麻烦各位看一下

显示全部楼层 · 发表于 2008-6-5 17:07:15

完全搞不懂是不是病毒，检测下来有一半检测到，一半没检测到。很郁闷啊~~~

[localimg=441,481]1[/localimg]

[ 本帖最后由 zhongpenggg 于 2008-6-5 17:09 编辑 ]

显示全部楼层 · 发表于 2008-6-5 17:08:56

毒霸0

显示全部楼层 · 发表于 2008-6-5 17:09:26

0002B1FC 0042BDFC    0 IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
0004DF10 0044EB10    0 System\CurrentControlSet\Control\Keyboard Layouts\%.8x
0005CB04 0045D704    0 http://www.ekgame.cn/eservice/config.access
0005CB48 0045D748    0 SYSTEM
0005CB68 0045D768    0 TITLE
0005CB94 0045D794    0 HOMEPAGE
0005CBA8 0045D7A8    0 \Software\Microsoft\Internet Explorer\Main
0005CBDC 0045D7DC    0 Start Page
0005CBF8 0045D7F8    0 http://www.ekgame.cn/dservice/install.php?title=
0005CD08 0045D908    0 http://
0005CE00 0045DA00    0 http://
0005D550 0045E150    0 HEAD /
0005D560 0045E160    0 HTTP/1.1
0005D580 0045E180    0 Pragma: no-cache
0005D59C 0045E19C    0 Cache-Control: no-cache
0005D5BC 0045E1BC    0 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)

沙盘运行无结果

出来了

haha

http://www.threatexpert.com/report.aspx?md5=5ffc290ea444d2f4b04a0e92ad5d87e4

[ 本帖最后由 dbpe 于 2008-6-5 17:36 编辑 ]

显示全部楼层 · 发表于 2008-6-5 17:10:04

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://bbs.kafan.cn/attachment.p ... ec&t=1212656978
Information: Is the Trojan horse TR/StartPage.bbm

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.13.0, AVE 8.1.0.51, VDF 7.0.4.146

显示全部楼层 · 发表于 2008-6-5 17:12:35

DETECTION] Is the Trojan horse TR/StartPage.bbm

显示全部楼层 · 发表于 2008-6-5 17:14:13

kv

Backdoor/agent.arnc

显示全部楼层 · 发表于 2008-6-5 17:18:56

Begin scan in 'C:\Documents and Settings\haha\桌面\igfxbers.rar'
C:\Documents and Settings\haha\桌面\igfxbers.rar
  [0] Archive type: RAR
  --> igfxbers.exe
   [DETECTION] Is the Trojan horse TR/StartPage.bbm
   [NOTE]    A backup was created as '48adafa1.qua'  ( QUARANTINE )

显示全部楼层 · 发表于 2008-6-5 17:24:04

显示全部楼层 · 发表于 2008-6-5 21:30:07

McAfee MISS

显示全部楼层 · 发表于 2008-6-5 21:32:25

扫描所选择的目录和文件...
对象: igfxbers.exe
在压缩档案里: D:\igfxbers.rar
Status: 已发现病毒
病毒: Backdoor.Generic.48820 (BD 引擎)

[病毒样本] 麻烦各位看一下

本帖子中包含更多资源

本帖子中包含更多资源