估计很多杀软误报，帮我用手动hips测试下

显示全部楼层 · 发表于 2009-1-23 10:47:45

应该是。红伞的分析结果是BD的机器

显示全部楼层 · 发表于 2009-1-23 10:51:08

原帖由 gankeyu 于 2009-1-23 10:47 发表
应该是。红伞的分析结果是BD的机器

BD 的机器?...

显示全部楼层 · 发表于 2009-1-23 10:52:56

机器的BD...反了

显示全部楼层 · 发表于 2009-1-23 11:24:05

机器的BD.什么意思吖？？？

显示全部楼层 · 发表于 2009-1-23 13:46:56

2009-01-23 13:43:37 应用程序保护(运行应用程序)    操作:阻止
进程路径:F:\files\files\fix.exe
文件路径:C:\WINDOWS\system32\conime.exe

2009-01-23 13:43:43 文件保护(创建文件)    操作:阻止并结束进程
进程路径:F:\files\files\疑难杂症处理.exe
文件路径:C:\met.bat

2009-01-23 13:43:43 文件保护(创建文件)    操作:阻止并结束进程
进程路径:F:\files\files\疑难杂症处理.exe
文件路径:C:\met.bat

2009-01-23 13:43:43 文件保护(创建文件)    操作:阻止并结束进程
进程路径:F:\files\files\疑难杂症处理.exe
文件路径:C:\met.bat

显示全部楼层 · 发表于 2009-1-23 14:19:07

有病毒特征么？？？

显示全部楼层 · 发表于 2009-1-23 14:20:06

注意一共有3个单独的不相干的样本（从软件中提取出来滴）

显示全部楼层 · 发表于 2009-1-23 17:38:14

nod32 3.0 没有报

to eset

显示全部楼层 · 发表于 2009-1-23 18:03:42

都是误报

fix.exe无法运行...

疑难杂症处理.exe释放了一个bat文件，是正常的注册文件bat

rundll32.exe /s advpack.dll /DelNodeRunDLL32 %systemroot%\System32\dacui.dll
rundll32.exe /s advpack.dll /DelNodeRunDLL32 %systemroot%\Catroot\icatalog.mdb
regsvr32 /s setupwbv.dll
regsvr32 /s wininet.dll
regsvr32 /s comcat.dll
regsvr32 /s shdoc401.dll
regsvr32 /s shdoc401.dll /i
regsvr32 /s asctrls.ocx
regsvr32 /s oleaut32.dll
regsvr32 /s shdocvw.dll /I
regsvr32 /s shdocvw.dll
regsvr32 /s browseui.dll
regsvr32 /s browseui.dll /I
regsvr32 /s msrating.dll
regsvr32 /s mlang.dll
regsvr32 /s hlink.dll
regsvr32 /s mshtml.dll
regsvr32 /s mshtmled.dll
regsvr32 /s urlmon.dll
regsvr32 /s plugin.ocx
regsvr32 /s sendmail.dll
regsvr32 /s comctl32.dll /i
regsvr32 /s inetcpl.cpl /i
regsvr32 /s mshtml.dll /i
regsvr32 /s scrobj.dll
regsvr32 /s mmefxe.ocx
regsvr32 /s proctexe.ocx mshta.exe /register
regsvr32 /s corpol.dll
regsvr32 /s jscript.dll
regsvr32 /s msxml.dll
regsvr32 /s imgutil.dll
regsvr32 /s thumbvw.dll
regsvr32 /s cryptext.dll
regsvr32 /s rsabase.dll
regsvr32 /s triedit.dll
regsvr32 /s dhtmled.ocx
regsvr32 /s inseng.dll
regsvr32 /s iesetup.dll /i
regsvr32 /s hmmapi.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s actxprxy.dll
regsvr32 /s dispex.dll
regsvr32 /s occache.dll
regsvr32 /s occache.dll /i
regsvr32 /s iepeers.dll
regsvr32 /s wininet.dll /i
regsvr32 /s urlmon.dll /i
regsvr32 /s digest.dll /i
regsvr32 /s cdfview.dll
regsvr32 /s webcheck.dll
regsvr32 /s mobsync.dll
regsvr32 /s pngfilt.dll
regsvr32 /s licmgr10.dll
regsvr32 /s icmfilter.dll
regsvr32 /s hhctrl.ocx
regsvr32 /s inetcfg.dll
regsvr32 /s trialoc.dll
regsvr32 /s tdc.ocx
regsvr32 /s MSR2C.DLL
regsvr32 /s msident.dll
regsvr32 /s msieftp.dll
regsvr32 /s xmsconf.ocx
regsvr32 /s ils.dll
regsvr32 /s msoeacct.dll
regsvr32 /s wab32.dll
regsvr32 /s wabimp.dll
regsvr32 /s wabfind.dll
regsvr32 /s oemiglib.dll
regsvr32 /s directdb.dll
regsvr32 /s inetcomm.dll
regsvr32 /s msoe.dll
regsvr32 /s oeimport.dll
regsvr32 /s msdxm.ocx
regsvr32 /s dxmasf.dll
regsvr32 /s laprxy.dll
regsvr32 /s l3codecx.ax
regsvr32 /s acelpdec.ax
regsvr32 /s mpg4ds32.ax
regsvr32 /s voxmsdec.ax
regsvr32 /s danim.dll
regsvr32 /s Daxctle.ocx
regsvr32 /s lmrt.dll
regsvr32 /s datime.dll
regsvr32 /s dxtrans.dll
regsvr32 /s dxtmsft.dll
regsvr32 /s vgx.dll
regsvr32 /s WEBPOST.DLL
regsvr32 /s WPWIZDLL.DLL
regsvr32 /s POSTWPP.DLL
regsvr32 /s CRSWPP.DLL
regsvr32 /s FTPWPP.DLL
regsvr32 /s FPWPP.DLL
regsvr32 /s FLUPL.OCX
regsvr32 /s wshom.ocx
regsvr32 /s wshext.dll
regsvr32 /s vbscript.dll
regsvr32 /s wupdinfo.dll
regsvr32 /s shimgvw.dll
regsvr32 /s wmpdxm.dll
regsvr32 /s appwiz.cpl
regsvr32 /s msi.dll
regsvr32 /s /i shell32.dll
regsvr32 /s scrrun.dll mstinit.exe /setup
regsvr32 /s msnsspc.dll /SspcCreateSspiReg
regsvr32 /s msapsspc.dll /SspcCreateSspiReg
del C:\met.bat

复制代码

重建图标缓存.exe的重建图标缓存功能修改了：
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics下的Shell Icon Size，值修改为了32
恢复系统默认功能修改了很多东西
自己看吧，都是很正常的东西，太多了...

注：推荐用写字板看，用记事本看很花的

[ 本帖最后由 aarwwefdds 于 2009-1-23 18:05 编辑 ]

显示全部楼层 · 发表于 2009-1-23 19:24:59

真是太感谢了！！！

[误报文件] 估计很多杀软误报，帮我用手动hips测试下

回复 10楼 germany05400 的帖子

回复 12楼挪威的冬天的帖子

回复 15楼 hddu 的帖子

本帖子中包含更多资源

回复 19楼 aarwwefdds 的帖子