换了台电脑使用,装上了QQ电脑管家。使用过程中QQ电脑管家弹出如下提示:

用FileInfo提取这个被QQ电脑管家报为木马的文件的信息:

文件说明符 : C:\Program Files\Common Files\2.1.exe
属性 : A---
数字签名:360.cn
PE文件:是
语言 : 中文(简体,中国)
文件版本 : 7, 5, 0, 1231
说明 : 360安全卫士 主程序
版权 : (C) 360.cn Inc. All Rights Reserved.
产品版本 : 7, 5, 0, 1231
产品名称 : 360安全卫士
公司名称 : 360.cn
内部名称 : 360Safe
源文件名 : 360Safe.EXE
创建时间 : 2012-2-20 21:44:5
修改时间 : 2012-1-2 11:6:22
大小 : 882008 字节 861.344 KB
MD5 : 85f3403cbc0a73cc43241e644b11c6fa
SHA1: F0185B542712B5BED0F975C8D11665E18FBD358D
CRC32: 3ad81b86

原来是360卫士……

难道上误报?上传 https://www.virustotal.com/ 使用多引擎扫描结果如下:

(https://www.virustotal.com/file/8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274/analysis/1335935256/)

SHA256: 8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274
SHA1: f0185b542712b5bed0f975c8d11665e18fbd358d
MD5: 85f3403cbc0a73cc43241e644b11c6fa
File size: 861.3 KB ( 882008 bytes )
File name: 2.1.exe
File type: Win32 EXE
Detection ratio: 33 / 42
Analysis date: 2012-05-02 05:07:36 UTC ( 0 分钟 ago )

details

Antivirus Result Update
AhnLab-V3 Trojan/Win32.Scar 20120501
AntiVir TR/Crypt.XPACK.Gen3 20120502
Antiy-AVL Trojan/Win32.Scar.gen 20120502
Avast Win32:Sentry [Trj] 20120502
AVG Clicker.AUYR 20120501
BitDefender Trojan.Clicker.NAA 20120502
ByteHero - 20120430
CAT-QuickHeal - 20120501
ClamAV - 20120501
Commtouch - 20120502
Comodo UnclassifiedMalware 20120501
DrWeb Trojan.MulDrop2.62632 20120502
Emsisoft Trojan-Clicker.Win32.Cookster!IK 20120502
eSafe Win32.TRCrypt.XPACK 20120430
eTrust-Vet Win32/Cookster.E 20120501
F-Prot - 20120501
F-Secure Trojan.Clicker.NAA 20120502
Fortinet W32/Scar.EID!tr 20120502
GData Trojan.Clicker.NAA 20120502
Ikarus Trojan-Clicker.Win32.Cookster 20120502
Jiangmin Trojan/JmGeneric.bwc 20120502
K7AntiVirus Riskware 20120501
Kaspersky Trojan.Win32.Scar.fuwz 20120502
McAfee Generic.dx!bcsf 20120502
McAfee-GW-Edition Generic.dx!bcsf 20120501
Microsoft TrojanClicker:Win32/Cookster.A 20120501
NOD32 Win32/TrojanClicker.Cookster.A 20120502
Norman W32/Troj_Generic.HYXO 20120501
nProtect Trojan-Clicker/W32.Agent.882008 20120501
Panda Generic Trojan 20120501
PCTools Trojan.ADH 20120430
Rising Trojan.Win32.Generic.12B09877 20120428
Sophos - 20120502
SUPERAntiSpyware - 20120402
Symantec Trojan.ADH 20120502
TheHacker - 20120502
TrendMicro TROJ_CLICKER.JDM 20120502
TrendMicro-HouseCall TROJ_CLICKER.JDM 20120502
VBA32 Trojan.Scar.fuwz 20120430
VIPRE Trojan.Win32.Generic!BT 20120502
ViRobot - 20120502
VirusBuster Trojan.CL.Cookster!/GvIURofFQc 20120501

