关于火绒盾的安装包在火眼的分析报告

显示全部楼层 · 发表于 2012-9-18 22:23:42

本帖最后由瓶子里的狼于 2012-9-18 22:36 编辑

其中注册表和危险行为是红色的，在火眼弄的。关于火绒盾的安装程序

火绒真的是瑞星前CTO刘刚作品吗？

地址：http://fireeye.ijinshan.com/anal ... f50&type=1#full

文件名称：ff4f2d296ac138348cc55c8a2c2aef50
文件哈希：ff4f2d296ac138348cc55c8a2c2aef50
文件大小：4.38MB
创建时间：2012-09-18 13:58:27
文件类型：EXE
PEID信息：Nothing found [Overlay] *
公司描述：HeroBravo (Beijing) Technology Co., Ltd.
文件描述：Sysdiag
文件版本：v0.94.12
版权所有：HeroBravo Security Lab.
产品名称：HeroBravo System Diagnostics Suite

火眼点评
结束指定进程;inline Hook 函数入口代码;提升权限;启动指定服务;创建服务;在系统敏感位置（如开始菜单等)释放链接或快捷方式;查找文件;创建进程;创建互斥体;搜索指定窗口;添加开机自启动项;检测是否存在指定注册表键;加载驱动;隐藏指定窗口

危险行为监控
行为描述：inline Hook 函数入口代码
附加信息：进程：usysdiag.exe sensapi.dll!IsNetworkAlive 导出序号: 3 HOOK类型: InlineHook
行为描述：结束指定进程
附加信息：无
其他行为监控
行为描述：隐藏指定窗口
附加信息：Button : [sample.exe]
行为描述：加载驱动
附加信息：system32\DRIVERS\sysdiag.sys
行为描述：检测是否存在指定注册表键
附加信息：HKEY_LOCAL_MACHINE\Software\HeroBravo\Sysdiag
行为描述：添加开机自启动项
附加信息：[Sysdiag] - %ProgramFiles%\HeroBravo\Sysdiag\bin\HipsTray.exe[Sysdiag] : %ProgramFiles%\HeroBravo\Sysdiag\bin\HipsTray.exe
行为描述：搜索指定窗口
附加信息：["#32770" , ""]["#32770" , "火绒盾安装 "]["SysListView32" , ""]
行为描述：创建互斥体
附加信息："Global\HeroBravo::HipsMonServer"
行为描述：创建进程

附加信息：%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe%ProgramFiles%\HeroBravo\Sysdiag\bin\usysdiag.exe%system%\net.exe%system%\net1.exe%system%\sc.exe%temp%\nsb6.tmp\ns7.tmp%temp%\nsb6.tmp\ns8.tmp%temp%\nsb6.tmp\ns9.tmp%temp%\nsb6.tmp\nsA.tmp
行为描述：查找文件
附加信息："%ProgramFiles%\HeroBravo\Sysdiag\bin\HRShell-x64.dll""%ProgramFiles%\HeroBravo\Sysdiag\bin\HRShell.dll""%temp%\nsb6.tmp"
行为描述：在系统敏感位置（如开始菜单等)释放链接或快捷方式
附加信息：开始菜单 &gt&gt 程序\火绒安全实验室\Sysdiag\卸载.lnk &gt&gt %ProgramFiles%\HeroBravo\Sysdiag\uninst.exe开始菜单 &gt&gt 程序\火绒安全实验室\Sysdiag\火绒盾.lnk &gt&gt %ProgramFiles%\HeroBravo\Sysdiag\bin\HipsMain.exe开始菜单 &gt&gt 程序\火绒安全实验室\Sysdiag\火绒防御日志.lnk &gt&gt %ProgramFiles%\HeroBravo\Sysdiag\bin\HipsLog.exe args:log0桌面 &gt&gt 火绒盾.lnk &gt&gt %ProgramFiles%\HeroBravo\Sysdiag\bin\HipsMain.exe
行为描述：创建服务
附加信息："%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe" -sHipsDaemonsystem32\DRIVERS\hrfwdrv.syssystem32\DRIVERS\sysdiag.sys
行为描述：启动指定服务
附加信息："%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe" -sHipsDaemon
行为描述：提升权限
附加信息："SeDebugPrivilege""SeLoadDriverPrivilege"

