Win32:Banload-KV [Trj]

显示全部楼层 · 发表于 2007-9-21 22:59:54

avast!

显示全部楼层 · 发表于 2007-9-21 23:02:30

Scan performed at: 2007-9-21 23:02:14
Scanning Log
NOD32 version 2543 (20070921) NT
Command line: C:\Documents and Settings\Don johnson\桌面\remotesetup.rar
Operating memory - is OK

Date: 21.9.2007 Time: 23:02:18
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\Don johnson\桌面\remotesetup.rar
C:\Documents and Settings\Don johnson\桌面\remotesetup.rar ?RAR ?remotesetup.exe - a variant of Win32/Adware.DM application
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 23:02:18 Total scanning time: 0 sec (00:00:00)

显示全部楼层 · 发表于 2007-9-21 23:10:44

detected: adware not-a-virus:AdWare.Win32.Dudu.e URL: http://bbs.kafan.cn/attachment.php?aid=130509//remotesetup.exe

显示全部楼层 · 发表于 2007-9-21 23:13:44

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\remotesetup.rar'
C:\Documents and Settings\Administrator\My Documents\
  remotesetup.rar
[0] Archive type: RAR
--> remotesetup.exe
      [DETECTION] Contains detection pattern of the dropper DR/Agent.XZ
      [WARNING] Infected files in archives cannot be repaired!
      [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-9-22 10:58:31

F:\remotesetup.rar:<RAR>\remotesetup.exe : infected AdWare.Win32.Dudu.e

显示全部楼层 · 发表于 2007-9-22 11:30:37

不是病毒

显示全部楼层 · 发表于 2007-9-22 11:33:34

dudu加速器?

显示全部楼层 · 发表于 2007-9-22 13:20:13

报的没错，是个可恶的ADWARE，dudu下面默认绑定桌面传媒（多数无法卸载）。就是个DM直投的东西。不定期的根据用户访问网页的URL和里面的关键字，弹出相应的广告。费用便宜量又足。当时钱象没少靠这个赚钱。

显示全部楼层 · 发表于 2007-9-22 13:21:44

还写不跟踪用户用户信息？瞎扯淡！

显示全部楼层 · 发表于 2007-9-24 17:30:43

avast误报的很多

[病毒样本] Win32:Banload-KV [Trj]

本帖子中包含更多资源

本帖子中包含更多资源

回复 6楼 Nblock 的帖子