引用:
原帖由 qwas1985zx 于 2008-10-11 00:26 发表 
又发现一个 在system32里 要访问QQ
这个文件 avast 报警了。
前面的文件只有 2b16897739.rar (89 Bytes) 没报,别的都报了,并删除了。
红伞的扫描报告:
Starting the file scan:
Begin scan in 'D:\Downloads\新建文件夹 (3)\setup2008930.rar'
D:\Downloads\新建文件夹 (3)\setup2008930.rar
[0] Archive type: RAR
--> setup2008930.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] A backup was created as '496388a9.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\Downloads\新建文件夹 (3)\tcpsrv1.rar'
D:\Downloads\新建文件夹 (3)\tcpsrv1.rar
[0] Archive type: RAR
--> tcpsrv1.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] A backup was created as '495f88a8.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\Downloads\新建文件夹 (3)\2b16897739.rar'
Begin scan in 'D:\Downloads\新建文件夹 (3)\360oft.rar'
D:\Downloads\新建文件夹 (3)\360oft.rar
[0] Archive type: RAR
--> 360oft
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE] A backup was created as '491f887b.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\Downloads\新建文件夹 (3)\1345.rar'
Begin scan in 'D:\Downloads\新建文件夹 (3)\bloghorse.rar'
D:\Downloads\新建文件夹 (3)\bloghorse.rar
[0] Archive type: RAR
--> bloghorse.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] A backup was created as '495e88b2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
你中了灰鸽子后门程序了:
360oft
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
用Process Explorer 会有 PROCEXP111.SYS 没有公司名,是Process Explorer 的驱动,当Process Explorer 关闭此驱动会自动删除。
哈哈,我比你还早注册一天呢!2006-9-20 注册的,你是21号注册的。
[
本帖最后由 zebao 于 2008-10-11 01:23 编辑 ]
