endurer 原创
2006-09-19 第2版
2006-09-13 第1版
有位网友的电脑出现了一个奇怪的现象,关于双击*.exe就生成*~.exe,如双击a.exe就生成a~.exe。
并发来了四个文件:setup.exe、setup~.exe、Frozen Throne.exe 和 Frozen Throne~.exe。
2006-09-13 22:33 203,261 setup.exe
2006-09-13 22:37 107,513 setup~.exe
增加95748=0x17604字节
2006-09-13 22:29 370,181 Frozen Throne.exe
2006-09-13 22:28 274,433 Frozen Throne~.exe
增加95748=0x17604字节
1、setup.exe
Rising 报为 Worm.Cnt.a
STATUS: FINISHED
Complete scanning result of "setup.exe", received in VirusTotal at 09.13.2006, 16:54:44 (CET).
Antivirus | Version | Update | Result |
AntiVir | 7.2.0.16 | 09.13.2006 | HEUR/Malware |
Authentium | 4.93.8 | 09.13.2006 | no virus found |
Avast | 4.7.844.0 | 09.13.2006 | no virus found |
AVG | 386 | 09.12.2006 | Downloader.Generic2.OFO |
BitDefender | 7.2 | 09.13.2006 | Trojan.Downloader.Agent.AJY |
CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
ClamAV | devel-20060426 | 09.13.2006 | no virus found |
DrWeb | 4.33 | 09.13.2006 | Trojan.DownLoader.12699 |
eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
Ewido | 4.0 | 09.13.2006 | Downloader.Delf.awy |
Fortinet | 2.77.0.0 | 09.13.2006 | no virus found |
F-Prot | 3.16f | 09.13.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.13.2006 | Trojan-Downloader.Win32.Delf.awy |
McAfee | 4850 | 09.12.2006 | no virus found |
Microsoft | 1.1560 | 09.13.2006 | no virus found |
NOD32v2 | 1.1754 | 09.13.2006 | probably unknown NewHeur_PE virus |
Norman | 5.90.23 | 09.13.2006 | W32/DLoader.AVLV |
Panda | 9.0.0.4 | 09.12.2006 | Suspicious file |
Sophos | 4.09.0 | 09.13.2006 | no virus found |
Symantec | 8.0 | 09.13.2006 | Downloader |
TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
UNA | 1.83 | 09.11.2006 | no virus found |
VBA32 | 3.11.1 | 09.12.2006 | no virus found |
VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
Aditional Information |
File size: 203261 bytes |
MD5: 745daa5ca7e831936a94c598ec485695 |
SHA1: aa89187dd286106840d8f125fd99dde4b3a364f3 |
2、setup~1.exe
STATUS: FINISHED
Complete scanning result of "setup_.exe", received in VirusTotal at 09.13.2006, 17:04:48 (CET).
Antivirus | Version | Update | Result |
AntiVir | 7.2.0.16 | 09.13.2006 | no virus found |
Authentium | 4.93.8 | 09.13.2006 | no virus found |
Avast | 4.7.844.0 | 09.13.2006 | no virus found |
AVG | 386 | 09.12.2006 | no virus found |
BitDefender | 7.2 | 09.13.2006 | no virus found |
CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
ClamAV | devel-20060426 | 09.13.2006 | no virus found |
eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
DrWeb | 4.33 | 09.13.2006 | no virus found |
Ewido | 4.0 | 09.13.2006 | no virus found |
Fortinet | 2.77.0.0 | 09.13.2006 | suspicious |
F-Prot | 3.16f | 09.13.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.13.2006 | no virus found |
McAfee | 4850 | 09.12.2006 | no virus found |
Microsoft | 1.1560 | 09.13.2006 | no virus found |
NOD32v2 | 1.1754 | 09.13.2006 | no virus found |
Norman | 5.80.02 | 09.13.2006 | no virus found |
Panda | 9.0.0.4 | 09.12.2006 | no virus found |
Sophos | 4.09.0 | 09.13.2006 | no virus found |
Symantec | 8.0 | 09.13.2006 | no virus found |
TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
UNA | 1.83 | 09.11.2006 | no virus found |
VBA32 | 3.11.1 | 09.12.2006 | no virus found |
VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
Aditional Information |
File size: 107513 bytes |
MD5: e4e9e999ab14699cd0277c0c552a2aa8 |
SHA1: bf2501e95d100595b72401689b3e10093f05da2c |
3、Frozen_Throne.exe
Rising 报为
Worm.Cnt.a
STATUS: FINISHED
Complete scanning result of "Frozen_Throne.exe", received in VirusTotal at 09.13.2006, 17:15:37 (CET).
