|
笑看山河
- 组别:初生襁褓狮
- 性别:
- 来自:
- 积分:92
- 帖子:37
- 注册:
2009-07-27
|
回复: adware.win32/rugo怎么杀?急!!!
c:\windows\system32\b5a3.dll分析结果: | 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | | a-squared | 4.5.0.24 | 2009.07.28 | AdWare.Bdsearch!IK | | AhnLab-V3 | 5.0.0.2 | 2009.07.28 | - | | AntiVir | 7.9.0.228 | 2009.07.28 | TR/Agent.49152 | | Antiy-AVL | 2.0.3.7 | 2009.07.28 | - | | Authentium | 5.1.2.4 | 2009.07.28 | W32/AdAgent.I.gen!Eldorado | | Avast | 4.8.1335.0 | 2009.07.27 | Win32:Agent-GRW | | AVG | 8.5.0.387 | 2009.07.28 | - | | BitDefender | 7.2 | 2009.07.28 | Gen:Adware.Heur.Hu8@GmhJoiob | | CAT-QuickHeal | 10.00 | 2009.07.28 | - | | ClamAV | 0.94.1 | 2009.07.28 | - | | Comodo | 1790 | 2009.07.28 | - | | DrWeb | 5.0.0.12182 | 2009.07.28 | Trojan.DownLoader.origin | | eSafe | 7.0.17.0 | 2009.07.27 | - | | eTrust-Vet | 31.6.6643 | 2009.07.28 | - | | F-Prot | 4.4.4.56 | 2009.07.28 | W32/AdAgent.I.gen!Eldorado | | F-Secure | 8.0.14470.0 | 2009.07.28 | - | | Fortinet | 3.120.0.0 | 2009.07.28 | - | | GData | 19 | 2009.07.28 | Gen:Adware.Heur.Hu8@GmhJoiob | | Ikarus | T3.1.1.64.0 | 2009.07.28 | AdWare.Bdsearch | | Jiangmin | 11.0.800 | 2009.07.28 | Heur:Adware/MsLock | | K7AntiVirus | 7.10.803 | 2009.07.27 | - | | Kaspersky | 7.0.0.125 | 2009.07.28 | - | | McAfee | 5690 | 2009.07.27 | - | | McAfee+Artemis | 5690 | 2009.07.27 | - | | McAfee-GW-Edition | 6.8.5 | 2009.07.28 | Heuristic.LooksLike.Trojan.Agent.J | | Microsoft | 1.4903 | 2009.07.28 | Adware:Win32/Rugo | | NOD32 | 4284 | 2009.07.28 | - | | Norman |
| 2009.07.28 | - | | nProtect | 2009.1.8.0 | 2009.07.28 | - | | Panda | 10.0.0.14 | 2009.07.28 | - | | PCTools | 4.4.2.0 | 2009.07.28 | - | | Prevx | 3.0 | 2009.07.28 | - | | Rising | 21.40.13.00 | 2009.07.28 | - | | Sophos | 4.44.0 | 2009.07.28 | Rugo | | Sunbelt | 3.2.1858.2 | 2009.07.28 | AdWare.Win32.WSearch | | Symantec | 1.4.4.12 | 2009.07.28 | - | | TheHacker | 6.3.4.3.375 | 2009.07.28 | - | | TrendMicro | 8.950.0.1094 | 2009.07.28 | - | | VBA32 | 3.12.10.9 | 2009.07.28 | - | | ViRobot | 2009.7.28.1857 | 2009.07.28 | - | | VirusBuster | 4.6.5.0 | 2009.07.27 | - |
| 附加信息 | | File size: 548864 bytes | | MD5 : ce4fc2ef676974113422feb7ce7abbf2 | | SHA1 : d6bcd97e4dccd327e852fa6014132b422fcfb26e | | SHA256: f4754159614ae61f4a64a2217a7d733020ac9d99dbc08260164981e5ec53a02e | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3DD33
timedatestamp.....: 0x4A6E4EFE (Tue Jul 28 03:06:06 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x63966 0x64000 6.69 01dfb99cc9916195644974e70eecae5e
.rdata 0x65000 0xD8EA 0xE000 4.86 16faf3b10eb25f5d4077a8b2ba35e746
.data 0x73000 0x531CC 0x5000 5.39 0fd0b48c28b6a079a85330da810e360b
.rsrc 0xC7000 0x1288 0x2000 3.03 6967db2044f6677da6611f3ec1f19b0b
.reloc 0xC9000 0xB152 0xC000 5.66 b85c193034ec9ee805a6d8f918114913
( 10 imports )
>advapi32.dll: RegQueryValueExA, InitializeSecurityDescriptor,RegOpenKeyA, RegSetValueExA, RegCreateKeyA, GetUserNameA,RegCreateKeyExA, RegQueryValueA, RegSetValueA, RegDeleteKeyA,RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA,SetSecurityDescriptorDacl, RegCloseKey
> gdi32.dll: DeleteObject,CreateRectRgn, GetPixel, GetTextExtentPoint32A, CreateSolidBrush,GetStockObject, GetObjectA, GetDeviceCaps, BitBlt,CreateCompatibleBitmap, DeleteDC, SelectObject, CreateCompatibleDC,SaveDC, RestoreDC, CombineRgn
