2

a369258147

费尔杀

hahacomcn

Begin scan in 'C:\Documents and Settings\haha\桌面\1.rar'
C:\Documents and Settings\haha\桌面\1.rar
  [0] Archive type: RAR
    --> 1.exe
          [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/UPACK). Please verify the origin of the file
      [NOTE]      A backup was created as '48baa5ee.qua'  ( QUARANTINE )


End of the scan: 2008年6月6日  10:49
Used time: 00:02 min

The scan has been done completely.

      0 Scanning directories
      3 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:

sbbdms

原帖由 电影结束了 于 2008-6-6 10:34 发表



入库那么快。。。
我怎么记得是一个启发。。。一个不报。。。

他应该说的是卡巴只砍掉其中一个，就是先前启发的那个
还是漏掉1个，TO KL

sbbdms

Hello,

1.exed

No malicious code was found in this file.

Please quote all when answering.

神一样的害虫

小红伞和nod都只报了一个

电影结束了

原帖由 sbbdms 于 2008-6-6 15:50 发表
Hello,

1.exed

No malicious code was found in this file.

Please quote all when answering.

你运行后。。。就知道。。。
加入了注册表。。。
映象劫持了。。。
DW日志
企图创建新的注册表键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe\
企图创建新的注册表键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe\
企图创建新的注册表键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe\
好像还自动关闭QQ 。。。
为啥。。。
卡巴说没病毒。。。

[ 本帖最后由 电影结束了 于 2008-6-6 19:38 编辑 ]

allinwonderi

MISS

allinwonderi

[Found possible security risk]         <W32/Heuristic-210!Eldorado (damaged, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\1.rar->1.exe->(UPack)

---------------------------------------------------------------------
Scan ended:        2008-6-6, 19:44:50
Duration:        0:00:04

Scan result:

Scanned files:                 6
Infected objects:         1
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------

qigang

RS20.47.42未杀！

sbbdms

原帖由 电影结束了 于 2008-6-6 19:35 发表



你运行后。。。就知道。。。
加入了注册表。。。
映象劫持了。。。
DW日志
企图创建新的注册表键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate. ...

我也觉得有点怪怪的
TO KL AGAIN