换了台电脑使用,装上了QQ电脑管家。使用过程中QQ电脑管家弹出如下提示:

 

用FileInfo提取这个被QQ电脑管家报为木马的文件的信息:

文件说明符 : C:\Program Files\Common Files\2.1.exe
属性 : A---
数字签名:360.cn
PE文件:是
语言 : 中文(简体,中国)
文件版本 : 7, 5, 0, 1231
说明 : 360安全卫士 主程序
版权 : (C) 360.cn Inc. All Rights Reserved.
产品版本 : 7, 5, 0, 1231
产品名称 : 360安全卫士
公司名称 : 360.cn
内部名称 : 360Safe
源文件名 : 360Safe.EXE
创建时间 : 2012-2-20 21:44:5
修改时间 : 2012-1-2 11:6:22
大小 : 882008 字节 861.344 KB
MD5 : 85f3403cbc0a73cc43241e644b11c6fa
SHA1: F0185B542712B5BED0F975C8D11665E18FBD358D
CRC32: 3ad81b86

 

原来是360卫士……

 

难道上误报?上传 https://www.virustotal.com/ 使用多引擎扫描结果如下:

https://www.virustotal.com/file/8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274/analysis/1335935256/

SHA256: 8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274
SHA1: f0185b542712b5bed0f975c8d11665e18fbd358d
MD5: 85f3403cbc0a73cc43241e644b11c6fa
File size: 861.3 KB ( 882008 bytes )
File name: 2.1.exe
File type: Win32 EXE
Detection ratio: 33 / 42
Analysis date: 2012-05-02 05:07:36 UTC ( 0 分钟 ago )

details

Antivirus Result Update
AhnLab-V3 Trojan/Win32.Scar 20120501
AntiVir TR/Crypt.XPACK.Gen3 20120502
Antiy-AVL Trojan/Win32.Scar.gen 20120502
Avast Win32:Sentry [Trj] 20120502
AVG Clicker.AUYR 20120501
BitDefender Trojan.Clicker.NAA 20120502
ByteHero - 20120430
CAT-QuickHeal - 20120501
ClamAV - 20120501
Commtouch - 20120502
Comodo UnclassifiedMalware 20120501
DrWeb Trojan.MulDrop2.62632 20120502
Emsisoft Trojan-Clicker.Win32.Cookster!IK 20120502
eSafe Win32.TRCrypt.XPACK 20120430
eTrust-Vet Win32/Cookster.E 20120501
F-Prot - 20120501
F-Secure Trojan.Clicker.NAA 20120502
Fortinet W32/Scar.EID!tr 20120502
GData Trojan.Clicker.NAA 20120502
Ikarus Trojan-Clicker.Win32.Cookster 20120502
Jiangmin Trojan/JmGeneric.bwc 20120502
K7AntiVirus Riskware 20120501
Kaspersky Trojan.Win32.Scar.fuwz 20120502
McAfee Generic.dx!bcsf 20120502
McAfee-GW-Edition Generic.dx!bcsf 20120501
Microsoft TrojanClicker:Win32/Cookster.A 20120501
NOD32 Win32/TrojanClicker.Cookster.A 20120502
Norman W32/Troj_Generic.HYXO 20120501
nProtect Trojan-Clicker/W32.Agent.882008 20120501
Panda Generic Trojan 20120501
PCTools Trojan.ADH 20120430
Rising Trojan.Win32.Generic.12B09877 20120428
Sophos - 20120502
SUPERAntiSpyware - 20120402
Symantec Trojan.ADH 20120502
TheHacker - 20120502
TrendMicro TROJ_CLICKER.JDM 20120502
TrendMicro-HouseCall TROJ_CLICKER.JDM 20120502
VBA32 Trojan.Scar.fuwz 20120430
VIPRE Trojan.Win32.Generic!BT 20120502
ViRobot - 20120502
VirusBuster Trojan.CL.Cookster!/GvIURofFQc 20120501

ssdeep

24576:fSM735L5U/KeyV2fUmmDTAF1bD8p5/mdD0kL:/735LKaTAT0p5/mLL

TrID

Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEiD packer identifier

Armadillo v1.71

ExifTool

SpecialBuild.............: LegalTrademarks..........: SubsystemVersion.........: 4.0Comments.................: LinkerVersion............: 6.0ImageVersion.............: 0.0FileSubtype..............: 0FileVersionNumber........: 7.5.0.1231LanguageCode.............: Chinese (Simplified)FileFlagsMask............: 0x003fFileDescription..........: 360CharacterSet.............: UnicodeInitializedDataSize......: 438272FileOS...................: Win32PrivateBuild.............: MIMEType.................: application/octet-streamLegalCopyright...........: (C) 360.cn Inc. All Rights Reserved.FileVersion..............: 7, 5, 0, 1231TimeStamp................: 2011:11:13 12:13:58+01:00FileType.................: Win32 EXEPEType...................: PE32InternalName.............: 360SafeProductVersion...........: 7, 5, 0, 1231UninitializedDataSize....: 0OSVersion................: 4.0OriginalFilename.........: 360Safe.EXESubsystem................: Windows GUIMachineType..............: Intel 386 or later, and compatiblesCompanyName..............: 360.cnCodeSize.................: 450560ProductName..............: 360ProductVersionNumber.....: 7.5.0.1231EntryPoint...............: 0x26f7eObjectFileType...........: Executable application

Sigcheck

publisher................: 360.cnproduct..................: 360____internal name............: 360Safecopyright................: (C) 360.cn Inc. All Rights Reserved.original name............: 360Safe.EXEcomments.................: file version.............: 7, 5, 0, 1231description..............: 360____ ___

