3X,金山都不报

显示全部楼层 · 发表于 2011-6-4 09:44:19

FS

结果: 发现 2 个恶意软件
Gen:Variant.Kazy.25416 (病毒)
D:\我的文档\桌面\3X\2.exe
Trojan.Generic.KDV.241220 (病毒)
D:\我的文档\桌面\3X\3.exe

显示全部楼层 · 发表于 2011-6-4 09:55:47

显示全部楼层 · 发表于 2011-6-4 10:07:21

360 KILL

显示全部楼层 · 发表于 2011-6-4 10:30:59

这个金山卫士报毒了

显示全部楼层 · 发表于 2011-6-4 10:37:17

本帖最后由 a256886572008 于 2011-6-4 10:56 编辑

1.exe

CIMA 没反应。

2011-06-04 10:29:31 C:\Documents and Settings\Roger\桌面\VIRUS\3X\1.exe Sandboxed As Partially Limited

2011-06-04 10:29:41 C:\Documents and Settings\Roger\桌面\VIRUS\3X\1.exe Modify File C:\Documents and Settings\Roger\Application Data\Microsoft\Protect\Credentials\wmpnetvk.exe

2011-06-04 10:29:42 C:\WINDOWS\system32\cmd.exe Sandboxed As Partially Limited

2011-06-04 10:29:46 C:\Documents and Settings\Roger\桌面\VIRUS\3X\1.exe Modify Key HKUS\S-1-5-21-1214440339-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System

2.exe

http://camas.comodo.com/cgi-bin/submit?file=725d622ce9694abbe6a0e74afd112ccac12825be6a52ed1d4899754398109c04

Auto Analysis Verdict
Suspicious++

Suspicious Actions Detected
Creates autorun records
Deletes self
Injects code into other processes

2011-06-04 10:36:18 C:\Documents and Settings\Roger\桌面\VIRUS\3X\2.exe Sandboxed As Partially Limited

2011-06-04 10:36:21 C:\Documents and Settings\Roger\Application Data\Ixbylu\hikoo.exe Sandboxed As Partially Limited

2011-06-04 10:36:25 C:\Documents and Settings\Roger\桌面\VIRUS\3X\2.exe Scanned Online and Found Malicious

2011-06-04 10:36:28 C:\Documents and Settings\Roger\Application Data\Ixbylu\hikoo.exe Access Memory C:\WINDOWS\explorer.exe

2011-06-04 10:36:28 C:\Documents and Settings\Roger\桌面\VIRUS\3X\2.exe Modify Key HKUS\S-1-5-21-1214440339-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609

2011-06-04 10:36:31 C:\Documents and Settings\Roger\Local Settings\Temp\tmp1154c7fb.bat Sandboxed As Partially Limited

2011-06-04 10:36:34 C:\Documents and Settings\Roger\Local Settings\Temp\tmp1154c7fb.bat Modify Key HKUS\S-1-5-21-1214440339-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609

2011-06-04 10:36:34 C:\Documents and Settings\Roger\Local Settings\Temp\tmp1154c7fb.bat Modify File C:\Documents and Settings\Roger\桌面\VIRUS\3X\2.exe

comodo 云查杀

2011-06-04 10:36:19 C:\Documents and Settings\Roger\桌面\VIRUS\3X\2.exe
TrojWare.Win32.Trojan.Agent.Gen@1

CAV 杀

2011-06-04 10:36:23 C:\Documents and Settings\Roger\Application Data\Ixbylu\hikoo.exe TrojWare.Win32.TrojanSpy.Zbot.~amm@133834206

附件是 2.exe 的衍生物

3.exe

CIMA 不可执行。

双击运行，没反应，自动退出。

显示全部楼层 · 发表于 2011-6-4 11:45:30

MSE
2.exe - PWS:Win32/Zbot
1.exe - Worm:Win32/Ainslot.A
3.exe - 无行为

显示全部楼层 · 发表于 2011-6-4 11:59:44

ESS全秒
G:\TD\3X.rar > RAR > 2.exe - Win32/Kryptik.OPL 特洛伊木马的变种 - 是已删除对象的一部分
G:\TD\3X.rar > RAR > 3.exe - Win32/Dorkbot.B 蠕虫 - 是已删除对象的一部分
G:\TD\3X.rar > RAR > 1.exe - Win32/AutoRun.PSW.VB.H 蠕虫 - 是已删除对象的一部分

360卫士表示安全。。

显示全部楼层 · 发表于 2011-6-4 13:21:01

衍生物金山查杀

显示全部楼层 · 发表于 2011-6-4 13:26:22

norton 2012表示安全...晕

显示全部楼层 · 发表于 2011-6-4 13:28:32

BitDefender to 1
2.exe Gen:Variant.Kazy.25416
3.exe Trojan.Generic.KDV.241220

[病毒样本] 3X,金山都不报

本帖子中包含更多资源

本帖子中包含更多资源