12   2  /  2  页   跳转

[求助] 请进..有要事求助

回复:天月来了.请进..有要事求助

a-squared 4.0.0.101 2009.05.05 -
AhnLab-V3 5.0.0.2 2009.05.05 -
AntiVir 7.9.0.160 2009.05.05 -
Antiy-AVL 2.0.3.1 2009.05.05 -
Authentium 5.1.2.4 2009.05.04 -
Avast 4.8.1335.0 2009.05.04 -
AVG 8.5.0.327 2009.05.04 Generic13.ACNT
BitDefender 7.2 2009.05.05 -
CAT-QuickHeal 10.00 2009.05.05 -
ClamAV 0.94.1 2009.05.05 -
Comodo 1149 2009.05.03 TrojWare.Win32.PSW.QQPass.~XP
DrWeb 5.0.0.12182 2009.05.05 Trojan.PWS.Qqpass.2709
eSafe 7.0.17.0 2009.05.03 -
eTrust-Vet 31.6.6489 2009.05.05 -
F-Prot 4.4.4.56 2009.05.04 -
F-Secure 8.0.14470.0 2009.05.05 -
Fortinet 3.117.0.0 2009.05.05 PossibleThreat
GData 19 2009.05.05 -
Ikarus T3.1.1.49.0 2009.05.05 -
K7AntiVirus 7.10.723 2009.05.04 -
Kaspersky 7.0.0.125 2009.05.05 -
McAfee 5605 2009.05.04 -
McAfee+Artemis 5605 2009.05.04 -
McAfee-GW-Edition 6.7.6 2009.05.05 -
Microsoft 1.4602 2009.05.05 -
NOD32 4052 2009.05.04 Win32/Spy.Agent.NNQ
Norman 6.01.05 2009.05.04 -
nProtect 2009.1.8.0 2009.05.04 -
Panda 10.0.0.14 2009.05.04 -
PCTools 4.4.2.0 2009.05.03 -
Prevx1 3.0 2009.05.05 -
Rising 21.28.11.00 2009.05.05 -
Sophos 4.41.0 2009.05.05 -
Sunbelt 3.2.1858.2 2009.05.05 -
Symantec 1.4.4.12 2009.05.05 -
TheHacker 6.3.4.1.318 2009.05.04 -
TrendMicro 8.950.0.1092 2009.05.05 -
VBA32 3.12.10.4 2009.05.04 -
ViRobot 2009.5.4.1719 2009.05.04 -
VirusBuster 4.6.5.0 2009.05.04 -
附加信息
File size: 53248 bytes
MD5...: ac70efdf7d08062ff450782e437d511f
SHA1..: 0674f16a9b69e59544161f7ec3a6d3a68dfc959d
SHA256: cb53fb8b914b42ca049b2b825365ab9b7af5a239f929258a428eeab5ce85fffc
SHA512: 83f30abb4d4d542a55cd61f3a200de5ad5a19f5ffd100230ec4b44931259558d
652e80ba8f21047f8612f572807a5227ba499679a4c8a2fae151976f41890df3
ssdeep: 384:VDo/STpJET1kEFgg5dZFf37UEfksP53TyKSJk7lUhButB+cAB8ougjZlQg:6
6TpJODLZN3lVTgJk7lYBTB8ouq

PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x134b
timedatestamp.....: 0x49ef16f2 (Wed Apr 22 13:09:06 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x41ba 0x5000 5.88 9199937a0c2e30742983c655c3faa758
.rdata 0x6000 0x2a4b 0x3000 3.55 778f3ce3c8c9cce34ef6d1c26bf2a539
.data 0x9000 0x3160 0x3000 0.71 a170953fbb574d730ea0c5ee4aee82d6
.reloc 0xd000 0xc4e 0x1000 3.00 72dcfc9d15f01c33cf3f42d63d4eb8dc

( 3 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, Process32Next, lstrcmpiA, Process32First, CreateToolhelp32Snapshot, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, RtlUnwind, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, InterlockedDecrement, InterlockedIncrement
> USER32.dll: SendMessageA, IsWindow
> SHELL32.dll: ShellExecuteA

( 79 exports )
AcceptEx, EnumProtocolsA, EnumProtocolsW, GetAcceptExSockaddrs, GetAddressByNameA, GetAddressByNameW, GetNameByTypeA, GetNameByTypeW, GetServiceA, GetServiceW, GetTypeByNameA, GetTypeByNameW, MigrateWinsockConfiguration, NPLoadNameSpaces, SetServiceA, SetServiceW, TransmitFile, WEP, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSAGetLastError, WSAIsBlocking, WSARecvEx, WSASetBlockingHook, WSASetLastError, WSAStartup, WSAUnhookBlockingHook, WSApSetPostRoutine, __WSAFDIsSet, _recv@16, _recvfrom@24, _send@16, _sendto@24, accept, bind, closesocket, connect, dn_expand, gethostbyaddr, gethostbyname, gethostname, getnetbyname, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_network, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, rcmd, recv, recvfrom, rexec, rresvport, s_perror, select, send, sendto, sethostname, setsockopt, shutdown, socket

PDFiD.: -
RDS...: NSRL Reference Data Set
gototop
 

回复:天月来了.请进..有要事求助

a-squared - - -
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
nProtect - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - PAK_Generic.001
VBA32 - - -
ViRobot - - -
VirusBuster - - -
附加信息
MD5: 055950423e99890651a2f35d5a157c29
SHA1: d9b5bc9aac70be68c7183dbbab4ec037e57aaa8c
SHA256: 294942208987ed97a97a7da72d9d072d2732b9f3ca50d3b73bf645fc2277e87d
SHA512: c6bb905c4d183a5ad9e77405e0329d2abb36630da436e13032b1094ca0092b3a66dd1891fcd7a213577888c29dfe0595ebdb27e672de5b4e329c1f08b142a742
gototop
 

回复:天月来了.请进..有要事求助

这些东西我不会看..不知道是什么意思
gototop
 

回复:天月来了.请进..有要事求助

D:\Program Files\Tencent\QQ\WSOCK32.dll
    D:\Program Files\Tencent\QQ\MSIMG32.dll
挪出QQ文件夹(不是复制,直接剪贴)
重新运行QQ
能运行的话说明真中过1.exe
Comodo 1149 2009.05.03 TrojWare.Win32.PSW.QQPass.~XP
Comodo不是HIPS吗
gototop
 

回复:天月来了.请进..有要事求助

能运行..不过哪个画图软件不会弹出来了
gototop
 

回复:请进..有要事求助

MSIMG32.dll
WINDOWS的
  msimg32.dll是Windows图形设备接口GDI相关模块,用于支持新的API应用程序接口和GDI32相关特性。
请标记为已解决
最好把那2个恶意文件传上来
gototop
 
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT