金剑病毒样本红伞高启发扫描残留物上报结果

qwerasdf123

SE 7 04 00 32
VDF 6 39 00 30
扫描后残留物上报结果
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00052636.


We received the following archive files:

File ID	Filename	Size (Byte)	Result
998201	virus.rar	1.48 MB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
549198	5(1dqw).exe	326.5 KB	MALWARE
275602	536enc.dll	144 KB	CLEAN
206784	6to4svc.dll	98 KB	CLEAN
682727	aaaamon.dll	39 KB	KNOWN CLEAN
994658	asdas.exe	473.63 KB	MALWARE
271863	cq.exe	47.3 KB	DAMAGED FILE (UNKNOWN)
245727	dk.exe	49 KB	CLEAN
552011	hhnsdl.exe	122 KB	CLEAN
736981	IEINFO5.OCX	98.5 KB	KNOWN CLEAN
538275	iviRegMgr.exe	109.52 KB	CLEAN
529995	mmvem.exe	100 KB	CLEAN
245730	mstsc.exe	381 KB	CLEAN
205235	nc.exe	60 KB	MALWARE
227766	NetCat.exe	58 KB	MALWARE
206397	npptools.dll	53 KB	CLEAN
206398	Packet.dll	80 KB	CLEAN
224571	regsvr32.exe	13.5 KB	CLEAN
204668	rundll2000.exe	10 KB	FALSE POSITIVE
272351	svchqwrqost.exe	16 KB	CLEAN
245731	tb.exe	220 KB	CLEAN
245732	th.exe	76 KB	CLEAN
271865	virus1.exe	204 KB	CLEAN
234510	vnc.exe	32 KB	MALWARE
206396	WanPacket.dll	60 KB	CLEAN
218123	su.asp	6.75 KB	MALWARE
996435	aaa.exe	182.91 KB	CLEAN
533870	kg.exe	21 KB	MALWARE

Please find a detailed report concerning each individual sample below:

Filename

Result

5(1dqw).exe

MALWARE

The file '5(1dqw).exe' has been determined to be 'MALWARE'.
Our analysts named the threat SPR/Tool.Reboot.E. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.Detection is added to our virus definition file (VDF) starting with version 6.35.01.148.

Filename

Result

536enc.dll

CLEAN

The file '536enc.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

6to4svc.dll

CLEAN

The file '6to4svc.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

aaaamon.dll

KNOWN CLEAN

The file 'aaaamon.dll' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows Server 2003 (SP1)'.

Filename

Result

asdas.exe

MALWARE

The file 'asdas.exe' has been determined to be 'MALWARE'.
Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

cq.exe

DAMAGED FILE (UNKNOWN)

The file 'cq.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

Filename

Result

dk.exe

CLEAN

The file 'dk.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

hhnsdl.exe

CLEAN

The file 'hhnsdl.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

IEINFO5.OCX

KNOWN CLEAN

The file 'IEINFO5.OCX' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows Server 2003 (SP2)'.

Filename

Result

iviRegMgr.exe

CLEAN

The file 'iviRegMgr.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

mmvem.exe

CLEAN

The file 'mmvem.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

mstsc.exe

CLEAN

The file 'mstsc.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

nc.exe

MALWARE

The file 'nc.exe' has been determined to be 'MALWARE'.
Our analysts named the threat SPR/Delf.1.A.2. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.Detection is added to our virus definition file (VDF) starting with version 6.36.00.80.

Filename

Result

NetCat.exe

MALWARE

The file 'NetCat.exe' has been determined to be 'MALWARE'.
Our analysts named the threat SPR/RemoteAdmin.Net. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.

Filename

Result

npptools.dll

CLEAN

The file 'npptools.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

Packet.dll

CLEAN

The file 'Packet.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

regsvr32.exe

CLEAN

The file 'regsvr32.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

rundll2000.exe

FALSE POSITIVE

The file 'rundll2000.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.38.0.58 .

Filename

Result

svchqwrqost.exe

CLEAN

The file 'svchqwrqost.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

tb.exe

CLEAN

The file 'tb.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

th.exe

CLEAN

The file 'th.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

virus1.exe

CLEAN

The file 'virus1.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

vnc.exe

MALWARE

The file 'vnc.exe' has been determined to be 'MALWARE'.
Our analysts named the threat SPR/VNC.A. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.

Filename

Result

WanPacket.dll

CLEAN

The file 'WanPacket.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

su.asp

MALWARE

The file 'su.asp' has been determined to be 'MALWARE'.
Our analysts discovered that the file is a Backdoor-Server. The purpose of such programs is to provide remote control capability. Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

aaa.exe

CLEAN

The file 'aaa.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename

Result

kg.exe

MALWARE

The file 'kg.exe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Crypt.NSAnti.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=sY4k1Q9sfnyrPZYFOPbEdGv37Gqy8tmJ&incidentid=52636

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=sY4k1Q9sfnyrPZYFOPbEdGv37Gqy8tmJ

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992

mofunzone

这个没必要发到这里吧。。