[MD5:A34AD9 093B5C B31D79] 华西BBS中过卡6

beat2

扫一扫

wangjay1980

detected: virus Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\3.zip/zlsb.exe//NSPack

The EQs

Scan performed at: 2007-6-10 15:27:54
Scanning Log
NOD32 version 2321 (20070610) NT
Command line: C:\Documents and Settings\EQ2\桌面\3
Operating memory - is OK

Date: 10.6.2007  Time: 15:27:58
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\3\
C:\Documents and Settings\EQ2\桌面\3\4[1].jpg - a variant of Win32/PSW.Legendmir.NEP trojan
C:\Documents and Settings\EQ2\桌面\3\WinForm.dll - a variant of Win32/PSW.OnLineGames.UX trojan
C:\Documents and Settings\EQ2\桌面\3\zlsb.exe - probably unknown NewHeur_PE virus [7]
Number of scanned files: 3
Number of threats found: 3
Number of files cleaned: 3
Time of completion: 15:28:00 Total scanning time: 2 sec (00:00:02)

Notes:
[7] File is probably infected with an unknown virus.

allenhippo

卡7没过，所以我就么发上来

The EQs

主要还是卡7有了启发式。。。。。。

绅博周幸

趋势网络安全版2007报2个

a256886572008

運行zlsb.exe，發現下列行為，被EQ-Secure RC1 攔截！
-----------
2007-06-10 15:30:21    運行應用程序      操作:允許
進成路徑:C:\WINDOWS\Explorer.EXE
文件路徑:D:\桌面\virus\3_kafan\zlsb.exe
规则:應用程序規則->系統程序->%windir%\Explorer.EXE


2007-06-10 15:30:28    創建文件      操作:阻止
進成路徑:D:\桌面\virus\3_kafan\zlsb.exe
文件路徑:C:\Documents and Settings\Hung Jui Hung\Local Settings\Temp\zlsb.exe
规则:所有程序規則->全局設置_可執行文件1_普通模式->%SystemDrive%\*.exe


2007-06-10 15:30:29    創建文件      操作:阻止
進成路徑:D:\桌面\virus\3_kafan\zlsb.exe
文件路徑:C:\Documents and Settings\Hung Jui Hung\Local Settings\Temp\zlsb.exe
规则:所有程序規則->全局設置_可執行文件1_普通模式->%SystemDrive%\*.exe


2007-06-10 15:30:29    創建文件      操作:阻止
進成路徑:D:\桌面\virus\3_kafan\zlsb.exe
文件路徑:C:\Documents and Settings\Hung Jui Hung\Local Settings\Temp\zlsb.exe
规则:所有程序規則->全局設置_可執行文件1_普通模式->%SystemDrive%\*.exe


2007-06-10 15:30:29    创建注册表值      操作:阻止
進成路徑:D:\桌面\virus\3_kafan\zlsb.exe
註冊表路徑:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
註冊表名稱:RealUpdate
注册表数据:C:\DOCUME~1\HUNGJU~1\LOCALS~1\Temp\zlsb.exe
规则:所有程序規則->係統自動運行_普通模式->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*


2007-06-10 15:30:57    創建文件      操作:阻止
進成路徑:D:\桌面\virus\3_kafan\zlsb.exe
文件路徑:D:\桌面\virus\3_kafan\_deleteme.bat
规则:黑名單->In Side->*.bat

--------------------------------------------------------
1.他會在下列路徑產生zlsb.exe
   C:\Documents and Settings\Hung Jui Hung\Local Settings\Temp\
2.他會创建注册表值
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   RealUpdate
   C:\DOCUME~1\HUNGJU~1\LOCALS~1\Temp\zlsb.exe
3.他會在下列路徑產生_deleteme.bat
   D:\桌面\virus\3_kafan\

4.運行時，Comodo Firewall攔截！

DJ

卡6过了，所以我就发上来.
为啥只有卡巴和X星不报？？？

promised

壳王通杀

[ 本帖最后由 promised 于 2007-6-10 15:51 编辑 ]

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\3.zip'
C:\Documents and Settings\Administrator\My Documents\
  3.zip
    [0] Archive type: ZIP
    --> 4[1].jpg
        [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> WinForm.dll
        [DETECTION] Is the Trojan horse TR/Agent.16652.2
        [WARNING]   Infected files in archives cannot be repaired!
    --> zlsb.exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!