lianzhong_yahoo.exelianzhong_yahoo.exe

qqq000@qq.com

lianzhong_yahoo.exe
http://bbs3.hypost.cn/read.php?tid=226115&page=e&#a

2008-02-17 13:08:44    应用程序保护(安装服务或者驱动)    操作:允许
进程路径:C:\windows\system32\services.exe ]!CN4UJ):
文件路径:\SystemRoot\System32\drivers\kardnhoi.sys

运行后生成的 3721 与Yahoo!\
反正我不这些插件的,
好好,现在机子又更卡了,  还原先..........

文件 lianzhong_yahoo.exe ,还是很多人要杀他的
http://www.virustotal.com/zh-cn/analisis/9e90b6893a8fdaaf2ff18a72bac9d2ff


文件 lianzhong_yahoo.exe 接收于 2008.01.15 10:48:34 (CET)
当前状态: 完成
结果: 11/32 (34.38%)

格式化文本
打印结果

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	-	-	-
AntiVir	-	-	TR/Drop.cns.B
Authentium	-	-	-
Avast	-	-	Win32:CnsAdd-2
AVG	-	-	-
BitDefender	-	-	Adware.CDN
CAT-QuickHeal	-	-	-
ClamAV	-	-	Adware.CNS-1
DrWeb	-	-	Adware.Yassist
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	W32/DROP.KC!tr
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	Spyware:Win32/CnsMin
NOD32v2	-	-	probably a variant of Win32/Genetik
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	3721
Sunbelt	-	-	Trojan.ZSKiller.B
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	Trojan.Drop.cns.B

附加信息

MD5: c6bbbf90c7cf47ca49e1cec13a541fa6

SHA1: d0a2c335fc6916594ee18f9ff86cbf64236c8556

SHA256: f55392bf32987fc5221bacafc46057e3b05767f948902b600c4da4bf3fa01e62

SHA512: acd961b1127c29aff166682265165a04b5447e78ebc2334fa36441ee4b6542e6 ba42f61f67a7b80093e1d9374991da86681412566b927600a578150760fef40f

  

挪威的冬天

我寒 金山一个不认

沸沸

楼上，楼主说了这只是流氓软件……

挪威的冬天

但是没提供卸载选项的话按照金山的标准应该还是会有点反应才对的。。。

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\lianzhong_yahoo.rar'
C:\Documents and Settings\Administrator\My Documents\
  lianzhong_yahoo.rar
  lianzhong_yahoo.rar:Zone.Identifier
    [0] Archive type: RAR
    --> lianzhong_yahoo.exe
        [DETECTION] Is the Trojan horse TR/Drop.cns.B
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\3721.rar'
C:\Documents and Settings\Administrator\My Documents\
  3721.rar
  3721.rar:Zone.Identifier
    [0] Archive type: RAR
    --> 3721\CnsM.dll
    --> 3721\3721\AutoLive.dll
        [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/CoolBar
        [WARNING]   Infected files in archives cannot be repaired!
    --> 3721\3721\Helper.dll
    --> 3721\3721\CnsM.dll
    --> 3721\AutoLive.dll
        [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/CoolBar
        [WARNING]   Infected files in archives cannot be repaired!
    --> 3721\Helper.dll
    --> 3721\cns01.dat
    --> 3721\autolive.ini
    --> 3721\cns03.dat
    --> 3721\notifier.dll
    --> 3721\alrex.dll
    --> 3721\winhex.dat
    --> 3721\windex.dat
    --> 3721\autolvsw.ini
    --> 3721\alliveex.dll
        [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/CnsMin.B.2
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\Yahoo!.rar'
C:\Documents and Settings\Administrator\My Documents\
  Yahoo!.rar
  Yahoo!.rar:Zone.Identifier
    [0] Archive type: RAR
    --> Yahoo!\Assistant\Assist\yasbar.dll
    --> Yahoo!\Assistant\Assist\profile\profile.xml
    --> Yahoo!\Assistant\Assist\profile\1.gif
    --> Yahoo!\Assistant\Assist\profile\3.gif
    --> Yahoo!\Assistant\Assist\profile\4.gif
    --> Yahoo!\Assistant\Assist\profile\6.gif
    --> Yahoo!\Assistant\Assist\profile\7.gif
    --> Yahoo!\Assistant\Assist\profile\8.gif
    --> Yahoo!\Assistant\Assist\profile\9.gif
    --> Yahoo!\Assistant\Assist\profile\10.gif
    --> Yahoo!\Assistant\Assist\profile\11.gif
    --> Yahoo!\Assistant\Assist\profile\13.gif
    --> Yahoo!\Assistant\Assist\profile\14.gif
    --> Yahoo!\Assistant\Assist\profile\15.gif
    --> Yahoo!\Assistant\Assist\profile\16.gif
    --> Yahoo!\Assistant\Assist\profile\17.gif
    --> Yahoo!\Assistant\Assist\profile\18.gif
    --> Yahoo!\Assistant\Assist\profile\19.gif
    --> Yahoo!\Assistant\Assist\profile\20.gif
    --> Yahoo!\Assistant\Assist\profile\22.gif
    --> Yahoo!\Assistant\Assist\ypatch.dll
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> Yahoo!\Assistant\yalive.dll
        [DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/CnsMin.D.1
        [WARNING]   Infected files in archives cannot be repaired!
    --> Yahoo!\Assistant\ylive.exe
    --> Yahoo!\Assistant\yhelper.dll
    --> Yahoo!\Assistant\yal01.dat
        [WARNING]   The file was ignored!


End of the scan: 2008年2月16日  22:06
Used time: 00:04 min

The scan has been done completely.

      0 Scanning directories
     47 Files were scanned
      5 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     42 Files not concerned
      3 Archives were scanned
      9 Warnings
      0 Notes

sam.to

上报到卡巴

wangjay1980

原帖由 kato9096 于 2008-2-17 14:08 发表
上报到卡巴

CNNIC 3721 雅虎助手 百度搜霸这些都不用上报卡巴，卡巴不会入库的。

qigang

嘿嘿，国内的也不会报的。