【误报？】QQ空间相册查看器.exe

显示全部楼层 · 发表于 2008-6-28 19:54:06

红伞报了，丢多引擎里一查报的还不少

文件 QQ_____________________.exe 接收于 2008.06.28 13:48:48 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.6.27.1	2008.06.27	-
AntiVir	7.8.0.59	2008.06.27	TR/Drop.VB.anl
Authentium	5.1.0.4	2008.06.27	-
Avast	4.8.1195.0	2008.06.27	-
AVG	7.5.0.516	2008.06.28	Dropper.Generic.XTC
BitDefender	7.2	2008.06.28	-
CAT-QuickHeal	9.50	2008.06.28	TrojanDropper.VB.anl
ClamAV	0.93.1	2008.06.28	Trojan.Dropper-4953
DrWeb	4.44.0.09170	2008.06.28	-
eSafe	7.0.17.0	2008.06.26	-
eTrust-Vet	31.6.5911	2008.06.27	-
Ewido	4.0	2008.06.27	Dropper.Agent.xk
F-Prot	4.4.4.56	2008.06.27	-
F-Secure	7.60.13501.0	2008.06.26	Trojan-Dropper.Win32.VB.anl
Fortinet	3.14.0.0	2008.06.28	-
GData	2.0.7306.1023	2008.06.28	-
Ikarus	T3.1.1.26.0	2008.06.28	Trojan-Dropper.Win32.VB.anl
Kaspersky	7.0.0.125	2008.06.28	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.28	-
NOD32v2	3224	2008.06.27	-
Norman	5.80.02	2008.06.27	-
Panda	9.0.0.4	2008.06.28	Adware/AccesMembre
Prevx1	V2	2008.06.28	-
Rising	20.50.52.00	2008.06.28	-
Sophos	4.30.0	2008.06.28	Mal/Generic-A
Sunbelt	3.0.1176.1	2008.06.26	Trojan-Dropper.Win32.VB.anl
Symantec	10	2008.06.28	Trojan Horse
TheHacker	6.2.96.362	2008.06.27	-
TrendMicro	8.700.0.1004	2008.06.27	-
VBA32	3.12.6.8	2008.06.28	Trojan-Dropper.Win32.VB.anl
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.28	Trojan.Drop.VB.anl

附加信息
File size: 229376 bytes
MD5...: 659b73e4b976cfa9152ad620d3be118a
SHA1..: 700c42e2728a538eaf8da57c6e2afd45b12e72a4
SHA256: b264903776e0e8d1278c4a25a0cb47d2306ac940ef4202e2dcfabe962ff1ebd4
SHA512:aa1ffb670093b0e4bb358ccd5f0743f02524e43975f161d99a905525c0e7d5c7<br>a161535203ae9f6bcbda804cfa28f2f84a2190597ef5aecf8310d42986aff5a0
PEiD..: -
PEInfo:PE Structure information<br><br>( base data)<br>entrypointaddress.: 0x4020cc<br>timedatestamp.....:0x472eeb31 (Mon Nov 05 10:06:41 2007)<br>machinetype.......:0x14c (I386)<br><br>( 3 sections )<br>name viraddvirsiz rawdsiz ntrpy md5<br>.text 0x1000 0x34cb4 0x35000 5.923345b6b3286b404469d848c987641dce<br>.data 0x36000 0x1fc8 0x10000.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0x38000 0x8200x1000 2.41 6722014cd80cb699b779667b4a24d798<br><br>( 1imports ) <br>> MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt,__vbaStrI2, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove,__vbaVarVargNofree, __vbaFreeVar, __vbaLateIdCall, __vbaGosubReturn, -,__vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd,_adj_fdiv_m64, __vbaRaiseEvent, __vbaFreeObjList, _adj_fprem1,__vbaRecAnsiToUni, __vbaI2Abs, __vbaCopyBytes, __vbaResume,__vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError,__vbaHresultCheckObj, -, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct,__vbaLateMemSt, __vbaForEachCollObj, __vbaVarForInit, __vbaExitProc, -,__vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref,_adj_fdivr_m16i, -, __vbaBoolVar, -, __vbaStrTextCmp, __vbaFpR8,__vbaVargVar, _CIsin, -, -, __vbaErase, __vbaNextEachCollObj,__vbaVarZero, -, __vbaChkstk, __vbaGosubFree, __vbaCyVar,EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -,__vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, __vbaObjVar,DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaCastObjVar,_adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim,__vbaR8Cy, __vbaRecUniToAnsi, EVENT_SINK_Release, -, __vbaUI1I2,_CIsqrt, __vbaObjIs, EVENT_SINK_QueryInterface, __vbaExceptHandler, -,__vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFailedFriend,__vbaGosub, -, -, -, __vbaFPException, __vbaInStrVar, -, __vbaUbound,__vbaStrVarVal, __vbaVarCat, __vbaCheckType, __vbaI2Var, -, -, -,_CIlog, __vbaErrorOverflow, __vbaR8Str, __vbaInStr, __vbaNew2,__vbaVarLateMemCallLdRf, __vbaCyMulI2, _adj_fdiv_m32i, _adj_fdivr_m32i,__vbaStrCopy, __vbaI4Str, -, __vbaFreeStrList, _adj_fdivr_m32,__vbaPowerR8, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaVarSetVar,__vbaI4Var, -, __vbaAryLock, __vbaVarAdd, __vbaLateMemCall,__vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaFpI4,__vbaVarLateMemCallLd, __vbaLateMemCallLd, __vbaVarSetObjAddref,_CIatan, __vbaStrMove, __vbaCastObj, -, _allmul, __vbaLateIdSt,__vbaFpCSngR4, _CItan, __vbaAryUnlock, __vbaFPInt, __vbaVarForNext,_CIexp, __vbaFreeObj, __vbaFreeStr, -<br><br>( 0 exports )<br>

