多变种感染,能取exe图标,所以感染头是多变的

qqq000@qq.com

凝逸反毒-[凝逸.分析感染PE引擎]-示范1
原贴
http://bbs.kafan.cn/viewthread.php?tid=78239&extra=page%3D2
感染的exe 在这下
http://bbs.kafan.cn/attachment.php?aid=60293


这个是多变种感染,能取exe图标,所以感染头是多变的,
只好用  凝逸反毒-PE修复感染
pe分解出3个pe,
1.2是病毒头,
3.是正常的exe
===============
              [凝逸反毒] (http://hi.baidu.com/503165656)
       [凝逸.分析感染PE引擎-日志]       2007.4.27 13:42:27
文件:F:\070426\0012\新建文件夹\AcroRd31感染.exe | PE数量:
操作:
     ┝1
     ┝2
     ┝3
扫描完成|感染:1 文件:1|耗时:310
=============

========================
右建>修复文件,
会删除第一个pe,
====
文件:F:\070426\0012\新建文件夹\AcroRd31感染.exe | PE数量:
操作:修复文件
     ┝2
     ┝3
============
已删除第1个pe,
现在要从扫描一次才行
(下版在改成:不用在次扫描)
============



        [第2次扫描]

----------
              [凝逸反毒] (http://hi.baidu.com/503165656)
       [凝逸.分析感染PE引擎-日志]       2007.4.27 14:13:36
文件:F:\070426\0012\新建文件夹\AcroRd31感染.exe | PE数量:
操作:
     ┝1
     ┝2
扫描完成|感染:1 文件:1|耗时:290
----------

在次修复后,exe 已还原,修复完成

















==========
               凝逸反毒

    类型:共享软件/杀毒软件
运行环境:简体.繁体.英文WIN系统
[扫描病毒]
     清除灰鸽子,威金,熊猫,金猪,蓝天草地,木马,终结者,U盘病毒等
[凝逸.分析感染PE引擎]
     分析PE(exe),修复威金,熊猫,金猪,U盘病毒(各种未知变种)等所感染的PE
(exe)
[清除网页病毒]
    清除网页病毒代码与病毒网址
凝逸实验室
                       作者:凝逸
凝逸反毒
主页:[hi.baidu.com/503165656]
软件:[503165656.ys168.com]
客服QQ:503165656
TM群:24874517

华军软件-下载
http://www.onlinedown.net/soft/56156.htm
天空软件-下载
http://www.skycn.com/soft/32883.html

qqq000@qq.com

http://bbs.kafan.cn/viewthread.p ... &extra=page%3D2

没有原来的没感染的exe
icka 你看下
AcroRd31修复后的[1].exe
AcroRd31修复后的[2].exe

那个正常

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\新建文件夹.rar'
C:\Documents and Settings\morgan\My Documents\
  新建文件夹.rar
    [0] Archive type: RAR
    --> Hash±»¸ÐȾ.exe
        [DETECTION] Is the Trojan horse TR/Drop.Agent.12800
        [WARNING]   Infected files in archives cannot be repaired!
    --> Hash.exe
        [INFO]      The file was deleted!

qqq000@qq.com

原与修复后的exe

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\0012.rar'
C:\Documents and Settings\morgan\My Documents\
  0012.rar
    [0] Archive type: RAR
    --> н¨Îļþ¼Ð.rar
        [1] Archive type: RAR
        --> Hash±»¸ÐȾ.exe
            [DETECTION] Is the Trojan horse TR/Drop.Agent.12800
            [WARNING]   Infected files in archives cannot be repaired!
        --> Hash.exe
    --> Hash±»¸ÐȾ.exe[ÐÞ¸´ºóµÄ][1].exe
    --> Hash±»¸ÐȾ.exe[ÐÞ¸´ºóµÄ][2].exe
        [INFO]      The file was deleted!

bridgewr

感染体被微点干掉了，但是源文件也被杀了，等微点的扫描出来这个问题就可以解决了，清除病毒体，而保留源文件

scottxzt

看来来介绍分析病毒样本的杀软了

电影结束了

Scan performed at: 2007-4-27 16:16:31
Scanning Log
NOD32 version 2222 (20070426) NT
Command line: F:\1AcroRd31感染.rar
C:\Program Files\Eset\nod32.exe - is OK
Operating memory - is OK
MBR sector of the 1. physical disk - is OK
Active boot sector of the 1. physical disk - is OK - Error reading disk sectorError reading disk sectorError reading disk sectorError reading disk sector

Date: 27.4.2007  Time: 16:16:42
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\1AcroRd31感染.rar
F:\1AcroRd31感染.rar ?RAR ?1AcroRd31感染.exe - probably unknown NewHeur_PE virus [7]
Number of scanned files: 2
Number of threats found: 1
Number of active threats: 1
Time of completion: 16:16:47 Total scanning time: 5 sec (00:00:05)

Notes:
[7] File is probably infected with an unknown virus.
Scan performed at: 2007-4-27 16:18:53
Scanning Log
NOD32 version 2222 (20070426) NT
Command line: F:\0012.rar
C:\Program Files\Eset\nod32.exe - is OK
Operating memory - is OK
MBR sector of the 1. physical disk - is OK
Active boot sector of the 1. physical disk - is OK - Error reading disk sectorError reading disk sectorError reading disk sectorError reading disk sector
Date: 27.4.2007  Time: 16:18:59
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\0012.rar
F:\0012.rar ?RAR ?新建文件夹.rar ?RAR ?Hash被感染.exe - probably unknown NewHeur_PE virus [7]
F:\0012.rar ?RAR ?新建文件夹.rar ?RAR ?Hash.exe - is OK
F:\0012.rar ?RAR ?Hash被感染.exe[修复后的][1].exe - is OK
F:\0012.rar ?RAR ?Hash被感染.exe[修复后的][2].exe - is OK
Number of scanned files: 5
Number of threats found: 1
Number of active threats: 1
Time of completion: 16:19:03 Total scanning time: 4 sec (00:00:04)
Notes:
[7] File is probably infected with an unknown virus.

[ 本帖最后由 电影结束了 于 2007-4-27 16:19 编辑 ]

qqq000@qq.com

凝逸反病毒 升级了 5.9版
http://www.skycn.com/soft/32883.html
改了多个 几个错误
升吧
===



病毒总数=3293
C病毒数量=4

[病毒库列表]
20070415_163123_0395.axx | 病毒数:395
20070416_140030_0305.axx | 病毒数:305
20070416_225538_0316.axx | 病毒数:316
20070418_185324_0202.axx | 病毒数:202
20070419_000113_1391.axx | 病毒数:1391
20070419_111943_0103.axx | 病毒数:103
20070421_123631_0091.axx | 病毒数:91
20070422_221120_0149.axx | 病毒数:149
20070425_180609_0190.axx | 病毒数:190
20070426_1283389_0002.axx | 病毒数:2
20070426_2803399_0004.axx | 病毒数:4
20070427_193713_0145.axx | 病毒数:145

scottxzt

杀了