自己弹出的网址。。。

显示全部楼层 · 发表于 2008-5-8 18:48:09

本来想下小说的。。。结果点了下载之后就自己跳到这个网址了。。
http://1.jmslj.com/setup.exe

显示全部楼层 · 发表于 2008-5-8 18:50:21

Starting the file scan:

Begin scan in 'E:\AV\setup.exe'
E:\AV\setup.exe
--> Setup.exe
[DETECTION] Is the Trojan horse TR/Xorer.94208
[NOTE] The file was deleted!

显示全部楼层 · 发表于 2008-5-8 18:53:09

这也有自助餐？

显示全部楼层 · 发表于 2008-5-8 18:53:40

诺顿立刻杀掉

检测到的安全风险总数: 1
已解决的项目总数: 0
需要注意的项目总数: 1
已解决的风险:

未解决的风险:
W32.Pagipef.I!inf
病毒 ID: 17597
类型: 已压缩
风险: 高 (高隐蔽性，高清除可能，高性能，高隐私)
类别: 病毒
状态: 删除失败
-----------
1 文件
[setup.exe] 位于[e:\新建文件夹bingdu\setup.exe] - 已感染

显示全部楼层 · 发表于 2008-5-8 18:56:21

Worm.Win32.DiskGen.gfp

瑞星清除

红伞怎么删除病毒样本

诺顿怎么删除失败了

[ 本帖最后由 aaad2008 于 2008-5-8 19:05 编辑 ]

显示全部楼层 · 发表于 2008-5-8 19:22:30

信息 2008-05-08  19:22:21 您此次查毒隔离了1个文件
信息 2008-05-08  19:22:21 您此次查毒共查出1个病毒以及危险代码
信息 2008-05-08  19:22:21 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件4个
信息 2008-05-08  19:22:21 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-08  19:22:21 D:\Desktop\setup.exe\BindFile\Setup.exe Worm.VcingT.cb.93696 隔离成功

显示全部楼层 · 发表于 2008-5-8 19:39:23

McAfee Generic.dx

显示全部楼层 · 发表于 2008-5-8 19:54:21

dw的日志不是很全啊
dnsq.dll没有记录到

C:\WINDOWS\System32\Com\lsass.exe
   ?:\pagefile.pif
   ?:\AutoRun.inf
   C:\WINDOWS\System32\Com\smss.exe

C:\WINDOWS\System32\regsvr32.exe
   HKCR\IFOBJ.IfObjCtrl.1\
   HKCR\CLSID\{D9901239-34A2-448D-A000-3705544ECE9D}\
   HKCR\CLSID\{450EC9C4-0F7F-407F-B084-D1147FE9DDCC}\
   HKCR\Interface\{2D96C4BF-8DCA-4A97-A24A-896FF841AE2D}\
   HKCR\Interface\{AAC17985-187F-4457-A841-E60BAE6359C2}\
   HKCR\TypeLib\{814293BA-8708-42E9-A6B7-1BD3172B9DDF}\

C:\WINDOWS\System32\Com\smss.exe
   C:\WINDOWS\System32\Com\lsass.exe

...\local settings\temp\rarSFX1\setup.exe

Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\
Attempt to set hidden attribute for C:\WINDOWS\System32\Com\netcfg.000

..\system32\conime.exe

Attempt to detach from the thread input of the C:\WINDOWS\System32\CSRSS.EXE
Attempt to attach to the thread input of the C:\WINDOWS\System32\CSRSS.EXE

...\system32\com\lsass.exe

Attempt to set value ShowSuperHidden within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Attempt to delete key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}\
Attempt to delete key HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\
Attempt to delete key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Attempt to set value Type within the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Attempt to delete key HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\
Attempt to create service

[ 本帖最后由 tanlimo 于 2008-5-8 19:57 编辑 ]

显示全部楼层 · 发表于 2008-5-8 19:57:58

.....真方便啊

显示全部楼层 · 发表于 2008-5-8 20:09:52

老东西

[已鉴定] 自己弹出的网址。。。