转剑盟的一个

The EQs

过了好多。。。。。。BD的启发查出来了。。。

伯夷叔齐

红伞报15个木马!!!


Begin scan in 'D:\Temp.rar'
D:\Temp.rar
  [0] Archive type: RAR
  --> fyso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> jtso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> mhso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qjso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qjso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qqso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qqso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wgso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wgso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wlso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wmso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> woso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> woso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> ztso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> ztso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [WARNING]   The file was ignored!

End of the scan: 2007年4月28日  14:44
Used time: 00:15 min
The scan has been done completely.
      0 Scanning directories
     18 Files were scanned
     15 viruses and/or unwanted programs were found
      0 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes
      0 Hidden objects were found

mofunzone

bd直接把东西解开了，antivir也不错，从结构查出。。
刚刚卸了kav7，准备装bd了。。
File:         Temp.rar
Status:         POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5         a3a8d2b5287fa161a4bce9a42ef7750e
Packers detected:         PE_PATCH, TELOCK

Scanner results
Scan taken on 28 Apr 2007 06:44:01 (GMT)
A-Squared         Found nothing
AntiVir         Found TR/Crypt.ULPM.Gen
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found DeepScan:Generic.PWS.Games.2E01505F, BehavesLike:Win32.ExplorerHijack, DeepScan:Generic.PWS.Games.57C69E09, Trojan.Peed.Gen, Dropped:Trojan.Peed.Gen, DeepScan:Generic.PWS.Games.4583A672, DeepScan:Generic.PWS.Games.304B19AE, DeepScan:Generic.PWS.Games.66818958, DeepScan:Generic.PWS.Games.320F57BC, DeepScan:Generic.PWS.Games.DA0C5963, DeepScan:Generic.PWS.Games.8D94AB59 (probable variant)
ClamAV         Found nothing
Dr.Web         Found nothing
F-Prot Antivirus         Found Possibly a new variant of W32/MalwareHiderPatched-based!Maximus
F-Secure Anti-Virus         Found nothing
Fortinet         Found nothing
Kaspersky Anti-Virus         Found nothing
NOD32         Found nothing
Norman Virus Control         Found nothing
Panda Antivirus         Found nothing
Rising Antivirus         Found nothing
VirusBuster         Found nothing
VBA32         Found nothing

The EQs

又是报X的。。。。加了 PE_PATCH, TELOCK

伯夷叔齐

这是红伞上传后的自动处理,报告的已知病毒为8个,准备分析的有8个,也就是说红伞所报的15个里面,有7个是启发


We received the following archive files:

File ID	Filename	Size (Byte)	Result
529754	Temp.rar	189.1 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
275427	fyso.exe	13.5 KB	MALWARE
275458	jtso.exe	12 KB	MALWARE
275429	mhso.exe	14 KB	MALWARE
529755	qjso0.dll	13.5 KB	UNDER ANALYSIS
529756	qjso.exe	13 KB	UNDER ANALYSIS
529757	qqso0.dll	7.5 KB	UNDER ANALYSIS
275456	qqso.exe	13 KB	MALWARE
529758	wgso0.dll	13.5 KB	UNDER ANALYSIS
529759	wgso.exe	14 KB	UNDER ANALYSIS
529760	winprx.exe	50.01 KB	UNDER ANALYSIS
529761	wlso.exe	13 KB	UNDER ANALYSIS
275461	wmso.exe	13 KB	MALWARE
529762	woso0.dll	9 KB	UNDER ANALYSIS
275457	woso.exe	13.5 KB	MALWARE
275431	ztso0.dll	9.5 KB	MALWARE
275464	ztso.exe	13.5 KB	MALWARE

Please find a detailed report concerning each individual sample below:

mofunzone

原帖由 EQ2 于 2007-4-27 22:47 发表
又是报X的。。。。加了 PE_PATCH, TELOCK

不懂得文件结构的人就不要乱叫了，我可以把雨伞的名字从nsanti改成nspm，只要改动一下结构，不过对于你来说，就继续认为是“报壳”吧，反正太深奥的你还不明白。

KAV-Longhorn

原帖由 mofunzone 于 2007-4-28 14:46 发表
bd直接把东西解开了，antivir也不错，从结构查出。。
刚刚卸了kav7，准备装bd了。。
File:         Temp.rar
Status:         POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this fil ...

呵呵，其实BD也没有传说中厉害，不必过于迷信。（我本人试过，感觉一般）

fanrubin

nod32过，郁闷

scottxzt

不谈启发,还剩8个,其它的杀软都没杀,晕.

伯夷叔齐

原帖由 scottxzt 于 2007-4-28 15:15 发表
不谈启发,还剩8个,其它的杀软都没杀,晕.

为什么不谈启发呢?!!!我认为用户的宗旨就是黑猫白猫,抓住耗子就是好猫.