DR.WEB报毒C:\WINDOWS\system32\msyutbh.dll

显示全部楼层 · 发表于 2006-11-29 07:14:53

DR.WEB报毒C:\WINDOWS\system32\msyutbh.dll
应该是误报吧
请各位大侠多多指教

显示全部楼层 · 发表于 2006-11-29 07:22:01

google不到的进程，8成是病毒。。
看dr.web报的是probably infected 还是infected，如果是probably还有可能，直接infected就不可能了。。

显示全部楼层 · 发表于 2006-11-29 08:24:29

dr.web报的是probably STPAGE.Trojan

[ 本帖最后由 pietrojiang 于 2006-11-29 08:27 编辑 ]

显示全部楼层 · 发表于 2006-11-29 13:51:40

就因为这个进程google不到，我认为是病毒的可能性很高，你可以把你这个dll发到www.virustotal.com做一下扫描，看如果只有dw一个报那就是误报了

显示全部楼层 · 发表于 2006-11-29 19:55:10

扫描结果

AntiVir	7.2.0.46	11.29.2006	HEUR/Crypted
Authentium	4.93.8	11.29.2006	Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
Avast	4.7.892.0	11.28.2006	Win32:Delf-BOM
AVG	386	11.28.2006 [td]no virus found
BitDefender	7.2	11.29.2006 [td]no virus found
CAT-QuickHeal	8.00	11.28.2006 [td]no virus found
ClamAV	devel-20060426	11.29.2006 [td]no virus found
DrWeb	4.33	11.29.2006	STPAGE.Trojan
eSafe	7.0.14.0	11.28.2006 [td]no virus found
eTrust-InoculateIT	23.73.71	11.29.2006 [td]no virus found
eTrust-Vet	30.3.3221	11.29.2006 [td]no virus found
Ewido	4.0	11.29.2006 [td]no virus found
Fortinet	2.82.0.0	11.29.2006 [td]no virus found
F-Prot	3.16f	11.28.2006	Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
F-Prot4	4.2.1.29	11.28.2006	W32/Threat-SysVenFak-based!Maximus
Ikarus	0.2.65.0	11.29.2006 [td]no virus found
Kaspersky	4.0.2.24	11.29.2006 [td]no virus found
McAfee	4906	11.28.2006 [td]no virus found
Microsoft	1.1804	11.28.2006 [td]no virus found
NOD32v2	1888	11.28.2006 [td]no virus found
Norman	5.80.02	11.29.2006 [td]no virus found
Panda	9.0.0.4	11.28.2006	Suspicious file
Prevx1	V2	11.29.2006 [td]no virus found
Sophos	4.11.0	11.16.2006 [td]no virus found
TheHacker	6.0.3.126	11.29.2006 [td]no virus found
UNA	1.83	11.28.2006 [td]no virus found
VBA32	3.11.1	11.28.2006 [td]no virus found
VirusBuster	4.3.15:9	11.28.2006 [td]no virus found

[ 本帖最后由 pietrojiang 于 2006-11-29 20:07 编辑 ]

显示全部楼层 · 发表于 2006-11-30 11:02:15

这个dll八成有问题了看来，几个启发好的都报了，上报dw吧，我有80%可以肯定这个是病毒。。

显示全部楼层 · 发表于 2006-12-1 02:27:10

已经上报
谢谢你的建议

显示全部楼层 · 发表于 2006-12-1 03:05:16

上报给dr.web后的回复,看不懂

Dear pietrojiang@XXXXXXX
This message has been automatically generated in response to
the creation of your request regarding:
"New suspicious file submitted",
a summary of which appears below.

There is no need to reply to this message right now.
Your request has been assigned an ID of [drweb.com #214017].

Please include the string:

[drweb.com #214017].

in the subject line of all future correspondence about this issue.
To do so, you may reply to this message.

Thank you for the cooperation

-------------------Request-----------------------------------------------
Hello,

User sent us a suspicious file.
User ip: 83.103.90.59
User agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727)
User comment:
User language: en
User email: pietrojiang@msn.com
Original file name: C:\WINDOWS\system32\msyutbh.dll
File size: 547840
MD5: 5d22fbdc546cb642998c90ee747cd65c

--
WBR, send-suspic-file.pl

-------------------------------------------------------------------------

--
Yours sincerely,
Virus Monitoring Service Doctor Web Ltd.

| |

显示全部楼层 · 发表于 2006-12-1 07:14:39

你这个只是一个自动回复而已，应该还会有一个回复的，是说你这个文件是不是病毒之类的。。

显示全部楼层 · 发表于 2006-12-1 21:23:51

今天再发到www.virustotal.com做了一下扫描,DrWeb不报毒了,可我的电脑里的DrWeb还是报毒Adware.Faex 郁闷