MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Alvin Chen » 從Yahoo EMail壓縮擋病毒看防毒軟體比較

從Yahoo EMail壓縮擋病毒看防毒軟體比較

此病毒2008/1/18至今,我做一個小測驗,
看看各防毒廠商掃描狀況如何。
(沒想到S家大廠居然尚無法偵測... 還跟我說結案了... )

值得注意的是,32家名單只有46.88%可偵測出來,
這樣的比例和病毒已發佈超過10天的速度相比,
有的似乎較慢了些!

 

檔案 10_________10_________.zip 接收於 2008.01.30 18:02:40 (CET)
反病毒引擎 版本 最後更新 掃瞄結果
AhnLab-V3 2008.1.31.10 2008.01.30 -
AntiVir 7.6.0.59 2008.01.30 DR/Maran.A
Authentium 4.93.8 2008.01.30 -
Avast 4.7.1098.0 2008.01.30 -
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.30 -
CAT-QuickHeal 9.00 2008.01.29 -
ClamAV 0.91.2 2008.01.30 Worm.Mytob.IS
DrWeb 4.44.0.09170 2008.01.30 Trojan.PWS.Gamania.origin
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5497 2008.01.30 -
Ewido 4.0 2008.01.30 -
FileAdvisor 1 2008.01.30 -
Fortinet 3.14.0.0 2008.01.30 W32/OnLineGames.PAB!tr.pws
F-Prot 4.4.2.54 2008.01.29 -
F-Secure 6.70.13260.0 2008.01.30 Trojan-PSW.Win32.OnLineGames.pab
Ikarus T3.1.1.20 2008.01.30 -
Kaspersky 7.0.0.125 2008.01.30 Trojan-PSW.Win32.OnLineGames.pab
McAfee 5218 2008.01.29 -
Microsoft 1.3109 2008.01.28 PWS:Win32/Wowsteal.gen!A
NOD32v2 2836 2008.01.30 a variant of Win32/PSW.OnLineGames.PLR
Norman 5.80.02 2008.01.29 W32/Malware
Panda 9.0.0.4 2008.01.29 Suspicious file
Prevx1 V2 2008.01.30 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.30 Mal/EncPk-AP
Sunbelt 2.2.907.0 2008.01.30 -
Symantec 10 2008.01.30 -
TheHacker 6.2.9.202 2008.01.30 Trojan/Agent.adv
VBA32 3.12.2.6 2008.01.29 suspected of Embedded.MalwareScope.Trojan-PSW.Game.14
VirusBuster 4.3.26:9 2008.01.30 Packed/NSPack
Webwasher-Gateway 6.6.2 2008.01.30 Trojan.Dropper.PSW.OnLineGa.pab
 
附加訊息
File size: 177787 bytes
MD5: 2de2725d001455399793f63f7e31d782
SHA1: 2f5b3dc20d32e949ff48f94713b811335b44998b
PEiD: -
packers: RAR, NSPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* Accesses executable file from resource section.
* File length: 222901 bytes.

[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates directory C:\WINDOWS\TEMP.
* Creates directory C:\WINDOWS\TEMP\RarSFX0.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\d.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt.
* Creates file C:\WINDOWS\TEMP\RarSFX0\2.bat.
* Creates file C:\WINDOWS\HELP\F3C74E3FA248.dll.

[ Changes to registry ]
* Creates key \"HKCU\Software\WinRAR SFX\".
* Sets value \"C%%PROGRA~1%WindowsUp\"=\"C:\WINDOWS\TEMP\RarSFX0\" in key \"HKCU\Software\WinRAR SFX\".
* Creates key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\".
* Sets value \"\"=\"SSUUDL\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\".
* Creates key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".
* Sets value \"\"=\"C:\WINDOWS\HELP\F3C74E3FA248.dll\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".
* Sets value \"ThreadingModel\"=\"Apartment\" in key \"HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\".

[ Network ]
* Hooks into Shell explorer.

[ Process/window information ]
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\d.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt NULL.
* Creates a mutex WSXIHUDS.

Posted Jan 31 2008, 01:25 AM by alvinchen
Filed under:

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems