本来去搜WG的
结果没想到是个病毒
貌似是灰鸽子
下载后用瑞星查杀N遍无反应
放心运行
结果没任何界面
当即判断中毒
任务管理器出现N个CALC.exe进程
并且瑞星不断报该进程修改内存
随即用瑞星进行全盘杀毒倒也都杀出来了
但是重启后问题依旧
大家有什么办法吗?
………………………………………………………………………………………………
附上
www.virustotal.com的检测报告
文件 1.exe 接收于 2008.08.09 04:24:40 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.8.9.0 | 2008.08.08 | - |
| AntiVir | 7.8.1.19 | 2008.08.08 | TR/Crypt.XPACK.Gen |
| Authentium | 5.1.0.4 | 2008.08.09 | W32/Hupigon.G.gen!Eldorado |
| Avast | 4.8.1195.0 | 2008.08.08 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.156 | 2008.08.08 | - |
| BitDefender | 7.2 | 2008.08.09 | GenPack:Backdoor.Hupigon.AXUC |
| CAT-QuickHeal | 9.50 | 2008.08.08 | (Suspicious) - DNAScan |
| ClamAV | 0.93.1 | 2008.08.09 | - |
| DrWeb | 4.44.0.09170 | 2008.08.08 | - |
| eSafe | 7.0.17.0 | 2008.08.07 | - |
| eTrust-Vet | 31.6.6021 | 2008.08.08 | - |
| Ewido | 4.0 | 2008.08.08 | - |
| F-Prot | 4.4.4.56 | 2008.08.08 | W32/Hupigon.G.gen!Eldorado |
| F-Secure | 7.60.13501.0 | 2008.08.08 | - |
| Fortinet | 3.14.0.0 | 2008.08.08 | - |
| GData | 2.0.7306.1023 | 2008.08.09 | Win32:Trojan-gen |
| Ikarus | T3.1.1.34.0 | 2008.08.09 | Trojan-PWS.Win32.Agent.iu |
| K7AntiVirus | 7.10.408 | 2008.08.08 | - |
| Kaspersky | 7.0.0.125 | 2008.08.09 | - |
| McAfee | 5357 | 2008.08.08 | - |
| Microsoft | 1.3807 | 2008.08.09 | - |
| NOD32v2 | 3341 | 2008.08.08 | - |
| Norman | 5.80.02 | 2008.08.08 | - |
| Panda | 9.0.0.4 | 2008.08.08 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.08.08 | Backdoor.Graybird.GEN |
| Prevx1 | V2 | 2008.08.09 | - |
| Rising (瑞星竟然没查出来。失望) | 20.56.41.00 | 2008.08.08 | - |
| Sophos | 4.32.0 | 2008.08.09 | Sus/UnkPacker |
| Sunbelt | 3.1.1537.1 | 2008.08.08 | VIPRE.Suspicious |
| TheHacker | 6.2.96.395 | 2008.08.08 | - |
| TrendMicro | 8.700.0.1004 | 2008.08.08 | - |
| VBA32 | 3.12.8.3 | 2008.08.08 | - |
| ViRobot | 2008.8.8.1329 | 2008.08.08 | - |
| VirusBuster | 4.5.11.0 | 2008.08.08 | - |
| Webwasher-Gateway | 6.6.2 | 2008.08.09 | Trojan.Crypt.XPACK.Gen |
|
| 附加信息 |
| File size: 775680 bytes |
| MD5...: ebe7854bc74d977dbbfa5d5159885b62 |
| SHA1..: f5d3d9e7cddb251f88a85220195980c7a7241b4d |
| SHA256: 9ce1b44a178f2cdb08702d44b508a96cbd3420077a76ae0f067ef5b4403b36be |
| SHA512: 7c800379e48649f93df9b1eebca7798d181d994c46581a1a8589855300cd3f9b<BR>53d2f8ed2b060f83d1caac34f5774595abe90b32681d77a609a82af0099d8b35 |
| PEiD..: ASProtect v1.23 RC1 |
| PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4bf000<BR>timedatestamp.....: 0x4877b226 (Fri Jul 11 19:19:02 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0x1000 0xbe000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>0xbf000 0x6f000 0x6de00 8.00 a1f20c4ccd1ba1aba54e047bc29cb809<BR>.rsrc 0x12e000 0x2000 0x1200 3.86 cc83cbdac43b2e0c07310009846e3011<BR>.data 0x130000 0x4f000 0x4e200 7.93 b36ceee1bd6cf475a7a9640ea14b472a<BR>.adata 0x17f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR><BR>( 3 imports ) <BR>> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<BR>> oleaut32.dll: VariantChangeTypeEx<BR>> kernel32.dll: RaiseException<BR><BR>( 0 exports ) <BR> |
| packers (Kaspersky): PE_Patch |
…………………………………………………………………………………………………………………………
再附virscan.org的检测
VirSCAN.org Scanned Report :
Scanned time : 2008/08/12 16:57:34 (CST)
Scanner results: 25%的杀软(9/36)报告发现病毒
File Name : 1.rar
File Size : 770306 byte
File Type : RAR archive data, v1d, os
MD5 : 6484cf05a93e01e1c37a57277499d90a
SHA1 : 9190dc4f2c44cf766837eab4be05ca0a3be6a7d3
Online report :
http://virscan.org/report/3a2e0cf236375dcb93221582b5bf8a0c.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.11 2008-08-11 2.46 -
安博士V3 2008.08.12.02 2008.08.12 2008-08-12 1.09 -
AntiVir 7.8.1.19 7.0.5.241 2008-08-12 2.18 TR/Crypt.XPACK.Gen
Arcavir 1.0.5 200808111903 2008-08-11 1.21 -
AVAST! 3.0.1 080811-0 2008-08-11 0.03 Win32:Trojan-gen {Other}
AVG 7.5.51.442 270.6.1/1605 2008-08-11 1.59 -
BitDefender 7.60825.1437002 7.20478 2008-08-12 4.43 GenPack:Backdoor.Hupigon.AXUC
CA (VET) 9.0.0.143 31.6.6025 2008-08-12 4.16 -
ClamAV 0.93.3 8017 2008-08-12 0.14 -
Comodo 2.11 2.0.0.614 2008-08-12 0.46 -
CP Secure 1.1.0.715 2008.08.12 2008-08-12 6.08 BackDoor.W32.Hupigon.ulj
Dr.Web 4.44.0.9170 2008.08.12 2008-08-12 3.23 -
ewido 4.0.0.2 2008.08.04 2008-08-04 2.43 -
F-Prot 4.4.4.56 20080811 2008-08-11 1.05 W32/Hupigon.G.gen!Eldorado (generic, not disinfectable)
F-Secure 5.51.6100 2008.08.11.07 2008-08-11 3.03 -
飞塔 2.81-3.11 9.388 2008-08-05 1.73 -
ViRobot 20080811 2008.08.11 2008-08-11 0.40 -
Ikarus T3.1.01.34 2008.08.12.71259 2008-08-12 3.23 Trojan-PWS.Win32.Agent.iu
江民杀毒 11.0.706 2008.08.12 2008-08-12 1.15 -
卡巴斯基 5.5.10 2008.08.12 2008-08-12 0.07 -
金山毒霸 2008.1.14.15 2008.8.12.14 2008-08-12 0.73 -
迈克菲 5.2.00 5358 2008-08-11 3.06 -
Microsoft 1.3807 2008.08.12 2008-08-12 6.94 -
mks_vir 2.01 2008.08.11 2008-08-11 2.63 Win32.4
Norman 5.93.01 5.93.00 2008-08-11 5.57 -
熊猫卫士 9.05.01 2008.08.11 2008-08-11 2.16 -
趋势科技 8.700-1004 5.470.02 2008-08-11 0.19 -
Quick Heal 9.50 2008.08.11 2008-08-11 1.79 -
瑞星 20.0 20.57.11.00 2008-08-12 0.98 -
Sophos 2.77.0 4.32 2008-08-12 1.90 -
Sunbelt 3.1.1542.1 2188 2008-08-11 0.56 VIPRE.Suspicious
赛门铁克 1.3.0.24 20080811.016 2008-08-11 0.19 -
nProtect 2008-08-12.00 1765896 2008-08-12 3.58 GenPack:Backdoor.Hupigon.AXUC
The Hacker 6.2.96 v00396 2008-08-11 0.40 -
VBA32 3.12.8.3 20080811.0831 2008-08-11 2.54 -
VirusBuster 4.5.11.10 4.5.11/ 0010-00-00 1.03 -
可以看到。。。中国最主流的杀毒软件 :卡巴斯基,江民杀毒,瑞星,金山毒霸,迈克菲,趋势科技,赛门铁克,安博士V3无一例外都没有扫描出!!难道说。。。。。