ssdeep

24576:fSM735L5U/KeyV2fUmmDTAF1bD8p5/mdD0kL:/735LKaTAT0p5/mLL

TrID

Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEiD packer identifier

Armadillo v1.71

ExifTool

SpecialBuild.............: LegalTrademarks..........: SubsystemVersion.........: 4.0Comments.................: LinkerVersion............: 6.0ImageVersion.............: 0.0FileSubtype..............: 0FileVersionNumber........: 7.5.0.1231LanguageCode.............: Chinese (Simplified)FileFlagsMask............: 0x003fFileDescription..........: 360CharacterSet.............: UnicodeInitializedDataSize......: 438272FileOS...................: Win32PrivateBuild.............: MIMEType.................: application/octet-streamLegalCopyright...........: (C) 360.cn Inc. All Rights Reserved.FileVersion..............: 7, 5, 0, 1231TimeStamp................: 2011:11:13 12:13:58+01:00FileType.................: Win32 EXEPEType...................: PE32InternalName.............: 360SafeProductVersion...........: 7, 5, 0, 1231UninitializedDataSize....: 0OSVersion................: 4.0OriginalFilename.........: 360Safe.EXESubsystem................: Windows GUIMachineType..............: Intel 386 or later, and compatiblesCompanyName..............: 360.cnCodeSize.................: 450560ProductName..............: 360ProductVersionNumber.....: 7.5.0.1231EntryPoint...............: 0x26f7eObjectFileType...........: Executable application

Sigcheck

publisher................: 360.cnproduct..................: 360____internal name............: 360Safecopyright................: (C) 360.cn Inc. All Rights Reserved.original name............: 360Safe.EXEcomments.................: file version.............: 7, 5, 0, 1231description..............: 360____ ___

