|
笑看山河
- 组别:初生襁褓狮
- 性别:
- 来自:
- 积分:92
- 帖子:37
- 注册:
2009-07-27
|
回复: adware.win32/rugo怎么杀?急!!!
c:\windows\downlo~1\885b.dll分析结果: | 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | | a-squared | 4.5.0.24 | 2009.07.28 | Virus.Win32.Agent.GRW!IK | | AhnLab-V3 | 5.0.0.2 | 2009.07.28 | - | | AntiVir | 7.9.0.228 | 2009.07.28 | TR/Agent.49152 | | Antiy-AVL | 2.0.3.7 | 2009.07.28 | - | | Authentium | 5.1.2.4 | 2009.07.27 | W32/Heuristic-KPP!Eldorado | | Avast | 4.8.1335.0 | 2009.07.27 | Win32:Agent-GRW | | AVG | 8.5.0.387 | 2009.07.27 | Generic4.IEQ | | BitDefender | 7.2 | 2009.07.28 | Adware.BDSearch.1 | | CAT-QuickHeal | 10.00 | 2009.07.28 | - | | ClamAV | 0.94.1 | 2009.07.28 | - | | Comodo | 1791 | 2009.07.28 | - | | DrWeb | 5.0.0.12182 | 2009.07.28 | DLOADER.Trojan | | eSafe | 7.0.17.0 | 2009.07.27 | - | | eTrust-Vet | 31.6.6642 | 2009.07.27 | Win32/Jhee.H | | F-Prot | 4.4.4.56 | 2009.07.27 | W32/Heuristic-KPP!Eldorado | | F-Secure | 8.0.14470.0 | 2009.07.28 | - | | Fortinet | 3.120.0.0 | 2009.07.28 | PossibleThreat | | GData | 19 | 2009.07.28 | Adware.BDSearch.1 | | Ikarus | T3.1.1.64.0 | 2009.07.28 | Virus.Win32.Agent.GRW | | Jiangmin | 11.0.800 | 2009.07.28 | Heur:TrojanDownloader.Agent | | K7AntiVirus | 7.10.803 | 2009.07.27 | - | | Kaspersky | 7.0.0.125 | 2009.07.28 | Trojan-Downloader.Win32.Adik.y | | McAfee | 5690 | 2009.07.27 | - | | McAfee+Artemis | 5690 | 2009.07.27 | Artemis!421E5539D12E | | McAfee-GW-Edition | 6.8.5 | 2009.07.28 | Heuristic.LooksLike.Trojan.Agent.L | | Microsoft | 1.4903 | 2009.07.28 | Trojan:Win32/Jhee.G | | NOD32 | 4283 | 2009.07.28 | probably a variant of Win32/Adware.WSearch | | Norman | 6.01.09 | 2009.07.27 | - | | nProtect | 2009.1.8.0 | 2009.07.28 | - | | Panda | 10.0.0.14 | 2009.07.27 | Trj/CI.A | | PCTools | 4.4.2.0 | 2009.07.27 | - | | Prevx | 3.0 | 2009.07.28 | - | | Rising | 21.40.11.00 | 2009.07.28 | - | | Sophos | 4.44.0 | 2009.07.28 | Sus/Behav-1012 | | Sunbelt | 3.2.1858.2 | 2009.07.28 | - | | Symantec | 1.4.4.12 | 2009.07.28 | - | | TheHacker | 6.3.4.3.375 | 2009.07.28 | - | | TrendMicro | 8.950.0.1094 | 2009.07.28 | - | | VBA32 | 3.12.10.9 | 2009.07.28 | - | | ViRobot | 2009.7.28.1857 | 2009.07.28 | - | | VirusBuster | 4.6.5.0 | 2009.07.27 | - |
| 附加信息 | | File size: 45056 bytes | | MD5 : 421e5539d12ed32076af6e18c07e5a1e | | SHA1 : 8d8f1988547c74bf9a95126eda16c07d236fbb12 | | SHA256: 1ad6e387be64f34737ca007508f7c4210c5ca181f7259be030f6f26c90348212 | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x470F
timedatestamp.....: 0x4A6D0F73 (Mon Jul 27 04:22:43 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3AE3 0x4000 5.92 e5e5569384fc561058954793a6572bbd
.rdata 0x5000 0x1962 0x2000 4.42 e5a5efc06079f327bdb7ed98c4fea3cf
.data 0x7000 0x1510 0x2000 5.44 0aa1eb0568a2ef8e003b60ffe30eb8c0
.rsrc 0x9000 0x468 0x1000 1.18 45702b89006fe2629964f9d243ecc6a0
.reloc 0xA000 0x8A0 0x1000 3.11 fcf7e11c87a0a07b71ffdcc322bf4f13
( 8 imports )
>advapi32.dll: RegQueryInfoKeyA, RegSetValueA, RegSetKeySecurity,SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey,RegQueryValueExA, RegOpenKeyA, RegCreateKeyA, OpenProcessToken,GetUserNameA, CreateProcessAsUserA, RegCreateKeyExA, RegSetValueExA,RegEnumValueA, RegDeleteValueA, RegQueryValueA
