本文分析了一位网友遇到的问题,即双击*.exe文件后会生成*~.exe副文件,并提供了具体文件扫描结果。涉及多种反病毒软件对原始及生成文件的检测报告。
endurer 原创
2006-09-19 第2版
2006-09-13 第1版
有位网友的电脑出现了一个奇怪的现象,关于双击*.exe就生成*~.exe,如双击a.exe就生成a~.exe。
并发来了四个文件:setup.exe、setup~.exe、Frozen Throne.exe 和 Frozen Throne~.exe。
2006-09-13 22:33 203,261 setup.exe
2006-09-13 22:37 107,513 setup~.exe
增加95748=0x17604字节
2006-09-13 22:29 370,181 Frozen Throne.exe
2006-09-13 22:28 274,433 Frozen Throne~.exe
增加95748=0x17604字节
1、setup.exe
Rising 报为 Worm.Cnt.a
STATUS: FINISHED
Complete scanning result of "setup.exe", received in VirusTotal at 09.13.2006, 16:54:44 (CET).
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.16 | 09.13.2006 | HEUR/Malware |
| Authentium | 4.93.8 | 09.13.2006 | no virus found |
| Avast | 4.7.844.0 | 09.13.2006 | no virus found |
| AVG | 386 | 09.12.2006 | Downloader.Generic2.OFO |
| BitDefender | 7.2 | 09.13.2006 | Trojan.Downloader.Agent.AJY |
| CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
| ClamAV | devel-20060426 | 09.13.2006 | no virus found |
| DrWeb | 4.33 | 09.13.2006 | Trojan.DownLoader.12699 |
| eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
| eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
| Ewido | 4.0 | 09.13.2006 | Downloader.Delf.awy |
| Fortinet | 2.77.0.0 | 09.13.2006 | no virus found |
| F-Prot | 3.16f | 09.13.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.13.2006 | Trojan-Downloader.Win32.Delf.awy |
| McAfee | 4850 | 09.12.2006 | no virus found |
| Microsoft | 1.1560 | 09.13.2006 | no virus found |
| NOD32v2 | 1.1754 | 09.13.2006 | probably unknown NewHeur_PE virus |
| Norman | 5.90.23 | 09.13.2006 | W32/DLoader.AVLV |
| Panda | 9.0.0.4 | 09.12.2006 | Suspicious file |
| Sophos | 4.09.0 | 09.13.2006 | no virus found |
| Symantec | 8.0 | 09.13.2006 | Downloader |
| TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
| UNA | 1.83 | 09.11.2006 | no virus found |
| VBA32 | 3.11.1 | 09.12.2006 | no virus found |
| VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
| Aditional Information |
| File size: 203261 bytes |
| MD5: 745daa5ca7e831936a94c598ec485695 |
| SHA1: aa89187dd286106840d8f125fd99dde4b3a364f3 |
2、setup~1.exe
STATUS: FINISHED
Complete scanning result of "setup_.exe", received in VirusTotal at 09.13.2006, 17:04:48 (CET).
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.16 | 09.13.2006 | no virus found |
| Authentium | 4.93.8 | 09.13.2006 | no virus found |
| Avast | 4.7.844.0 | 09.13.2006 | no virus found |
| AVG | 386 | 09.12.2006 | no virus found |
| BitDefender | 7.2 | 09.13.2006 | no virus found |
| CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
| ClamAV | devel-20060426 | 09.13.2006 | no virus found |
| eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
| eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
| DrWeb | 4.33 | 09.13.2006 | no virus found |
| Ewido | 4.0 | 09.13.2006 | no virus found |
| Fortinet | 2.77.0.0 | 09.13.2006 | suspicious |
| F-Prot | 3.16f | 09.13.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.13.2006 | no virus found |
| McAfee | 4850 | 09.12.2006 | no virus found |
| Microsoft | 1.1560 | 09.13.2006 | no virus found |
| NOD32v2 | 1.1754 | 09.13.2006 | no virus found |
| Norman | 5.80.02 | 09.13.2006 | no virus found |
| Panda | 9.0.0.4 | 09.12.2006 | no virus found |
| Sophos | 4.09.0 | 09.13.2006 | no virus found |
| Symantec | 8.0 | 09.13.2006 | no virus found |
| TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
| UNA | 1.83 | 09.11.2006 | no virus found |
| VBA32 | 3.11.1 | 09.12.2006 | no virus found |
| VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
| Aditional Information |
| File size: 107513 bytes |
| MD5: e4e9e999ab14699cd0277c0c552a2aa8 |
| SHA1: bf2501e95d100595b72401689b3e10093f05da2c |
3、Frozen_Throne.exe
Rising 报为 Worm.Cnt.a
STATUS: FINISHED
Complete scanning result of "Frozen_Throne.exe", received in VirusTotal at 09.13.2006, 17:15:37 (CET).