Portable Executable structural information

Compilation timedatestamp.....: 2011-11-13 11:13:58Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00026F7EPE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 449310 450560 6.62 0f9b34453e554923908bf10cda3164ec.rdata 454656 87842 90112 4.60 a7d94d77583bac6599587fc274245dd2.data 544768 48392 32768 3.76 1770ccb49b49a919dd83fc31f6ab5871.rsrc 593920 299008 299008 5.13 b1fb42f6f7e57b3210e1fc762e639f3bPE Imports....................:comdlg32.dllGetSaveFileNameA, GetOpenFileNameA, GetFileTitleAOLEPRO32.DLLoledlg.dllWININET.dllInternetCanonicalizeUrlA, InternetGetCookieA, InternetSetCookieA, InternetSetStatusCallback, InternetSetOptionExA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, InternetQueryOptionA, InternetCrackUrlA, InternetWriteFile, InternetReadFile, InternetQueryDataAvailable, InternetGetLastResponseInfoA, GopherFindFirstFileA, InternetFindNextFileA, FtpFindFirstFileA, HttpQueryInfoA, HttpSendRequestExA, HttpEndRequestA, HttpSendRequestA, HttpAddRequestHeadersA, InternetErrorDlg, HttpOpenRequestA, GopherOpenFileA, GopherGetAttributeA, GopherCreateLocatorA, FtpGetFileA, FtpPutFileA, FtpOpenFileA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpRemoveDirectoryA, FtpCreateDirectoryA, FtpRenameFileA, FtpDeleteFileA, InternetConnectA, InternetSetFilePointerGDI32.dllSaveDC, RestoreDC, SelectObject, SelectPalette, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, StartDocA, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetViewportExtEx, GetWindowExtEx, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextExtentPoint32A, GetTextMetricsA, CreateFontIndirectA, DPtoLP, LPtoDP, CopyMetaFileA, CreateDCA, GetMapMode, PatBlt, SetRectRgn, CombineRgn, CreateRectRgnIndirect, DeleteDC, GetStockObject, GetDeviceCaps, GetBkColor, GetTextColor, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, GetTextExtentPointA, BitBlt, CreateCompatibleDC, DeleteObject, CreateDIBitmap, CreateBitmapSHELL32.dllDragQueryFileA, DragFinish, SHGetFileInfoA, DragAcceptFiles, ExtractIconAKERNEL32.dllTlsAlloc, GlobalHandle, TlsFree, GlobalReAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentDirectoryA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, FindNextFileA, GetFileAttributesA, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, SetFileAttributesA, SetErrorMode, GlobalSize, RtlUnwind, RaiseException, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCommandLineA, HeapFree, CreateThread, ExitThread, HeapAlloc, GetSystemTime, GetLocalTime, HeapReAlloc, HeapSize, GetACP, SetStdHandle, GetFileType, FatalAppExitA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, FileTimeToLocalFileTime, GetStdHandle, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, GetDriveTypeA, IsBadReadPtr, IsBadCodePtr, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, SetConsoleCtrlHandler, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, InterlockedExchange, ReadFile, CloseHandle, WaitForSingleObject, CreateProcessA, GetStartupInfoA, CreatePipe, GetModuleFileNameA, GetLastError, CreateMutexA, Sleep, ExitProcess, WinExec, CopyFileA, Process32Next, TerminateProcess, FileTimeToSystemTime, MulDiv, GetShortPathNameA, GetThreadLocale, GetStringTypeExA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, GetCurrentProcess, OpenProcess, Process32First, CreateToolhelp32Snapshot, DeleteFileA, WriteFile, SetFilePointer, CreateFileA, GetTickCount, DuplicateHandle, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LocalAlloc, EnterCriticalSection, SetLastError, lstrcpynA, lstrlenW, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, WideCharToMultiByte, FindResourceA, LoadResource, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, FormatMessageA, LocalFree, lstrlenA, SetHandleCountWINSPOOL.DRV DocumentPropertiesA, ClosePrinter, OpenPrinterAADVAPI32.dllRegDeleteValueA, RegCreateKeyA, RegEnumKeyA, RegQueryValueA, RegSetValueA, RegDeleteKeyA, RegCloseKey, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExAole32.dllOleInitialize, OleUninitialize, CoUninitialize, CoCreateInstance, CoInitialize, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoDisconnectObject, OleRun, OleDuplicateData, CreateBindCtx, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, StringFromCLSID, CoTreatAsClass, CreateStreamOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, OleSetClipboard, CoRevokeClassObject, CoRegisterClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, ReleaseStgMediumCOMCTL32.dllWS2_32.dll -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -USER32.dllDrawTextA, GrayStringA, LoadStringA, LoadCursorA, SetCapture, ReleaseCapture, WaitMessage, GetWindowThreadProcessId, WindowFromPoint, GetClassNameA, PtInRect, InsertMenuA, DeleteMenu, GetMenuStringA, GetSysColorBrush, GetDialogBaseUnits, DestroyMenu, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, AppendMenuA, RemoveMenu, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, DestroyIcon, ClientToScreen, wvsprintfA, CharNextA, MoveWindow, SetWindowTextA, IsDialogMessageA, ScrollWindowEx, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckRadioButton, CheckDlgButton, CharUpperA, GetDesktopWindow, MapDialogRect, SetWindowContextHelpId, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScrollWindow, GetScrollInfo, TabbedTextOutA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, TrackPopupMenu, SetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, SetScrollInfo, GetDC, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, ShowOwnedPopups, PostQuitMessage, PostMessageA, OemToCharA, CharToOemA, KillTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, SetTimer, EnableWindow, ShowWindow, LoadIconA, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, RemovePropAOLEAUT32.dll-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -PE Exports....................:

First seen by VirusTotal

2012-01-19 01:43:28 UTC ( 3 月, 2 周 ago )

  42个杀毒软件,32个检测为木马……

360卫士 是 木马?相关推荐

  1. 易语言 过360卫士杀毒五引擎误报(2016.7.11)

    点击阅读原文 推荐使用EIDE助手内的优化编译出来的程序 360卫士比较厉害的就是自创云查杀引擎.自称不用更新病毒库,就算新病毒也能几分钟具备查杀能力. 觉得说白了其实就是白名单系统,只要你的软件,不 ...

  2. 当年辉煌一时的360卫士市值暴跌七成,发生了什么事?

    不管是电脑端还是手机端,相信大家都使用过杀毒软件,即使我们的设备没有被病毒侵染,但是只要安装了杀毒软件就仿佛吃下了一颗定心丸.而在众多杀毒软件中,大家一定对360卫士不陌生,尤其是智能手机刚发展前期, ...

  3. 360怎么看电脑配置_Win10系统自带杀毒和垃圾清理好么?需不需要安装360卫士

    文/二蛋 Win10系统自带杀毒软件和垃圾清理好用么?需不需要安装360卫士? 手机系统有安卓和苹果之分,但是电脑系统可能大部分人用的都是微软系统,当然除了个别专业人士用苹果电脑除外哈. 那我们也知道 ...

