windows 8.1 Services.exe

烟花雨

版主手下留情 因为这里人要多一些

请问这个是病毒吗......eset老是想清除这个
日志:

1. 
   
2. 5/20/2014 Tue 8:16:57 AM        Startup scanner        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application                       
   
3. 5/20/2014 Tue 8:16:52 AM        Startup scanner        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application                pc\microsoft       
   
4. 5/20/2014 Tue 8:09:39 AM        Real-time file system protection        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application                pc\microsoft        Event occurred during an attempt to run the file by the application: C:\Windows\explorer.exe.
   
5. 5/19/2014 Mon 8:05:31 AM        Real-time file system protection        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application        cleaned by deleting - quarantined        pc\microsoft        Event occurred during an attempt to run the file by the application: C:\Windows\explorer.exe.
   
6. 5/17/2014 Sat 6:10:21 PM        Real-time file system protection        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application        cleaned by deleting - quarantined        pc\microsoft        Event occurred during an attempt to run the file by the application: C:\Windows\explorer.exe.
   
7. 5/16/2014 Fri 5:19:11 PM        Startup scanner        file        C:\Program Files\Windows NT\Services.exe        a variant of Win32/FlyStudio.Packed.AE potentially unwanted application        cleaned by deleting - quarantined               

复制代码

文件信息:

1. ---------------------------
   
2. Checksum information
   
3. ---------------------------
   
4. Name: Services.exe
   
5. Size: 1401018 bytes (1 MB)
   
6. 
   
7. CRC32: FC7BAB1E
   
8. 
   
9. CRC64: AFD8774B94009481
   
10. 
    
11. SHA256: 2FB0470B22DA2532B51CDFB12F3868F93B0F78EDEF2F574C664A6A65BF801CB3
    
12. 
    
13. SHA1: 3C217236AB79D373D614366397E7469D24A25AA9
    
14. 
    
15. ---------------------------
    
16. OK   
    
17. ---------------------------
    

复制代码

文件路径:"C:\Program Files\Windows NT\Services.exe"

文件样本:



eset提示把这个文件提交到eset安全中心分析

云服务器:


系统 :windows 8.1 update 1 32bit 英文版
eset smart security 7.0 英文版

Hertz

EIS9杀……

烟花雨

Hertz 发表于 2014-5-23 08:57
EIS9杀……

这个是什么病毒

Hertz

Gen:Trojan.Heur.vz3@rDDrFbiby (B)
http://v.virscan.org/Gen:Trojan.Heur.vz3@rDDrFbiby.html
看名字是启发杀的，不清楚是啥类型

FUCKCAT

service出现在NT下，必定是病毒了，Win32/FlyStudio is not a virus but a Trojan. A Trojan doesn’t replicate itself, but they spread themselves only when the circumstances are beneficial. Trojans are also called backdoors, which means the information stolen from a computer system is sent back to the intruder. Generally, Trojans are executable files which when executed opens a port on the infected computer system, collects the information and sends it back to the intruder.看来你是被后门、被投广告、被窃取信息了。恭喜你，中了。

日渐颓废的我们

明显是病毒……

烟花雨

FUCKCAT 发表于 2014-5-23 09:17
service出现在NT下，必定是病毒了，Win32/FlyStudio is not a virus but a Trojan. A Trojan doesn’t repl ...

天杀的symantec 居然没有查出来

FUCKCAT

烟花雨 发表于 2014-5-23 09:24
天杀的symantec 居然没有查出来

你看看防火墙里面有没有程序联网记录。

烟花雨

日渐颓废的我们 发表于 2014-5-23 09:22
明显是病毒……

难怪我觉得IE莫名其妙的自动打开 搜索关键字
并且修改IE主页 不过修改没有成功 因为我在组策略和注册表里面锁定了主页

烟花雨

FUCKCAT 发表于 2014-5-23 09:26
你看看防火墙里面有没有程序联网记录。

开机以后 它以system.exe的名字加载到进程里面(使用管理员账户) 然后IE自动打开搜索关键字(随机搜索)
刚刚我结束了它的进程 所以现在在firewall里面看不到它的联网记录