反病毒引擎版本最后更新扫描结果AhnLab-V3 2008.6.27.1 2008.06.27 -AntiVir 7.8.0.59 2008.06.27 TR/Drop.VB.anlAuthentium 5.1.0.4 2008.06.27 -Avast 4.8.1195.0 2008.06.27 -AVG 7.5.0.516 2008.06.28 Dropper.Generic.XTCBitDefender 7.2 2008.06.28 -CAT-QuickHeal 9.50 2008.06.28 TrojanDropper.VB.anlClamAV 0.93.1 2008.06.28 Trojan.Dropper-4953DrWeb 4.44.0.09170 2008.06.28 -eSafe 7.0.17.0 2008.06.26 -eTrust-Vet 31.6.5911 2008.06.27 -Ewido 4.0 2008.06.27 Dropper.Agent.xkF-Prot 4.4.4.56 2008.06.27 -F-Secure 7.60.13501.0 2008.06.26 Trojan-Dropper.Win32.VB.anlFortinet 3.14.0.0 2008.06.28 -GData 2.0.7306.1023 2008.06.28 -Ikarus T3.1.1.26.0 2008.06.28 Trojan-Dropper.Win32.VB.anlKaspersky 7.0.0.125 2008.06.28 -McAfee 5327 2008.06.27 -Microsoft 1.3704 2008.06.28 -NOD32v2 3224 2008.06.27 -Norman 5.80.02 2008.06.27 -Panda 9.0.0.4 2008.06.28 Adware/AccesMembrePrevx1 V2 2008.06.28 -Rising 20.50.52.00 2008.06.28 -Sophos 4.30.0 2008.06.28 Mal/Generic-ASunbelt 3.0.1176.1 2008.06.26 Trojan-Dropper.Win32.VB.anlSymantec 10 2008.06.28 Trojan HorseTheHacker 6.2.96.362 2008.06.27 -TrendMicro 8.700.0.1004 2008.06.27 -VBA32 3.12.6.8 2008.06.28 Trojan-Dropper.Win32.VB.anlVirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.28 Trojan.Drop.VB.anl附加信息File size: 229376 bytesMD5...: 659b73e4b976cfa9152ad620d3be118aSHA1..: 700c42e2728a538eaf8da57c6e2afd45b12e72a4SHA256: b264903776e0e8d1278c4a25a0cb47d2306ac940ef4202e2dcfabe962ff1ebd4SHA512: aa1ffb670093b0e4bb358ccd5f0743f02524e43975f161d99a905525c0e7d5c7 a161535203ae9f6bcbda804cfa28f2f84a2190597ef5aecf8310d42986aff5a0PEiD..: -PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4020cc timedatestamp.....: 0x472eeb31 (Mon Nov 05 10:06:41 2007) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x34cb4 0x35000 5.92 3345b6b3286b404469d848c987641dce .data 0x36000 0x1fc8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x38000 0x820 0x1000 2.41 6722014cd80cb699b779667b4a24d798 ( 1 imports ) > MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaLateIdCall, __vbaGosubReturn, -, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaRaiseEvent, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaI2Abs, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, -, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, __vbaForEachCollObj, __vbaVarForInit, __vbaExitProc, -, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, -, __vbaStrTextCmp, __vbaFpR8, __vbaVargVar, _CIsin, -, -, __vbaErase, __vbaNextEachCollObj, __vbaVarZero, -, __vbaChkstk, __vbaGosubFree, __vbaCyVar, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, __vbaObjVar, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaCastObjVar, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim, __vbaR8Cy, __vbaRecUniToAnsi, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, __vbaObjIs, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFailedFriend, __vbaGosub, -, -, -, __vbaFPException, __vbaInStrVar, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaCheckType, __vbaI2Var, -, -, -, _CIlog, __vbaErrorOverflow, __vbaR8Str, __vbaInStr, __vbaNew2, __vbaVarLateMemCallLdRf, __vbaCyMulI2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, -, __vbaFreeStrList, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, -, __vbaAryLock, __vbaVarAdd, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaFpI4, __vbaVarLateMemCallLd, __vbaLateMemCallLd, __vbaVarSetObjAddref, _CIatan, __vbaStrMove, __vbaCastObj, -, _allmul, __vbaLateIdSt, __vbaFpCSngR4, _CItan, __vbaAryUnlock, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaFreeObj, __vbaFreeStr, - ( 0 exports )

显示全部楼层 · 发表于 2008-6-28 19:58:49

不是病毒。已讨论过。

显示全部楼层 · 发表于 2008-6-28 20:03:13

已上报红傘

显示全部楼层 · 发表于 2008-6-28 20:03:58

The file 'QQ##############.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.VB.anl. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.04.24. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: TR/Drop.VB.anl.

显示全部楼层 · 发表于 2008-6-28 20:17:24

卡巴一想很“注重”维护用户的隐私。故意误报的

LS很黑色幽默

显示全部楼层 · 发表于 2008-6-28 21:05:18

不是毒
而且~~~也不能看密码的相册

显示全部楼层 · 发表于 2008-7-6 03:16:04

不解1楼意思

[误报文件] 【误报？】QQ空间相册查看器.exe

本帖子中包含更多资源

回复 1楼真.菲戈的帖子

[误报文件] 【误报？】QQ空间相册查看器.exe

本帖子中包含更多资源

回复 1楼 真.菲戈 的帖子

回复 1楼真.菲戈的帖子