> kernel32.dll:DeleteCriticalSection, GetLocalTime, CloseHandle, UnmapViewOfFile,MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ReleaseMutex,FlushViewOfFile, WaitForSingleObject, CreateMutexA, FindClose,FindFirstFileA, GetLastError, GetSystemTimeAsFileTime, SetErrorMode,MultiByteToWideChar, GetShortPathNameA, GetTempFileNameA, GetTempPathA,Sleep, CopyFileA, SetFileAttributesA, GetWindowsDirectoryA,DeleteFileA, GetVolumeInformationA, GetSystemDirectoryA, lstrcmpA,FindNextFileA, lstrcatA, lstrcpyA, CreateDirectoryA, GetVersionExA,SetProcessWorkingSetSize, GetCurrentProcess, GetTickCount,InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale,EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache,HeapFree, GetProcessHeap, HeapAlloc, WideCharToMultiByte,InterlockedDecrement, lstrlenA, GetCurrentThreadId, GlobalUnlock,GlobalLock, GlobalAlloc, lstrlenW, MulDiv, InterlockedIncrement,GetModuleFileNameA, GetModuleHandleA, FreeLibrary, SizeofResource,LoadResource, FindResourceA, InitializeCriticalSection, lstrcmpiA,lstrcpynA, IsDBCSLeadByte, GetProcAddress, LoadLibraryA, CreateThread,SetEvent, OpenEventA, CreateProcessA, WaitForMultipleObjects,CreateEventA, Module32Next, Module32First, CreateToolhelp32Snapshot,GetCurrentDirectoryA, Process32Next, Process32First, ReadFile,CreateFileA, TerminateProcess, DeviceIoControl, GetFileAttributesA,VirtualAlloc, VirtualFree, SetFilePointer, WriteFile, SetEndOfFile,GetStdHandle, QueryPerformanceCounter, SetUnhandledExceptionFilter,IsBadWritePtr, HeapCreate, HeapDestroy, TlsGetValue, RaiseException,TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetOEMCP, GetCPInfo,LCMapStringW, LCMapStringA, RemoveDirectoryA, GetCommandLineA,HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect,GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime,ExitProcess, RtlUnwind, HeapSize, GetFullPathNameA, FlushFileBuffers,SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA,GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW,UnhandledExceptionFilter, GetTimeZoneInformation, GetStringTypeA,GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale,IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle,GetLocaleInfoW, CompareStringA, CompareStringW,SetEnvironmentVariableA, LocalFree, LoadLibraryExA, GetCurrentProcessId
>ole32.dll: CoTaskMemRealloc, CLSIDFromString, CLSIDFromProgID,CoGetClassObject, OleLockRunning, CoTaskMemAlloc, StringFromGUID2,OleUninitialize, OleInitialize, CreateStreamOnHGlobal,CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: SHGetFolderPathA
> urlmon.dll: URLDownloadToFileA
>user32.dll: GetForegroundWindow, SetForegroundWindow,SystemParametersInfoA, MapWindowPoints, ShowWindow, UpdateWindow,PeekMessageA, GetMessageA, TranslateMessage, EnumWindows,AdjustWindowRectEx, FindWindowExA, PostMessageA,CreateAcceleratorTableA, CharNextA, GetParent, GetClassNameA,RedrawWindow, GetDlgItem, IsWindow, DestroyAcceleratorTable, GetFocus,DispatchMessageA, IsChild, GetWindow, SetFocus, BeginPaint, EndPaint,GetDesktopWindow, InvalidateRgn, InvalidateRect, FillRect, SetCapture,ReleaseCapture, GetSysColor, CreateWindowExA, CallWindowProcA,RegisterWindowMessageA, RegisterClassExA, GetWindowTextLengthA,GetWindowTextA, DefWindowProcA, SetActiveWindow, LoadCursorA,GetClassInfoExA, KillTimer, SetTimer, SetWindowPos, MoveWindow,SetWindowTextA, SendMessageA, GetWindowLongA, SetWindowLongA,DestroyWindow, PostQuitMessage, wsprintfA, SetWindowRgn, ReleaseDC,GetWindowRect, GetClientRect, GetSystemMetrics, LoadImageA,UnregisterClassA, GetDC
> wininet.dll: InternetReadFile,HttpSendRequestA, FindFirstUrlCacheEntryA, FindNextUrlCacheEntryA,GetUrlCacheEntryInfoA, InternetCrackUrlA, InternetOpenA,InternetConnectA, InternetCloseHandle, HttpOpenRequestA,DeleteUrlCacheEntry
> ws2_32.dll: -, -, -
( 1 exports )
> Always, DSDD_YUNJ_DOSS, GetPlayerVersion, playAdk | TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) | | ssdeep: 12288:ddfAJ5ChL/XI1W5WRU04L15D4Q/CYz4hBV7j9H6d1fzaXIRpZ9InBJaol1UNFRR2:d9KChLACK+PD9/Urj96XaXIRpZ9InBJf | | PEiD : - | RDS : NSRL Reference Data Set
- |
|
笑看山河
