收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 大家看一下是不是病毒?
12
返回列表 发新帖
楼主: zls156
 收起左侧

[病毒样本] 大家看一下是不是病毒?

[复制链接]
fatezero
发表于 2010-11-8 22:12:54 | 显示全部楼层
Filename
Result
taskmgr.exe
FALSE POSITIVE

The file 'taskmgr.exe' has been determined to be 'FALSE POSITIVE'.In particular this means that this file is not malicious but a false alarm.Detection will not be removed due to the fact that the file contains malicious but non working fragments. This is an indicator that it was not disinfected properly from a previous infection. We recommend to restore the original copy from a backup media.
Filename
Result
winlogon.exe
DAMAGED FILE (MALWARE)

The file 'winlogon.exe' has been determined to be 'DAMAGED FILE (MALWARE)'.In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments.Our analysts named the threat W32/Almanahe.B.The term "W32/" denotes a file virus or malware that runs on 32 Bit Windows systems (Windows 95 and higher) only.Detection is added to our virus definition file (VDF) starting with version 6.39.00.12.
回复

举报

s8706042
发表于 2010-11-8 23:16:26 | 显示全部楼层
本帖最后由 s8706042 于 2010-11-8 23:22 编辑

趨勢: TROJ_GEN.R47C3GF

回复

举报

歌歌的人
发表于 2010-11-9 01:07:43 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

猪头大队
头像被屏蔽
发表于 2010-11-9 09:09:14 | 显示全部楼层
Artemis!29C6C8CE687C

360网盾未知
回复

举报

diannao6051
发表于 2010-11-9 09:41:02 | 显示全部楼层
我这个也是Vista 版本的taskmgr.exe 不过大小事223kb小红伞等都不报毒
你这个有261kb了 不过运行了也正常!
回复

举报

ljy_0119
发表于 2010-11-9 09:51:32 | 显示全部楼层
结果: 发现 2 个恶意软件
Gen:Malware.Heur.Gm0@ba1T99db (病毒)
C:\Users\...\Downloads\桌面.zip\winlogon.exe
C:\Users\...\Downloads\桌面.zip 操作: 已隔离
回复

举报

fake5
发表于 2010-11-9 09:53:10 | 显示全部楼层
回复 1楼 zls156 的帖子

BitDefender 2011

此网页已被BitDefender反病毒实时防护拦截!

被BitDefender拦截的网页包含(可能)已被病毒感染的对象。您的系统未被 感染。
回复

举报

左手
发表于 2010-11-9 16:39:27 | 显示全部楼层
2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    修改注册表值    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\windows\explorer.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\windows\explorer.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\usb safely remove\usbsafelyremove.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\usb safely remove\usbsafelyremove.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\wkssvc
规则: [文件]*

2010-11-9 16:38:05    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:08    修改注册表值    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\Preferences
值: b0 02 00 00 e8 03 00 00 01 00 00 00 01 00 00 00 0a 00 00 00 0a 00 00 00 9e 01 00 00 b3 01 00 00 01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 00 00 00 6b 00 00 00 23 00 00 00 46 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
规则: [注册表]*

2010-11-9 16:38:08    修改文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQWubi\local.stat
规则: [文件]*

2010-11-9 16:38:09    修改注册表值    阻止
进程: c:\documents and settings\administrator\桌面\test\winlogon.exe
目标: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname
值: 电脑室PC-201004081713
规则: [注册表组]注册表保护 -> [注册表]*\System\*ControlSet*\Services\*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    修改注册表值    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
值: C:\Documents and Settings\Administrator\Application Data
规则: [注册表组]注册表保护 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\windows\explorer.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\windows\explorer.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\tencent\tt\bin\ttraveler.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\usb safely remove\usbsafelyremove.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    向其他进程发送消息    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: c:\program files\usb safely remove\usbsafelyremove.exe
消息: WM_GETICON
规则: [应用程序]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\wkssvc
规则: [文件]*

2010-11-9 16:38:11    读文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: \Device\NamedPipe\lsarpc
规则: [文件]*

2010-11-9 16:38:14    修改注册表值    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\Preferences
值: b0 02 00 00 e8 03 00 00 01 00 00 00 01 00 00 00 0a 00 00 00 0a 00 00 00 9e 01 00 00 b3 01 00 00 01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 00 00 00 6b 00 00 00 23 00 00 00 46 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
规则: [注册表]*

2010-11-9 16:38:14    修改文件    阻止
进程: c:\documents and settings\administrator\桌面\test\taskmgr.exe
目标: C:\Documents and Settings\Administrator\Application Data\Tencent\QQWubi\local.stat
规则: [文件]*

回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-9 22:36 , Processed in 0.100056 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表