同学U盘上搞的，自己没装杀软

yashoo

咖啡报了，没有打开来看

yashoo

打开的时候被咖啡删除了  

hj5abc

kaspersky的回复很清楚 .NOD32报那个REG文件确实不在道理.

piratk

它还存在一个runauto… 文件夹 可能如果起作用得靠它，注意就是后面有省略号……

但是此文件夹打不开删不掉，最后用icesword删除了……

其他文件我全部打包上来了…… 有人说是我的问题？ 那如果咖啡等都觉得它有问题，而且确实存在于U盘中，难道没有问题，反而对用户是好的东西？

卡巴那个回复，就不太清楚了……

yashoo

咖啡报告这几个危险性都是低的

Generic component
Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Characteristics
Characteristics -

This detection covers a variety of malware components written in scripting languages such as VBScript, Batch Language, mIRC script, and Windows Registry scripts.

A specific description is not possible because hundreds of malware components are detected under this name. However, since the files detected with this detection are malicious files to begin with, and have no legitimate purpose, removal is to delete the file(s).

If you have to have more information about a file detected by this name, or you suspect a false positive (a file detected by antivirus software that is actually legitimate), send a copy of the file to McAfee AVERT.


Symptoms
Symptoms -
Since this detection covers hundreds of components, symptoms will vary.

Method of Infection
Method of Infection -
Since this detection covers hundreds of components, infection methods will vary.

Removal -
Removal -
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants
Variants -
N/A

yashoo

Generic!atr

Overview -This is a generic detection for a configuration text file (autorun.inf) used by many worms. This file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an executable when the drive is accesed.

CharacteristicsCharacteristics -This is a generic detection for a configuration text file (autorun.inf) used by many worms. This file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an executable when the drive is accesed.
The size for this file varies. The size differs based on the length of the filename being referenced inside the .inf file.
Some copies of this file has the System (S) and Hidden (H) attributes present in attempt to hide the file from certain, default, viewing options within Windows Explorer.
The contents of the file are similar to the following:
[Autorun]
open=<WORM>.exe
shellexecute=<WORM>.exe
shell\Auto\command=<WORM>.exe

SymptomsSymptoms - The presence of autorun.inf files on the root of all removable drives or mapped network drives containing information similar to that described in the "Characteristics" section.

Method of InfectionMethod of Infection - Infection starts either with manual execution of the binary or by navigating to folders containing infected files whereby the autorun.inf files can cause auto-execution.

Removal - Removal - A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations

VariantsVariants -

N/A

[ 本帖最后由 yashoo 于 2007-6-27 20:30 编辑 ]