卡吧今天是不是又误报了lsass.exe?

显示全部楼层 · 发表于 2008-8-30 14:01:37

这是正常的Sp2的lsass.exe

MD5明显不一样

File: D:\桌面\lsass\lsass.exe
Size: 13312 bytes
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Modified: 2004年8月16日, 4:39:16 下午
MD5: 891600E79C38249028F1BACC1C6CC5D2
SHA1: 29551E418D78D529289F03F3C538E5FDBC8DC9EE
CRC32: B6352032

不妨用我刚才上传的文件进行覆盖

显示全部楼层 · 发表于 2008-8-30 14:02:25

都传n次了,对不起，您上传的附件尺寸为 0，系统不允许上传此类附件，请返回修改这个算什么意思啊?

显示全部楼层 · 发表于 2008-8-30 14:02:36

454没报

显示全部楼层 · 发表于 2008-8-30 14:03:06

请看这里
lsass.exe恐怕被人动了
http://bbs.kafan.cn/redirect.php ... o=lastpost#lastpost

显示全部楼层 · 发表于 2008-8-30 14:06:49

我的lsass.exe扫描报告

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2007.12.30	2007-12-30	-	9.129
AntiVir	7.6.0.46	7.0.1.181	2007-12-31	-	0.000
Arcavir	1.0.4	200712300951	2007-12-30	-	35.719
AVAST!	1.0.8	071230-0	2007-12-30	-	72.734
AVG	7.5.49.442	269.17.12/1203	2007-12-30	-	48.843
BitDefender	7.60825.962821	7.16611	2007-12-31	-	0.000
CA (VET)	9.0.0.143	31.3.5417	2007-12-31	-	15.134
ClamAV	0.91.2	5308	2007-12-31	-	0.025
Comodo	2.11	2.0.0.390	2007-12-31	-	7.442
CP Secure	1.1.0.655	2007.12.31	2007-12-31	-	117.909
Dr.Web	4.44.0.9170	2007.12.31	2007-12-31	-	89.842
ewido	4.0.0.2	2007.12.30	2007-12-30	-	9.076
F-Prot	4.4.1.52	20071230	2007-12-30	-	39.217
F-Secure	5.51.6100	2007.12.28.04	2007-12-28	-	82.776
Ikarus	T3.1.01.15	2007.12.31.70074	2007-12-31	-	9.367
mks_vir	2.01	2007.12.30	2007-12-30	-	0.000
NOD32	2.70.10	2758	2007-12-31	-	0.026
Norman	5.91.08	5.90	2007-12-30	-	124.607
nProtect	2007-12-31.00	1108089	2007-12-31	-	11.542
Prevx	V2	20071231	2007-12-31	TROJAN.DOWNLOADER.GEN	20.144
Quick Heal	9.00	2007.12.29	2007-12-29	-	11.580
Sophos	2.49.1	4.21	2007-12-31	-	0.000
The Hacker	6.2.9	v00175	2007-12-29	-	7.064
VBA32	3.12.2.5	20071229.2021	2007-12-29	-	27.168
ViRobot	20071231	2007.12.31	2007-12-31	-	8.542
VirusBuster	4.3.19:9	9.118.11/11.0	2007-12-31	-	0.000
卡巴斯基	5.5.10	2007.12.30	2007-12-30	-	125.208
安博士V3	2007.12.31.00	2007.12.31	2007-12-31	-	5.754
江民杀毒	10.00.650	2007.12.30	2007-12-30	-	7.075
熊猫卫士	9.04.03.0001	2007.12.30	2007-12-30	-	6.902
瑞星	19.0	20.24.52.00	2007-12-29	-	9.348
赛门铁克	1.3.0.24	20071230.003	2007-12-30	-	0.252
趋势科技	8.500-1001	4.922.03	2007-12-30	-	0.044
迈克菲	5.2.00	5195	2007-12-28	-	28.567
金山毒霸	2007.6.20.249	2007.12.31	2007-12-31	-	5.686
飞塔	2.81-3.11	8.449	2007-12-03	-	5.522

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

复制到剪贴板

显示全部楼层 · 发表于 2008-8-30 14:08:14

上传不了啊,还有个问题是我的04年刻的安装光盘也提示发现这个病毒?难道04年一直到现在?