  4. Atitit 通过调用gui接口杀掉360杀毒 360卫士  qq保镖等难以结束的进程(javac# php )...

    Atitit 通过调用gui接口杀掉360杀毒 360卫士  qq保镖等难以结束的进程(javac# php ) 1.1. 这些流氓软件使用操作系统os提供的普通api根本就杀不掉啊1 1.2. 使用 ...

  5. 360卫士锁定IE主页之更换主页

    360卫士把主页改成 about:blank,空白页. 想换成www.hao123.com,简单办法,退出360卫士(图标右键退出),改好主页后,再启动360卫士,它又将hao123锁定了. 在系统修 ...

  6. 这年头居然还有用360卫士清理垃圾的?那玩意就是最大的...Python自动清理不香吗?

    前言 我不知道各位有没有这样的一种体验,就是下载一个360卫士,然后会连带的下载一堆应用文件,什么360浏览器啊各种!而且卸载起来都不好卸载,巨麻烦,所以这年头谁还用他来守护咱们的电脑啊!网友直言:3 ...

  7. 怎么屏蔽360卫士精选?360卫士精选关闭教程

    360安全卫士是很多用户都会安装在电脑中的一款系统防护软件,缺点就是携带捆绑软件,还经常有弹窗广告.很多用户就想要取消360卫士精选弹窗,要怎么操作呢?下面小编就来教教大家,还用户一个干净的网络环境. ...

  8. 奇虎360安全卫士推出木马程序查杀功能

    奇虎360安全卫士推出木马程序查杀功能[@more@]6月15日,奇虎公司对外宣布,旗下所属的国内最大安全辅助类软件360安全卫士推出木马程序查杀功能.据悉,这是国内首款免费.专业的木马查杀功能,是3 ...

  9. 瑞星杀毒软件、奇虎360杀毒软件、360卫士、百度卫士联手,搞不定弹出广告 amp; 恶意广告图标...

    一位网友说他的电脑近期出了问题:开机后桌面和任务栏上的高速启动栏会出现恶意图标.删除了下次开机又会出现:使用电脑过程中每分钟都会弹出广告.他为电脑安装了瑞星杀毒软件.奇虎360杀毒软件.360卫士.百 ...

最新文章

  1. golang 复制 文件 文件夹
  2. go 变量在其中一个函数中赋值 另一个函数_go 学习笔记之仅仅需要一个示例就能讲清楚什么闭包...
  3. 【Cocosd2d实例教程六】Cocos2d实现屏幕背景的自动滚动
  4. C# 调用 Delphi Dll链接库方法及示例
  5. 图像处理:给验证码图片做降噪处理及数据清洗
  6. 时隔两年,盘点ECCV 2018影响力最大的20篇论文
  7. ONNX系列三 --- 使用ONNX使PyTorch AI模型可移植
  8. Java项目:企业固定资产管理系统(java+SpringBoot+VUE+maven+mysql)
  9. 十五. 项目沟通管理
  10. 苹果手机怎么识别文字
  11. html五星评分标准,五星级酒店评分标准.doc
  12. Nickel 28就青山控股集团镍锍生产计划发表评论
  13. 计算机二级MS考试题目占分数
  14. flask、celery+redis 实现定时任务和异步——(一)
  15. 亚信科技笔试java
  16. MPS和MRP的区别
  17. java投票_java做投票系统
  18. 小伙开私人影院,裁掉员工玩套路,你见过哪个老板敢这么玩?
  19. java用HttpURLConnection发起HTTPS请求并跳过SSL证书,解决:unable to find valid certification path to requested targ
  20. CLAHE算法 opencv

热门文章

  1. Windows下命令行怎样登录MySQL
  2. 蓝牙4.0BLE中协议栈详解
  3. 寄存器和存储器的区别?
  4. Android实现弹出窗口(PopUpWindow)
  5. DNS服务未响应的简单解决办法
  6. 30套最实用JAVA学习视频教程合集
  7. @EnableCaching
  8. Error: `fsevents` unavailable (this watcher can only be used on Darwin)
  9. C语言实现,输入某年某月某日,判断这一天是这一年的第几天?
  10. 聊天机器人chatbot搭建及思考(TensorFlow)(附代码)