13岁帅哥 - 2009-3-16 21:16:00
你好管理员 该病毒仿冒windows管理器进程,隐藏在d:\目录下,并且自动联网,在c:\windows下建立文件(主动防御检测到的)我估计可能是QQ病毒。
大部分杀软检测是病毒:
File taskmgr.exe received on 03.16.2009 14:20:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 17/38 (44.74%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 57 and 81 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
附件: taskmgr.rar
大部分杀软检测是病毒:
File taskmgr.exe received on 03.16.2009 14:20:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 17/38 (44.74%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 57 and 81 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact
Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
| Email: | |
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.101 | 2009.03.16 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.03.16 | - |
| AntiVir | 7.9.0.114 | 2009.03.16 | - |
| Authentium | 5.1.0.4 | 2009.03.15 | W32/Heuristic-210!Eldorado |
| Avast | 4.8.1335.0 | 2009.03.16 | - |
| AVG | 8.0.0.237 | 2009.03.16 | Suspicion: unknown virus |
| BitDefender | 7.2 | 2009.03.16 | Gen:Trojan.Heur.2004C4E5E5 |
| CAT-QuickHeal | 10.00 | 2009.03.16 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2009.03.16 | - |
| Comodo | 1059 | 2009.03.16 | - |
| DrWeb | 4.44.0.09170 | 2009.03.16 | - |
| eSafe | 7.0.17.0 | 2009.03.15 | Suspicious File |
| eTrust-Vet | 31.6.6388 | 2009.03.09 | - |
| F-Prot | 4.4.4.56 | 2009.03.15 | W32/Heuristic-210!Eldorado |
| F-Secure | 8.0.14470.0 | 2009.03.16 | Backdoor.Win32.VB.hzm |
| Fortinet | 3.117.0.0 | 2009.03.16 | - |
| GData | 19 | 2009.03.16 | Gen:Trojan.Heur.2004C4E5E5 |
| Ikarus | T3.1.1.45.0 | 2009.03.16 | - |
| K7AntiVirus | 7.10.671 | 2009.03.14 | - |
| Kaspersky | 7.0.0.125 | 2009.03.16 | Backdoor.Win32.VB.hzm |
| McAfee | 5554 | 2009.03.15 | - |
| McAfee+Artemis | 5554 | 2009.03.15 | - |
| McAfee-GW-Edition | 6.7.6 | 2009.03.16 | Trojan.Crypt.FKM.Gen |
| Microsoft | 1.4405 | 2009.03.16 | - |
| NOD32 | 3938 | 2009.03.16 | - |
| Norman | 6.00.06 | 2009.03.13 | Suspicious_F.gen |
| nProtect | 2009.1.8.0 | 2009.03.16 | - |
| Panda | 10.0.0.10 | 2009.03.15 | - |
| PCTools | 4.4.2.0 | 2009.03.16 | Packed/FSG |
| Rising | 21.21.02.00 | 2009.03.16 | Trojan.Win32.Nodef.fxj |
| Sophos | 4.39.0 | 2009.03.16 | Mal/Behav-160 |
| Sunbelt | 3.2.1858.2 | 2009.03.15 | VIPRE.Suspicious |
| Symantec | 1.4.4.12 | 2009.03.16 | - |
| TheHacker | 6.3.3.0.283 | 2009.03.16 | - |
| TrendMicro | 8.700.0.1004 | 2009.03.16 | PAK_Generic.002 |
| VBA32 | 3.12.10.1 | 2009.03.16 | - |
| ViRobot | 2009.3.16.1650 | 2009.03.16 | - |
| VirusBuster | 4.6.5.0 | 2009.03.15 | Packed/FSG |
| Additional information |
| File size: 42965 bytes |
| MD5...: 916e289de783274cd5e3a8f6a5673e67 |
| SHA1..: 113760fe9006b74f6b5ec084e029f2952232220d |
| SHA256: 9d347bc415f68e41dd9b362ccd0717627930e1f136ce81a9aef1f191871a38e6 |
| SHA512: 2a018ab8a78c2925b9324f395b19b5db5fd91920830ccb7d6d69f56c967df695 76344a859d11dacf9da58320f7e1caf36e1285e3b3edf08e3104feaee9b3057a |
| ssdeep: 768:tEbdRrMlikwMbIQV482sNaI9Uj4ISvOyUQLfeoQUih8GXE/dMWXwUfoP816/ C84R:aLMl0ag7eYa2CLeo8h83bXQ016/pQt |
| PEiD..: FSG v2.0 -> bart/xt |
| TrID..: File type identification Win32 Executable Generic (67.9%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Targa bitmap (Original TGA Format) (0.0%) MS Flight Simulator Aircraft Performance Info (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x154 timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987) machinetype.......: 0x14c (I386) ( 2 sections ) name viradd virsiz rawdsiz ntrpy md5 0x1000 0x1d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e 0x1e000 0xb000 0xa5d5 7.83 2d16a88ef4ee39874d9e88e7e75edfc5 ( 1 imports ) > KERNEL32.dll: LoadLibraryA, GetProcAddress ( 0 exports ) |
| packers (Kaspersky): FSG |
| packers (Authentium): FSG |
| packers (F-Prot): FSG |
附件: taskmgr.rar