很怪的毒，是什么？

lianyeguzhou

微点拦截，在avast杀毒时，报。误报？

jason_jiang

不是误报
UNPxxxxxxxx.tmp是avast对扫描目标脱壳后产生的文件

fatezero

不能算是误报

排除"C:\WINDOWS\temp\_avast5_"吧
http://bbs.kafan.cn/redirect.php ... 643902&pid=10997927

BSCH

不是误报，病毒~~
tmp文件，通常是临时文件，就杀软来说，通常是脱壳或者解压的临时文件

ray1106

C:\sandbox\UNP176619504.exe         detected: Trojan-Downloader.Win32.Geral!IK

Upack 0.39 beta -> Dwing

脱壳工具

jayavira

ess 也kill

   Win32/AutoRun.KillAV.F 蠕虫 的变种

咚咚腔

ljy881227

扫描统计:
扫描时间: 3秒
扫描选项:
扫描目标: C:\Documents and Settings\Administrator\桌面\1.rar
计数:
  扫描的项目总数: 3
  - 文件和目录: 3
  - 注册表条目: 0
  - 进程和启动项目: 0
  - 网络和浏览器项目: 0
  - 其他: 0
  - 受信任文件: 0
  - 跳过的文件: 0

  检测到的安全风险总数: 1
  已解决的项目总数: 1
  需要注意的项目总数: 0


已解决的威胁数:
W32.SillyDC
类型: 异常
风险: 高 (高 隐藏，高 删除，高 性能，高 隐私)  
类别: 病毒
状态: 完全解决
-----------
1 个文件
c:\documents and settings\administrator\桌面\1.rar - 已删除




未解决的威胁数:
没有未解决的风险

千里同风

13150300: 'Killer',0
13150308: 'Rsll',0
13150314: '\dllcache\linkinfo.dll',0
1315032C: '\linkinfo.dll',0
1315033C: 'open',0
13150344: 'FUCKGXB',0
1315034C: 'CHINA',0
13150354: 'shell\explore\command=%s',0Dh,0Ah,0
13150390: 'shell\open\Default=1',0Dh,0Ah,0
131503A8: 'shell\open\Command=%s',0Dh,0Ah,0
131503D8: '[AutoRun]',0Dh,0Ah,0
131503E8: 'rundll32.exe',0
131503F8: 'C:\fuckjis.dll,RKTV',0
1315040C: '/im rstray.exe /f',0
13150420: 'taskkill.exe',0
13150430: '/im RavMonD.exe /f',0
13150444: 'RavMonD.exe',0
13150450: 'C:\fuckjis.dll',0
13150468: 'ZXY.PIF',0
13150470: '%c:\AUTORUN.INF',0
13150480: '%c:\ZXY.PIF',0
13150538: 'Kernel32.dll',0
13150548: 'CreateFileA',0
1315055C: 'CloseHandle',0
13150568: 'DeleteFileA',0
13150574: 'CopyFileA',0
13150580: 'MapViewOfFile',0
13150590: 'Advapi32.dll',0
131505A0: 'OpenProcessToken',0
131505B4: 'AdjustTokenPrivileges',0
131505CC: 'WinExec',0
131505D4: 'lstrcmpi',0
131505E0: 'Sleep',0
131505E8: 'MessageBoxA',0
131505F4: 'user32.dll',0
13150600: 'GetModuleFileNameA',0
13150614: 'AdvApi32.dll',0
13150624: 'CloseServiceHandle',0
13150638: 'CreateServiceA',0
13150648: 'OpenSCManagerA',0
13150658: 'OpenServiceA',0
13150668: 'StartServiceA',0
13150678: 'ShellExecuteA',0
13150688: 'shell32.dll',0
13150694: 'OpenProcess',0
131506A0: 'CreateToolhelp32Snapshot',0
131506BC: 'Process32First',0
131506CC: 'Process32Next',0
131506DC: 'SetFileAttributesA',0
131506F0: 'GetFileAttributesA',0
13150704: 'Module32First',0
13150714: 'Module32Next',0
13150724: 'SeDebugPrivilege',0
13150738: 'cauin',0
13150740: 'tianya',0
13150748: '\\.\NEWYEARK',0
13150758: '\fonts\cauin.sys',0
1315076C: '\\.\NEWYEARG',0
1315077C: '\fonts\tianya.sys',0
13150790: 'NTDLL.DLL',0
1315079C: 'ZwUnmapViewOfSection',0
131507B4: 'cmd /c sc config avp start= disabled',0
131507DC: 'kjim.kdl',0
131507E8: 'klavemu.kdl',0
131507F4: 'mark.kdl',0
13150800: 'vlns.kdl',0
1315080C: 'webav.kdl',0
13150818: 'kavbase.kdl',0
13150824: 'avp.exe',0

414447992

金山云安全中心鉴定结果如下

文件名称:        UNP176619504.TMP
文件 MD5:        2a05d0b91d4822cf7f0bb7ed3d420785
文件状态:        危险