一个过NOD32的病毒，金山网盾拦截了

显示全部楼层 · 发表于 2011-1-8 15:21:57

Antivirus	Version	Last Update	Result
AhnLab-V3	2011.01.08.00	2011.01.07	Packed/Win32.PePatch
AntiVir	7.11.1.57	2011.01.07	TR/Crypt.ULPM.Gen
Antiy-AVL	2.0.3.7	2011.01.08	Packed/Win32.PePatch.gen
Avast	4.8.1351.0	2011.01.07	-
Avast5	5.0.677.0	2011.01.07	-
AVG	9.0.0.851	2011.01.08	-
BitDefender	7.2	2011.01.08	-
CAT-QuickHeal	11.00	2011.01.07	-
ClamAV	0.96.4.0	2011.01.08	-
Command	5.2.11.5	2011.01.08	W32/Downloader.10!Generic
Comodo	7331	2011.01.07	Packed.Win32.MUPX.Gen
DrWeb	5.0.2.03300	2011.01.08	-
Emsisoft	5.1.0.1	2011.01.08	Packed.Win32.PePatch!IK
eSafe	7.0.17.0	2011.01.06	-
eTrust-Vet	36.1.8087	2011.01.07	-
F-Prot	4.6.2.117	2011.01.07	W32/Downloader.10!Generic
F-Secure	9.0.16160.0	2011.01.08	-
Fortinet	4.2.254.0	2011.01.07	-
GData	21	2011.01.08	-
Ikarus	T3.1.1.90.0	2011.01.08	Packed.Win32.PePatch
Jiangmin	13.0.900	2011.01.08	-
K7AntiVirus	9.75.3472	2011.01.07	Virus
Kaspersky	7.0.0.125	2011.01.08	Packed.Win32.PePatch.lx
McAfee	5.400.0.1158	2011.01.08	Generic Malware.co
McAfee-GW-Edition	2010.1C	2011.01.08	Generic Malware.co
Microsoft	1.6402	2011.01.08	-
NOD32	5768	2011.01.07	-
Norman	6.06.12	2011.01.07	-
nProtect	2011-01-08.01	2011.01.08	-
Panda	10.0.2.7	2011.01.07	Trj/CI.A
PCTools	7.0.3.5	2011.01.08	-
Prevx	3.0	2011.01.08	-
Rising	22.81.05.00	2011.01.08	Trojan.PSW.Win32.GenFxj.a
Sophos	4.61.0	2011.01.08	Mal/HckPk-A
SUPERAntiSpyware	4.40.0.1006	2011.01.08	-
Symantec	20101.3.0.103	2011.01.08	-
TheHacker	6.7.0.1.112	2011.01.08	-
TrendMicro	9.120.0.1004	2011.01.08	PAK_Generic.002
TrendMicro-HouseCall	9.120.0.1004	2011.01.08	-
VBA32	3.12.14.2	2011.01.06	-
VIPRE	7992	2011.01.08	Trojan.Win32.Generic!BT
ViRobot	2011.1.8.4243	2011.01.08	-
VirusBuster	13.6.134.0	2011.01.07	-

显示全部楼层 · 发表于 2011-1-8 15:25:26

http://samples.eset.com.cn/index ... 574c13dc6ba23badb0b

显示全部楼层 · 发表于 2011-1-8 15:28:43

回复 1楼 Витас 的帖子

eset可以识别请开启潜在的不受欢迎应用程序
2011-1-8 15:26:23 HTTP 过滤器文件 http://bbs.kafan.cn/forum-attach ... IxfDQzNzY2NA==.html 可能是 Win32/Statik 潜在的不受欢迎应用程序的变种连接中断 - 已隔离 PC-20110106OORQ\Administrator 通过应用程序访问 web 时检测到威胁: I:\Program Files\TheWorld 3\TheWorld.exe.

显示全部楼层 · 发表于 2011-1-8 15:35:04

本帖最后由 Витас 于 2011-1-8 15:38 编辑

回复 3楼 dalianjhc1986 的帖子

网页防病毒引擎和本地引擎安全等级不一样，有些病毒通过IE下载是查的出来，但通过QQ发过来就查不出来了。
我刚才自己下载，NOD32也拦截下来了，可是用本地扫描就查不出。。

显示全部楼层 · 发表于 2011-1-8 15:37:38

回复 4楼 Витас 的帖子

嗯我说的是eset可以识别没有阻止你上报呵呵

显示全部楼层 · 发表于 2011-1-8 15:39:47

网页启发
to eset

http://samples.eset.com.cn/index ... 7308161639b4a550ea4

显示全部楼层 · 发表于 2011-1-8 15:56:05

显示全部楼层 · 发表于 2011-1-8 16:08:44

卡巴直接拦截。。没压力

显示全部楼层 · 发表于 2011-1-8 16:50:55

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Tim\My Documents\Downloads\我的最新照片.rar'
C:\Documents and Settings\Tim\My Documents\Downloads\我的最新照片.rar
[0] Archive type: RAR
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> ￎￒﾵￄￗ￮￐ￂￕￕￆﾬ.exe
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE]    A backup was created as 'bf2e3ae5.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: Saturday, 8 January, 2011  16:49
Used time: 00:32 Minute(s)

The scan has been done completely.

   0 Scanned directories
   2 Files were scanned
   1 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   1 files were deleted
   0 Viruses and unwanted programs were repaired
   1 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2011-1-8 17:10:31

大蜘蛛clean，加了壳：
/=CE=D2=B5=C4=D7=EE=D0=C2=D5=D5=C6=AC.exe packed by FLY-CODE
已上报！

[病毒样本] 一个过NOD32的病毒，金山网盾拦截了

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块