可疑的东西，可竟然有的报病毒

ccfish

提示跟ＷＩＤＮＯＷＳ的一个服务有关，不知道是病毒利用了服务还是服务使用了病毒技术。

微点从很久前就一直阻止这个DTS3212.exe而且一直都是未知。。


另一个，　

文件名称 :	mswmdmsrv.dll
文件大小 :	32768 byte
文件类型 :	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 :	33e391f6b0849825d79c6945c9416d6b
SHA1 :	8fc918e69a2671ef8ca7c6145c183944e110b471

扫描结果 :	3%的杀软(1/37)报告发现病毒
时间 :	2009/02/26 08:29:51 (CST)

FLogo

to kaba kill !

Hello,

dts3212.exe_ - Backdoor.Win32.Agent.aeef

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

mswmdmsrv.dll

No malicious code was found in this file.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

[ 本帖最后由 FLogo 于 2009-2-26 08:53 编辑 ]

ledled

VirusBuster found nothing

saga3721

TR/Crypt.ZPACK.Gen' [trojan]

左手

2009-02-26 09:10:47    创建文件      操作:阻止
进程路径:E:\virus\dts3212.exe
文件路径:C:\WINDOWS\system32\mswmdmsrv.dll
触发规则:应用程序规则->02-允许修改的程序->*.*->*\*.dll


2009-02-26 09:10:47    创建文件      操作:阻止并结束进程
进程路径:E:\virus\dts3212.exe
文件路径:C:\WINDOWS\system32\taskmagr.exe
触发规则:应用程序规则->02-允许修改的程序->*.*->*\*.exe

ccfish

我覺得這東西應該發送給微軟分析。

如果不是病毒，只是MEDIAPLAYER的一個服務，那這些殺毒軟件報病毒的話，就是一個嚴重的事故------誤殺系統文件。。。

ledled

连微软都报了, 这东西真的是WMP的?
http://virscan.org/report/f72e32f25de96c518db68456f340de69.html

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\Administrator\Desktop\DTS3212.rar'
C:\Users\Administrator\Desktop\DTS3212.rar
  [0] Archive type: RAR
    [NOTE]      The file was deleted!
    --> mswmdmsrv.dll
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    --> dts3212.exe
      [1] Archive type: RSRC
      [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan


End of the scan: 2009年2月25日  17:52
Used time: 00:02 Minute(s)

The scan has been done completely.

      0 Scanned directories
      3 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      1 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes

ccfish

那么,下面這個服務有問題了？

Portable media serial number

注：從2008年中秋節到現在，隔不久偶爾被DTS32XX.exe這個文件騷擾。
我的系統是：2003中文企業版SP2（EnterPrise edition），現在這個服務不能運行

wrq

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:  http://bbs.kafan.cn/attachment.p ... eb&t=1235616253
Information:  Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program  


--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.88, VDF 7.1.2.80