此病毒2008/1/18至今,我做一個小測驗,
看看各防毒廠商掃描狀況如何。
(沒想到S家大廠居然尚無法偵測... 還跟我說結案了... )
值得注意的是,32家名單只有46.88%可偵測出來,
這樣的比例和病毒已發佈超過10天的速度相比,
有的似乎較慢了些!
| 檔案 10_________10_________.zip 接收於 2008.01.30 18:02:40 (CET) |
| 反病毒引擎 |
版本 |
最後更新 |
掃瞄結果
|
| AhnLab-V3 |
2008.1.31.10 |
2008.01.30 |
-
|
| AntiVir |
7.6.0.59 |
2008.01.30 |
DR/Maran.A
|
| Authentium |
4.93.8 |
2008.01.30 |
-
|
| Avast |
4.7.1098.0 |
2008.01.30 |
-
|
| AVG |
7.5.0.516 |
2008.01.30 |
-
|
| BitDefender |
7.2 |
2008.01.30 |
-
|
| CAT-QuickHeal |
9.00 |
2008.01.29 |
-
|
| ClamAV |
0.91.2 |
2008.01.30 |
Worm.Mytob.IS
|
| DrWeb |
4.44.0.09170 |
2008.01.30 |
Trojan.PWS.Gamania.origin
|
| eSafe |
7.0.15.0 |
2008.01.28 |
-
|
| eTrust-Vet |
31.3.5497 |
2008.01.30 |
-
|
| Ewido |
4.0 |
2008.01.30 |
-
|
| FileAdvisor |
1 |
2008.01.30 |
-
|
| Fortinet |
3.14.0.0 |
2008.01.30 |
W32/OnLineGames.PAB!tr.pws
|
| F-Prot |
4.4.2.54 |
2008.01.29 |
-
|
| F-Secure |
6.70.13260.0 |
2008.01.30 |
Trojan-PSW.Win32.OnLineGames.pab
|
| Ikarus |
T3.1.1.20 |
2008.01.30 |
-
|
| Kaspersky |
7.0.0.125 |
2008.01.30 |
Trojan-PSW.Win32.OnLineGames.pab
|
| McAfee |
5218 |
2008.01.29 |
-
|
| Microsoft |
1.3109 |
2008.01.28 |
PWS:Win32/Wowsteal.gen!A
|
| NOD32v2 |
2836 |
2008.01.30 |
a variant of Win32/PSW.OnLineGames.PLR
|
| Norman |
5.80.02 |
2008.01.29 |
W32/Malware
|
| Panda |
9.0.0.4 |
2008.01.29 |
Suspicious file
|
| Prevx1 |
V2 |
2008.01.30 |
-
|
| Rising |
20.29.22.00 |
2008.01.30 |
-
|
| Sophos |
4.25.0 |
2008.01.30 |
Mal/EncPk-AP
|
| Sunbelt |
2.2.907.0 |
2008.01.30 |
-
|
| Symantec |
10 |
2008.01.30 |
-
|
| TheHacker |
6.2.9.202 |
2008.01.30 |
Trojan/Agent.adv
|
| VBA32 |
3.12.2.6 |
2008.01.29 |
suspected of Embedded.MalwareScope.Trojan-PSW.Game.14
|
| VirusBuster |
4.3.26:9 |
2008.01.30 |
Packed/NSPack
|
| Webwasher-Gateway |
6.6.2 |
2008.01.30 |
Trojan.Dropper.PSW.OnLineGa.pab
|
| |
| 附加訊息 |
| File size: 177787 bytes |
| MD5: 2de2725d001455399793f63f7e31d782 |
| SHA1: 2f5b3dc20d32e949ff48f94713b811335b44998b |
| PEiD: - |
| packers: RAR, NSPack |
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* Accesses executable file from resource section.
* File length: 222901 bytes.
[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates directory C:\WINDOWS\TEMP.
* Creates directory C:\WINDOWS\TEMP\RarSFX0.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\d.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt.
* Creates file C:\WINDOWS\TEMP\RarSFX0\2.bat.
* Creates file C:\WINDOWS\HELP\F3C74E3FA248.dll.
[ Changes to registry ]
* Creates key \"HKCU\Software\WinRAR SFX\".
* Sets value \"C%%PROGRA~1%WindowsUp\"=\"C:\WINDOWS\TEMP\RarSFX0\" in key \"HKCU\Software\WinRAR SFX\".
* Creates key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\".
* Sets value \"\"=\"SSUUDL\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\".
* Creates key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".
* Sets value \"\"=\"C:\WINDOWS\HELP\F3C74E3FA248.dll\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".
* Sets value \"ThreadingModel\"=\"Apartment\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".
[ Network ]
* Hooks into Shell explorer.
[ Process/window information ]
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\d.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt NULL.
* Creates a mutex WSXIHUDS.
|
陸續發現其他病毒檔名:
你的照片.zip
剋星.zip
媽祖喜歡你.zip
我的相冊.zip
新年賀卡.zip
歌詞.zip
照片.zip
猴.zip
隱私.zip
謎底.zip