这个是什么？

显示全部楼层 · 发表于 2008-8-6 09:31:12

这个是什么？
费尔报的

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.6.0	2008.08.05	-
AntiVir	7.8.1.15	2008.08.05	-
Authentium	5.1.0.4	2008.08.05	-
Avast	4.8.1195.0	2008.08.05	-
AVG	8.0.0.156	2008.08.06	-
BitDefender	7.2	2008.08.06	-
CAT-QuickHeal	9.50	2008.08.05	-
ClamAV	0.93.1	2008.08.05	-
DrWeb	4.44.0.09170	2008.08.05	-
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6011	2008.08.05	-
Ewido	4.0	2008.08.05	-
F-Prot	4.4.4.56	2008.08.05	-
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.05	-
GData	2.0.7306.1023	2008.08.06	-
Ikarus	T3.1.1.34.0	2008.08.06	-
K7AntiVirus	7.10.404	2008.08.05	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	-
Microsoft	1.3807	2008.08.06	-
NOD32v2	3330	2008.08.06	-
Norman	5.80.02	2008.08.05	-
Panda	9.0.0.4	2008.08.05	Suspicious file
PCTools	4.4.2.0	2008.08.05	-
Prevx1	V2	2008.08.06	-
Rising	20.56.12.00	2008.08.05	-
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.06	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	-
ViRobot	2008.8.5.1324	2008.08.05	-
VirusBuster	4.5.11.0	2008.08.05	-
Webwasher-Gateway	6.6.2	2008.08.05	-

[ 本帖最后由 freehuang 于 2008-8-6 09:32 编辑 ]

显示全部楼层 · 发表于 2008-8-6 09:33:46

0000818C 1000818C    0 Delete
00008194 10008194    0 NoRemove
000081A0 100081A0    0 ForceRemove
000081CC 100081CC    0 \iexplore.exe
000081DC 100081DC    0 C:\Program Files\Internet Explorer
00008204 10008204    0 \Application Data\Microsoft\Internet Explorer\Quick Launch
00008240 10008240    0 C:\Documents and Settings\
0000825C 1000825C    0 C:\Program Files\Internet Explorer\iexplore.exe
00008290 10008290    0 Internet Explorer
000082D0 100082D0    0 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ //貌似是加密过的（不知道是不是）
00008354 10008354    0 setup
0000835C 1000835C    0 00/00/00
00008370 10008370    0 RFWMAIN.EXE
00008384 10008384    0 http://www.9486.cn/
00008398 10008398    0 http://www.9522.cn
000083AC 100083AC    0 http://www.8009.com
000083C0 100083C0    0 http://www.kwxf.com
000083D4 100083D4    0 http://about.blank.la/
000083EC 100083EC    0 MONXP.KXP
000083F8 100083F8    0 KVSRVXP.EXE
00008404 10008404    0 360TRAY.EXE
00008410 10008410    0 360SAFE.EXE
0000841C 1000841C    0 about:blank
00008428 10008428    0 Start Page
00008434 10008434    0 Software\Microsoft\Internet Explorer\Main
00008460 10008460    0 okdata
00008468 10008468    0 http://www.kwxf.com/
00008480 10008480    0 http://about-bank.cn/
0000854C 1000854C    0 invalid string position

00009320 10009320    0 e:\App\web\Dll\dll\Release\dll.pdb

[ 本帖最后由 kiki 于 2008-8-6 11:09 编辑 ]

显示全部楼层 · 发表于 2008-8-6 09:37:41

QQ.dll
MD5: 3659BE020A71A1677AFFA009F057AE18
经分析，在该文件中包含恶意代码（Adware）。

000081CC 100081CC    0 \iexplore.exe
000081DC 100081DC    0 C:\Program Files\Internet Explorer
00008204 10008204    0 \Application Data\Microsoft\Internet Explorer\Quick Launch
00008240 10008240    0 C:\Documents and Settings\
0000825C 1000825C    0 C:\Program Files\Internet Explorer\iexplore.exe
00008370 10008370    0 RFWMAIN.EXE
00008384 10008384    0 http://www.9486.cn/
00008398 10008398    0 http://www.9522.cn
000083AC 100083AC    0 http://www.8009.com
000083C0 100083C0    0 http://www.kwxf.com
000083D4 100083D4    0 http://about.blank.la/
000083EC 100083EC    0 MONXP.KXP
000083F8 100083F8    0 KVSRVXP.EXE
00008404 10008404    0 360TRAY.EXE
00008410 10008410    0 360SAFE.EXE

00008428 10008428    0 Start Page
00008434 10008434    0 Software\Microsoft\Internet Explorer\Main

00008468 10008468    0 http://www.kwxf.com/
00008480 10008480    0 http://about-bank.cn/

[ 本帖最后由 zwl2828 于 2008-8-6 09:49 编辑 ]

显示全部楼层 · 发表于 2008-8-6 09:46:00

在C盘下生成log的文件夹，自动添加到启动
用费尔木马强力清楚助手干掉了

显示全部楼层 · 发表于 2008-8-6 09:52:26

金山 0

显示全部楼层 · 发表于 2008-8-6 12:01:18

Sent to Avira

显示全部楼层 · 发表于 2008-8-6 12:10:23

RS20.56.12未杀！

显示全部楼层 · 发表于 2008-8-6 15:26:41

The file 'QQ.dll' has been determined to be 'MALWARE'. Our analysts discovered that the file is an adware or spyware program. Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2008-8-6 23:32:38

8.0.0.454未报

显示全部楼层 · 发表于 2008-8-7 08:49:12

卡巴今早杀

已删除：木马程序 Trojan.Win32.StartPage.bph 文件　: D:\软件\其它\v\k\new\1\quoi.rar/QQ.dll

[病毒样本] 这个是什么？

2/0