文件操作监控
操作文件MD5 文件大小文件路径
新增 833422f3f90aa7165a523d6ad7543276 916 %AllUsersProfile%\Application Data...
新增无 14693930 %temp%\nsw5.tmp
新增 d41d8cd98f00b204e9800998ecf8427e 0 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 6c587663a647d8486e76852c4267206f 204704 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 da8051d2a12cfac252c9871e8ffd8373 495054 %temp%\nsb6.tmp\bg.bmp
新增 34db32828082a6295614f054df1b99f0 677927 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 e918b96748281e2bfa19e58c35900ee8 161696 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 dc5988753821fa6eb070492bb591ae82 5622 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 80d6e417a0c3226c08a6669de21d1ee8 241568 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 4003e34416ebd25e4c115d49dc15e1a7 1213200 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 d397f00bfcd67905c9a79d3790474888 120832 %AllUsersProfile%\Application Data...
新增 d583f38eb86d1358119f9a5d06620934 523168 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 8ced450170abf941a1de4ef9520e1c89 3756 %ProgramFiles%\HeroBravo\Sysdiag\L...
新增 1917a23ec262a7c82ba7672273baffac 593312 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 9f1a88b953fd2a2c23b09703b253186c 8704 %temp%\nsb6.tmp\AccessControl.dll
新增 5d3d247b58bd773f82f7634e79f68fe0 144572 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 2e9805279028f6ae18307d428ba4f974 870 %AllUsersProfile%\「开始」菜单\程序\火绒安全实验...
新增 da99d81a06640fa42a4a03d9a06b14d8 305568 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 c10e04dd4ad4277d5adc951bb331c777 9728 %temp%\nsb6.tmp\nsDialogs.dll
新增 59aca83a435a2d31450673a50192feab 156576 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 701b7851e9102b174f92dedcc5a9bb98 207672 %system%\drivers\sysdiag.sys
新增 cbe40fd2b1ec96daedc65da172d90022 26494 %temp%\nsb6.tmp\modern-wizard.bmp
新增 4ee74af7615b80c758d8c852645be4c2 782240 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 2b7ccf106ba34a036ccc6ac96a34df86 9 %ProgramFiles%\HeroBravo\Sysdiag\v...
新增 b4bac7ca52e20c778b74591a44a27bc2 495054 %temp%\nsb6.tmp\bg1.bmp
新增 882b2987c23c9a7538854bb8dd307ee7 6144 %AllUsersProfile%\Application Data...
新增 5b3900276f10cffb1e33c709f037a754 275 %AllUsersProfile%\Application Data...
新增 325b008aec81e5aaa57096f05d4212b5 14848 %temp%\nsb6.tmp\InstallOptions.dll
新增 24cdf396094af69166748c14715d89e2 115616 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 a1127c08f1542df013dcc46578be61aa 867 %AllUsersProfile%\「开始」菜单\程序\火绒安全实验...
新增 acc2b699edfea5bf5aae45aba3a41e96 6656 %temp%\nsb6.tmp\nsExec.dll
新增 912b858d3f673d1ebafe5e7ec8fb25d9 140704 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 a16470539f5c03b5d4e0586c74756419 801936 %ProgramFiles%\HeroBravo\Sysdiag\u...
新增 9bbe89c32c9ea4188f7a38d8aeec27c9 410016 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 3f17fbee75f9f27cda45ee833d672a8f 145312 %temp%\nsb6.tmp\installer-helper.d...
新增 6227cc530d6b02314b4410fcef0c5401 347055 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 94b694d804227897ae521e0801ef3667 19456 %AllUsersProfile%\Application Data...
新增 c17103ae9072a06da581dec998343fc1 11264 %temp%\nsb6.tmp\System.dll
新增 d964ab78874bc263781dcdd006c9e07a 144288 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 8baaec6729ff05f361619878fe8c1239 376224 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 aaf939c461a4154b4ea6ce5992bae59d 457 %temp%\nsb6.tmp\ioSpecial.ini
新增 b6d7dca3743fec70fe25908e62ac95ee 184736 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 39572ded651b59a792b3f0c82603bf9e 131856 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 13a07cb0dd84a44b69afe7cfd95ceaf6 795 %AllUsersProfile%\「开始」菜单\程序\火绒安全实验...
新增 7c46eb149ae2cfc6d026d506969f5378 131488 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 77ac2d88452d2c957d62e78643f6ca7b 363936 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 64dfbfae34a9be3c83cbf42ead56cd65 2405792 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 519d5409ccbc9776118272954e2f6461 258976 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 0279c1a5d73b699a90cd07d7ec4895b1 250784 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 2ee6a4c14b03acefa99a82f9f79f1399 29696 %AllUsersProfile%\Application Data...
新增 93cc9a3b5c7e169817ab6867c6e7d646 246688 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 49cf3085870372e474ed2bd121e0b916 30008 %system%\drivers\hrfwdrv.sys
新增 a57aa9dc8881584f4d7fcdd0bd4bec32 857 %AllUsersProfile%\桌面\火绒盾.lnk
新增 905346248cb93d7eca8058ff7a6f0d04 195488 %ProgramFiles%\HeroBravo\Sysdiag\b...
新增 75a779fba0a1852385f4a92278f7dcb2 610720 %ProgramFiles%\HeroBravo\Sysdiag\b...
进程操作监控
创建进程：无
启动参数：""%ProgramFiles%\HeroBravo\Sysdiag\bin\usysdiag.exe" 600"
创建进程：无
启动参数：""%temp%\nsb6.tmp\ns7.tmp" sc create HipsDaemon binpath= "\"%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe\" -sHipsDaemon""
创建进程：无
启动参数：""%temp%\nsb6.tmp\ns8.tmp" sc config HipsDaemon binpath= "\"%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe\" -sHipsDaemon" type= own type= interact start= auto group= Base DisplayName= "HeroBravo Hips Daemon""
创建进程：无
启动参数：""%temp%\nsb6.tmp\ns9.tmp" sc description HipsDaemon "HeroBravo Hips Daemon""
创建进程：无
启动参数：""%temp%\nsb6.tmp\nsA.tmp" net start HipsDaemon"

