今天收到一封郵件
用小紅傘掃毒都沒反應
於是抱著好奇的心態執行了檔案
執行前知道他是個螢幕保護程式
執行後沒反應就知道可能中標了
去查了查執行緒
發現有兩個數字的執行檔 5.exe 和 559087.exe (最後一個有點忘了)
循著線索去查
查到在 C:\Program 裡有 winrar 還是 wirar 的資料夾 (5.exe 和 559087.* 就在裡面)
心想我又沒有安裝 WinRAR
就把他刪除了
然後重新開機
到目前也沒什麼異狀
但心理總覺得毛毛的
於是去下載微軟的惡意軟體移除工具
也沒發現
有興趣的人可以來看看這是什麼東西
我把東西放在我的 FTP
http://yougenmi.myweb.hinet.net/559087.zip
| 檔案 _________.scr 接收於 2008.06.22 18:51:23 (CET) | |||
| 反病毒引擎 | 版本 | 最後更新 | 掃瞄結果</td |
| AhnLab-V3 | 2008.6.22.0 | 2008.06.22 | -</td |
| AntiVir | 7.8.0.59 | 2008.06.21 | -</td |
| Authentium | 5.1.0.4 | 2008.06.21 | W32/Onlinegames.gen</td |
| Avast | 4.8.1195.0 | 2008.06.21 | -</td |
| AVG | 7.5.0.516 | 2008.06.22 | PSW.OnlineGames.BR</td |
| BitDefender | 7.2 | 2008.06.22 | Packer.Malware.NSAnti</td |
| CAT-QuickHeal | 9.50 | 2008.06.20 | -</td |
| ClamAV | 0.93.1 | 2008.06.22 | -</td |
| DrWeb | 4.44.0.09170 | 2008.06.22 | modification of Trojan.Nsanti.Packed</td |
| eSafe | 7.0.15.0 | 2008.06.22 | -</td |
| eTrust-Vet | 31.6.5892 | 2008.06.21 | -</td |
| Ewido | 4.0 | 2008.06.22 | -</td |
| F-Prot | 4.4.4.56 | 2008.06.21 | W32/OnlineGames.AE.gen!Eldorado</td |
| Fortinet | 3.14.0.0 | 2008.06.22 | W32/OnLineGames.fam!tr.pws</td |
| GData | 2.0.7306.1023 | 2008.06.22 | -</td |
| Ikarus | T3.1.1.26.0 | 2008.06.22 | -</td |
| Kaspersky | 7.0.0.125 | 2008.06.22 | -</td |
| McAfee | 5322 | 2008.06.20 | PWS-OnlineGames.bd</td |
| Microsoft | 1.3604 | 2008.06.22 | PWS:Win32/OnLineGames.DL!dll</td |
| NOD32v2 | 3207 | 2008.06.22 | -</td |
| Panda | 9.0.0.4 | 2008.06.22 | Suspicious file</td |
| Prevx1 | V2 | 2008.06.22 | -</td |
| Rising | 20.49.62.00 | 2008.06.22 | Packer.Win32.Mian007.a</td |
| Sophos | 4.30.0 | 2008.06.22 | Mal/EncPk-CE</td |
| Sunbelt | 3.0.1153.1 | 2008.06.15 | -</td |
| Symantec | 10 | 2008.06.22 | -</td |
| TheHacker | 6.2.92.358 | 2008.06.21 | -</td |
| TrendMicro | 8.700.0.1004 | 2008.06.20 | Mal_Onlineg</td |
| VBA32 | 3.12.6.7 | 2008.06.21 | -</td |
| VirusBuster | 4.3.26:9 | 2008.06.12 | -</td |
| Webwasher-Gateway | 6.6.2 | 2008.06.22 | Win32.Malware.gen (suspicious)</td |
| 附加訊息 | |||
| File size: 344336 bytes | |||
| MD5...: d0125e411fa027760e44597552d971c1 | |||
| SHA1..: de624500d7fb722886747b81ba672995fb6c4391 | |||
| SHA256: 597ebfbf97e4c163a432eab71d9e6149b936b44cbc65e342233ad625024b1e45 | |||
| SHA512: ad87d838b0102ebd1328989b87fd90a8cda15bb1505908b675307f70c1c2bacb cf1f327dfa90e87a3d088e1cf91f8fed0c660895a28c692a2954c266fdc179cc |
|||
| PEiD..: - | |||
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401000 timedatestamp.....: 0x46f268e6 (Thu Sep 20 12:34:46 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x14000 0x13800 6.47 8c499086717691066d921075ed5bdb09 .data 0x15000 0x7000 0xa00 4.91 0cb811e47f78b5404a658fb36b591857 .idata 0x1c000 0x1000 0x1000 5.12 8bf175092a70a21f11fd06cc4087c7d0 .rsrc 0x1d000 0x8f34 0x9000 5.28 66fb6e85695ffc81e0ddc81b86082f90 ( 8 imports ) > ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW > KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA > COMCTL32.DLL: - > COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA > GDI32.DLL: DeleteObject > SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA > USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA > OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize ( 0 exports ) |
|||
| packers (Kaspersky): PE_Patch | |||
| packers (Authentium): RAR | |||
| packers (F-Prot): RAR | |||
看了一下小紅傘的確是沒有抓出來
不曉得這是什麼樣的東西
病毒、木馬、蠕蟲
要怎麼解決呀
謝謝
暫停才是旅行的意義
內文搜尋
從 APP 打開
X