网马，kav6和avast挂

mofunzone

nod居然杀出来了，难得难得
File:         fan.rar
Status:         INFECTED/MALWARE
MD5         7e4f00690922dbd5f8b76d2ff9dd3bb9
Packers detected:         -

Scanner results
Scan taken on 03 May 2007 06:23:42 (GMT)
A-Squared         Found nothing
AntiVir         Found TR/Drop.Ag.344576.B
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found GenPack:Generic.Viking.7D070A5D
ClamAV         Found nothing
Dr.Web         Found Trojan.PWS.Maran
F-Prot Antivirus         Found Possibly a new variant of W32/PWStealer1!Generic
F-Secure Anti-Virus         Found nothing
Fortinet         Found nothing
Kaspersky Anti-Virus         Found nothing
NOD32         Found Win32/Pacex.Gen
Norman Virus Control         Found nothing
Panda Antivirus         Found nothing
Rising Antivirus         Found nothing
VirusBuster         Found nothing
VBA32         Found Trojan-PSW.Win32.OnLineGames.mn

wj730327

KAV-Longhorn

卡巴和DRWEB都报了

tracydk

Starting the file scan:

Begin scan in 'F:\样本\fan.rar'
F:\样本\fan.rar
  [0] Archive type: RAR
  --> fan.exe
      [DETECTION] Is the Trojan horse TR/Drop.Ag.344576.B
      [INFO]      The file was deleted!

漂泊

Antivirus	Version	Update	Result
AhnLab-V3	2007.5.3.1	05.03.2007 [td]no virus found
AntiVir	7.4.0.15	05.03.2007	TR/Drop.Ag.344576.B
Authentium	4.93.8	05.02.2007	Possibly a new variant of W32/PWStealer1!Generic
Avast	4.7.997.0	05.03.2007	Win32:Agent-EWQ
AVG	7.5.0.467	05.02.2007 [td]no virus found
BitDefender	7.2	05.03.2007	GenPack:Generic.Viking.7D070A5D
CAT-QuickHeal	9.00	04.30.2007	(Suspicious) - DNAScan
ClamAV	devel-20070416	05.03.2007	Trojan.Spy-4054
DrWeb	4.33	05.03.2007	Trojan.PWS.Maran
eSafe	7.0.15.0	05.03.2007	suspicious Trojan/Worm
eTrust-Vet	30.7.3611	05.02.2007 [td]no virus found
Ewido	4.0	05.02.2007 [td]no virus found
FileAdvisor	1	05.03.2007 [td]no virus found
Fortinet	2.85.0.0	05.03.2007	suspicious
F-Prot	4.3.2.48	05.02.2007	W32/PWStealer1!Generic
F-Secure	6.70.13030.0	05.03.2007 [td]no virus found
Ikarus	T3.1.1.7	05.03.2007	MalwareScope.Worm.Viking.3
Kaspersky	4.0.2.24	05.03.2007 [td]no virus found
McAfee	5022	05.02.2007 [td]no virus found
Microsoft	1.2503	05.03.2007 [td]no virus found
NOD32v2	2235	05.02.2007	Win32/Pacex.Gen
Norman	5.80.02	05.02.2007 [td]no virus found
Panda	9.0.0.4	05.02.2007	Suspicious file
Prevx1	V2	05.03.2007 [td]no virus found
Sophos	4.17.0	05.01.2007	Mal/EncPk-F
Sunbelt	2.2.907.0	05.03.2007 [td]no virus found
Symantec	10	05.03.2007 [td]no virus found
TheHacker	6.1.6.104	04.15.2007 [td]no virus found
VBA32	3.11.4	05.02.2007	Trojan-PSW.Win32.OnLineGames.mn
VirusBuster	4.3.7:9	05.02.2007 [td]no virus found
Webwasher-Gateway	6.0.1	05.03.2007	Trojan.Drop.Ag.344576.B

aoyang

[:27:]

大蜘蛛发现了

欠妳緈諨

事实证明AVAST没有挂

solcroft

生成了一个commond.pif，这么多杀软挂了是因为扫描不到母体里embedded文件的缘故，一解放出来的话就要被KO了

worker321

反病毒专家 AntiVirusKit 2006 扫描病毒日志记录
版本 16.0.7
双引擎反病毒签名 2007-5-3
开始时间: 2007-5-3 16:55
引擎: KAV 引擎 (AVK 16.10153), BD 引擎 (BD 16.6079)
高启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: fan.exe
        在压缩档案里: C:\Documents and Settings\Administrator\桌面\fan.rar
        Status: 已发现病毒
        病毒: GenPack:Generic.Viking.7D070A5D (BD 引擎)
对象: fan.rar
        路径: C:\Documents and Settings\Administrator\桌面
        Status: 已发现病毒
        病毒: GenPack:Generic.Viking.7D070A5D (BD 引擎)
扫描完成: 2007-5-3 16:55
    已检查 1 个文件
    已发现 1 个染毒文件
    发现 0 个可疑文件