pskin32.dll小红伞报毒，大家帮看下是误报吗？

jqcat

pskin32.dll在system32目录下，小红伞查杀后还会自动生成。补充个细节：安全模式下删除此文件后，用EQsecure阻止它生成，结果在用ctrl+c复制文件时被EQsecure拦截到explorer.exe要新建此文件。且删除此文件后在使用中未发现什么异常。
virustotal在线扫描结果如下：
文件 pskin32.dll 接收于 2007.12.28 04:09:36 (CET)
当前状态: 完成
结果: 4/32 (12.50%)
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 - - -
AntiVir - - TR/Delphi.Downloader.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Delphi.Downloader.Gen

[ 本帖最后由 jqcat 于 2008-2-2 16:03 编辑 ]

mofunzone

如果还会自动生成，我个人估计8成不是
总之，上报了

mofunzone

建议扫sreng log发到求助区
这个只是生成物，主程序可能antivir没有杀出来

clovedsm

Submission Summary:
Submission details:
Submission received: 2 February 2008, 13:50:00
Processing time: 3 min 32 sec
Submitted sample:
File MD5: 0x4CF998C404842748225606261693CE11
Filesize: 49,698 bytes


Technical Details:


File System Modifications

The following files were created in the system:
# Filename(s) File Size File MD5
1 %Temp%\pskin32.dll  112,640 bytes 0x10205F77DE54FAD6A2277012A5EC4492
2 [file and pathname of the sample #1]  49,698 bytes 0x4CF998C404842748225606261693CE11


Note:
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

jqcat

谢谢大家啊，这两天休息了，是单位的电脑里的等，上班再上传sreng的报告。
clovedsm的帖子是什么意思，没看明白啊？好像就是说上报，没说结果啊

[ 本帖最后由 jqcat 于 2008-2-2 15:54 编辑 ]

jqcat

今天上班，上传SRENG的扫描报告