Antivirus | Version | Update | Result |
AntiVir | 7.2.0.16 | 09.13.2006 | HEUR/Malware |
Authentium | 4.93.8 | 09.13.2006 | no virus found |
Avast | 4.7.844.0 | 09.13.2006 | no virus found |
AVG | 386 | 09.12.2006 | Downloader.Generic2.OFO |
BitDefender | 7.2 | 09.13.2006 | Trojan.Downloader.Agent.AJY |
CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
ClamAV | devel-20060426 | 09.13.2006 | no virus found |
DrWeb | 4.33 | 09.13.2006 | Trojan.DownLoader.12699 |
eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
Ewido | 4.0 | 09.13.2006 | Downloader.Delf.awy |
Fortinet | 2.77.0.0 | 09.13.2006 | suspicious |
F-Prot | 3.16f | 09.13.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.13.2006 | Trojan-Downloader.Win32.Delf.awy |
McAfee | 4850 | 09.12.2006 | no virus found |
Microsoft | 1.1560 | 09.13.2006 | no virus found |
NOD32v2 | 1.1754 | 09.13.2006 | probably unknown NewHeur_PE virus |
Norman | 5.90.23 | 09.13.2006 | W32/DLoader.AVLV |
Panda | 9.0.0.4 | 09.12.2006 | Suspicious file |
Sophos | 4.09.0 | 09.13.2006 | no virus found |
Symantec | 8.0 | 09.13.2006 | Downloader |
TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
UNA | 1.83 | 09.11.2006 | no virus found |
VBA32 | 3.11.1 | 09.12.2006 | no virus found |
VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
Aditional Information |
File size: 370181 bytes |
MD5: 87db7215d1e4d67de45dc297628f847a |
SHA1: 83522edab281e6791de9fce663a5123d0e55b623 |
4、Frozen Throne~.exe
STATUS: FINISHED
Complete scanning result of "Frozen_Throne_.exe", received in VirusTotal at 09.13.2006, 16:43:48 (CET).
Antivirus | Version | Update | Result |
AntiVir | 7.2.0.16 | 09.13.2006 | no virus found |
Authentium | 4.93.8 | 09.13.2006 | no virus found |
Avast | 4.7.844.0 | 09.13.2006 | no virus found |
AVG | 386 | 09.12.2006 | no virus found |
BitDefender | 7.2 | 09.13.2006 | no virus found |
CAT-QuickHeal | 8.00 | 09.13.2006 | no virus found |
ClamAV | devel-20060426 | 09.13.2006 | no virus found |
DrWeb | 4.33 | 09.13.2006 | no virus found |
eTrust-InoculateIT | 23.72.123 | 09.13.2006 | no virus found |
eTrust-Vet | 30.3.3076 | 09.13.2006 | no virus found |
Ewido | 4.0 | 09.13.2006 | no virus found |
Fortinet | 2.77.0.0 | 09.13.2006 | no virus found |
F-Prot | 3.16f | 09.13.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.13.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.12.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.13.2006 | no virus found |
McAfee | 4850 | 09.12.2006 | no virus found |
Microsoft | 1.1560 | 09.13.2006 | no virus found |
NOD32v2 | 1.1754 | 09.13.2006 | no virus found |
Norman | 5.90.23 | 09.13.2006 | no virus found |
Panda | 9.0.0.4 | 09.12.2006 | no virus found |
Sophos | 4.09.0 | 09.13.2006 | no virus found |
Symantec | 8.0 | 09.13.2006 | no virus found |
TheHacker | 5.9.8.210 | 09.13.2006 | no virus found |
UNA | 1.83 | 09.11.2006 | no virus found |
VBA32 | 3.11.1 | 09.12.2006 | Backdoor.Win32.Ciadoor.13 |
VirusBuster | 4.3.7:9 | 09.13.2006 | no virus found |
Aditional Information |
File size: 274433 bytes |
MD5: 5c3d0c4e0696e694654ccd8ce4773e8e |
SHA1: f9d825469f72c6207133b5902c3715da8f37c0f8 |
