卡饭论坛's Archiver



sam.to 发表于 2008-8-20 17:30

第41次更新

gankeyu 发表于 2008-8-20 17:34

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\s\0820-1707 上的扫描。
================
'Heur.Swizzor.Gen' 在 '9kgen_up.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int4' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int4' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe1' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe2' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe3' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe4' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int3' 中被检测到。
================
扫描文件数: 22
本次扫描发现了 22 个已知威胁,请及时处理。
实际文件数: 22
扫描时间: 0-00-00 00:00:13:0719
威胁比率: 100%

WillBeNextKido 发表于 2008-8-20 17:52

回复 22楼 gankeyu 的帖子

[:01:] 先下手为强。。。

sam.to 发表于 2008-8-22 18:09

Hello,

Generic record detects half of these files, in several days it will detect the other half.
-----------------
Regards, Namestnikov Yury
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: [email]newvirus@kaspersky.com[/email]
[url]http://www.kaspersky.com[/url]   [url]http://www.viruslist.com[/url]

No part of this message can be made available on the public web,
message board or newsgroup without the permission of the sender.

syfwxmh 发表于 2008-8-22 18:11

回复 24楼 kato9096 的帖子

回答真经典~

sam.to 发表于 2008-8-22 18:18

回复 25楼 syfwxmh 的帖子

但我不同意查到一半的说法,我手上的样本(已上报的)只查到很少很少

luxiao200888 发表于 2008-8-22 19:15

24楼回复真逗~~不急不急 一半一半的来~~呵呵[:15:]

sbbdms 发表于 2008-8-22 19:28

回复 24楼 kato9096 的帖子

虽然是一个令人兴奋的消息
但是
Swizzors那边已经开始限制下载了......
同一IP在短时间内下载所得的文件几乎是一样的......
晕~
这样子就很难搞出大量样本了......
太可恶了......~

WillBeNextKido 发表于 2008-8-22 19:38

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\0820-1707 上的扫描。
================
'Heur.Swizzor.Gen' 在 '9kgen_up.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int4' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int4' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe1' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe2' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe3' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe4' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int3' 中被检测到。
================
扫描文件数: 22
本次扫描发现了 22 个已知威胁,请及时处理。
实际文件数: 22
扫描时间: 0-00-00 00:00:15:0079
威胁比率: 100%

卡巴究竟什么时候才相信我们的GEN

sam.to 发表于 2008-8-22 20:19

回复 28楼 sbbdms 的帖子

我前天下載沒有太大的問題,同名的文件只可以下載到3-4个不一样的
比如下載5次9kgen,只有3-4个是不一样的

不知这2日的情況,因為我正等待新基因后再上报不报的~~

syfwxmh 发表于 2008-8-22 20:22

回复 29楼 spicalhook 的帖子

你直接去俄罗斯论坛PM那里的KL RUSSIA TEAM就可以了,我已经和KL CHINA TEAM说了,他已经发送到KL RUSSIA了,等待回复ing

sam.to 发表于 2008-8-23 23:51

第42次更新

Kitman 发表于 2008-8-24 00:00

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\0823-2337'
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\9kgen_up.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '49173487.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\9kgen_up.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '486be1a0.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\9kgen_up.int3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '49173489.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\9kgen_up.int4
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '486be1a2.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\kr3.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '48e3348e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\kr3.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '499fe1a7.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\kr3.int3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '48e33480.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\np_pkz.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348c.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\np_pkz.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4873e1a5.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\np_pkz.int3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348e.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\sn_pkz.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348a.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\sn_pkz.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4873e1a3.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\sn_pkz.int3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\tp_map16.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\tp_map16.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4873e1a6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\tp_map16.int3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '490f348f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\uninstall.exe1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4919348b.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\uninstall.exe2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4865e1a4.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\uninstall.exe3
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '4919348d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\upAYB.int1
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '48f1348d.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\upAYB.int2
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE]      A backup was created as '498de1a6.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!
C:\Documents and Settings\Administrator\桌面\0823-2337\0823-2337\upAYB.int3
    [DETECTION] Is the TR/Swizzor.1.3048 Trojan
    [NOTE]      A backup was created as '48f1348f.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2008年8月24日  00:00
Used time: 00:03 Minute(s)

The scan has been done completely.

      2 Scanning directories
     22 Files were scanned
     22 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     22 files were deleted
      0 files were repaired
     22 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
     22 Notes

J-F-F 发表于 2008-8-24 21:39

rising kill all

sam.to 发表于 2008-8-27 18:30

第43次更新

电影结束了 发表于 2008-8-27 18:32

[quote]原帖由 [i]sbbdms[/i] 于 2008-8-22 19:28 发表 [url=http://bbs.kafan.cn/redirect.php?goto=findpost&pid=4575126&ptid=308488][img]http://bbs.kafan.cn/images/common/back.gif[/img][/url]
虽然是一个令人兴奋的消息
但是
Swizzors那边已经开始限制下载了......
同一IP在短时间内下载所得的文件几乎是一样的......
晕~
这样子就很难搞出大量样本了......
太可恶了......~ [/quote]

[:15:]
qianwenxiang的原理加了IP的较验。。。~
[:xi17:]

sam.to 发表于 2008-8-30 15:43

第44次更新

gankeyu 发表于 2008-8-30 15:46

回复 37楼 kato9096 的帖子

....all killed

sam.to 发表于 2008-9-1 23:18

[第45次更新

老百姓 发表于 2008-9-2 13:26

现在可以了

页: 1 [2] 3

Powered by Discuz! Archiver 6.1.0  © 2001-2007 Comsenz Inc.