Portable Executable structural information

Compilation timedatestamp.....: 2011-11-13 11:13:58Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00026F7EPE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 449310 450560 6.62 0f9b34453e554923908bf10cda3164ec.rdata 454656 87842 90112 4.60 a7d94d77583bac6599587fc274245dd2.data 544768 48392 32768 3.76 1770ccb49b49a919dd83fc31f6ab5871.rsrc 593920 299008 299008 5.13 b1fb42f6f7e57b3210e1fc762e639f3bPE Imports....................:comdlg32.dllGetSaveFileNameA, GetOpenFileNameA, GetFileTitleAOLEPRO32.DLLoledlg.dllWININET.dllInternetCanonicalizeUrlA, InternetGetCookieA, InternetSetCookieA, InternetSetStatusCallback, InternetSetOptionExA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, InternetQueryOptionA, InternetCrackUrlA, InternetWriteFile, InternetReadFile, InternetQueryDataAvailable, InternetGetLastResponseInfoA, GopherFindFirstFileA, InternetFindNextFileA, FtpFindFirstFileA, HttpQueryInfoA, HttpSendRequestExA, HttpEndRequestA, HttpSendRequestA, HttpAddRequestHeadersA, InternetErrorDlg, HttpOpenRequestA, GopherOpenFileA, GopherGetAttributeA, GopherCreateLocatorA, FtpGetFileA, FtpPutFileA, FtpOpenFileA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpRemoveDirectoryA, FtpCreateDirectoryA, FtpRenameFileA, FtpDeleteFileA, InternetConnectA, InternetSetFilePointerGDI32.dllSaveDC, RestoreDC, SelectObject, SelectPalette, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, StartDocA, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetViewportExtEx, GetWindowExtEx, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextExtentPoint32A, GetTextMetricsA, CreateFontIndirectA, DPtoLP, LPtoDP, CopyMetaFileA, CreateDCA, GetMapMode, PatBlt, SetRectRgn, CombineRgn, CreateRectRgnIndirect, DeleteDC, GetStockObject, GetDeviceCaps, GetBkColor, GetTextColor, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, GetTextExtentPointA, BitBlt, CreateCompatibleDC, DeleteObject, CreateDIBitmap, CreateBitmapSHELL32.dllDragQueryFileA, DragFinish, SHGetFileInfoA, DragAcceptFiles, ExtractIconAKERNEL32.dllTlsAlloc, GlobalHandle, TlsFree, GlobalReAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentDirectoryA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, FindNextFileA, GetFileAttributesA, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, SetFileAttributesA, SetErrorMode, GlobalSize, RtlUnwind, RaiseException, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCommandLineA, HeapFree, CreateThread, ExitThread, HeapAlloc, GetSystemTime, GetLocalTime, HeapReAlloc, HeapSize, GetACP, SetStdHandle, GetFileType, FatalAppExitA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, FileTimeToLocalFileTime, GetStdHandle, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, GetDriveTypeA, IsBadReadPtr, IsBadCodePtr, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, SetConsoleCtrlHandler, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, InterlockedExchange, ReadFile, CloseHandle, WaitForSingleObject, CreateProcessA, GetStartupInfoA, CreatePipe, GetModuleFileNameA, GetLastError, CreateMutexA, Sleep, ExitProcess, WinExec, CopyFileA, Process32Next, TerminateProcess, FileTimeToSystemTime, MulDiv, GetShortPathNameA, GetThreadLocale, GetStringTypeExA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, GetCurrentProcess, OpenProcess, Process32First, CreateToolhelp32Snapshot, DeleteFileA, WriteFile, SetFilePointer, CreateFileA, GetTickCount, DuplicateHandle, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LocalAlloc, EnterCriticalSection, SetLastError, lstrcpynA, lstrlenW, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, WideCharToMultiByte, FindResourceA, LoadResource, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, FormatMessageA, LocalFree, lstrlenA, SetHandleCountWINSPOOL.DRV DocumentPropertiesA, ClosePrinter, OpenPrinterAADVAPI32.dllRegDeleteValueA, RegCreateKeyA, RegEnumKeyA, RegQueryValueA, RegSetValueA, RegDeleteKeyA, RegCloseKey, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExAole32.dllOleInitialize, OleUninitialize, CoUninitialize, CoCreateInstance, CoInitialize, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoDisconnectObject, OleRun, OleDuplicateData, CreateBindCtx, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, StringFromCLSID, CoTreatAsClass, CreateStreamOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, OleSetClipboard, CoRevokeClassObject, CoRegisterClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, ReleaseStgMediumCOMCTL32.dllWS2_32.dll -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -USER32.dllDrawTextA, GrayStringA, LoadStringA, LoadCursorA, SetCapture, ReleaseCapture, WaitMessage, GetWindowThreadProcessId, WindowFromPoint, GetClassNameA, PtInRect, InsertMenuA, DeleteMenu, GetMenuStringA, GetSysColorBrush, GetDialogBaseUnits, DestroyMenu, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, AppendMenuA, RemoveMenu, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, DestroyIcon, ClientToScreen, wvsprintfA, CharNextA, MoveWindow, SetWindowTextA, IsDialogMessageA, ScrollWindowEx, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckRadioButton, CheckDlgButton, CharUpperA, GetDesktopWindow, MapDialogRect, SetWindowContextHelpId, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScrollWindow, GetScrollInfo, TabbedTextOutA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, TrackPopupMenu, SetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, SetScrollInfo, GetDC, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, ShowOwnedPopups, PostQuitMessage, PostMessageA, OemToCharA, CharToOemA, KillTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, SetTimer, EnableWindow, ShowWindow, LoadIconA, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, RemovePropAOLEAUT32.dll-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -PE Exports....................:

First seen by VirusTotal

2012-01-19 01:43:28 UTC ( 3 月, 2 周 ago )

 

  42个杀毒软件,32个检测为木马……