test.exe[md5:dba938]

mofunzone

File:           test.exe
Status:        
POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5:         dba938da217e84374b4328240ddf9af5
Packers detected:        
PE_PATCH.UPX, UPX
Bit9 reports:         File not found
Scanner results
Scan taken on 22 Jun 2007 04:41:58 (GMT)
A-Squared        
Found nothing
AntiVir        
Found TR/Agent.18432.64
ArcaVir        
Found nothing
Avast        
Found nothing
AVG Antivirus        
Found nothing
BitDefender        
Found Generic.Malware.SBdld.B71C53A9
ClamAV        
Found nothing
Dr.Web        
Found nothing
F-Prot Antivirus        
Found nothing
F-Secure Anti-Virus        
Found nothing
Fortinet        
Found nothing
Kaspersky Anti-Virus        
Found nothing
NOD32        
Found nothing
Norman Virus Control        
Found nothing
Panda Antivirus        
Found nothing
Rising Antivirus        
Found nothing
VirusBuster        
Found nothing
VBA32        
Found nothing

wangjay1980

2007-6-22 JAY12:44:31        File: C:\Documents and Settings\Owner\×ÀÃæ\test.rar/test.exe//PE_Patch.UPX//HKB0622A101.DLL        ok        scanned
2007-6-22 JAY12:44:31        File: C:\Documents and Settings\Owner\×ÀÃæ\test.rar/test.exe//PE_Patch.UPX//SELF.BAT        ok        scanned

detected: Trojan program Trojan-Downloader.Win32.Agent.brp URL: http://bbs.kafan.cn/attachment.php?aid=91045//test.exe//PE_Patch.UPX//UPX

[ 本帖最后由 wangjay1980 于 2007-6-22 17:12 编辑 ]

小邪邪

咖啡：PWS-Zhengtu(特洛伊)

征途？

aziok

Virus or unwanted program 'TR/Agent.18432.64 [TR/Agent.18432.64]'
detected in file 'C:\Documents and Settings\????\桌面\test.exe.
Action performed: Deny access

红心王子

鬼兔子

kis6.0.0.307未报

a256886572008

運行test.exe，發現下列行為，被EQ-Secure RC2攔截！

2007-06-22 14:41:53    运行应用程序      操作:允许
进程路径:C:\windows\Explorer.EXE
文件路径:D:\桌面\virus\dba938test\test.exe
规则:应用程序规则->系統程序->%windir%\Explorer.EXE


2007-06-22 14:41:54    创建文件      操作:阻止
进程路径:D:\桌面\virus\dba938test\test.exe
文件路径:C:\windows\system32\hkb0622a101.dll
规则:所有程序规则->全局設置_可執行文件1_普通模式->%SystemDrive%\*.dll


2007-06-22 14:41:54    创建注册表值      操作:阻止
进程路径:D:\桌面\virus\dba938test\test.exe
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
注册表名称:{BC0ACA58-6A6F-51DA-9EFE-9D20F4F611BA}
规则:所有程序规则->資源管理器->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks*


2007-06-22 14:41:55    创建文件      操作:阻止
进程路径:D:\桌面\virus\dba938test\test.exe
文件路径:D:\桌面\virus\dba938test\self.bat
规则:所有程序规则->2.1.5组：限制部份高危格式文件和文件夹的操作->*.bat

1.他會在C:\windows\system32\產生
   hkb0622a101.dll
2.他會创建注册表值
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
   {BC0ACA58-6A6F-51DA-9EFE-9D20F4F611BA}
3.他會在他旁邊產生self.bat

imdino

Panda miss, 回报上去

rodneyxp2002

卡巴7.0.0.120没报
微点：
程序版本： 1.2.10570.0111
特征版本： 1.6.361.070621
更新时间： 2007-06-21 16:29:28
报告：
木马名称:未知木马

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\TEST\TEST.EXE
是木马程序!

jlennon

还有
注册表键： HKCR\CLSID\\{BC0ACA58-6A6F-51DA-9EFE-9D20F4F611BA}\\InProcServer32\