~样本~

tonger2003

2

The EQs

Scan performed at: 2007-4-6 14:56:19
Scanning Log
NOD32 version 2170 (20070405) NT
Command line: C:\Documents and Settings\EQ2\桌面\mm.rar C:\Documents and Settings\EQ2\桌面\1.rar
Operating memory - is OK

Date: 6.4.2007  Time: 14:56:23
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\mm.rar; C:\Documents and Settings\EQ2\桌面\1.rar
C:\Documents and Settings\EQ2\桌面\1.rar ?RAR ?1.js - a variant of Win32/TrojanDownloader.Ani.Gen trojan
Number of scanned files: 4
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 14:56:23 Total scanning time: 0 sec (00:00:00)

mofunzone

受不了了，换回去antivir了
这两个样本antivir都报了。。
不过自己从网上拉的一片网马nod
亏我还给nod准备了这么多样本准备试试ess呢。。

[ 本帖最后由 mofunzone 于 2007-4-5 23:01 编辑 ]

观弈书童

1.js - a variant of Win32/TrojanDownloader.Ani.Gen 木马

黑衣~魂

咖啡通殺
McAfee 已自動封鎖並移除 特洛伊病毒。
詳細資料
偵測: PWS-QQPass (特洛伊病毒), PWS-QQPass (特洛伊病毒)
檔案路徑: C:\Documents and Settings\all.HOME-\桌面\mm.exe

偵測: Exploit-ANIfile.c (特洛伊病毒)
檔案路徑: C:\Documents and Settings\all.HOME-\桌面\1.js

harry_chang2003

ＰＣＣ２００７掃到一隻

bridgewr

一个脚本一个可执行程序，微点杀了可执行程序

永恒の回忆

金山可以扫到1只

KAV-Longhorn

红伞全毙了

Starting the file scan:

Begin scan in 'C:\Documents and Settings\FEAR\My Documents\1.rar'
C:\Documents and Settings\FEAR\My Documents\1.rar
  [0] Archive type: RAR
  --> 1.js
      [DETECTION] Contains signature of the exploits EXP/Ani.Gen
      [INFO]      The file was moved to '4687fc8a.qua'!
Begin scan in 'C:\Documents and Settings\FEAR\My Documents\mm.rar'
C:\Documents and Settings\FEAR\My Documents\mm.rar
  [0] Archive type: RAR
  --> mm.exe
      [DETECTION] Is the Trojan horse TR/PSW.Steal.27568
      [INFO]      The file was moved to '4643fcca.qua'!

soul20010

BD10:
C:\Documents and Settings\\桌面\1.rar=>1.js        Infected: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\\桌面\mm.rar=>mm.exe        Infected: Generic.PWStealer.5179A72C