注册表监控新增删除修改
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag
[installPath] = [%ProgramFiles%\HeroBravo\Sysdiag]
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app
[DataPath] = [%AllUsersProfile%\Application Data\HeroBravo\Sysdiag]
[UpdateLink] = [http://www.huorong.cn/upgrade/]
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\ActionBlock
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\AdFilter
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\AntiArp
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\AppControl
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\AppNet
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\AutoStart
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\Behavior
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\IpFilter
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\UserFile
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\HeroBravo\Sysdiag\app\UserReg
[(NULL)] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[Sysdiag] = [%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsTray.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroBravoSysdiag
[UninstallString] = [%ProgramFiles%\HeroBravo\Sysdiag\uninst.exe]
[DisplayName] = [火绒安全软件]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIPSDAEMON
[NextInstance] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIPSDAEMON\0000
[ClassGUID] = [{8ECC055D-047F-11D1-A537-0000F8753ED1}]
[Class] = [LegacyDriver]
[DeviceDesc] = [HeroBravo Hips Daemon]
[Legacy] = [0x00000001]
[Service] = [HipsDaemon]
[ConfigFlags] = [0x00000000]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIPSDAEMON\0000\Control
[*NewlyCreated*] = [0x00000000]
[ActiveService] = [HipsDaemon]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HipsDaemon
[Start] = [0x00000002]
[Group] = [Base]
[ObjectName] = [LocalSystem]
[DisplayName] = [HeroBravo Hips Daemon]
[Description] = [HeroBravo Hips Daemon]
[ImagePath] = ["%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe" -sHipsDaemon]
[Type] = [0x00000110]
[ErrorControl] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HipsDaemon\Enum
[0] = [Root\LEGACY_HIPSDAEMON\0000]
[Count] = [0x00000001]
[NextInstance] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HipsDaemon\Security
[Security] = [\x01\x00\x14\x80\x90...]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hrfwdrv
[ErrorControl] = [0x00000001]
[Type] = [0x00000001]
[Description] = [HeroBravo Firewall Kernel Extension]
[ImagePath] = [system32\DRIVERS\hrfwdrv.sys]
[Tag] = [0x00000001]
[DisplayName] = [HeroBravo Firewall Kernel Extension]
[Start] = [0x00000000]
[Group] = [PlugPlay]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdiag
[Group] = [PNP_TDI]
[ErrorControl] = [0x00000001]
[Start] = [0x00000001]
[ImagePath] = [system32\DRIVERS\sysdiag.sys]
[DisplayName] = [HeroBravo Sysdiag]
[Tag] = [0x00000002]
[Description] = [HeroBravo Sysdiag Kernel Extension]
[DependOnService] = [FltMgr]
[Type] = [0x00000001]
[DebugLevel] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdiag\config
[ProtectDirs] = [\Device\HarddiskVolume1\Program Files\HeroBravo\Sysdiag:\Device\HarddiskVolume1\Program Files\HeroBravo\Sysdiag\*:\Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\HeroBravo:\Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\HeroBravo\*:\Device\HarddiskVolume1\WINDOWS\system32\Drivers\sysdiag.sys:\Device\HarddiskVolume1\WINDOWS\system32\Drivers\hrfwdrv.sys]
