qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)

显示全部楼层 · 发表于 2010-8-14 13:20:26

210

ESET NOD32 emptied.
db1.e3xe - Win32/Adware.WSearch.AJ 应用程序的变种
qd.ex2e - Win32/Adware.WSearch.AJ 应用程序的变种

显示全部楼层 · 发表于 2010-8-14 14:17:17

#210
FS.
qd.e3xe - Generic.Rugo.BEFB6476
db1.ex2e - Generic.Rugo.A37048A0
killed both.

显示全部楼层 · 发表于 2010-8-14 14:27:21

210
panda heuristic
to xandora(panda)

显示全部楼层 · 发表于 2010-8-20 13:04:59

本帖最后由 sam.to 于 2010.8.20 19:26 编辑

1672a1d2bf855a2089f73222b535fa44 db1.e3xe
3e6416ad5cc8e036bbe71f763c49b68d qd.ex2e

to kl,ll,mcafee,comodo,avira

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25854651	db1.e3xe	384 KB	UNDER ANALYSIS
25854652	qd.ex2e	424 KB	UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename

Result

db1.e3xe

MALWARE

The file 'db1.e3xe' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.ex2e

MALWARE

The file 'qd.ex2e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.AA.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2010-8-20 13:41:09

回复 214楼 sam.to 的帖子

ess 清空

显示全部楼层 · 发表于 2010-8-20 14:06:51

新样本过咖啡，已上报

显示全部楼层 · 发表于 2010-8-20 15:57:18

fs kill all

显示全部楼层 · 发表于 2010-8-20 16:19:06

本帖最后由 sam.to 于 2010.8.20 17:30 编辑

a6aa1046106f3792f713038d30ba573e qd.exe
10ea992717d29c5745aee6e13f98e0e9 db1.e3xe

to kl,ll,mcafee,comodo,avira

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25854948	db1.e3xe	384 KB	UNDER ANALYSIS
25854949	qd.ex3e	424 KB	UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename

Result

db1.e3xe

MALWARE

The file 'db1.e3xe' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.AC.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.ex3e

MALWARE

The file 'qd.ex3e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.AF.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2010-8-20 16:19:42

新样本过咖啡，已上报
wangyuli100 发表于 2010.8.20 14:06

我不是已上报嗎

显示全部楼层 · 发表于 2010-8-20 16:23:30

回复 219楼 sam.to 的帖子

不好意思，没注意到，

下次注意

[病毒样本] qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)