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.16 | 09.13.2006 | HEUR/Malware |
| Authentium | 4.93.8 | 09.13.2006 | no virus found |
| Avast | 4.7.844.0 | 09.13.2006 | no virus found |
| AVG | 386 | 09.12.2006 | Downloader.Generic2.OFO |
| BitDefender | 7.2 | 09.13.2006 | Trojan.Downloader.Agent.AJY |
| CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
| ClamAV | devel-20060426 | 09.13.2006 | no virus found |
| DrWeb | 4.33 | 09.13.2006 | Trojan.DownLoader.12699 |
| eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
| eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
| Ewido | 4.0 | 09.13.2006 | Downloader.Delf.awy |
| Fortinet | 2.77.0.0 | 09.13.2006 | suspicious |
| F-Prot | 3.16f | 09.13.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.13.2006 | Trojan-Downloader.Win32.Delf.awy |
| McAfee | 4850 | 09.12.2006 | no virus found |
| Microsoft | 1.1560 | 09.13.2006 | no virus found |
| NOD32v2 | 1.1754 | 09.13.2006 | probably unknown NewHeur_PE virus |
| Norman | 5.90.23 | 09.13.2006 | W32/DLoader.AVLV |
| Panda | 9.0.0.4 | 09.12.2006 | Suspicious file |
| Sophos | 4.09.0 | 09.13.2006 | no virus found |
| Symantec | 8.0 | 09.13.2006 | Downloader |
| TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
| UNA | 1.83 | 09.11.2006 | no virus found |
| VBA32 | 3.11.1 | 09.12.2006 | no virus found |
| VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
| Aditional Information |
| File size: 370181 bytes |
| MD5: 87db7215d1e4d67de45dc297628f847a |
| SHA1: 83522edab281e6791de9fce663a5123d0e55b623 |
4、Frozen Throne~.exe
STATUS: FINISHED
Complete scanning result of "Frozen_Throne_.exe", received in VirusTotal at 09.13.2006, 16:43:48 (CET).
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.16 | 09.13.2006 | no virus found |
| Authentium | 4.93.8 | 09.13.2006 | no virus found |
| Avast | 4.7.844.0 | 09.13.2006 | no virus found |
| AVG | 386 | 09.12.2006 | no virus found |
| BitDefender | 7.2 | 09.13.2006 | no virus found |
| CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
| ClamAV | devel-20060426 | 09.13.2006 | no virus found |
| DrWeb | 4.33 | 09.13.2006 | no virus found |
| eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
| eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
| Ewido | 4.0 | 09.13.2006 | no virus found |
| Fortinet | 2.77.0.0 | 09.13.2006 | no virus found |
| F-Prot | 3.16f | 09.13.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.13.2006 | no virus found |
| McAfee | 4850 | 09.12.2006 | no virus found |
| Microsoft | 1.1560 | 09.13.2006 | no virus found |
| NOD32v2 | 1.1754 | 09.13.2006 | no virus found |
| Norman | 5.90.23 | 09.13.2006 | no virus found |
| Panda | 9.0.0.4 | 09.12.2006 | no virus found |
| Sophos | 4.09.0 | 09.13.2006 | no virus found |
| Symantec | 8.0 | 09.13.2006 | no virus found |
| TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
| UNA | 1.83 | 09.11.2006 | no virus found |
| VBA32 | 3.11.1 | 09.12.2006 | Backdoor.Win32.Ciadoor.13 |
| VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
| Aditional Information |
| File size: 274433 bytes |
| MD5: 5c3d0c4e0696e694654ccd8ce4773e8e |
| SHA1: f9d825469f72c6207133b5902c3715da8f37c0f8 |
扫一扫
7755
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
