0BBE3C 新货

tonger2003

AhnLab-V3	2007.6.21.1	06.21.2007 [td]no virus found
AntiVir	7.4.0.34	06.21.2007	HEUR/Malware
Authentium	4.93.8	06.22.2007 [td]no virus found
Avast	4.7.997.0	06.21.2007	Win32:Small-EWG
AVG	7.5.0.467	06.20.2007 [td]no virus found
BitDefender	7.2	06.21.2007	Dropped:Win32.Small.B
CAT-QuickHeal	9.00	06.21.2007 [td]no virus found
ClamAV	devel-20070416	06.22.2007 [td]no virus found
DrWeb	4.33	06.21.2007 [td]no virus found
eSafe	7.0.15.0	06.21.2007	Suspicious Trojan/Worm
eTrust-Vet	30.8.3733	06.22.2007 [td]no virus found
Ewido	4.0	06.21.2007 [td]no virus found
FileAdvisor	1	06.22.2007 [td]no virus found
Fortinet	2.91.0.0	06.21.2007 [td]no virus found
F-Prot	4.3.2.48	06.21.2007 [td]no virus found
F-Secure	6.70.13030.0	06.22.2007	W32/Malware
Ikarus	T3.1.1.8	06.21.2007	Trojan-Downloader.Win32.Small.esr
Kaspersky	4.0.2.24	06.22.2007 [td]no virus found
McAfee	5058	06.21.2007 [td]no virus found
Microsoft	1.2701	06.22.2007	TrojanDownloader:Win32/Agent.gen!A
NOD32v2	2343	06.21.2007 [td]no virus found
Norman	5.80.02	06.21.2007 [td]no virus found
Panda	9.0.0.4	06.22.2007	Suspicious file
Sophos	4.18.0	06.21.2007	Mal/Behav-053
Sunbelt	2.2.907.0	06.21.2007 [td]no virus found
Symantec	10	06.22.2007	W32.Pagipef.B
TheHacker	6.1.6.136	06.20.2007 [td]no virus found
VBA32	3.12.0.2	06.21.2007 [td]no virus found
VirusBuster	4.3.23:9	06.21.2007 [td]no virus found
Webwasher-Gateway	6.0.1	06.21.2007	Heuristic.Malware

[ 本帖最后由 tonger2003 于 2007-6-22 11:21 编辑 ]

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\样本.rar'
C:\Documents and Settings\Administrator\My Documents\
  样本.rar
    [0] Archive type: RAR
    --> RavM.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!

扫描日志
NOD32版本 2342 (20070621) NT
命令行： C:\Documents and Settings\Administrator\My  ?
?Documents\样本.rar
正在检查NOD32.EXE文件的CRC：状态正常
D:\Eset\nod32.exe - 是正常的
扫描系统内存中：没有进行 (选项已关闭)
扫描MBR及引导区中：没有进行 (选项已关闭)
日期： 21.6.2007  时间：20:19:00
已关闭反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\ ?
?Administrator\My Documents\样本.rar
C:\Documents and Settings\Administrator\My Documents\样本. ?
?rar >>RAR >>RavM.exe - 是正常的
已扫描的文件数目：1
已发现的病毒数目：0
完成时间： 20:19:00 总扫描时间：0 秒 (00:00:00)


[Scan path] C:\Documents and Settings\Administrator\My Documents\样本.rar
>C:\Documents and Settings\Administrator\My Documents\样本.rar\RavM.exe - Ok
C:\Documents and Settings\Administrator\My Documents\样本.rar - Ok

红心王子

扫描没动静
运行之后，KV监控提示两个低度危险的安全提示，建议
全部禁止运行
有必要上报了

红心王子

如果想先让恶意程序运行
必须先过K斧头V监控这一关，过不去，病毒就很难侵袭

wangjay1980

detected: virus Trojan.Generic (modification)        File: C:\Documents and Settings\Owner\×ÀÃæ\Ñù±¾.rar/RavM.exe

yashoo

直接上报

scottxzt

红伞启发有效。微点砍。

Whkroran

Kaspersky Internet Security 7.0
The requested URL http://bbs.kafan.cn/attachment.php?aid=90977 is infected with Trojan.Generic virus

l784588

Avast秒之,报Win32:Small-EWG [Trj]

wangjay1980

Hello.
New malicious software was found in the attached file.
Trojan-Downloader.Win32.Agent.bva
It's detection will be included in the next update. Thank you for your help.