Kelp-Space 是記錄一些生活雜事的BlogEvis Ain-Servant 1.2.237 有三隻防毒軟體有反應
我只能說是誤認
因為寫法真的很像是在寫後門 = =
| 檔案 Evis_Ain-Master.exe 接收於 2008.07.03 12:01:23 (CET) | |||
| 反病毒引擎 | 版本 | 最後更新 | 掃瞄結果 |
| AhnLab-V3 | 2008.7.3.2 | 2008.07.03 | - |
| AntiVir | 7.8.0.64 | 2008.07.03 | - |
| Authentium | 5.1.0.4 | 2008.07.02 | - |
| Avast | 4.8.1195.0 | 2008.07.03 | - |
| AVG | 7.5.0.516 | 2008.07.02 | - |
| BitDefender | 7.2 | 2008.07.03 | - |
| CAT-QuickHeal | 9.50 | 2008.07.02 | - |
| ClamAV | 0.93.1 | 2008.07.03 | - |
| DrWeb | 4.44.0.09170 | 2008.07.03 | - |
| eSafe | 7.0.17.0 | 2008.07.03 | - |
| eTrust-Vet | 31.6.5922 | 2008.07.02 | - |
| Ewido | 4.0 | 2008.07.02 | - |
| F-Prot | 4.4.4.56 | 2008.07.02 | - |
| F-Secure | 7.60.13501.0 | 2008.07.01 | Suspicious:W32/VB.bbx!Gemini |
| Fortinet | 3.14.0.0 | 2008.07.03 | - |
| GData | 2.0.7306.1023 | 2008.07.03 | - |
| Ikarus | T3.1.1.26.0 | 2008.07.03 | - |
| Kaspersky | 7.0.0.125 | 2008.07.03 | - |
| McAfee | 5330 | 2008.07.02 | - |
| Microsoft | 1.3704 | 2008.07.03 | - |
| NOD32v2 | 3238 | 2008.07.03 | - |
| Norman | 5.80.02 | 2008.07.02 | - |
| Panda | 9.0.0.4 | 2008.07.02 | - |
| Prevx1 | V2 | 2008.07.03 | - |
| Rising | 20.51.32.00 | 2008.07.03 | - |
| Sophos | 4.30.0 | 2008.07.03 | - |
| Sunbelt | 3.1.1509.1 | 2008.07.03 | - |
| Symantec | 10 | 2008.07.03 | - |
| TheHacker | 6.2.96.369 | 2008.07.03 | - |
| TrendMicro | 8.700.0.1004 | 2008.07.03 | - |
| VBA32 | 3.12.6.8 | 2008.07.02 | - |
| VirusBuster | 4.5.11.0 | 2008.07.02 | - |
| Webwasher-Gateway | 6.6.2 | 2008.07.03 | - |
| 附加訊息 | |||
| File size: 1265664 bytes | |||
| MD5...: 67afc6296099b5531145ee43c9fd2077 | |||
| SHA1..: 8b3332b14d2682916950f375e339382ca0825e05 | |||
| SHA256: 696c07b2c2489bce8e8d7dd2348dfe1e29ba38e65d7d2eae95f6804589d9cc26 | |||
| SHA512: f52d5cf6abb65d9756ec7f1c043c853c096d6c7d8e89824509a37ccd8c173c12 829b6506082bf5a3333566578e0c98c403cd5ae04850a3d39d7f743dc68d98d0 | |||
------------------------------------------------------------------------------------
| 檔案 Evis_Ain-Servant.exe 接收於 2008.07.03 12:51:31 (CET) | |||
| 反病毒引擎 | 版本 | 最後更新 | 掃瞄結果 |
| AhnLab-V3 | 2008.7.3.2 | 2008.07.03 | - |
| AntiVir | 7.8.0.64 | 2008.07.03 | - |
| Authentium | 5.1.0.4 | 2008.07.02 | - |
| Avast | 4.8.1195.0 | 2008.07.03 | - |
| AVG | 7.5.0.516 | 2008.07.02 | - |
| BitDefender | 7.2 | 2008.07.03 | - |
| CAT-QuickHeal | 9.50 | 2008.07.02 | - |
| ClamAV | 0.93.1 | 2008.07.03 | - |
| DrWeb | 4.44.0.09170 | 2008.07.03 | - |
| eSafe | 7.0.17.0 | 2008.07.03 | - |
| eTrust-Vet | 31.6.5922 | 2008.07.02 | - |
| Ewido | 4.0 | 2008.07.02 | - |
| F-Prot | 4.4.4.56 | 2008.07.02 | - |
| F-Secure | 7.60.13501.0 | 2008.07.01 | Backdoor.Win32.VB.gen |
| Fortinet | 3.14.0.0 | 2008.07.03 | - |
| GData | 2.0.7306.1023 | 2008.07.03 | - |
| Ikarus | T3.1.1.26.0 | 2008.07.03 | - |
| Kaspersky | 7.0.0.125 | 2008.07.03 | Backdoor.Win32.VB.gen |
| McAfee | 5330 | 2008.07.02 | - |
| Microsoft | 1.3704 | 2008.07.03 | - |
| NOD32v2 | 3238 | 2008.07.03 | - |
| Norman | 5.80.02 | 2008.07.02 | - |
| Panda | 9.0.0.4 | 2008.07.02 | Suspicious file |
| Prevx1 | V2 | 2008.07.03 | - |
| Rising | 20.51.32.00 | 2008.07.03 | - |
| Sophos | 4.30.0 | 2008.07.03 | - |
| Sunbelt | 3.1.1509.1 | 2008.07.03 | - |
| Symantec | 10 | 2008.07.03 | - |
| TheHacker | 6.2.96.369 | 2008.07.03 | - |
| TrendMicro | 8.700.0.1004 | 2008.07.03 | - |
| VBA32 | 3.12.6.8 | 2008.07.02 | - |
| VirusBuster | 4.5.11.0 | 2008.07.02 | - |
| Webwasher-Gateway | 6.6.2 | 2008.07.03 | - |
| 附加訊息 | |||
| File size: 114688 bytes | |||
| MD5...: a8b3cec42707960569b1925c9195d5c7 | |||
| SHA1..: 45c407fa882073a36addc6fb9f4e81f23ae6f7b3 | |||
| SHA256: cb1a1cdff01747cd79d5ea169bdcc7a5df2ac7c5b3268657aff37fc19072b831 | |||
| SHA512: 7e9291f09242d572dd0f52eb2a1d29ea6e85f8a05eb2934bfc8aa62a13b06d29 0339db87fbc12e52b57eecec96b3041077dc0e58a6a62b38887c2b363f6fe6df | |||
3 則留言:
目前是F-Secure、Kaspersky、Panda啊﹍這三家AV怎麼這樣!寫RAT這種東西本來就比較有和木馬程式有很相似的Style啊﹍太可惡了><!
Kaspersky在2007/11/30時有用改程式碼的方式讓他pass
可是改這種東西超麻煩的等比較閒的時候再來處理
我記得有許多突破Kaspersky主動防禦的code,不過寫這種東西需要長時間的支持,不然還是很容易被抓出來開刀><!
這部份的程式碼到後面在做應該會比較好:D
張貼留言