可疑文件!
瑞星报告为Trojan.Clicker.Win32.Undef.bo
但http://virusscan.jotti.org/说:
| A-Squared | Found nothing |
| AntiVir | Found nothing |
| ArcaVir | Found nothing |
| Avast | Found nothing |
| AVG Antivirus | Found nothing |
| BitDefender | Found nothing |
| ClamAV | Found nothing |
| CPsecure | Found nothing |
| Dr.Web | Found nothing |
| F-Prot Antivirus | Found nothing |
| F-Secure Anti-Virus | Found nothing |
| G DATA | Found nothing |
| Ikarus | Found nothing |
| Kaspersky Anti-Virus | Found nothing |
| NOD32 | Found nothing |
| Norman Virus Control | Found nothing |
| Panda Antivirus | Found nothing |
| Sophos Antivirus | Found nothing |
| VirusBuster | Found nothing |
| VBA32 | Found nothing |
难道是误杀???
| AhnLab-V3 | 2008.11.11.2 | 2008.11.12 | - |
| AntiVir | 7.9.0.31 | 2008.11.11 | - |
| Authentium | 5.1.0.4 | 2008.11.11 | - |
| Avast | 4.8.1248.0 | 2008.11.11 | - |
| AVG | 8.0.0.161 | 2008.11.11 | - |
| BitDefender | 7.2 | 2008.11.12 | - |
| CAT-QuickHeal | 9.50 | 2008.11.11 | - |
| ClamAV | 0.94.1 | 2008.11.12 | - |
| DrWeb | 4.44.0.09170 | 2008.11.12 | - |
| eSafe | 7.0.17.0 | 2008.11.11 | - |
| eTrust-Vet | 31.6.6204 | 2008.11.11 | - |
| Ewido | 4.0 | 2008.11.11 | - |
| F-Prot | 4.4.4.56 | 2008.11.11 | - |
| F-Secure | 8.0.14332.0 | 2008.11.12 | - |
| Fortinet | 3.117.0.0 | 2008.11.12 | - |
| GData | 19 | 2008.11.12 | - |
| Ikarus | T3.1.1.45.0 | 2008.11.12 | - |
| K7AntiVirus | 7.10.522 | 2008.11.11 | - |
| Kaspersky | 7.0.0.125 | 2008.11.12 | - |
| McAfee | 5431 | 2008.11.12 | - |
| Microsoft | 1.4104 | 2008.11.12 | - |
| NOD32 | 3605 | 2008.11.12 | - |
| Norman | 5.80.02 | 2008.11.11 | - |
| Panda | 9.0.0.4 | 2008.11.11 | - |
| PCTools | 4.4.2.0 | 2008.11.11 | - |
| Prevx1 | V2 | 2008.11.12 | - |
| Rising | 21.03.20.00 | 2008.11.12 | Trojan.Clicker.Win32.Undef.bo |
| SecureWeb-Gateway | 6.7.6 | 2008.11.12 | - |
| Sophos | 4.35.0 | 2008.11.12 | - |
| Sunbelt | 3.1.1785.2 | 2008.11.11 | - |
| Symantec | 10 | 2008.11.11 | Downloader |
| TheHacker | 6.3.1.1.149 | 2008.11.12 | - |
| TrendMicro | 8.700.0.1004 | 2008.11.11 | - |
| VBA32 | 3.12.8.9 | 2008.11.11 | - |
| ViRobot | 2008.11.12.1462 | 2008.11.12 | - |
| VirusBuster | 4.5.11.0 | 2008.11.11 | - |
| 附加信息 |
| File size: 319488 bytes |
| MD5...: dee992f971efaa8e1b724c48ff11a6ef |
| SHA1..: 18c313e234fc92bdd06b7b2446115294b8dcc60b |
| SHA256: 43a4fa4dfe650fbaa8fd58420e62ea8c7fbda72bdbd5dbe01c191e0270df56c2 |
| SHA512: 695f7e51fa1f0bd3ccaa7f66260e63f76056943434854b76f4438c79ff8b9f50 5102059cb06b2069962a1fb7e72e8f053dc4a5a6862e2f3db83c3c06bc820004 |
| PEiD..: - |
| TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10024832 timedatestamp.....: 0x491070bc (Tue Nov 04 15:56:44 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x38979 0x38a00 6.62 c0ba078ca2694b9097dd5788701c3da5 .rdata 0x3a000 0xc181 0xc200 5.11 e4a9ca249cf18ac39cfdca7fe0821a7e .data 0x47000 0x5a94 0x3c00 3.68 c1134e46575e7eec22ddf5d9da90c2cb Shared 0x4d000 0x24 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x4e000 0x190 0x200 4.18 b6f6591f1a66f5be5d2a9bdc19d280ec .reloc 0x4f000 0x4f72 0x5000 5.79 5e2c42afe7fb184756cfc31d3738cde7 ( 11 imports ) > iphlpapi.dll: GetAdaptersInfo > KERNEL32.dll: