從Yahoo EMail壓縮擋病毒看防毒軟體比較

此病毒2008/1/18至今,我做一個小測驗,
看看各防毒廠商掃描狀況如何。
(沒想到S家大廠居然尚無法偵測… 還跟我說結案了… )


值得注意的是,32家名單只有46.88%可偵測出來,
這樣的比例和病毒已發佈超過10天的速度相比,
有的似乎較慢了些!


 

























































































































































檔案 10_________10_________.zip 接收於 2008.01.30 18:02:40 (CET)
反病毒引擎 版本 最後更新 掃瞄結果</TD

AhnLab-V3 2008.1.31.10 2008.01.30 -</TD

AntiVir 7.6.0.59 2008.01.30 DR/Maran.A</TD

Authentium 4.93.8 2008.01.30 -</TD

Avast 4.7.1098.0 2008.01.30 -</TD

AVG 7.5.0.516 2008.01.30 -</TD

BitDefender 7.2 2008.01.30 -</TD

CAT-QuickHeal 9.00 2008.01.29 -</TD

ClamAV 0.91.2 2008.01.30 Worm.Mytob.IS</TD

DrWeb 4.44.0.09170 2008.01.30 Trojan.PWS.Gamania.origin</TD

eSafe 7.0.15.0 2008.01.28 -</TD

eTrust-Vet 31.3.5497 2008.01.30 -</TD

Ewido 4.0 2008.01.30 -</TD

FileAdvisor 1 2008.01.30 -</TD

Fortinet 3.14.0.0 2008.01.30 W32/OnLineGames.PAB!tr.pws</TD

F-Prot 4.4.2.54 2008.01.29 -</TD

F-Secure 6.70.13260.0 2008.01.30 Trojan-PSW.Win32.OnLineGames.pab</TD

Ikarus T3.1.1.20 2008.01.30 -</TD

Kaspersky 7.0.0.125 2008.01.30 Trojan-PSW.Win32.OnLineGames.pab</TD

McAfee 5218 2008.01.29 -</TD

Microsoft 1.3109 2008.01.28 PWS:Win32/Wowsteal.gen!A</TD

NOD32v2 2836 2008.01.30 a variant of Win32/PSW.OnLineGames.PLR</TD

Norman 5.80.02 2008.01.29 W32/Malware</TD

Panda 9.0.0.4 2008.01.29 Suspicious file</TD

Prevx1 V2 2008.01.30 -</TD

Rising 20.29.22.00 2008.01.30 -</TD

Sophos 4.25.0 2008.01.30 Mal/EncPk-AP</TD

Sunbelt 2.2.907.0 2008.01.30 -</TD

Symantec 10 2008.01.30 -</TD

TheHacker 6.2.9.202 2008.01.30 Trojan/Agent.adv</TD

VBA32 3.12.2.6 2008.01.29 suspected of Embedded.MalwareScope.Trojan-PSW.Game.14</TD

VirusBuster 4.3.26:9 2008.01.30 Packed/NSPack</TD

Webwasher-Gateway 6.6.2 2008.01.30 Trojan.Dropper.PSW.OnLineGa.pab</TD

 
附加訊息
File size: 177787 bytes
MD5: 2de2725d001455399793f63f7e31d782
SHA1: 2f5b3dc20d32e949ff48f94713b811335b44998b
PEiD: –
packers: RAR, NSPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO – REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* Accesses executable file from resource section.
* File length: 222901 bytes.

[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates directory C:\WINDOWS\TEMP.
* Creates directory C:\WINDOWS\TEMP\RarSFX0.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\d.exe.
* Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt.
* Creates file C:\WINDOWS\TEMP\RarSFX0\2.bat.
* Creates file C:\WINDOWS\HELP\F3C74E3FA248.dll.

[ Changes to registry ]
* Creates key \”HKCU\Software\WinRAR SFX\”.
* Sets value \”C%%PROGRA~1%WindowsUp\”=\”C:\WINDOWS\TEMP\RarSFX0\” in key \”HKCU\Software\WinRAR SFX\”.
* Creates key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\”.
* Sets value \”\”=\”SSUUDL\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\”.
* Creates key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”.
* Sets value \”\”=\”C:\WINDOWS\HELP\F3C74E3FA248.dll\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”.
* Sets value \”ThreadingModel\”=\”Apartment\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”.

[ Network ]
* Hooks into Shell explorer.

[ Process/window information ]
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\d.exe NULL.
* Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt NULL.
* Creates a mutex WSXIHUDS.

Leave a Reply

Your email address will not be published. Required fields are marked *