发表于: 2008-10-23 23:10 | 显示全部 短消息 资料
字号: 1楼

Microsoft 命名为 Backdoor:Win32/Popwin.gen!H 的病毒

反病毒引擎
版本最后更新扫描结果
AhnLab-V32008.10.22.02008.10.23-
AntiVir7.9.0.52008.10.23TR/Dropper.Gen
Authentium5.1.0.42008.10.23W32/Injector.A.gen!Eldorado
Avast4.8.1248.02008.10.23Win32:AutoRun-IC
AVG8.0.0.1612008.10.23Downloader.Generic7.BDAM
BitDefender7.22008.10.23Win32.Worm.Winko.I
CAT-QuickHeal9.502008.10.23-
ClamAV0.93.12008.10.23-
DrWeb4.44.0.091702008.10.23Trojan.Popwin.origin
eSafe7.0.17.02008.10.22Suspicious File
eTrust-Vet31.6.61642008.10.22Win32/Pipown!generic
Ewido4.02008.10.23-
F-Prot4.4.4.562008.10.22W32/Injector.A.gen!Eldorado
F-Secure8.0.14332.02008.10.23Suspicious:W32/Malware!Gemini
Fortinet3.113.0.02008.10.23PossibleThreat
GData192008.10.23Win32.Worm.Winko.I
IkarusT3.1.1.44.02008.10.23Trojan.Win32.Agent
K7AntiVirus7.10.5032008.10.22-
Kaspersky7.0.0.1252008.10.23Trojan.Win32.Pakes.lgv
McAfee54122008.10.23-
Microsoft1.40052008.10.23Backdoor:Win32/Popwin.gen!H
NOD3235482008.10.23probably a variant of Win32/TrojanDownloader.Flux
Norman5.80.022008.10.22-
Panda9.0.0.42008.10.23Suspicious file
PCTools4.4.2.02008.10.23-
Prevx1V22008.10.23-
Rising21.00.32.002008.10.23-
SecureWeb-Gateway6.7.62008.10.23Trojan.Dropper.Gen
Sophos4.34.02008.10.23Mal/Behav-027
Sunbelt3.1.1747.12008.10.23-
Symantec102008.10.23-
TheHacker6.3.1.0.1242008.10.23-
TrendMicro8.700.0.10042008.10.23BKDR_POPWIN.AW
VBA323.12.8.82008.10.22suspected of Trojan-PSW.Game.62 (paranoid heuristics)
ViRobot2008.10.23.14342008.10.23-
VirusBuster4.5.11.02008.10.22-
附加信息
File size: 25654 bytes
MD5...: cba31f142a6a9ac33cfee1d271ba32af
SHA1..: 88bdb30c5380a59e44f2c5b95c7cb5e904ffde95
SHA256: 7d9d8b539cadd5417e129cc38222eb006c80de972d33ff8166e20fd76352c2dd
SHA512: 819531e7d8ea33a752a4fca751d67cbcfe2552da4d02ed53fc64e2674cff33aa
53bebcac1ee3caeeb464e344870769f6fb13a21ea99def8de4c96ec99b8d28e4
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x418001
timedatestamp.....: 0x48ff462b (Wed Oct 22 15:26:35 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7000 0x1200 7.60 c817c1ddfb2a0a88d9018d010936830d
.rdata 0x8000 0x1000 0x600 6.45 5c2b0e97674effb80c21f8c72d7c5592
.data 0x9000 0xe000 0x3200 7.93 9366c395db6a15ff43e244ced0149b32
.rsrc 0x17000 0x1000 0x200 0.89 a2c613757ed4c8b4e7449ceb457c713c
.aspack 0x18000 0x2000 0x1200 5.87 7ccdd791e5dc6ab475dabe5e17a08d9c
.adata 0x1a000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 5 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> msvcrt.dll: _controlfp
> user32.dll: FindWindowExA
> advapi32.dll: RegCreateKeyExA
> shell32.dll: ShellExecuteA

( 0 exports )
packers (Avast): ASPack
packers (Kaspersky): ASPack


2008-10-23 15:18瑞星病毒库无法检出


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)

附件附件:

您所在的用户组无法下载或查看附件