前天提上来的这个问题还在啊.不定时自动打开http://www.day616.cn/chengren/1362.html.据网上说的是木马.怎么办.瑞星对这木马一点反应也没有.怎么办.99我吧.在进程里找到的是这个iexplore.exe 文件.请瑞星的大哥们尽快处理.

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Trojan.PowerSpider.ac 木马病毒

前天也是这样做了.我把扫描结果也上传了.

这个是现在扫描的.请尽快吧

?如果等到这网页自动打开了.再扫描会不会好一点?

路由器下有两部电脑,一部是关的.我这部是开的.

好的.等一下就发给你们.还有一个不正常的地方是.常有访问剪贴板的对话框出来.

这是第一个文件的.我看不明白.

a-squared 4.0.0.101 2009.04.02 -
AhnLab-V3 5.0.0.2 2009.04.02 -
AntiVir 7.9.0.129 2009.04.02 -
Antiy-AVL 2.0.3.1 2009.04.02 -
Authentium 5.1.2.4 2009.04.01 -
Avast 4.8.1335.0 2009.04.02 -
AVG 8.5.0.285 2009.04.02 -
BitDefender 7.2 2009.04.02 -
CAT-QuickHeal 10.00 2009.04.01 -
ClamAV 0.94.1 2009.04.02 -
Comodo 1093 2009.04.01 -
DrWeb 4.44.0.09170 2009.04.02 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6432 2009.04.02 -
F-Prot 4.4.4.56 2009.04.01 -
F-Secure 8.0.14470.0 2009.04.02 -
Fortinet 3.117.0.0 2009.04.02 -
GData 19 2009.04.02 -
Ikarus T3.1.1.49.0 2009.04.02 -
K7AntiVirus 7.10.690 2009.04.01 Backdoor.Win32.HacDef.toxx
Kaspersky 7.0.0.125 2009.04.02 -
McAfee 5571 2009.04.01 -
McAfee+Artemis 5571 2009.04.01 -
McAfee-GW-Edition 6.7.6 2009.04.01 -
Microsoft 1.4502 2009.04.02 -
NOD32 3983 2009.04.02 -
Norman 6.00.06 2009.04.02 -
nProtect 2009.1.8.0 2009.04.02 -
Panda 10.0.0.14 2009.04.02 -
PCTools 4.4.2.0 2009.04.02 -
Prevx1 V2 2009.04.02 High Risk System Back Door
Rising 21.23.32.00 2009.04.02 -
Sophos 4.40.0 2009.04.02 -
Sunbelt 3.2.1858.2 2009.04.02 Trojan.Rootkit.GEN
Symantec 1.4.4.12 2009.04.02 -
TheHacker 6.3.4.0.298 2009.04.01 -
TrendMicro 8.700.0.1004 2009.04.02 -
VBA32 3.12.10.2 2009.04.02 Backdoor.Win32.HacDef.toxx
ViRobot 2009.4.2.1673 2009.04.02 -
VirusBuster 4.6.5.0 2009.04.01 -
附加信息
File size: 25984 bytes
MD5...: 3fc37041f6de8265f91b3de2cdedf622
SHA1..: 6e353d2457c8e8dd595f83028daa9ce326e66124
SHA256: d969e0b863dd23bab353fc2cb56062061e72e5bbfc7246047e8c1989cd884e16
SHA512: 22e18f266c6009c041965f40224d49b0c9484758fe939048312de4b78f4a1b8b
a11dc8cf70213a542213658d1db15939361bc79dd8752a3423c10de4b8e4c7c1
ssdeep: 192:3v8vu5q1ylcmlAWtQSpFb8kqLPRWcswctR+ke0jqeRPWdcpu7:0u5QSrXbhP
clELj1PmcM7

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5b05
timedatestamp.....: 0x477c58b9 (Thu Jan 03 03:38:33 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x14b4 0x1500 6.29 976964bc0f3a40480cb6f6ba7d19ec7c
.rdata 0x1980 0x244 0x280 3.84 bf88faa78d54a6c3e05d8664671e8d5d
.data 0x1c00 0x3ec0 0x3f00 1.52 6e6e2afff57a9edaeaba38e52872234b
INIT 0x5b00 0x460 0x480 5.37 7418d128049e20369cd5d5f80e77a8ba
.reloc 0x5f80 0x598 0x600 5.16 6de59bf033a33c47a19f3c46002b90a7

( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, KeWaitForSingleObject, ObReferenceObjectByHandle, ObfDereferenceObject, PsGetCurrentProcessId, KeSetEvent, ExAllocatePool, MmGetSystemRoutineAddress, memcpy, KeServiceDescriptorTable, PsTerminateSystemThread, KeResetEvent, KdDebuggerEnabled, ZwClose, RtlInitUnicodeString, PsCreateSystemThread, KeInitializeEvent, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmProbeAndLockPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, MmUnmapLockedPages, RtlCompareUnicodeString, ExFreePoolWithTag, ZwQuerySystemInformation, KeTickCount, KeBugCheckEx, IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice, ZwCreateFile, IoDeleteSymbolicLink, RtlUnwind
> HAL.dll: KfReleaseSpinLock, WRITE_PORT_UCHAR, READ_PORT_UCHAR, KfAcquireSpinLock

( 0 exports )

RDS...: NSRL Reference Data Set
-
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4AF235798075AA7565D000869B62A00096276C77
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=3fc37041f6de8265f91b3de2cdedf622

这是第二个文件

AhnLab-V3 2008.12.17.0 2008.12.17 Win-Trojan/Agent.6912.D
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 PSW.Agent.VVN
BitDefender 7.2 2008.12.17 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.17 -
Comodo 764 2008.12.16 TrojWare.Win32.Spy.Agent.eqd
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6264 2008.12.17 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 -
Ikarus T3.1.1.45.0 2008.12.17 Trojan-Spy.Win32.Agent
K7AntiVirus 7.10.555 2008.12.16 Trojan-Spy.Win32.Agent.eqd
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5466 2008.12.16 Generic PWS.y
McAfee+Artemis 5466 2008.12.16 Generic PWS.y
Microsoft 1.4205 2008.12.16 -
NOD32 3697 2008.12.17 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.17 -
Rising 21.08.20.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.16 -
Sophos 4.36.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 Trojan-Spy.Win32.Agent.eqd
Symantec 10 2008.12.17 -
TheHacker 6.3.1.4.189 2008.12.16 Trojan/Spy.Agent.eqd
TrendMicro 8.700.0.1004 2008.12.17 TSPY_AGENT.ZS
VBA32 3.12.8.10 2008.12.16 Trojan-Spy.Win32.Agent.eqd
ViRobot 2008.12.17.1522 2008.12.17 Trojan.Win32.Agent.6912
VirusBuster 4.5.11.0 2008.12.16 -
附加信息
File size: 6912 bytes
MD5...: 889a23eec876aaaabd7e7f909549bd6f
SHA1..: f475bd6af80178d5ca173639dcd1e5e5dfcccec3
SHA256: 4dc08d2a7ac6e61756e1bd42cf4e04541e686245ed33369ef41b17248f50b128
SHA512: ecd0447569cf8635f8b27ca5aa562b533d8daae9dc8c797d1e68139a80252b77
ea2f117cb13b0e2d1ce280013538298f02629f789cb9c1c6966fbac2d4e78b79

ssdeep: 96:viIAKbJR/ku/2TrBaPyKTofVgB96k6pxm+g1AQeo8QkjCYZNlTlk:v/3bL/T+
Trwj8NgT6k661Vu36

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11485
timedatestamp.....: 0x476f6272 (Mon Dec 24 07:40:34 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xdea 0xe00 6.11 edcbeb562e213e1afbeca80e46a92452
.rdata 0x1280 0x15c 0x180 4.58 d5fa03f82923d6c85ec553921e824321
.data 0x1400 0x48 0x80 0.52 1f558917e0b83de44fffa4db41aab932
INIT 0x1480 0x414 0x480 4.99 b29e0101b2241b4c82c58678e20803eb
.reloc 0x1900 0x1d6 0x200 5.16 c11e7c620af056517edaae8bce27ecc7

( 2 imports )
> ntoskrnl.exe: RtlInitUnicodeString, IofCallDriver, IofCompleteRequest, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, ExFreePoolWithTag, memcpy, ExAllocatePool, IoAllocateIrp, PsGetCurrentProcessId, KeSetEvent, IoCreateDevice, IoGetDeviceInterfaces, ObfDereferenceObject, ObReferenceObjectByHandle, IoGetRelatedDeviceObject, ZwClose, ZwCreateFile, RtlCompareUnicodeString, IoAttachDeviceToDeviceStack, IoGetAttachedDeviceReference, MmIsAddressValid, ObReferenceObjectByName, IoDriverObjectType, KeTickCount, IoCreateSymbolicLink, IoDeleteDevice, PsSetCreateProcessNotifyRoutine, wcsstr, IoDeleteSymbolicLink
> HAL.dll: KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeRaiseIrqlToDpcLevel

( 0 exports )

CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=889a23eec876aaaabd7e7f909549bd6f

这是第三个文件


文件 shell32.dll 接收于 2009.04.04 07:30:22 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止


结果: 0/39 (0%)
正在读取服务器信息中...
您的文件所排队列位置: ___.
预计开始时间为 ___ 和 ___ 之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
格式化文本 打印结果 
您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置: ).

您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.
Email: 
 

反病毒引擎 版本 最后更新 扫描结果
a-squared 4.0.0.101 2009.04.04 -
AhnLab-V3 5.0.0.2 2009.04.03 -
AntiVir 7.9.0.129 2009.04.03 -
Antiy-AVL 2.0.3.1 2009.04.04 -
Authentium 5.1.2.4 2009.04.04 -
Avast 4.8.1335.0 2009.04.03 -
AVG 8.5.0.285 2009.04.03 -
BitDefender 7.2 2009.04.04 -
CAT-QuickHeal 10.00 2009.04.03 -
ClamAV 0.94.1 2009.04.04 -
Comodo 1097 2009.04.03 -
DrWeb 4.44.0.09170 2009.04.04 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.03 -
F-Secure 8.0.14470.0 2009.04.03 -
Fortinet 3.117.0.0 2009.04.04 -
GData 19 2009.04.04 -
Ikarus T3.1.1.49.0 2009.04.04 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.04 -
McAfee 5573 2009.04.03 -
McAfee+Artemis 5573 2009.04.03 -
McAfee-GW-Edition 6.7.6 2009.04.03 -
Microsoft 1.4502 2009.04.03 -
NOD32 3986 2009.04.03 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.03 -
Panda 10.0.0.14 2009.04.03 -
Prevx1 V2 2009.04.04 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.04 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.04 -
TheHacker 6.3.4.0.301 2009.04.03 -
TrendMicro 8.700.0.1004 2009.04.03 -
VBA32 3.12.10.2 2009.04.03 -
ViRobot 2009.4.4.1677 2009.04.04 -
VirusBuster 4.6.5.0 2009.04.03 -
附加信息
File size: 8320000 bytes
MD5...: 4bc91254dc6204f1dca0d4da04d18b9e
SHA1..: c014644d1793e6c77ae14e4200af6d5e28b98724
SHA256: 461245eea1d5de365804caa44173c55438beb95a2fbd1e1f04a32f788f9dd77e
SHA512: 3fbe6f08d2ccfccafc942adf28b0acc80ee252783021ea857095028506b99e30
c83e72495e21015695f0a27a1b82c8c72b9ff93b8bf3a958ccf6e11ef4d48c1f
ssdeep: 98304:1olMN2i1yN4UDBbh8C33VMF5Ij1kBpT7uBvIKmkGDGUlVNEFbsfktXS98r
uG9CxM:aly4NZFbCCHKrIc9aBgBfmYNzDY5tq

PEiD..: -
TrID..: File type identification
DirectShow filter (50.5%)
Windows OCX File (31.0%)
Win32 Executable MS Visual C++ (generic) (9.4%)
Win 9x/ME Control Panel applet (3.8%)
Win32 Executable Generic (2.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x274b6
timedatestamp.....: 0x48e1bf86 (Tue Sep 30 05:56:22 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1fdd60 0x1fde00 6.49 e3368451b4a084f5828b1a98e910ac8f
.data 0x1ff000 0x1c1d0 0x1a200 1.07 fceb55e7416848d8d02e2e6ac5697620
.rsrc 0x21c000 0x5bc994 0x5bca00 5.58 4250c3a6a81aa4ba706234803978b939
.reloc 0x7d9000 0x1a4c0 0x1a600 6.75 770a479420e562e71b908226e585411a

( 8 imports )    太长了.要分几次才行