1227 mcafee 提交样本 Avert(r) Lab

闲来无事,把家里发现的病毒上报一下看看

Avert(r) Labs WebImmune

Avert(r) Labs WebImmune is the world\’s first Internet virus security scanner that resides on the web. It is constantly available(24×7/365). You can submit potentially infected files to WebImmune for analysis. You will receive information about your files, including solutions and real-time fixes, if required.

To use WebImmune, you must log in as a known user. To register as a new user, click here.

Thank you for using WebImmune.

Avert(r) Labs

Avert(r) Labs WebImmune

You are about to register for WebImmune.

The registration page has required fields requesting information about you, the user. The additional information we are asking for is geographic location, industry sector, and time zone .

As a member of the computing public, you can help Avert(r) Labs help you. By providing us with some basic information about where you are and who you are, you can help Avert(r) Labs study and track the migration patterns of viruses.

If you want to participate in helping Avert(r) Labs track viruses and use our free WebImmune service, please select the continue button.

If you do not want to participate in helping Avert(r) Labs track viruses and you do not want to use our free WebImmune service, please select the leave button.

You may still e-mail samples to Avert(r) Labs and receive the same excellent service we have always provided at: Virus_Research@avertlabs.com

Avert(r) Labs WebImmune
Welcome: sf sf
Account: shengf@star-net.cn

When submitting files for analysis, remember:

    * – WebImmune will not accept a file greater than 3MB (megabytes).
    * – The submit button will be inactive while your file is uploading.

Notice: WinZIP 9.0 users.
Currently WebImmune does not support the advanced encryption routines available in this product when password protecting your ZIP file. If you are submitting a ZIP file which has been created with WinZIP 9.0, please use the WinZIP 2.0 compatible encryption. For further tips, see the Frequently Asked Questions (FAQ).  
   Scan A File
•  Log out
•  Change password
•  Update registration
•  My Account
•  Frequently Asked Questions
•  Instructions For Use
Select the file to submit:

To better assist us in evaluating your submission, please answer as many questions as possible.
What Operating System and Service Packs are you using? 
Has a McAfee product detected a virus? 
If yes, what was the virus name?  
What McAfee product, engine, and DAT file version are you using? 
Has another AV vendor\’s product detected a virus? 
If yes, what was the virus name? 
What other AV product, engine, and DAT file version are you using? 
Has this file been run on any of your systems? 
Have you noted anything abnormal with this file? 
How many files are you seeing which exhibit this behavior? 
How many systems have you found this file on?

Analysis ID  File  Findings  Detection  Type  Date  Extra
2847162  mssvc32.dll  new detection   ddos-rincux   Trojan   12/04/06   Yes
2847162  g0ld.com.exe  inconclusive   null   null   12/04/06   No
2847141  g_server2006.dll  inconclusive   null   null   12/04/06   No
2847141  g_server2006.exe  inconclusive   null   null   12/04/06   No
2847141  g_server2006key.dll  inconclusive   null   null   12/04/06   No

AVERT Labs – Beaverton
Current Scan Engine Version:5100.0194
Current DAT Version:4909.0000
Thank you for your submission.

Analysis ID: 2847162
Name Findings Detection Type Extra
g0ld.com.exe inconclusive   no
mssvc32.dll new detection ddos-rincux Trojan yes

Attached is a file for extra detection, which will be included in a future DAT set. We have detected a virus or trojan that can only be detected and removed with the attached EXTRA.DAT and current scan engine. The EXTRA.DAT must be used with the current scan engine, and we highly recommend you update to the most current DAT release. If you are not seeing this with the product you are using, please speak with technical support so they can help you determine the cause of this discrepancy.

new detection [ mssvc32.dll ]
The file received contains a new virus or trojan. It is recommended that you update your DAT and engine files and scan your computer again.

inconclusive [ g0ld.com.exe ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an Avert Labs Researcher for further analysis. You will be contacted by AVERT through e-mail with the results of that analysis.

inconclusive [ g_server2006.dll g_server2006.exe g_server2006key.dll ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an Avert Labs Researcher for further analysis. You will be contacted by AVERT through e-mail with the results of that analysis.

We have received your submission, ID 2849437, and your result will be available shortly, normally within 2 minutes. If you receive an inconclusive result then your submission is being escalated to a researcher and you will receive additional information once your sample is fully analyzed.

If you see no results posted for this ID under the My Account page after 10 minutes, please send a query to the WebImmune mailbox. Files should not be attached to this query as we have already received them. This query will be sent to our development team to determine if there are any issues with WebImmune.

* E-mail address   
*Confirm address  
* Secret question  
* Secret answer  
Language & Content  
* Country / Region  
* State / Province  
* Industry  
* Time zone  
Number of PC\’s  
Desktop vendor  
Server vendor  
Perimeter vendor

历史博文

标签:
五月 30, 2007 at 12:24 下午 by yippee 1,012 次
Category: English
Tags: