强悍的VirusTotal结果

emutony

这不是百度工具条的组件吗？

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.7.29.1	2008.08.02	-
AntiVir	7.8.1.15	2008.08.04	TR/Rootkit.AK
Authentium	5.1.0.4	2008.08.03	W32/Backdoor.ARKX
Avast	4.8.1195.0	2008.08.03	Win32:Trojan-gen {Other}
AVG	8.0.0.156	2008.08.03	Generic2.KHD
BitDefender	7.2	2008.08.04	-
CAT-QuickHeal	9.50	2008.08.02	AdWare.Boran.w (Not a Virus)
ClamAV	0.93.1	2008.08.04	-
DrWeb	4.44.0.09170	2008.08.04	Adware.Borlander
eSafe	7.0.17.0	2008.08.03	-
eTrust-Vet	31.6.6002	2008.08.02	-
Ewido	4.0	2008.08.03	Not-A-Virus.Adware.BDSearch
F-Prot	4.4.4.56	2008.08.03	W32/Backdoor.ARKX
F-Secure	7.60.13501.0	2008.08.04	-
Fortinet	3.14.0.0	2008.08.03	Adware/Boran
GData	2.0.7306.1023	2008.08.03	Win32:Trojan-gen
Ikarus	T3.1.1.34.0	2008.08.04	not-a-virus:AdWare.Win32.Boran.w
K7AntiVirus	7.10.402	2008.08.02	Rootkit.Win32.Agent.Family
Kaspersky	7.0.0.125	2008.08.04	-
McAfee	5352	2008.08.01	potentially unwanted program Adware-BDSearch
Microsoft	1.3807	2008.08.04	BrowserModifier:Win32/BaiduSobar
NOD32v2	3323	2008.08.04	-
Norman	5.80.02	2008.08.01	W32/Rootkit.CHW
Panda	9.0.0.4	2008.08.03	Rootkit/Baidu
PCTools	4.4.2.0	2008.08.03	-
Prevx1	V2	2008.08.04	Adware
Rising	20.55.62.00	2008.08.03	-
Sophos	4.31.0	2008.08.03	Baidu Bar
Sunbelt	3.1.1537.1	2008.08.01	-
TheHacker	6.2.96.392	2008.08.02	-
TrendMicro	8.700.0.1004	2008.08.01	-
VBA32	3.12.8.2	2008.08.02	-
ViRobot	2008.8.1.1321	2008.08.01	Adware.Baidu.28672
VirusBuster	4.5.11.0	2008.08.03	-
Webwasher-Gateway	6.6.2	2008.08.04	Trojan.Rootkit.AK

附加信息

File size: 28672 bytes

MD5...: d8ad2f959208197455aa4a2a67be9f69

SHA1..: 928c73a689a9cda6f82b1cb59fd6882221cf4ebb

SHA256: bf5168f26685a6c0ec9b16f8dc4671d877d8aaaf137a6a3509452a1ff9898f97

SHA512: 03f98af586cea700b0a9ca3a9746c453e8cf32d8eb20e7c3f1d0062abdadd031 c6104c1baefa4133188ea51d2f37c867509b4ca8bc0e03095cec6e2b47d6115e

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x113cd timedatestamp.....: 0x455537d1 (Sat Nov 11 02:39:13 2006) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4928 0x4a00 6.35 9db8eba7563ac4a6845fd4b46289174d .rdata 0x6000 0x7c5 0x800 4.31 7f84f3c40c8332b4233cfc131b0a68c4 .data 0x7000 0x5c0 0x200 0.04 24203b33b9a53a29261d0ee9f94f2085 INIT 0x8000 0xa14 0xc00 4.85 96092ad28ffe9e9295d5923d041c4a71 .rsrc 0x9000 0x330 0x400 2.73 a86d63d5e4da66383543f98c521a32fb .reloc 0xa000 0x618 0x800 4.95 1c66fd91c5e8b3e957534eb14de1f967 ( 2 imports ) > ntoskrnl.exe: RtlInitUnicodeString, IoRegisterDriverReinitialization, ObfDereferenceObject, RtlCompareUnicodeString, IoGetDeviceObjectPointer, IoCreateDevice, RtlAppendUnicodeToString, ExAllocatePoolWithTag, IoDeleteSymbolicLink, IoCreateSymbolicLink, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, IoRegisterShutdownNotification, IoRegisterFsRegistrationChange, _wcslwr, memcpy, memset, ExInitializeNPagedLookasideList, KeInitializeEvent, ExFreePoolWithTag, IoDeleteDevice, InitSafeBootMode, _strnicmp, _stricmp, _snprintf, wcscpy, MmIsAddressValid, PsGetCurrentProcessId, PsGetCurrentThreadId, ExInitializeResourceLite, KeLeaveCriticalRegion, ExAcquireResourceSharedLite, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, ExReleaseResourceLite, _snwprintf, ZwQueryInformationFile, ZwDeleteValueKey, ZwQueryValueKey, ZwOpenKey, strncmp, strlen, IoGetCurrentProcess, IoDetachDevice, MmGetSystemRoutineAddress, ZwCreateFile, InterlockedPushEntrySList, ExGetPreviousMode, wcsncpy, IoAttachDeviceToDeviceStack, ExQueueWorkItem, KeSetEvent, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, RtlEqualUnicodeString, ObQueryNameString, ObfReferenceObject, KeDelayExecutionThread, RtlCopyUnicodeString, RtlFreeUnicodeString, ZwReadFile, strncpy, strrchr, ZwEnumerateValueKey, ZwSetSystemInformation, KeServiceDescriptorTable, ZwQuerySystemInformation, IoGetBaseFileSystemDeviceObject, ObReferenceObjectByHandle, IoFileObjectType, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, wcslen, RtlAnsiStringToUnicodeString, RtlAppendStringToString, RtlCompareString, _strlwr, RtlAppendUnicodeStringToString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, IoFreeIrp, wcscat, KeGetCurrentThread, IoAllocateIrp, memmove, ZwTerminateProcess, ZwRestoreKey, ZwDeleteKey, ZwEnumerateKey, ZwSetValueKey, ZwClose, _except_handler3, InterlockedPopEntrySList, IofCompleteRequest > HAL.dll: ExReleaseFastMutex, KeGetCurrentIrql, ExAcquireFastMutex ( 0 exports )

Prevx info: http://info.prevx.com/aboutprogr ... 092558790008129553B

emutony

Sophos 4.31.0 2008.08.03 Baidu Bar

cruiyong

看不见那里是百度的工具条

Tynox

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:         http://bbs.kafan.cn/attachment.p ... e2&t=1218503549
Information:         Is the TR/Rootkit.AK Trojan

Generated by AntiVir WebGuard 8.0.15.0, AVE 8.1.1.19, VDF 7.0.5.240

看名字感觉都已经是入库的产品了
百毒不用.

Palkia

金山 0

ranguangning

看见rootkit的影子

woai_jolin

深刻怀疑是百度搜霸
看看卡巴不报 又有其他av报百度 就知道了

david-2008

就是广告软件

qigang

RS20.57.11未杀！

BING126

McAfee  Adware-BDSearch