误报吗？一个播放东西

显示全部楼层 · 发表于 2009-9-16 12:44:46

瑞星2010
Win32.Parite.a

显示全部楼层 · 发表于 2009-9-16 12:47:40

Avira AntiVir
S-Player.rar
  [0] Archive type: RAR
--> S-Player.exe
   [DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    A backup was created as '4ad0f6c4.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2009-9-16 12:52:53

• File Info

Name	Value
Size	274174
MD5	658cd46b3e2c8630722d72ee2497c59e
SHA1	c93bec3d931955cadeb304b0246efbdd283ee064
SHA256	a19126e91724e4c59e47b3b446814deac2855fda61a9d60960855b8c277630fd
Process	Active

• Keys Created

Name	Last Write Time
CU\Software\Microsoft\Multimedia\DrawDib	2009.01.12 14:48:03.734

• Keys Changed• Keys Deleted• Values Created

Name	Type	Size	Value
CU\Software\Microsoft\Multimedia\DrawDib\vga.drv 800x600x32(BGR 0)	REG_SZ	24	"31,31,31,31"
CU\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF	REG_BINARY	42	?

• Values Changed• Values Deleted• Directories Created• Directories Changed• Directories Deleted• Files Created

Name	Size	Last Write Time	Creation Time	Last Access Time	Attr
C:\Documents and Settings\User\Local Settings\Temp\axa1.tmp	176128	2009.01.12 14:48:01.015	2009.01.12 14:48:00.921	2009.01.12 14:48:00.921	0x20

• Files Changed

Name	Size	Last Write Time	Creation Time	Last Access Time	Attr
C:\Documents and Settings\User\NTUSER.DAT	524288/786432	2009.01.12 13:45:13.906/2009.01.12 14:48:03.734	2008.08.01 05:31:04.546/2008.08.01 05:31:04.546	2009.01.12 13:45:13.906/2009.01.12 13:45:13.906	0x22/0x22
C:\WINDOWS\system32\config\software	8912896/8912896	2009.01.12 13:45:17.156/2009.01.12 14:48:02.343	2008.07.31 16:55:51.593/2008.07.31 16:55:51.593	2009.01.12 13:45:17.156/2009.01.12 13:45:17.156	0x20/0x20

• Files Deleted• Directories Hidden• Files Hidden• Drivers Loaded• Drivers Unloaded• Processes Created• Processes Terminated• Threads Created

PId	Process Name	TId	Start	Start Mem	Win32 Start	Win32 Start Mem
0x344	svchost.exe	0x170	0x7c810856	MEM_IMAGE	0x7c910760	MEM_IMAGE
0x404	svchost.exe	0x7a8	0x7c810856	MEM_IMAGE	0x77e76bf0	MEM_IMAGE
0x404	svchost.exe	0x7d8	0x7c810856	MEM_IMAGE	0x7c929fae	MEM_IMAGE
0x490	svchost.exe	0x7bc	0x7c810856	MEM_IMAGE	0x77e76bf0	MEM_IMAGE
0x73c	explorer.exe	0x7d0	0x7c810856	MEM_IMAGE	0x179778c	MEM_IMAGE
0x73c	explorer.exe	0x7dc	0x7c810856	MEM_IMAGE	0x71a5d5af	MEM_IMAGE

• Modules Loaded

PId	Process Name	Base	Size	Flags	Image Name
0x73c	explorer.exe	0x1750000	0x74000	0x80284004	C:\DOCUME~1\User\LOCALS~1\Temp\axa1.tmp
0x73c	explorer.exe	0x662b0000	0x58000	0x800c4004	C:\WINDOWS\system32\hnetcfg.dll
0x73c	explorer.exe	0x71a50000	0x3f000	0x80084004	C:\WINDOWS\system32\mswsock.dll
0x73c	explorer.exe	0x71a90000	0x8000	0x800c4004	C:\WINDOWS\System32\wshtcpip.dll

• Windows Api Calls• DNS Queries• HTTP Queries• Verdict

Auto Analysis Verdict

Undetected

• Events Created or Opened

PId	Image Name	Address	Event Name
0x374	C:\TEST\sample.exe	0x77de5f48	Global\SvcctrlStartEvent_A3752DX

C:\DOCUME~1\User\LOCALS~1\Temp\axa1.tmp多半有问题~~~
有木马程序~~~

显示全部楼层 · 发表于 2009-9-16 13:12:37

啊。我windwos 很多文件感染了。。。。。。。。。。。。。

显示全部楼层 · 发表于 2009-9-16 17:34:43

蠕虫名称：Worm.Win32.Agent.fmf

程序：
C:\SANDBOX\ADMINISTRATOR\DEFAULTBOX\USER\CURRENT\LOCAL SETTINGS\TEMP\PHBA.TMP
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2009-9-16 18:31:12

Norton AntiVirus

显示全部楼层 · 发表于 2009-9-16 21:54:26

2009/9/16 21:53:58 已清除病毒 Virus.Win32.Parite.a G:\Temp\Virus\S-Player.rar/S-Player.exe

显示全部楼层 · 发表于 2009-9-16 22:06:15

McAfee W32/Pate.a

显示全部楼层 · 发表于 2009-9-16 22:09:47

http://virscan.org/report/707cf9125965a0deb2032249d87993ad.html
主流均报

[误报文件] 误报吗？一个播放东西

本帖子中包含更多资源

本帖子中包含更多资源