RaiseException, FindResourceW, SizeofResource, LockResource, LoadResource, FindResourceExW, InterlockedIncrement, InterlockedDecrement, Sleep, GetPrivateProfileIntW, GetPrivateProfileStringW, GetTempPathW, GetTempFileNameW, lstrcpyW, CreateProcessW, SetLastError, CreateMutexW, GetWindowsDirectoryW, FindFirstFileW, FindNextFileW, FindClose, EnterCriticalSection, LeaveCriticalSection, lstrlenW, GetLocalTime, CreateFileW, SetFilePointer, WriteFile, WideCharToMultiByte, CreateFileA, SystemTimeToFileTime, DeviceIoControl, WriteProcessMemory, GetCurrentProcess, GlobalAlloc, GetModuleHandleW, GetTickCount, GlobalLock, GlobalUnlock, FlushInstructionCache, MulDiv, lstrcmpW, VirtualQuery, VirtualProtect, VirtualAlloc, InterlockedCompareExchange, ResumeThread, GetThreadContext, SetThreadContext, SuspendThread, CompareStringW, CompareStringA, WaitForSingleObject, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, RtlUnwind, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, GetDateFormatA, GetTimeFormatA, GetTimeZoneInformation, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetModuleFileNameA, GetStdHandle, GetOEMCP, GetCPInfo, HeapCreate, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCommandLineA, GetSystemTimeAsFileTime, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetVersionExA, CloseHandle, CreateThread, CreateEventW, SetEvent, GetLastError, MultiByteToWideChar, GetCurrentProcessId, DeleteCriticalSection, InitializeCriticalSection, GetModuleFileNameW, GetCurrentThreadId, FreeLibrary, GetCurrentThread, GetProcAddress, LoadLibraryW, SetEnvironmentVariableA, ReadFile, FlushFileBuffers > USER32.dll: PostThreadMessageW, PeekMessageW, DispatchMessageW, TranslateMessage, ShowWindow, CreateDialogParamW, DefWindowProcW, GetWindowThreadProcessId, FindWindowW, SetWindowsHookExW, CallNextHookEx, UnhookWindowsHookEx, SendMessageW, RegisterWindowMessageW, CreateWindowExW, CallWindowProcW, GetDlgItem, GetWindow, SetFocus, GetFocus, IsChild, RedrawWindow, DestroyAcceleratorTable, CharNextW, GetSysColor, CreateAcceleratorTableW, MoveWindow, ReleaseCapture, SetCapture, FillRect, InvalidateRect, InvalidateRgn, ReleaseDC, GetDC, GetMessageW, UnregisterClassA, SetTimer, KillTimer, GetDesktopWindow, GetClientRect, GetWindowRect, SetWindowPos, SetWindowTextW, GetWindowLongW, SetWindowLongW, SetWindowPlacement, BeginPaint, EndPaint, DestroyWindow, ScreenToClient, IsWindow, GetParent, OffsetRect, GetClassInfoExW, RegisterClassExW, GetWindowTextW, GetWindowTextLengthW, LoadCursorW, GetSystemMetrics, VkKeyScanW, PostMessageW, InflateRect, SetRect, PtInRect, GetCursorPos, ClientToScreen, EnumChildWindows, GetClassNameW > GDI32.dll: GetStockObject, GetObjectW, GetDeviceCaps, BitBlt, DeleteDC, CreateCompatibleDC, SelectObject, DeleteObject, CreateCompatibleBitmap, CreateSolidBrush > ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegEnumValueW, RegQueryInfoKeyW, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW > SHELL32.dll: SHGetPathFromIDListW, SHGetFolderLocation > ole32.dll: OleUninitialize, CoUninitialize, CoTaskMemAlloc, StringFromGUID2, OleLockRunning, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CoCreateInstance, OleInitialize, StringFromCLSID, CreateStreamOnHGlobal, CoTaskMemFree, CoInitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > SHLWAPI.dll: PathIsRelativeW, PathFindFileNameW, PathFindOnPathW, PathFileExistsW, PathFindExtensionW, StrStrIW, UrlCanonicalizeW > urlmon.dll: CoInternetGetSession, URLDownloadToFileW, URLDownloadToCacheFileW > WININET.dll: InternetCloseHandle, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA, FindCloseUrlCache, DeleteUrlCacheEntryW, FindNextUrlCacheEntryW, FindFirstUrlCacheEntryW, InternetCrackUrlW, InternetCanonicalizeUrlW ( 4 exports ) SendStatisticDataOnInstall, UpdateIFEOInfo, fnClose, fnOpen |