瑞星卡卡安全论坛

已将windows.dat加密并发送至您的邮箱，请查收。谢谢！

您好,已受到您的邮件.

附件是一个不可执行的dat文件,不是病毒,请注意路径为c:\windows\目录下的windows.dat

【回复“chentong”的帖子】
请使用多引擎病毒扫描服务扫描这个c:\windows\windows.dat并贴出报告：
http://www.virustotal.com/flash/index_en.html
http://virusscan.jotti.org/。

http://virusscan.jotti.org/的报告：

Service 
Service load:  0%        100% 

File:  windows.dat 
Status:  POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) 
MD5  f2b126197f44de73540b294b91ab4f8a 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found JS/StartPage.D 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

http://www.virustotal.com/flash/index_en.html的报告：

This is a report processed by VirusTotal on 09/17/2005 at 17:17:11 (CET) after scanning the file "windows.dat" file.
Antivirus Version Update Result
AntiVir 6.32.0.3 09.16.2005 no virus found
Avast 4.6.695.0 09.16.2005 no virus found
AVG 718 09.16.2005 no virus found
Avira 6.32.0.3 09.16.2005 no virus found
BitDefender 7.2 09.17.2005 no virus found
CAT-QuickHeal 8.00 09.17.2005 no virus found
ClamAV devel-20050725 09.17.2005 no virus found
DrWeb 4.32b 09.17.2005 no virus found
eTrust-Iris 7.1.194.0 09.16.2005 no virus found
eTrust-Vet 11.9.1.0 09.16.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 JS/StartPage.D
F-Prot 3.16c 09.16.2005 no virus found
Ikarus 0.2.59.0 09.16.2005 no virus found
Kaspersky 4.0.2.24 09.17.2005 no virus found
McAfee 4583 09.16.2005 no virus found
NOD32v2 1.1219 09.16.2005 no virus found
Norman 5.70.10 09.16.2005 no virus found
Panda 8.02.00 09.17.2005 no virus found
Sophos 3.97.0 09.17.2005 no virus found
Symantec 8.0 09.17.2005 Trojan.StartPage
TheHacker 5.8.2.108 09.16.2005 no virus found
VBA32 3.10.4 09.16.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com

Fortinet Found JS/StartPage.D
Fortinet 2.41.0.0 09.07.2005 JS/StartPage.D
Symantec 8.0 09.17.2005 Trojan.StartPage
大多杀软不报。

看名称应该是个恶意脚本。

【回复“感覺”的帖子】
首先请上报这个c:\windows\windows.dat。
重启至安全模式，查看windows.dat的属性，记录下“创建时间”和“修改时间”，搜索系统盘中与之相同的可疑文件并跟帖回复。删除c:\windows\windows.dat。使用HijackThis扫描，可能会发现O19项不存在了。以windows.dat为关键词搜索注册表，删除相关内容。

to:花开花又落斑竹
附件中确实是路径为c:\windows\目录下的windows.dat

to:天使之剑
请问该如何上报windows.dat呢？

【回复“chentong”的帖子】准确意义上来说没有病毒的行为，不算病毒！