[ProtectKeys] = [\REGISTRY\Machine\Software\HeroBravo:\REGISTRY\Machine\Software\HeroBravo\*:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\HeroBravoSysdiag:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\HeroBravoSysdiag\*:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Sysdiag:\REGISTRY\Machine\System\ControlSet???\Services\HipsDaemon:\REGISTRY\Machine\System\ControlSet???\Services\HipsDaemon\*:\REGISTRY\Machine\System\ControlSet???\Services\SYSTEM\CurrentControlSet\services\hrfwdrv:\REGISTRY\Machine\System\ControlSet???\Services\S
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdiag\Instances
[DefaultInstance] = [sysdiag]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdiag\Instances\sysdiag
[Altitude] = [368330]
[Flags] = [0x00000000]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIPSDAEMON
[NextInstance] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIPSDAEMON\0000
[Class] = [LegacyDriver]
[DeviceDesc] = [HeroBravo Hips Daemon]
[Service] = [HipsDaemon]
[ConfigFlags] = [0x00000000]
[Legacy] = [0x00000001]
[ClassGUID] = [{8ECC055D-047F-11D1-A537-0000F8753ED1}]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIPSDAEMON\0000\Control
[*NewlyCreated*] = [0x00000000]
[ActiveService] = [HipsDaemon]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HipsDaemon
[ObjectName] = [LocalSystem]
[DisplayName] = [HeroBravo Hips Daemon]
[Description] = [HeroBravo Hips Daemon]
[ImagePath] = ["%ProgramFiles%\HeroBravo\Sysdiag\bin\HipsDaemon.exe" -sHipsDaemon]
[ErrorControl] = [0x00000001]
[Type] = [0x00000110]
[Start] = [0x00000002]
[Group] = [Base]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HipsDaemon\Enum
[NextInstance] = [0x00000001]
[0] = [Root\LEGACY_HIPSDAEMON\0000]
[Count] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HipsDaemon\Security
[Security] = [\x01\x00\x14\x80\x90...]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hrfwdrv
[Tag] = [0x00000001]
[ImagePath] = [system32\DRIVERS\hrfwdrv.sys]
[DisplayName] = [HeroBravo Firewall Kernel Extension]
[Type] = [0x00000001]
[Start] = [0x00000000]
[ErrorControl] = [0x00000001]
[Group] = [PlugPlay]
[Description] = [HeroBravo Firewall Kernel Extension]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdiag
[Description] = [HeroBravo Sysdiag Kernel Extension]
[DependOnService] = [FltMgr]
[Tag] = [0x00000002]
[DisplayName] = [HeroBravo Sysdiag]
[Type] = [0x00000001]
[DebugLevel] = [0x00000001]
[ImagePath] = [system32\DRIVERS\sysdiag.sys]
[Group] = [PNP_TDI]
[ErrorControl] = [0x00000001]
[Start] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdiag\config
[ProtectKeys] = [\REGISTRY\Machine\Software\HeroBravo:\REGISTRY\Machine\Software\HeroBravo\*:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\HeroBravoSysdiag:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\HeroBravoSysdiag\*:\REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Sysdiag:\REGISTRY\Machine\System\ControlSet???\Services\HipsDaemon:\REGISTRY\Machine\System\ControlSet???\Services\HipsDaemon\*:\REGISTRY\Machine\System\ControlSet???\Services\SYSTEM\CurrentControlSet\services\hrfwdrv:\REGISTRY\Machine\System\ControlSet???\Services\SYSTEM\CurrentControlSet\services\hrfwdrv\*]
[ProtectDirs] = [\Device\HarddiskVolume1\Program Files\HeroBravo\Sysdiag:\Device\HarddiskVolume1\Program Files\HeroBravo\Sysdiag\*:\Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\HeroBravo:\Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\HeroBravo\*:\Device\HarddiskVolume1\WINDOWS\system32\Drivers\sysdiag.sys:\Device\HarddiskVo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdiag\Instances
[DefaultInstance] = [sysdiag]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdiag\Instances\sysdiag
[Altitude] = [368330]
[Flags] = [0x00000000]

