红伞一个

显示全部楼层 · 发表于 2008-1-24 12:52:40

大蜘蛛报， ESS过

显示全部楼层 · 发表于 2008-1-24 13:13:52

不是病毒

显示全部楼层 · 发表于 2008-1-24 14:43:40

哈哈，现过卡巴，在过红伞，最后FS搞定

显示全部楼层 · 发表于 2008-1-24 20:18:35

广告插件！

显示全部楼层 · 发表于 2008-1-24 20:20:05

不是病毒

显示全部楼层 · 发表于 2008-1-24 20:42:56

2008-01-24 20:41:44 应用程序保护(修改其它进程内存) 操作:阻止
进程路径:C:\Documents and Settings\xiaohf\Local Settings\Temp\Rar$EX00.203\wfpdisable.exe
目标进程:C:\WINDOWS\system32\winlogon.exe

显示全部楼层 · 发表于 2008-1-24 20:44:32

Scan name: [Custom Scan]
Path to scan: F:\|

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2008-1-24, 20:43:48
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive G:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Clean] F:\Diskeeper\IfaastMon.dat
[Clean] F:\Diskeeper\IFaastRegions.dat
[Clean] F:\RECYCLER\S-1-5-21-1606980848-1390067357-839522115-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-1606980848-1390067357-839522115-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-343818398-1123561945-1801674531-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-343818398-1123561945-1801674531-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-746137067-725345543-839522115-1003\INFO2
[Clean] F:\RECYCLER\S-1-5-21-776561741-651377827-725345543-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-776561741-651377827-725345543-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-776561741-854245398-725345543-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-776561741-854245398-725345543-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-789336058-1292428093-682003330-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-789336058-1292428093-682003330-500\INFO2
[Clean] F:\RECYCLER\S-1-5-21-790525478-1844823847-839522115-500\desktop.ini
[Clean] F:\RECYCLER\S-1-5-21-790525478-1844823847-839522115-500\INFO2
[Found application] <W32/Wfpdisable.A (exact, not disinfectable)> F:\wfpdisable.rar->wfpdisable.exe
[Contains infected objects] F:\wfpdisable.rar
[Quarantined] F:\wfpdisable.rar->wfpdisable.exe

---------------------------------------------------------------------
Scan ended: 2008-1-24, 20:43:49
Duration: 0:00:01

Scan result:

Scanned files:    23
Infected objects:    1
Disinfected objects:    0
Quarantined files:    1

显示全部楼层 · 发表于 2008-1-24 21:51:45

000054F8 004060F8    0 SeDebugPrivilege
00005528 00406128    0 -------------------------------------------------
0000555C 0040615C    0 (C) 2003 andreas@atstake.com
0000557C 0040617C    0 until next reboot
00005590 00406190    0 wfpdisable - Disables Windows File Protection
000055C0 004061C0    0 WFP disabled.
000055CE 004061CE    0 Reboot machine to re-enable it.
000055F0 004061F0    0 WaitForSingleObject failed
0000560C 0040620C    0 CreateRemoteThread failed %d
0000562C 0040622C    0 OpenProcess failed %d
00005644 00406244    0 Could not enable debug privileges
00005668 00406268    0 GetProcAddress failed
00005680 00406280    0 sfc.dll could not be loaded
000056A0 004062A0    0 sfc.dll
000056D9 004062D9    0 (8PX
000056E1 004062E1    0 700WP
000056F9 004062F9    0 ppxxxx
00005724 00406324    0 (null)
0000572C 0040632C    0 CorExitProcess
0000573C 0040633C    0 mscoree.dll
00005748 00406348    0 runtime error
0000575C 0040635C    0 TLOSS error
0000576C 0040636C    0 SING error
0000577C 0040637C    0 DOMAIN error

显示全部楼层 · 发表于 2008-1-25 10:11:36

avast passed

显示全部楼层 · 发表于 2008-1-25 13:26:48

小a P版 MISS

[病毒样本] 红伞一个

浏览过的版块