360独家报，看看是不是病毒

显示全部楼层 · 发表于 2010-8-3 08:45:59

红伞，金山卫士不杀。

显示全部楼层 · 发表于 2010-8-3 08:46:39

样本名称：一键清理优化.exe

文件MD5：9d7a8f5305cb5bf88cc288400ffaafd0

鉴定结果：安全

显示全部楼层 · 发表于 2010-8-3 08:47:14

to Avira
to MSE 2.0

显示全部楼层 · 发表于 2010-8-3 08:47:19

毒霸云提示安全。

显示全部楼层 · 发表于 2010-8-3 08:47:59

上报NOD32

显示全部楼层 · 发表于 2010-8-3 08:56:12

本帖最后由 ssama 于 2010.8.3 09:26 编辑

回复 1楼 zmzcy 的帖子
to avast! & Emsisoft

有恶意行为的说s.reg

Windows Registry Editor Version 5.00
//设置搜索提供商
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{A481937F-4D99-4B11-86E6-5B0F1007C557}"
"Version"=dword:00000001
"DownloadRetries"=dword:00000000[indent][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A481937F-4D99-4B11-86E6-5B0F1007C557}]
"DisplayName"="百度"
"URL"="http://www.baidu.com/s?ie=utf-8&tn=comguge999_dg&wd={searchTerms}"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL_JSON"="http://suggestion.baidu.com/su?wd={searchTerms}&action=opensearch&ie=utf-8&from=ie8"
"Codepage"=dword:0000fde9
"OSDFileURL"="http://www.ieaddons.com/cn/DownloadHandler.ashx?ResourceId=857"
"FaviconURL"="http://www.baidu.com/favicon.ico"
"SortIndex"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A74B9955-EBA2-4088-BB67-929511A48B49}]
"DisplayName"="Google"
"URL"="http://www.google.cn/search?hl=zh-CN&q={searchTerms}&btnG=Google+%E6%90%9C%E7%B4%A2&meta=&aq=f&oq="
"OSDFileURL"="http://www.ieaddons.com/cn/DownloadHandler.ashx?ResourceId=851"
"FaviconURL"="http://www.google.cn/favicon.ico"
"SortIndex"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD1ECE7C-8C7B-43EE-9C77-8F356BC3D293}]
"DisplayName"="淘宝闪电搜索"
"URL"="http://search8.taobao.com/browse/search_auction.htm?q={searchTerms}&pid=mm_10532670_0_0&search_type=auction&commend=all&at_topsearch=1"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL"="http://search1.taobao.com/browse/search_visual.htm?n=15&q={searchTerms}"
"Codepage"=dword:000003a8
"OSDFileURL"="http://www.ieaddons.com/cn/DownloadHandler.ashx?ResourceId=872"
"FaviconURL"="http://www.taobao.com/favicon.ico"
"SortIndex"=dword:00000003

复制代码

一键清理优化.bat

cls
@echo off//清屏,不显示命令
//根据属性选择要删除的文件。强制删除只读文件。安静模式。删除全局通配符时，不要求确认
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\风行网络电影.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\酷我音乐盒.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网络电视.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\查查看2.0.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\桌面\多特软件站.*"
del /a /f /q "%SystemDrive%\Documents and Settings\All Users\桌面\金山清理专家2009.*"
del /a /f /q "%SystemDrive%\Documents and Settings\All Users\桌面\金山网镖.*"
del /a /f /q "%SystemDrive%\Documents and Settings\All Users\桌面\迅雷看看-免费高清影视.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\桌面\千千音乐.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\桌面\多特软件站.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\桌面\修复360安全卫士.*"
del /a /f /q "%SystemDrive%\Documents and Settings\All Users\桌面\风行游戏.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\PPS网络电视\多特知道电脑答疑.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\PPS网络电视\下载软件最新版.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\酷狗\多特知道电脑答疑.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\酷狗\下载软件最新版.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\Microsoft Office\访问完美者精品下载站.*"
del /a /f /q "D:\我的文档\收藏夹\爱词霸英语学习社区.*"
del /a /f /q "D:\我的文档\Favorites\QQ网址大全.*"
del /a /f /q "D:\我的文档\Favorites\爱词霸英语学习社区.*"
del /a /f /q "D:\我的文档\Favorites\链接\QQ网址大全.*"
del /a /f /q "D:\我的文档\Favorites\金狐电脑工作室-Jinhu Computer Studio.*"
del /a /f /q "D:\我的文档\Favorites\搜索王 - Search All.*"
md "%ProgramFiles%\速达浏览器"
copy "%temp%\一键清理优化\SUDA.EXE" "%ProgramFiles%/速达浏览器/" /y
del /a /f /q "%USERPROFILE%\收藏夹\爱词霸英语学习社区.*"
del /a /f /q "%USERPROFILE%\Favorites\QQ网址大全.*"
del /a /f /q "%USERPROFILE%\Favorites\爱词霸英语学习社区.*"
del /a /f /q "%USERPROFILE%\Favorites\链接\QQ网址大全.*"
del /a /f /q "%USERPROFILE%\Favorites\金狐电脑工作室-Jinhu Computer Studio.*"
del /a /f /q "%USERPROFILE%\Favorites\搜索王 - Search All.*"
del /a /f /q "%ProgramFiles%\FlashGet Network\FlashGet 3\绿色下载吧.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\快车 (FlashGet)\访问自由分享绿色下载吧！.*"
del /a /f /q "%ProgramFiles%\StormII\绿色下载吧.*"
del /a /f /q "%SystemDrive%\Documents and Settings\Administrator\「开始」菜单\程序\暴风影音\访问自由分享绿色下载吧！.*"
del /a /f /q "%SystemDrive%\WINDOWS\Tasks\SogouImeMgr.job"
//运行s.reg等
regedit /s "%temp%\一键清理优化\s.reg"
"%temp%\一键清理优化\shdoclc.exe"[/indent]exit

复制代码

显示全部楼层 · 发表于 2010-8-3 13:26:12

過金山網盾

显示全部楼层 · 发表于 2010-8-3 19:23:11

这些天360误报太厉害了，要不是自己亲身经历过，还真不相信它会误报误杀随便拦截。

显示全部楼层 · 发表于 2010-8-3 19:37:51

删除"修复360安全卫士"不是毒？是啥？
360没有误报。360报对了。这是360自卫的行为。

[可疑文件] 360独家报，看看是不是病毒

浏览过的版块