此病毒2008/1/18至今,我做一個小測驗,
看看各防毒廠商掃描狀況如何。
(沒想到S家大廠居然尚無法偵測… 還跟我說結案了… )
值得注意的是,32家名單只有46.88%可偵測出來,
這樣的比例和病毒已發佈超過10天的速度相比,
有的似乎較慢了些!
| 檔案 10_________10_________.zip 接收於 2008.01.30 18:02:40 (CET) | |||
| 反病毒引擎 | 版本 | 最後更新 | 掃瞄結果</TD |
| AhnLab-V3 | 2008.1.31.10 | 2008.01.30 | -</TD |
| AntiVir | 7.6.0.59 | 2008.01.30 | DR/Maran.A</TD |
| Authentium | 4.93.8 | 2008.01.30 | -</TD |
| Avast | 4.7.1098.0 | 2008.01.30 | -</TD |
| AVG | 7.5.0.516 | 2008.01.30 | -</TD |
| BitDefender | 7.2 | 2008.01.30 | -</TD |
| CAT-QuickHeal | 9.00 | 2008.01.29 | -</TD |
| ClamAV | 0.91.2 | 2008.01.30 | Worm.Mytob.IS</TD |
| DrWeb | 4.44.0.09170 | 2008.01.30 | Trojan.PWS.Gamania.origin</TD |
| eSafe | 7.0.15.0 | 2008.01.28 | -</TD |
| eTrust-Vet | 31.3.5497 | 2008.01.30 | -</TD |
| Ewido | 4.0 | 2008.01.30 | -</TD |
| FileAdvisor | 1 | 2008.01.30 | -</TD |
| Fortinet | 3.14.0.0 | 2008.01.30 | W32/OnLineGames.PAB!tr.pws</TD |
| F-Prot | 4.4.2.54 | 2008.01.29 | -</TD |
| F-Secure | 6.70.13260.0 | 2008.01.30 | Trojan-PSW.Win32.OnLineGames.pab</TD |
| Ikarus | T3.1.1.20 | 2008.01.30 | -</TD |
| Kaspersky | 7.0.0.125 | 2008.01.30 | Trojan-PSW.Win32.OnLineGames.pab</TD |
| McAfee | 5218 | 2008.01.29 | -</TD |
| Microsoft | 1.3109 | 2008.01.28 | PWS:Win32/Wowsteal.gen!A</TD |
| NOD32v2 | 2836 | 2008.01.30 | a variant of Win32/PSW.OnLineGames.PLR</TD |
| Norman | 5.80.02 | 2008.01.29 | W32/Malware</TD |
| Panda | 9.0.0.4 | 2008.01.29 | Suspicious file</TD |
| Prevx1 | V2 | 2008.01.30 | -</TD |
| Rising | 20.29.22.00 | 2008.01.30 | -</TD |
| Sophos | 4.25.0 | 2008.01.30 | Mal/EncPk-AP</TD |
| Sunbelt | 2.2.907.0 | 2008.01.30 | -</TD |
| Symantec | 10 | 2008.01.30 | -</TD |
| TheHacker | 6.2.9.202 | 2008.01.30 | Trojan/Agent.adv</TD |
| VBA32 | 3.12.2.6 | 2008.01.29 | suspected of Embedded.MalwareScope.Trojan-PSW.Game.14</TD |
| VirusBuster | 4.3.26:9 | 2008.01.30 | Packed/NSPack</TD |
| Webwasher-Gateway | 6.6.2 | 2008.01.30 | Trojan.Dropper.PSW.OnLineGa.pab</TD |
| 附加訊息 | |||
| File size: 177787 bytes | |||
| MD5: 2de2725d001455399793f63f7e31d782 | |||
| SHA1: 2f5b3dc20d32e949ff48f94713b811335b44998b | |||
| PEiD: – | |||
| packers: RAR, NSPack | |||
| norman sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO – REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Creating several executable files on hard-drive. * Accesses executable file from resource section. * File length: 222901 bytes. [ Changes to filesystem ] * Creates directory C:. * Creates directory C:\WINDOWS. * Creates directory C:\WINDOWS\TEMP. * Creates directory C:\WINDOWS\TEMP\RarSFX0. * Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe. * Creates file C:\WINDOWS\TEMP\RarSFX0\d.exe. * Creates file C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt. * Creates file C:\WINDOWS\TEMP\RarSFX0\2.bat. * Creates file C:\WINDOWS\HELP\F3C74E3FA248.dll. [ Changes to registry ] * Creates key \”HKCU\Software\WinRAR SFX\”. * Sets value \”C%%PROGRA~1%WindowsUp\”=\”C:\WINDOWS\TEMP\RarSFX0\” in key \”HKCU\Software\WinRAR SFX\”. * Creates key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\”. * Sets value \”\”=\”SSUUDL\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\”. * Creates key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”. * Sets value \”\”=\”C:\WINDOWS\HELP\F3C74E3FA248.dll\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”. * Sets value \”ThreadingModel\”=\”Apartment\” in key \”HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\”. [ Network ] * Hooks into Shell explorer. [ Process/window information ] * Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.exe NULL. * Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\d.exe NULL. * Attemps to NULL C:\WINDOWS\TEMP\RarSFX0\10_ _10_ h.txt NULL. * Creates a mutex WSXIHUDS. | |||