只有3个冷门杀软报的一个文件

lomo

刚才安装COMODO V3防火墙过程中进行了全盘扫描，结果发现两个威胁。第一个是注册机。第二个很可疑，竟然在WINDOWS目录下！可是之前用过卡巴KAV7、小红伞P、Dr.Web CureIT v4.44、Spyware Doctor等多种安软，均未发现这一文件。


上传到virscan进行了扫描，结果只有3个杀软有报，都是冷门杀软。

请教各位这个文件是否可以删除？该不会是系统文件吧？


扫描报告：
VirSCAN.org Scanned Report :
Scanned time   : 2008/03/01 23:24:32 (CST)
Scanner results: 8%的杀软(3/36)报告发现病毒
File Name      : _MSRSTRT.EXE
File Size      : 2560 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : 815372073da85b2098a37ded84083c8a
SHA1           : 0a70574450bee11c9c09f25f082e0253aa32ceaa
Online report  : http://virscan.org/report/815372073da85b2098a37ded84083c8a.html
Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result

安博士V3       2008.03.01.00   2008.03.01        2008-03-01  2.25   Win-AppCare/Reboot.2560
Prevx          V2              20080301          2008-03-01  5.91   TROJAN.DOWNLOADER.GEN
QuickHeal      9.00            2008.03.01        2008-03-01  2.64   Tool.Win32.Reboot (Not a Virus)

ALEXBLAIR

一来就杀进程,不是个好东西

lomo

还有这个注册机在virscan上扫描的结果：
VirSCAN.org Scanned Report :
Scanned time   : 2008/03/01 23:33:14 (CST)
Scanner results: 8%的杀软(3/36)报告发现病毒
File Name      : KeyGen.exe
File Size      : 142336 byte
File Type      : MS-DOS executable (EXE), OS/2 or MS Windows
MD5            : a1f9c0628e9c505e7fe3e03d51db7677
SHA1           : 1262ee490d1811d75ba03b3cfbd9caa870bf6d05
Online report  : http://virscan.org/report/71a8c767a9b7b107cdc36f4638986bc5.html
Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
IKARUS         T3.1.01.20      2008.02.26.70368  2008-02-26  8.16   Trojan-Spy.Win32.Banker.JU
Prevx          V2              20080301          2008-03-01  10.03  TROJAN.DOWNLOADER.GEN
SOPHOS         2.70.1          4.26              2008-02-26  12.51  Mal/Behav-053

stonejr

Win-AppCare/Reboot.2560    Tool.Win32.Reboot (Not a Virus)
这不是很明白吗?

IllusionWing

Risk.AutoReboot.鉴定完毕

wangjay1980

哈，都写着呢

lomo

原帖由 wangjay1980 于 2008-3-1 23:49 发表
哈，都写着呢

能否说的明白点
我的技术还不到家

hshhua01

File ID  Filename  Size (Byte) Result
598596  _MSRSTRT.EXE  2.5 KB  KNOWN CLEAN
3724557  KeyGen.exe  139 KB  DAMAGED FILE (UNKNOWN)

lomo

貌似没有问题？不过还是删掉了~

Suspicious Files and Miscellaneous Uploads

Thank you for your submission. Below you can see the current status of the uploaded files.
--------------------------------------------------------------------------------
We received the following archive files:
File ID  Filename  Size (Byte) Result
3781460  _MSRSTRT.rar 698 Byte OK
A listing of files contained inside archives alongside their results can be found below:
File ID  Filename  Size (Byte) Result
598596  _MSRSTRT.EXE  2.5 KB  KNOWN CLEAN
Please find a detailed report concerning each individual sample below:
Filename Result
_MSRSTRT.EXE  KNOWN CLEAN
The file '_MSRSTRT.EXE' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Audiocatalyst 2.1'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.
--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

[ 本帖最后由 lomo 于 2008-3-2 00:05 编辑 ]

傻猪猪米走鸡

有些杀软觉得这个报是正常的