一个包，蜘蛛杀剩下的仍上来

bridgewr

微点发现6个已知，2。exe运行后在样本目录中生成2个dll，但是没有写注册表，不知道是不是配置问题

欠妳緈諨

原帖由 bridgewr 于 2007-4-18 11:42 发表
微点发现6个已知，2。exe运行后在样本目录中生成2个dll，但是没有写注册表，不知道是不是配置问题

2。exe金山报风险程序，可能是广告！

dyw1021

费尔
2007-4-18 11:48:02,W32.Small.ERH.ovsv,病毒,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\svchost.exe,Manual scan
2007-4-18 11:48:02,TrojanDownloader.Xmdqmv.ijyq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\gamesetup.exe,Manual scan
2007-4-18 11:48:02,TrojanClicker.BHO.n.mfxu,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\game.exe,Manual scan
2007-4-18 11:48:02,W32.Small.ERH.ovsv,病毒,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\conime.exe,Manual scan
2007-4-18 11:48:02,TrojanDownloader.Cryptic.gen.fqoq,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\c0nime.exe,Manual scan
2007-4-18 11:48:02,Trojan.Tianpingc.jpck,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\bind.exe,Manual scan
2007-4-18 11:48:02,Trojan.Xuannia.impd.arc,木马,Administrator,C:\Documents and Settings\Administrator\桌面\1.rar>>已解压\2.exe,Manual scan

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\1.rar'
C:\Documents and Settings\morgan\My Documents\
  1.rar
    [0] Archive type: RAR
    --> Òѽâѹ\2.exe
    --> Òѽâѹ\bind.exe
        [DETECTION] Is the Trojan horse TR/Dldr.QQHelper.QZ.7
        [WARNING]   Infected files in archives cannot be repaired!
    --> Òѽâѹ\c0nime.exe
        [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> Òѽâѹ\conime.exe
        [DETECTION] Is the Trojan horse TR/Popwin.AD
        [WARNING]   Infected files in archives cannot be repaired!
    --> Òѽâѹ\game.exe
        [DETECTION] Is the Trojan horse TR/Drop.BHO.F.3
        [WARNING]   Infected files in archives cannot be repaired!
    --> Òѽâѹ\gamesetup.exe
        [DETECTION] Is the Trojan horse TR/Dldr.VB.atk.18
        [WARNING]   Infected files in archives cannot be repaired!
    --> Òѽâѹ\svchost.exe
        [DETECTION] Is the Trojan horse TR/Popwin.AD
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年4月17日  20:59
Used time: 00:09 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      6 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      7 Warnings
      0 Notes

野马

连微点这种不依赖特征码的都全部报已知了！
看来是大众快餐了！
2.exe运行后报已知

小邪邪

原帖由 蓝色牛仔裤 于 2007-4-18 11:33 发表
beta蜘蛛再杀4个...

看起来beta蜘蛛就是比正式版蜘蛛厉害了不少

欠妳緈諨

原帖由 小邪邪 于 2007-4-18 12:11 发表


看起来beta蜘蛛就是比正式版蜘蛛厉害了不少

测试版引擎升级了，当然厉害！

小邪邪

我也要来试试了这个beta引擎的威力了哈

小邪邪

[2.exe]
卡巴标准引擎|   not-a-virus:AdWare.Win32.NewWeb.w
大蜘蛛BETA引擎|  没有发现病毒

[bind.exe]
卡巴标准引擎|   Trojan-Downloader.Win32.QQHelper.qz
大蜘蛛BETA引擎|  没有发现病毒

[c0nime.exe]
BD标准引擎 |  GenPack:Trojan.Downloader.ACP
卡巴标准引擎|   Trojan-Downloader.Win32.Cryptic.gen
大蜘蛛BETA引擎|  Trojan.DownLoader.14143

[conime.exe]
BD标准引擎 |  Trojan.Popwin.AD
卡巴标准引擎|   Backdoor.Win32.Agent.ahj
大蜘蛛BETA引擎|  Trojan.Popwin.origin

[game.exe]
卡巴标准引擎|   Trojan-Clicker.Win32.BHO.n
大蜘蛛BETA引擎|  Trojan.Click.origin packed by BINARYRES

[gamesetup.exe]
卡巴标准引擎|   Trojan-Downloader.Win32.VB.atk
大蜘蛛BETA引擎|  没有发现病毒

[svchost.exe]
BD标准引擎 |  Trojan.Popwin.AD
卡巴标准引擎|   Backdoor.Win32.Agent.ahj
大蜘蛛BETA引擎|  Trojan.Popwin.origin

aoyang

8个