刚才那个假冒多特的[MD5: F703B3 D77BC2 8BDB3D]

显示全部楼层 · 发表于 2007-6-22 22:09:10

有鸽子

显示全部楼层 · 发表于 2007-6-22 22:12:57

Scan performed at: 2007-6-22 22:16:51
Scanning Log
NOD32 version 2344 (20070622) NT
Command line: C:\ABC\virus
Operating memory - is OK

Date: 22.6.2007 Time: 22:17:01
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\ABC\virus\
C:\ABC\virus\4.exe - probably unknown NewHeur_PE virus [7]
C:\ABC\virus\5.exe - probably a variant of Win32/PSW.QQShou trojan
C:\ABC\virus\isignup.sys - probably a variant of Win32/PSW.QQShou trojan
Number of scanned files: 3
Number of threats found: 3
Number of active threats: 3
Time of completion: 22:17:15 Total scanning time: 14 sec (00:00:14)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-6-22 22:13:00

病毒: Win32:Hupigon-FB [Trj]
文件: 4.exe
目录: E:\病毒库\virus
进程: WinRAR.exe 病毒: Win32:Delf-BCS [Trj]
文件: isignup.sys
目录: E:\病毒库\virus

显示全部楼层 · 发表于 2007-6-22 22:13:08

detected: virus Heur.Backdoor.Generic File: E:\Ñù±¾\ÐÂ½¨ÎÄ¼þ¼Ð\4.exe//PE_Patch.Poly

显示全部楼层 · 发表于 2007-6-22 22:13:19

AVAST 不报，红伞报
Starting the file scan:

Begin scan in 'D:\病毒测试\未解压\virus.part1.rar'
D:\病毒测试\未解压\virus.part1.rar
  [0] Archive type: RAR
  --> 4.exe
   [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> 5.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-6-22 22:14:50

原帖由 欠你幸福 于 2007-6-22 22:13 发表
AVAST 不报，红伞报
Starting the file scan:

Begin scan in 'D:\病毒测试\未解压\virus.part1.rar'
D:\病毒测试\未解压\virus.part1.rar
  [0] Archive type: RAR
  --> 4.exe
   [DETECTION] Cont ...

不是全报了吗
你好像漏了一个

显示全部楼层 · 发表于 2007-6-22 22:18:03

你的NOD32怎么扫了14秒

Time of completion: 22:21:26 Total scanning time: 5 sec (00:00:05)

显示全部楼层 · 发表于 2007-6-22 22:20:59

原帖由 欠你幸福 于 2007-6-22 22:13 发表
AVAST 不报，红伞报
Starting the file scan:

Begin scan in 'D:\病毒测试\未解压\virus.part1.rar'
D:\病毒测试\未解压\virus.part1.rar
  [0] Archive type: RAR
  --> 4.exe
   [DETECTION] Cont ...

谁说avast不报啊

显示全部楼层 · 发表于 2007-6-22 22:25:10

5。EXE上报看看

显示全部楼层 · 发表于 2007-6-22 22:39:18

運行4.exe，發現下列行為，被EQ-Secure RC2攔截！

2007-06-22 22:40:48 运行应用程序    操作:允许
进程路径:C:\windows\Explorer.EXE
文件路径:D:\桌面\virus\龘virus\4.exe
规则:应用程序规则->系統程序->%windir%\Explorer.EXE

2007-06-22 22:40:48 访问物理内存    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe

规则:所有程序规则->*

2007-06-22 22:40:48 访问物理内存    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe

规则:所有程序规则->*

2007-06-22 22:40:48 访问物理内存    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe

规则:所有程序规则->*

2007-06-22 22:40:49 创建文件    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe
文件路径:C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe
规则:所有程序规则->保護安全軟體->C:\Program Files\*

2007-06-22 22:40:49 创建文件    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe
文件路径:C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe
规则:所有程序规则->保護安全軟體->C:\Program Files\*

2007-06-22 22:40:49 创建文件    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe
文件路径:C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe
规则:所有程序规则->保護安全軟體->C:\Program Files\*

2007-06-22 22:40:49 修改注册表内容    操作:阻止
进程路径:C:\windows\system32\services.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Office Soure Engine
注册表名称:[Key]
规则:所有程序规则->服務_普通模式->HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\*

2007-06-22 22:40:49 创建文件    操作:阻止
进程路径:D:\桌面\virus\龘virus\4.exe
文件路径:C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat
规则:所有程序规则->保護安全軟體->C:\Program Files\*

1.他會访问物理内存
2.他會在C:\Program Files\Common Files\Microsoft Shared\MSINFO\產生
svchost.exe
3.他會修改注册表内容
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Office Soure Engine
[Key]
4.他會在C:\Program Files\Common Files\Microsoft Shared\MSINFO\產生
Delet.bat

[病毒样本] 刚才那个假冒多特的[MD5: F703B3 D77BC2 8BDB3D]

本帖子中包含更多资源

回复 #6 promised 的帖子

本帖子中包含更多资源