搞笑的误杀...

Sherry.ai

运行后没有危害...
PS.按ESC退出

xiaochi12

類別未登錄？

qianwenxiang

报的joke/bluescreen估计。。

Sherry.ai

没有一家报Joke...
都保网马

Palkia

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\Nothing.rar'
C:\Documents and Settings\Administrator\桌面\Nothing.rar
    [0] Archive type: RAR
    --> Nothing.scr
      [DETECTION] Contains recognition pattern of the ADSPY/Ag.SSS.518193 adware or spyware
    [NOTE]      The file was deleted!

taoyuan237

I服了YOU。真搞啊

08红伞威点

文件名称 :	090118 Nothing x1.rar
文件大小 :	506198 byte
文件类型 :	RAR archive data, v1d, os
MD5 :	9256bf4f2622c30fd6718ba2db64ab21
SHA1 :	b27c2ab3ea8a932a69411927f4daba9161e1a9be

扫描结果 :

8%的杀软(3/37)报告发现病毒

a-squared

4.0.0.29

20090116183424

2009-01-16

AdWare.Ag.SSS.518193!IK

AntiVir

7.9.0.57

7.1.1.135

2009-01-17

ADSPY/Ag.SSS.518193

Ikarus

T3.1.01.45

2009.01.18.72169

2009-01-18

AdWare.Ag.SSS.518193

Ag.SSS.518193
The file 'Nothing.scr' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Ag.SSS.518193. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 7.00.02.23.
--------------------------------------------------------------------------------------------------------------------------------------------------
"ADSPY/" 指 adware 或间谍软体。 这类型的恶意软体能够改变操纵登录设定,举例来说位置的浏览器或 NTFS 的使用。 通常， IEexploits 被用以操纵 browserhelp.dll 。

上沙盘
∞∞∞∞∞
• File Info

Name	Value
Size	518193
MD5	23c996ef87463bde3957adee73cd9e20
SHA1	6b48927fca0ebbdaf241db5d1464e832d2653950
SHA256	d73fb530b4ad0bb84cda64cf72b3a9311241de375830f64dbeb66aa49c5653b7
Process	Active

• Keys Created• Keys Changed• Keys Deleted• Values Created• Values Changed• Values Deleted• Directories Created

Name	Last Write Time	Creation Time	Last Access Time	Attr
C:\Documents and Settings\User\Local Settings\Temp\88820091201165105	2009.01.12 14:51:05.937	2009.01.12 14:51:05.828	2009.01.12 14:51:05.937	0x10

• Directories Changed• Directories Deleted• Files Created

Name	Size	Last Write Time	Creation Time	Last Access Time	Attr
C:\Documents and Settings\User\Local Settings\Temp\88820091201165105\AMD.swf	159846	2006.04.30 18:36:04.000	2009.01.12 14:51:05.843	2009.01.12 14:51:05.843	0x20
C:\Documents and Settings\User\Local Settings\Temp\88820091201165105\config.dat	162	2006.04.30 20:27:38.000	2009.01.12 14:51:05.859	2009.01.12 14:51:05.859	0x20
C:\Documents and Settings\User\Local Settings\Temp\88820091201165105\config.ini	858	2006.04.30 20:27:38.000	2009.01.12 14:51:05.843	2009.01.12 14:51:05.843	0x20
C:\Documents and Settings\User\Local Settings\Temp\88820091201165105\Windows XP Blue Screen.swf	71049	2006.04.30 19:40:54.000	2009.01.12 14:51:05.843	2009.01.12 14:51:05.843	0x20

• Files Changed• Files Deleted• Directories Hidden• Files Hidden• Drivers Loaded• Drivers Unloaded• Processes Created• Processes Terminated• Threads Created• Modules Loaded• Windows Api Calls• DNS Queries• HTTP Queries• Verdict

Auto Analysis Verdict

Not Rated as Suspicious

• Mutexes Created or Opened

PId	Image Name	Address	Mutex Name
0x2a4	C:\TEST\sample.exe	0x77267e1b	ZonesCacheCounterMutex
0x2a4	C:\TEST\sample.exe	0x77267e1b	ZonesLockedCacheCounterMutex
0x2a4	C:\TEST\sample.exe	0x772689fc	ZonesCounterMutex

• Events Created or Opened

PId	Image Name	Address	Event Name
0x2a4	C:\TEST\sample.exe	0x77de5f48	Global\SvcctrlStartEvent_A3752DX

浪滔天

有点意思， 用来吓吓人不错~

willjjyu

赞啊 ！ 蓝屏.....