显示全部楼层 · 发表于 2012-9-18 22:25:03

为什么不把某软件放里面解剖解剖？？？？

显示全部楼层 · 发表于 2012-9-18 22:29:55

本帖最后由 ╭ァの修罗于 2012-9-18 22:38 编辑

那个只是参考，所有的安全类的程序安装时都会被火眼报危险（单单一个“添加开机自启动项”被报危险，就足够秒杀所有安软了

，更不用说火眼连“创建进程”都算是危险动作了），不信的话，你可以试试（也就是说，你要找一个安软，在安装时不创建进程，不添加自启，不搜索注册表检查是否重复安装,不加载驱动).

而且更神奇的是，火眼的分析报告里明明就2条危险项目，怎么到LZ这突然变多了呢？求解释

LZ自己发的链接里只有2条危险项目

显示全部楼层 · 发表于 2012-9-18 22:36:12

清茗微漾发表于 2012-9-18 22:25
为什么不把某软件放里面解剖解剖？？？？

什么软件？？？？

显示全部楼层 · 发表于 2012-9-18 22:39:07

瓶子里的狼发表于 2012-9-18 22:36
什么软件？？？？

火眼的分析报告里明明就2条危险项目，怎么到LZ这突然变多了呢？求解释

显示全部楼层 · 发表于 2012-9-18 22:43:21

╭ァの修罗发表于 2012-9-18 22:39
火眼的分析报告里明明就2条危险项目，怎么到LZ这突然变多了呢？求解释

颜色标记错误

显示全部楼层 · 发表于 2012-9-18 22:44:56

青春虎发表于 2012-9-18 22:43
颜色标记错误

我猜LZ就是故意的

，我想卡饭没那个人不知道安软在安装时都会有些敏感的动作吧？他还发这帖明显是。。。

显示全部楼层 · 发表于 2012-9-19 00:13:01

没什么问题啊。就是安全软件自身的行为

显示全部楼层 · 发表于 2012-9-19 00:15:20

对于似懂非懂的最无奈了

显示全部楼层 · 发表于 2012-9-19 00:47:23

瓶子里的狼发表于 2012-9-18 22:36
什么软件？？？？

看3楼的图。。
我不多说了

[讨论] 关于火绒盾的安装包在火眼的分析报告

本帖子中包含更多资源