冒险岛一外挂，疑似病毒

今取现在

昨天同学说被盗号，据说是用了外挂，今天我打开，KIS8.0报风险，选择不完全阻止之后，跳出以下对话框。

请大家帮我分析一下是不是病毒

上穿virscan  全部检测无病毒

MD5  aa7e042fee68f0860060e45cfeff3cfa

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.5.0.22	2008.08.29	2008-08-29	-	2.847
AntiVir	7.8.1.23	7.0.6.92	2008-08-29	-	2.259
Arcavir	1.0.5	200808291850	2008-08-29	-	1.194
AVAST!	3.0.1	080830-0	2008-08-30	-	0.154
AVG	7.5.51.442	270.6.13/1642	2008-08-29	-	1.546
BitDefender	7.60825.1677963	7.20739	2008-08-30	-	2.951
CA (VET)	9.0.0.143	31.6.6057	2008-08-29	-	3.815
ClamAV	0.93.3	8120	2008-08-30	-	0.055
Comodo	2.11	2.0.0.632	2008-08-30	-	0.428
CP Secure	1.1.0.715	2008.08.30	2008-08-30	-	6.465
Dr.Web	4.44.0.9170	2008.08.30	2008-08-30	-	3.112
ewido	4.0.0.2	2008.08.30	2008-08-30	-	3.486
F-Prot	4.4.4.56	20080829	2008-08-29	-	1.338
F-Secure	5.51.6100	2008.08.30.01	2008-08-30	-	3.205
Ikarus	T3.1.01.34	2008.08.30.71367	2008-08-30	-	3.240
Microsoft	1.3807	2008.08.30	2008-08-30	-	4.318
mks_vir	2.01	2008.08.25	2008-08-25	-	2.628
Norman	5.93.01	5.93.00	2008-08-29	-	5.029
nProtect	2008-08-29.00	1993388	2008-08-29	-	4.483
Quick Heal	9.50	2008.08.29	2008-08-29	-	2.023
Sophos	2.78.0	4.33	2008-08-30	-	1.731
Sunbelt	3.1.1592.1	2210	2008-08-29	-	0.449
The Hacker	6.3.0.6	v00068	2008-08-29	-	0.454
VBA32	3.12.8.4	20080830.0609	2008-08-30	-	1.150
ViRobot	20080829	2008.08.29	2008-08-29	-	0.509
VirusBuster	4.5.11.10	10.84.15/623217	2008-08-29	-	0.897
卡巴斯基	5.5.10	2008.08.30	2008-08-30	-	0.053
安博士V3	2008.08.30.00	2008.08.30	2008-08-30	-	0.903
江民杀毒	11.0.706	2008.08.30	2008-08-30	-	1.199
熊猫卫士	9.05.01	2008.08.30	2008-08-30	-	2.714
瑞星	20.0	20.59.51.00	2008-08-30	-	0.845
赛门铁克	1.3.0.24	20080829.005	2008-08-29	-	0.083
趋势科技	8.700-1004	5.508.11	2008-08-30	-	0.027
迈克菲	5.3.00	5373	2008-08-29	-	2.122
金山毒霸	2008.1.14.15	2008.8.30.15	2008-08-30	-	0.590
飞塔	2.81-3.11	9.492	2008-08-30	-	1.827

qigang

外挂报毒也有的，照用便是。

今取现在

原帖由 qigang 于 2008-8-30 22:31 发表
外挂报毒也有的，照用便是。

但我同学号子已经被盗了。。。。

hum

sww我分析过有毒
其他的就不知道了

今取现在

原帖由 hum 于 2008-8-30 22:35 发表
sww我分析过有毒
其他的就不知道了

LS 也玩？哈哈
SWW盛大官网已经确认病毒了。
不知道我传上来的这个是不是的

hum

已上传Threatexpert

PS：你哪个区？

今取现在

原帖由 hum 于 2008-8-30 22:37 发表
已上传Threatexpert

PS：你哪个区？

哈哈，谢谢上传    2区  祖母绿~

hum

http://www.threatexpert.com/repo ... 0860060e45cfeff3cfa
Submission details:
Submission received: 31 August 2008, 00:39:15
Processing time: 5 min 29 sec
Submitted sample:
File MD5: 0xAA7E042FEE68F0860060E45CFEFF3CFA
Filesize: 212,992 bytes
Summary of the findings:
What's been found        Severity Level
Downloads/requests other files from Internet.       




Technical Details:
The new window was created, as shown below:



NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

        File System Modifications

The following file was created in the system:
#        Filename(s)        File Size        File MD5
1        [file and pathname of the sample #1]         212,992 bytes        0xAA7E042FEE68F0860060E45CFEFF3CFA


        Memory Modifications

There was a new process created in the system:
Process Name        Process Filename        Main Module Size
[filename of the sample #1]        [file and pathname of the sample #1]        225,280 bytes



        Other details

Analysis of the file resources indicate the following possible country of origin:

        China


The following Internet Connection was established:
Server Name        Server Port        Connect as User        Connection Password
www.25mxd.com        80        (null)        (null)


The following GET requests were made:
index.html
index.jpg

今取现在

我看不懂，到底有没有毒啦？

曲中求

这签名太有才了。。。