问题文件

显示全部楼层 · 发表于 2008-4-11 18:02:58

刚从游戏抓下来的, 请各位看看

显示全部楼层 · 发表于 2008-4-11 18:04:38

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\___案.rar'
E:\新建文件夹 (2)\___案.rar
  [0] Archive type: RAR
  --> ???®×\raddrv.dll
   [DETECTION] Contains detection pattern of the SPR/RemoteAdmin.D program
  --> ???®×\r_server.exe
   [DETECTION] Contains detection pattern of the SPR/RemoteAdmin.R program
   [WARNING] The file was ignored!

The file 'admdll.dll' has been determined to be 'MALWARE'.
Our analysts discovered that the file is a Security Privacy Risk (SPR). In particular it means that it is a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy. Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 Exia 于 2008-4-11 18:07 编辑 ]

显示全部楼层 · 发表于 2008-4-11 18:06:11

C:\Documents and Settings\Administrator\桌面\___案.rar>>问题档案\admdll.dll Radmin.dll 黑客工具还未处理
C:\Documents and Settings\Administrator\桌面\___案.rar>>问题档案\raddrv.dll Radmin.VideoHook 远程控制还未处理
C:\Documents and Settings\Administrator\桌面\___案.rar>>问题档案\r_server.exe RAdmin.21.gu 远程控制还未处理

显示全部楼层 · 发表于 2008-4-11 18:34:21

微点不认识，貌似也没干了什么.........

显示全部楼层 · 发表于 2008-4-11 18:55:15

[Found application] <W32/RemoteAdmin.C (exact, not disinfectable)> C:\test\___案.rar->????\admdll.dll
[Found application] <W32/RemoteAdmin.B (exact, not disinfectable)> C:\test\___案.rar->????\raddrv.dll
[Found application] <W32/RemoteAdmin.A (exact, not disinfectable)> C:\test\___案.rar->????\r_server.exe

显示全部楼层 · 发表于 2008-4-11 18:58:28

我的又没报。。。不现实啊。。。

显示全部楼层 · 发表于 2008-4-11 18:59:18

To AB

显示全部楼层 · 发表于 2008-4-11 19:09:57

NIS2007
未解决的风险:
Remacc.Radmin
病毒 ID: 4294906186
类型: 已压缩
风险: 低 (低隐蔽性，低清除，低性能，低隐私)
类别: 远程访问
状态: 未尝试
-----------
1 个文件
[r_server.exe] 位于[e:\___案.rar] - 已感染

显示全部楼层 · 发表于 2008-4-11 19:19:36

现在的病毒真是厉害

显示全部楼层 · 发表于 2008-4-11 19:45:16

rising20.39.42未杀！

[病毒样本] 问题文件

本帖子中包含更多资源

远程管理，灰色软件

回复 5楼 aerbeisi 的帖子

4/0