Web4.exe 文件 提示要连接网络 卡巴墙禁了后浏览器无法上网！

chenjiangke

不知道这个是做什么的，百度了一下 也没几个相关信息，高手帮看看是什么东西。

风野胤

Scanning Log
NOD32 version 2540 (20070919) NT
Command line: R:\web4.rar
Checking CRC of NOD32.EXE: Status OK
Scanning memory: Not performed (option disabled)
Error occurred while scanning MBR sector of the 2.  ?
?physical disk. Error reading sector.
Date: 19.9.2007  Time: 14:58:40
Anti-Stealth technology is enabled.
Scanned disks, folders and files: R:\web4.rar
R:\web4.rar ?RAR ?web4.exe - probably unknown NewHeur_PE  ?
?virus [7]
Number of scanned files: 1
Number of threats found: 1
Time of completion: 14:58:40 Total scanning time: 0 sec  ?
?(00:00:00)
Notes:
[7] File is probably infected with an unknown virus.





少东西
运行不能
你看看卡巴墙是不是把80或者53端口给关了？
没有用过卡巴墙
也不敢乱说

[ 本帖最后由 风野胤 于 2007-9-19 14:59 编辑 ]

IllusionWing

貌似是个搜索器之类的..vb编写。。
00001E5E: qidong
00001FCD: h t t p
0000229D: t i m e r
00002577: 7 8 E 1 B D D 1
00002581: 9 9 4 1
0000258B: 1 1 c f
00002595: 9 7 5 6
000025AF: 0 0 A A 0 0 C 0 0 9 0 8
00002D8F: S o f t w a r e
00002DA3: M i c r o s o f t
00002DB3: W i n d o w s
00002DD1: C u r r e n t V e r s i o n
00002F52: qidong
0000333F:  1 5 1
000037A3: t i m e r
000037B3: w i n d i r
000037C7: M e d i a
000037D7: W i n d o w s
00003807: M e d i a
00003817: W i n d o w s
00003851: s y s t e m 3 2
0000385B: w e b 4
00003883: h t t p
0000389B: y i p r o
000038AF: h i t s 2
000038BF: s o u s u o 3
000038D7: h t t p
000038EF: y i p r o
00003903: h i t s 2
0000390D: h i t s
0000394F: h t t p
00003967: y i p r o
0000397B: h i t s 2
00003987: h i t s 3
000039B1: d o c u m e n t E l e m e n t
000039C5: i n n e r H T M L
000039EB: 2 0 0 7
00003A03: h t t p
00003A1B: b a i d u
00003A31: F o r m s
00003A3D: V a l u e
00003A49: C l i c k
00003A57: h t t p
00003A71: g o o g l e
00003A83: i n t l
00003A9F: h t t p
00003AB9: g o o g l e
00003B03: h t t p
00003B15: s e a r c h
00003B21: y a h o o
00003B53: h t t p
00003B69: l i v e
00003B89: s e a r c h o n l y
00003B93: t r u e
00003BBF: h t t p
00003BF3: h t t p
00003C13: c l o s e v o i c e
00003C23: l e n g t h
00003C39: i n n e r t e x t
00003C51: t a g n a m e
00003C5F: h t t p
00003C77: y i p r o
00003C8B: h i t s 2

IllusionWing

UGuard Log (Digital Fox - gankeyu@126.com)
UGuarduu.exe = 3.7.6
HC0.rlb = 2.8.9
HC2.rlb = 2.4.0
FN0.rlb = 2.3.1
扫描选项：扫描档案, 扩展, 忽略非活动, 忽略大文件, nFile, BAT模拟, 捆绑检测, 变形壳, 启发,
[扫描] [Level 2] 在 C:\Documents and Settings\Administrator\桌面\新建文件夹 (3)\web4.exe 检测到 Trojan.AutoRun.g
任务 扫描 完成。共耗费的时间：0-00-00 00:00:00:0090，共扫描的文件数量：1，共扫描到的威胁数量：1，威胁率：1

chenjiangke

是我同事用的电脑，文件生成的日期在5月份，文件目录是C:\WINDOWS\system32下，开机自动启动。红伞 卡巴 费尔 微点 nod32扫描 均无反映。我给他装的是费尔，装了KIS后提示这个程序要上网，我阻止了，结果GreenBrowser就无法上网，真是奇怪。

[ 本帖最后由 chenjiangke 于 2007-9-19 14:59 编辑 ]

风野胤

原帖由 chenjiangke 于 2007-9-19 14:47 发表
是我同事用的电脑，文件生成的日期在5月份，文件目录是C:\WINDOWS\system32下，开机自动启动。红伞 卡巴 费尔 微点 nod32扫描 均无反映。我给他装的是费尔，装了KIS后提示这个程序要上网，我阻止了，结果GreenBrowse ...

nod的高启做掉
不好意思
刚贴错日志了

ps qq能上么。。。。。。

chenjiangke

她那台机器的东西 web4什么的我都删了，现在什么都没了。

绅博周幸

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00081583.




We received the following archive files:


File ID  Filename  Size (Byte) Result
1314247  web4.rar 15.12 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
1314248  web4.exe  60 KB  MALWARE


Please find a detailed report concerning each individual sample below:

Filename Result
web4.exe  MALWARE

The file 'web4.exe' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... mp;incidentid=81583

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... QyG9BMrVk2I3WJD9Gyp


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992

lier

卡巴的招数用的到是很绝的，居然直接不允许上网了，那算是安全了。

chenjiangke

绅博周幸上报回复的真快，你的帖子好像说是恶意软件，不过之前我用360和恶意软件清理助手扫描均无反映。

[ 本帖最后由 chenjiangke 于 2007-9-19 21:07 编辑 ]