00A999，不知道是什么东西

显示全部楼层 · 发表于 2007-10-12 10:09:31

昨天在霏凡下载了一个Nero8.0.3.0多国语言版，解压缩出来，发现安装文件夹下有这么个东西！

红伞没报，双击也没什么反映！大家看看是什么？

显示全部楼层 · 发表于 2007-10-12 10:19:04

detected: riskware not-a-virus:AdTool.Win32.MyWebSearch URL: http://bbs.kafan.cn/attachment.php?aid=138501//Toolbar.exe

显示全部楼层 · 发表于 2007-10-12 10:20:18

从VS上扫描的结果来看
估计是AD或是搜索工具条

a-squared	3.0.0.123	2007.10.11	2007-10-11	Adware.Win32.MyWebSearch	4.491
AntiVir	7.6.0.20	7.0.0.79	2007-10-11	-	1.999
Arcavir	1.0.4	200710111656	2007-10-11	Riskware.Adtool.Mywebsearch.Az	1.496
AVAST	1.0.8	000780-2	2007-10-11	-	3.068
AVG	7.5.49.442	269.14.7/1062	2007-10-10	-	1.670
BitDefender	7.60825.899652	7.15251	2007-10-12	Application.MWS	3.313
CA (VET)	8.4.0.24	31.2.5204	2007-10-12	-	1.180
ClamAV	0.91.2	4530	2007-10-12	Adware.Search-2	4.023
Comodo	2.11	2.0.0.310	2007-10-11	not-a-virus:AdTool.Win32.MyWebSearch	1.115
Dr.WEB	4.33	2007.10.11	2007-10-11	-	5.104
ewido	4.0.0.2	2007.10.11	2007-10-11	-	2.148
F-PROT	4.4.0.50	20071011	2007-10-11	W32/HackToolX.DB (exact)	1.251
F-SECURE	5.51.6100	2007.10.11.05	2007-10-11	-	0.057
IKARUS	T3.1.1.12	2007.10.11.69652	2007-10-11	-	1.429
MKS_VIR	2.01	2007.10.11	2007-10-11	-	2.385
NOD32	2.70.10	2587	2007-10-11	-	0.004
NORMAN	5.91.08	5.90	2007-10-11	W32/WebSearch.MC	3.160
nProtect	2007-10-11.01	970912	2007-10-11	-	15.120
Prevx	V2	20071012	2007-10-12	-	8.705
QuickHeal	9.00	2007.10.11	2007-10-11	AdTool.MyWebSearch (Not a Virus)	2.477
SOPHOS	2.49.1	4.21	2007-10-12	-	3.158
The Hacker	6.2.8	v00086	2007-10-11	-	0.748
VBA32	3.12.2.4	20071011.0939	2007-10-11	AdvWare.Win32.MyWebSearch.az	3.858
ViRobot	20071011	2007.10.11	2007-10-11	-	0.451
VirusBuster	4.3.19:9	9.109.2/11.0	2007-10-11	-	1.216
卡巴斯基	5.5.10	2007.10.12	2007-10-12	not-a-virus:AdTool.Win32.MyWebSearch	0.028
江民杀毒	10.00.650	2007.10.08	2007-10-08	-	1.063
熊猫卫士	9.04.03.0001	2007.10.11	2007-10-11	Application/MyWebSearch	5.496
瑞星	19.0	19.44.40.00	2007-10-11	-	2.076
赛门铁克	1.3.0.24	20071011.021	2007-10-11	-	0.745
趋势	8.500-1001	4.769.00	2007-10-10	-	0.067
迈克菲	5.2.00	5139	2007-10-11	-	1.148
金山毒霸	2007.6.20.249	2007.10.12	2007-10-12	-	0.917
飞塔	2.81-3.11	8.220	2007-10-11	W32/MyWebSearch	0.354

显示全部楼层 · 发表于 2007-10-12 10:21:37

文件 C:\Documents and Settings\Administrator.PICC-282D8B82D2\桌面\Toolbar.exe 受到 Win32/AdInstaller 应用程序的变种感染. 可以删除文件.强烈建议您在删除前备份所有重要数据.

显示全部楼层 · 发表于 2007-10-12 10:33:57

Filename	Result
Toolbar.exe	CLEAN

The file 'Toolbar.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2007-10-12 10:38:53

显示全部楼层 · 发表于 2007-10-12 11:15:03

我估计是广告软件！
双击完什么也显示，但是在我的programfiles文件夹下多出了一个文件夹，里面两个dll，而且注入了explorer，用unlocker强制删除，还搞得explorer崩溃才搞定~~~~

显示全部楼层 · 发表于 2007-10-12 11:17:28

C:\Documents and Settings\Don johnson\桌面\Toolbar.rar » RAR » Toolbar.exe - a variant of Win32/AdInstaller application

显示全部楼层 · 发表于 2007-10-12 11:45:12

Malicious program(s) is found

Malicious program(s) name:AdTool.Win32.MyWebSearch.b

program(s):
C:\PROGRAM FILES\ASKTBAR\BAR\3.BIN\ASKTBAR.DLL
Is malicious program(s)!
Successful in stopping running, Delete the file?

显示全部楼层 · 发表于 2007-10-12 12:01:36

原帖由 EQ2 于 2007-10-12 11:17 发表
C:\Documents and Settings\Don johnson\桌面\Toolbar.rar » RAR » Toolbar.exe - a variant of Win32/AdInstaller application

恩
2.7的扫描果然不如EAV
这个2.7又是扫不出来。。。。。。。。

[可疑文件] 00A999，不知道是什么东西

本帖子中包含更多资源

本帖子中包含更多资源

广告而已

本帖子中包含更多资源