高质量

显示全部楼层 · 发表于 2010-12-16 11:47:06

大蜘蛛MISS，已上报

显示全部楼层 · 发表于 2010-12-16 11:51:45

http://samples.eset.com.cn/index ... 6e6ecf91add18b225a3

显示全部楼层 · 发表于 2010-12-16 11:56:59

本帖最后由 fatezero 于 2010-12-16 12:53 编辑

10/43 (23.3%)

TO KL

Hello,

sex18girl_898_mm36.exe_ - Trojan-Downloader.Win32.NSIS.gk

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

Regards, Vitaly Vorobiov
Virus Analyst

显示全部楼层 · 发表于 2010-12-16 12:00:13

2010-12-16 10:36:20 运行应用程序    操作:允许
进程路径:C:\WINDOWS\explorer.exe
文件路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
触发规则:应用程序规则->父进程威胁提示Ⅰ->%systemroot%\*

2010-12-16 10:37:54 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=ie& ... dbf53e4e24a49d9cccc
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:37:58 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=qia ... bf53e4e24a49d9dcddd
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:38:41 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\a1_103734.exe
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:38:51 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\b1_103734.exe
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:39:25 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=ooo ... dbf53e4e24a49d92f23
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:39:32 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=suy ... bf53e4e24a49d93aaua
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:40:21 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=oo& ... 53e4e24a49d93342i34
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:41:09 运行应用程序    操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\a1_103734.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\uninst.exe
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:41:12 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=4&a ... 53e4e24a49d9d5253o3
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:41:24 运行应用程序    操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\uninst.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe
命令行: _?=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:41:29 运行应用程序    操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\b1_103734.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\648.exe
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:41:39 运行应用程序    操作:允许
进程路径:C:\Documents and Settings\Administrator\Local Settings\Temp\c1_103734.exe
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\64365.exe
触发规则:所有程序规则->威胁提示Ⅰ->?:\Documents and Settings\*\Local Settings\Temp\*

2010-12-16 10:42:03 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=5&a ... f53e4e24a49d9d12o23
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

2010-12-16 10:42:57 运行应用程序    操作:允许
进程路径:F:\virus test-实机\sex18girl_898_mm36\sex18girl_898_mm36.exe
文件路径:C:\Program Files\Internet Explorer\iexplore.exe
命令行:http://s252.best1122.info/?i=ooo ... dbf53e4e24a49d9asod
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe

显示全部楼层 · 发表于 2010-12-16 12:11:06

回复 2楼 ywsuda 的帖子

怎么回事呢?我的可牛不报.........??????

显示全部楼层 · 发表于 2010-12-16 12:12:27

回复 7楼 xwhmm 的帖子

不支持压缩包

显示全部楼层 · 发表于 2010-12-16 12:20:54

的确高质量，过卡巴2011

显示全部楼层 · 发表于 2010-12-16 12:25:23

miss,to avast!

显示全部楼层 · 发表于 2010-12-16 12:31:47

360sd四引擎的12月7日病毒库的没报~~QVM不咋地嘛~~

显示全部楼层 · 发表于 2010-12-16 12:33:55

金山报了~~

[病毒样本] 高质量

浏览过的版块