这个是不是误报？

荒风

修复XP安全模式的注册表文件，只有卡巴报了。。。其他的全没报

wangjay1980

没有误报，这个不是修复安全模式的

wangjay1980

给你个真的

promised

C:\ABC\修复XPSP2无法进入安全模式.rar:\修复XPSP2无法进入安全模式\SharedAccess.reg - 特征码 'Trojan.WinREG.AddShare.b' 被发现
C:\ABC\修复XPSP2无法进入安全模式.rar
并非误报

1. 
   
2. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
   
3. "DependOnGroup"=hex(7):00,00
   
4. "DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
   
5.   6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
   
6. "Description"="为家庭和小型办公网络提供网络地址转换、寻址、名称解析和/或入侵保护服务。"
   
7. "DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
   
8. "ErrorControl"=dword:00000001
   
9. "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
   
10.   74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    
11.   00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    
12.   6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    
13. "ObjectName"="LocalSystem"
    
14. "Start"=dword:00000002
    
15. "Type"=dword:00000020
    
16. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
    
17. "Epoch"=dword:0000002b
    
18. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
    
19. "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    
20.   00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    
21.   69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
    
22.   00
    
23. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]
    
24. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    
25. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
    
26. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    
27. "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    
28. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    
29. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
    
30. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    
31. "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    
32. "D:\\Program Files\\Tencent\\QQ\\QQ.exe"="D:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"
    
33. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
    
34. "ServiceUpgrade"=dword:00000001
    
35. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
    
36. "All"=dword:00000001
    
37. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
    
38. "0"="Root\\LEGACY_SHAREDACCESS\\0000"
    
39. "Count"=dword:00000001
    
40. "NextInstance"=dword:00000001
    
41. 
    
42. 
    

复制代码

[ 本帖最后由 promised 于 2007-9-8 12:07 编辑 ]

woai_jolin

&#20462 : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS
    * Compressed: NO



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.

This file is not flagged as malicious by the Norman Sandbox Information Center. However, we can not guarantee that the file is harmless. If you still suspect the file to be malicious and if you urgently need to know for sure, please submit it to your local Norman support department for manual analysis.

woai_jolin

norman没有报

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 3923
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\SharedAccess.reg

C:\Documents and Settings\uhthn\Desktop\SharedAccess.reg - Infected with PDB-2209 Malware program - Deleted

1 Files scanned
1 Infected files found
0 Suspicious files found
0 Files cured
1 Files deleted

king6808

已删除：木马程序 Trojan.WinREG.AddShare.b        文件　: G:\Temp\9.8\修复XPSP2无法进入安全模式.rar/修复XPSP2无法进入安全模式\SharedAccess.reg

荒风

哦。。。谢谢各位。。。