第一次发个样本..

znzm52

Antivirus	Version	Update	Result
AhnLab-V3	2007.3.30.0	03.29.2007 [td]no virus found
AntiVir	7.3.1.46	03.29.2007	HEUR/Malware
Authentium	4.93.8	03.30.2007	could be a corrupted executable file
Avast	4.7.936.0	03.29.2007	Win32:Hupigon-AMD
AVG	7.5.0.447	03.29.2007	BackDoor.Generic4.XYR
BitDefender	7.2	03.30.2007	Generic.Graybird.E1818512
CAT-QuickHeal	9.00	03.29.2007 [td]no virus found
ClamAV	devel-20070312	03.30.2007	Trojan.Hupigon-1634
DrWeb	4.33	03.29.2007	BackDoor.Graybird
eSafe	7.0.15.0	03.29.2007 [td]no virus found
eTrust-Vet	30.6.3522	03.29.2007 [td]no virus found
Ewido	4.0	03.29.2007	Backdoor.Hupigon.alw
FileAdvisor	1	03.30.2007 [td]no virus found
Fortinet	2.85.0.0	03.30.2007 [td]no virus found
F-Prot	4.3.1.45	03.30.2007	W32/Threat-Backdoor-Silly-based!Maximus
F-Secure	6.70.13030.0	03.30.2007	Backdoor.Win32.Hupigon.vt
Ikarus	T3.1.1.3	03.29.2007	Backdoor.Win32.Hupigon.VT
Kaspersky	4.0.2.24	03.30.2007	Backdoor.Win32.Hupigon.vt
McAfee	4995	03.29.2007 [td]no virus found
Microsoft	1.2306	03.30.2007 [td]no virus found
NOD32v2	2156	03.30.2007	a variant of Win32/GreyBird
Norman	5.80.02	03.29.2007 [td]no virus found
Panda	9.0.0.4	03.29.2007	Suspicious file
Prevx1	V2	03.30.2007 [td]no virus found
Sophos	4.16.0	03.29.2007	Troj/GrayBr-Gen
Sunbelt	2.2.907.0	03.29.2007 [td]no virus found
Symantec	10	03.30.2007	Backdoor.Graybird
TheHacker	6.1.6.080	03.23.2007 [td]no virus found
UNA	1.83	03.16.2007 [td]no virus found
VBA32	3.11.3	03.29.2007	Backdoor.Win32.Hupigon.vt
VirusBuster	4.3.7:9	03.29.2007 [td]no virus found
Webwasher-Gateway	6.0.1	03.30.2007	Heuristic.Malware

Aditional Information

File size: 395117 bytes

MD5: 1a1ca1f73ff5f1d1219594e65c1ea9da

SHA1: 1177a11f426edeb9a7a9ed1ce71123964fbd55d4

[ 本帖最后由 znzm52 于 2007-3-30 11:25 编辑 ]

The EQs

Scan performed at: 2007-3-30 12:04:04
Scanning Log
NOD32 version 2156 (20070330) NT
Command line: C:\Documents and Settings\EQ2\桌面\ADSL.rar
Operating memory - is OK

Date: 30.3.2007  Time: 12:04:07
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\ADSL.rar
C:\Documents and Settings\EQ2\桌面\ADSL.rar ?RAR ?ADSL.exe - a variant of Win32/GreyBird trojan
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 12:04:08 Total scanning time: 1 sec (00:00:01)

Nblock

adsl

观弈书童

ADSL.rar ?RAR ?ADSL.exe - a variant of Win32/GreyBird 木马

龙井茶

楼主多引擎扫描显示似乎都能杀啊,就不用传上来了吧.

Anycall-D908

ADSL这么古怪的名字?发作后有什么行为的?

jlennon

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.3.1
Virus signature file from: 2007-3-30, 6:08

Scan name: [Custom Scan]
Path to scan: C:\Documents and Settings\Administrator\桌面\ADSL.rar

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-3-30, 14:36:53
---------------------------------------------------------------------

[Found possible virus]         <W32/Threat-Backdoor-Silly-based!Maximus (not disinfectable)>        C:\Documents and Settings\Administrator\桌面\ADSL.rar->ADSL.exe
[Contains infected objects]        C:\Documents and Settings\Administrator\桌面\ADSL.rar
[Quarantined]        C:\Documents and Settings\Administrator\桌面\ADSL.rar->ADSL.exe

---------------------------------------------------------------------
Scan ended:        2007-3-30, 14:37:03
Duration:        0:00:10

Scan result:

Scanned files:                 1
Infected objects:         1
Disinfected objects:         0
Quarantined files:         1
---------------------------------------------------------------------

gggh

卡巴报警...