微点交流论坛

标题: 未被微点查杀的病毒 [打印本页]

作者: 天涯海客 时间: 2007-6-25 16:26 标题: 未被微点查杀的病毒

今天我在测试病毒包的时候发现,微点对MS-DOS病毒无法查杀.
扫描报告:
1--VIRUSLOG
时间处理结果病毒名称病毒进程名病毒文件创建者
2007-06-25 16:04:53 处理成功未知恶意程序 C:\WINDOWS\SYSTEM32\SERVET.EXE C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING891.EXE
2007-06-25 16:04:50 处理成功未知恶意程序 C:\WINDOWS\SYSTEM32\DELETEME.BAT C:\WINDOWS\SYSTEM32\SERVET.EXE
2007-06-24 21:02:17 处理成功未知恶意程序 C:\WINDOWS\SYSTEM32\SERVET.EXE C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.734\病毒包\634.EXE
2007-06-24 21:02:15 处理成功未知恶意程序 C:\WINDOWS\SYSTEM32\DELETEME.BAT C:\WINDOWS\SYSTEM32\SERVET.EXE
2--TROYLOG
时间处理结果木马名称木马进程名木马文件创建者
2007-06-25 16:05:02 处理成功未知木马 C:\WINDOWS\SYSTEM32\SERVET.EXE C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING891.EXE
2007-06-25 16:05:02 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:40 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:38 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:36 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:34 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:31 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX26.563\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:25 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX25.094\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:22 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX25.094\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:20 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX25.094\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:18 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX25.094\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:15 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX25.094\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:08 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX23.454\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:06 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX23.454\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:04 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX23.454\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:04:01 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX23.454\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:59 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX23.454\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:53 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX21.844\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:50 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX21.844\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:47 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX21.844\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:44 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX21.844\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:03:41 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX21.844\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:53 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX16.266\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

附件 1: 未命名1.JPG (2007-6-25 16:26, 62.12 K,下载次数： 58)

附件 2: 未命名2.JPG (2007-6-25 16:26, 29.37 K,下载次数： 63)

作者: 天涯海客 时间: 2007-6-25 16:27
2007-06-25 16:02:50 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX16.266\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:48 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX16.266\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:46 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX16.266\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:43 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX16.266\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:37 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX14.891\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:34 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX14.891\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:32 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX14.891\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:30 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX14.891\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:02:27 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX14.891\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:57 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX10.547\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:55 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX10.547\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:53 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX10.547\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:51 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX10.547\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:48 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX10.547\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:30 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX07.922\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:26 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX07.922\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:24 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX07.922\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:22 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX07.922\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:19 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX07.922\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:08 处理成功 Trojan-PSW.Win32.OnLineGames.dln C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\BYETMR.EXE C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\9.EXE
2007-06-25 16:01:05 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:02 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:01:00 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:56 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:53 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX04.594\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:46 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX02.657\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:43 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX02.657\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:40 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX02.657\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:37 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX02.657\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:33 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX02.657\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:23 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.735\病毒包\新建文件夹\RISING737.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:20 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.735\病毒包\新建文件夹\RISING538.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:16 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.735\病毒包\新建文件夹\RISING342.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:12 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.735\病毒包\891.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-25 16:00:09 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.735\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE
2007-06-24 21:02:29 处理成功未知木马 C:\WINDOWS\SYSTEM32\SERVET.EXE C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.734\病毒包\634.EXE
2007-06-24 21:02:29 处理成功未知木马 C:\DOCUMENTS AND SETTINGS\天涯海客\LOCAL SETTINGS\TEMP\RAR$EX00.734\病毒包\634.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE

其中在测试其中的那个MS-DOS病毒时没有发出警告.其代码如图二

作者: Legend 时间: 2007-6-25 17:08
图二中的Microsoft.com只是一个普通的文本文件，不是病毒程序。
欢迎您做深入的测试使用。

作者: 天涯海客 时间: 2007-6-25 18:12
我测试过发现微点对MS-DOS类型的病毒没有发出过警报.
这是我对另外一个文件类型为MS-DOS的病毒的测试
如图

附件 1: 1.JPG (2007-6-25 18:12, 53.02 K,下载次数： 43)

作者: 663219623 时间: 2007-6-25 18:25
确实是事实啊

作者: 天涯海客 时间: 2007-6-25 19:02
这是测试结果

附件 1: 未命名.JPG (2007-6-25 19:02, 25.47 K,下载次数： 44)

附件 2: 未命名2.JPG (2007-6-25 19:02, 36.88 K,下载次数： 31)

作者: Legend 时间: 2007-6-26 06:03
请您把样本及微点软件安装目录下的mp6目录选择复制到桌面压缩发送到virus@micropoint.com.cn邮箱，并说明情况，我们具体进行测试，谢谢您对微点的支持。
注：发邮件时请把此帖子的链接一同发送，便于工作人员跟踪您的问题，及时为您解决问题。

作者: 天涯海客 时间: 2007-6-26 20:48
邮件已发出.

作者: Legend 时间: 2007-6-27 16:26
因Windows NT 5.0内核(Windows 2000)或更高版本系统内核（即NT 5.1(XP)/NT 5.2 (2003)/NT 6.0 Vista 32位版），与Windows 9X甚至Dos时代变化极大，所以传统的实模式Dos病毒，在Windows NT的保护模式内核下是无法正常运行的。病毒双击后没有被真正意义执行，没有任何行为出现，而微点主动防御软件主要依据程序行为判定新病毒，因此楼主测试时微点没有报警属于正常现象。

欢迎楼主对微点主动防御软件继续进行深入测试。

作者: 天涯海客 时间: 2007-6-27 18:11
知道了,多谢超版!

作者: pingpaiji 时间: 2007-6-28 12:25
好精彩的过程。

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn