.Win32.VB.el
Fortinet  Found W32/VB.CYJ!worm
Kaspersky Anti-Virus  Found Worm.Win32.VB.el
NOD32  Found Win32/VB.EL
Norman Virus Control  Found W32/VBWorm.MZZ
Panda Antivirus  Found Trj/VB.RR
VirusBuster  Found Worm.VB.ZQF
VBA32  Found Worm.Win32.VB.el

显示全部楼层 · 发表于 2007-3-26 08:58:58

用压缩的放到多引擎报两个。。解压后将里面的文件放到多引擎只报一个。。令人无语

显示全部楼层 · 发表于 2007-3-26 09:00:52

另外那个IE貌似只有avast报

显示全部楼层 · 发表于 2007-3-26 09:13:05

报那个文件是因为扩展名的原因

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\С˵.htm.rar'
C:\Documents and Settings\morgan\My Documents\
  С˵.htm.rar
[0] Archive type: RAR
--> Ð¡Ëµ.htm.exe
--> sal.xls.rar
      [DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Worm.Gen
      [WARNING] Infected files in archives cannot be repaired!
      [1] Archive type: RAR
      --> sal.xls.exe
         [DETECTION] Contains signature of the worm WORM/VB.EL.1
         [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-3-26 09:13:55

小说的那个东西已经上报了

显示全部楼层 · 发表于 2007-3-26 10:08:08

C:\Documents and Settings\admin\桌面\小说[1].htm.rar/sal.xls.rar/sal.xls.exe -> Worm.VB.el : 未进行操作.
报毒！ AVG

[病毒样本] IEXPLORER 伪装 + rose变种sal.xls.exe

本帖子中包含更多资源