> kernel32.dll:CreateEventA, DeleteFileA, CreateProcessA, OpenMutexA,GetVolumeInformationA, OpenEventA, GetLastError, OpenFileMappingA,MapViewOfFile, GetProcessHeap, CloseHandle, VirtualFreeEx,WaitForSingleObject, CreateRemoteThread, GetProcAddress,GetModuleHandleA, WriteProcessMemory, VirtualAllocEx, lstrlenW,OpenProcess, lstrlenA, CreateToolhelp32Snapshot, Process32Next,Process32First, Sleep, GetModuleFileNameA, GetCurrentDirectoryA,CopyFileA, GetWindowsDirectoryA
> mfc42.dll: -, -, -, -, -, -, -
>msvcp60.dll:__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z,___7_$basic_ifstream@DU_$char_traits@D@std@@@std@@6B@,_open@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z,_getline@std@@YAAAV_$basic_istream@DU_$char_traits@D@std@@@1@AAV21@AAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z,_close@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@XZ,___7_$basic_istream@DU_$char_traits@D@std@@@std@@6B@,__6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z,__1_$basic_istream@DU_$char_traits@D@std@@@std@@UAE@XZ,___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ,___8_$basic_ofstream@DU_$char_traits@D@std@@@std@@7B@,__0ios_base@std@@IAE@XZ,___7_$basic_ios@DU_$char_traits@D@std@@@std@@6B@,__0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N1@Z,__0_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z,___7_$basic_ofstream@DU_$char_traits@D@std@@@std@@6B@,__Init@_$basic_filebuf@DU_$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z,_setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z,_endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z,_clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z,__1_$basic_filebuf@DU_$char_traits@D@std@@@std@@UAE@XZ,___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@,__1ios_base@std@@UAE@XZ,___8_$basic_ifstream@DU_$char_traits@D@std@@@std@@7B@,__0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ,__Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z,__Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z,__Xlen@std@@YAXXZ,__C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB,_erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z,_assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z,_npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB,__Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z,__1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ,__Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z,_c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ,__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z,_assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z,__1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ,___D_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ,__1_$basic_ostream@DU_$char_traits@D@std@@@std@@UAE@XZ,__0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z
>msvcrt.dll: _except_handler3, _stricmp, _access, _beginthreadex,strstr, sprintf, _strlwr, rand, time, srand, __CxxFrameHandler,_strupr, atol, _ltoa, fclose, __dllonexit, _onexit, free, _initterm,malloc, _adjust_fdiv
> urlmon.dll: URLDownloadToFileA
> user32.dll: wsprintfW
> wininet.dll: InternetGetConnectedState, DeleteUrlCacheEntry
( 1 exports )
> Run | TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) | | ssdeep: 384:Xj+VNo1SOw1LwJXyrM0s3BXzXAQ3bgWdVDB6AkzTOdfcx18RzpYxK2ugq+EWw7EQ:aVqaeR3AKbdVEAkzTsfsoiGgql0 | | PEiD : Armadillo v1.xx - v2.xx | RDS : NSRL Reference Data Set
- |
|
笑看山河