显示全部楼层 · 发表于 2008-8-30 14:09:05

我的lsass.exe
VirusTotal 扫描报告

File lsass.exe received on 08.25.2008 05:34:06 (CET)
Current status: finished
Result: 0/36 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.8.21.0 2008.08.25 -
AntiVir 7.8.1.23 2008.08.24 -
Authentium 5.1.0.4 2008.08.25 -
Avast 4.8.1195.0 2008.08.24 -
AVG 8.0.0.161 2008.08.24 -
BitDefender 7.2 2008.08.25 -
CAT-QuickHeal 9.50 2008.08.22 -
ClamAV 0.93.1 2008.08.25 -
DrWeb 4.44.0.09170 2008.08.24 -
eSafe 7.0.17.0 2008.08.24 -
eTrust-Vet 31.6.6044 2008.08.23 -
Ewido 4.0 2008.08.24 -
F-Prot 4.4.4.56 2008.08.25 -
F-Secure 7.60.13501.0 2008.08.25 -
Fortinet 3.14.0.0 2008.08.25 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.24 -
K7AntiVirus 7.10.427 2008.08.23 -
Kaspersky 7.0.0.125 2008.08.25 -
McAfee 5368 2008.08.22 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3383 2008.08.24 -
Norman 5.80.02 2008.08.22 -
Panda 9.0.0.4 2008.08.24 -
PCTools 4.4.2.0 2008.08.24 -
Prevx1 V2 2008.08.25 -
Rising 20.58.62.00 2008.08.24 -
Sophos 4.32.0 2008.08.25 -
Sunbelt 3.1.1575.1 2008.08.23 -
Symantec 10 2008.08.25 -
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.23 -
VBA32 3.12.8.4 2008.08.23 -
ViRobot 2008.8.22.1346 2008.08.22 -
VirusBuster 4.5.11.0 2008.08.24 -
Webwasher-Gateway 6.6.2 2008.08.24 -
Additional information
File size: 13312 bytes
MD5...: 891600e79c38249028f1bacc1c6cc5d2
SHA1..: 29551e418d78d529289f03f3c538e5fdbc8dc9ee
SHA256: 64dce4efb2e730b54be70ddf8deb8ea26a918bae634c4e254ae46b8a5d27cc11
SHA512: 33f9ff567a4262615e4faf9aa707762c23b1955d08975c3c5f5dff3156afd5ae
5e08d758c777cb8d7d70000285e88f998cfd836e1f403227338dac4898d197a9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10014bd
timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d0 0x1200 6.02 b6cba22e12ea412280741f6481546647
.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250
.rsrc 0x4000 0x1b40 0x1c00 7.16 e4a0d77578ef1aa0158f6be8dfc6d37a

( 5 imports )
> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf
> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery
> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter
> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo
> SAMSRV.dll: SamIInitialize, SampUsingDsData

( 0 exports )

显示全部楼层 · 发表于 2008-8-30 14:10:07

MD5: e61240692f61af81b9154317f30a718e
First received: 2008.08.30 04:16:16 (CET)
日期 2008.08.30 07:49:02 (CET) [<1D]
结果 2/36
Permalink: analisis/7c7638e1bf54e5259bd82da5c40c2d56
这个是检测结果,这个文件是我删除后自动生成的

显示全部楼层 · 发表于 2008-8-30 14:11:26

KIS 8.0.0.454 未报

我自己的也未报

[ 本帖最后由浪滔天于 2008-8-30 14:16 编辑 ]

显示全部楼层 · 发表于 2008-8-30 14:12:26

原帖由 complay 于 2008-8-30 14:10 发表
这个文件是我删除后自动生成的 [

恐怕不是系统生成的....有病毒的样子
不妨用我上传的文件进行替换

卡吧今天是不是又误报了lsass.exe?

891600E79C38249028F1BACC1C6CC5D2

回复 8楼 llydmissile 的帖子

回复 8楼 llydmissile 的帖子