qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)

sam.to

7080ee98ca2f0ca9ebc03c14ec932423   qd.ex2e
12d098a147f23a23523a79260113dc6d   db1.ex2e

to kl,ll,mcafee,comodo,avira

File ID	Filename	Size (Byte)	Result
25877929	750089-331.rar	357.81 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25877930	db1.ex2e	368 KB	UNDER ANALYSIS
25877931	qd.ex2e	408 KB	UNDER ANALYSIS

db1.ex2e - Trojan-Dropper.Win32.Agent.cyyi
qd.ex2e - Trojan-Dropper.Win32.Agent.cyyj

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Best Regards, Kaspersky Lab






Please find a detailed report concerning each individual sample below:

Filename

Result

db1.ex2e

MALWARE

The file 'db1.ex2e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/Wsearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.

Filename

Result

qd.ex2e

MALWARE

The file 'qd.ex2e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/Wsearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.

jayavira

回复 331楼 sam.to  的帖子
ess 清空

chenjava

to anchiva

submit to f-secure

BitDefender

回复 331楼 sam.to  的帖子

avira kill 2
   

sam.to

adf5b16e39f73f5cef51bb1ceadb305e   db1.exe1
62e1c352c18e001c49176627b5aacb91   qd.exe3

to kl,ll,mcafee,avira

File ID	Filename	Size (Byte)	Result
25878136	750089-336.rar	357.86 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25878137	db1.exe1	368 KB	UNDER ANALYSIS
25878138	qd.exe3	408 KB	UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename

Result

db1.exe1

MALWARE

The file 'db1.exe1' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Agent.agw.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.exe3

MALWARE

The file 'qd.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Agent.aha.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

瓜皮猫

ESS kill 2
2010/9/8 20:31:10        文件系统实时防护        文件        C:\Users\Desktop\750089-336\qd.exe3        Win32/Adware.WSearch.AN 应用程序 的变种        通过删除清除 - 已隔离                在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.
2010/9/8 20:31:09        文件系统实时防护        文件        C:\Users\Desktop\750089-336\db1.exe1        Win32/Adware.WSearch.AN 应用程序 的变种        通过删除清除 - 已隔离       
        在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe.

网名丢失

回复 336楼 sam.to  的帖子

楼主呀，是不是你最近都没有上报红伞呀，怎么老扫不出啊！

sam.to

回复

楼主呀，是不是你最近都没有上报红伞呀，怎么老扫不出啊！
网名丢失 发表于 2010.9.8 21:01

你看不到我已上报?

网名丢失

回复 339楼 sam.to  的帖子
The file 'qd.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Drop.Agent.aha.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.
没注意看你的英文描述！