【木馬】在苦主的電腦上找到的(au_.exe)



贊助商連結


大灰芒果
2007-03-09, 05:35 PM
這隻是在苦主我的電腦上發現的,根據Spyware-Net上的資料,這是一隻木馬。:|||: (而且有一堆防毒軟體抓不到:eye: )

附上 VirusTotal 的掃描結果,也許是誤判?


Component Name: au_.exe

Description of au_.exe
This is a component of SpyFalcon. SpyFalcon is a Trojan disguised as an anti-spyware application. It installs with other Trojans through various security exploits. It typically hijacks the user's desktop, and makes unwanted changes to various user settings.

Recommendation for au_.exe
It is strongly recommended that this spyware be removed from your system immediately.

Trusted: No
Trojan: Yes
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No

Company Name: .
Platforms Affected:
Methods of Distribution: It can be downloaded from the manufacturer's site and could be stealthily installed

發現位置:C:\Documents and Settings\你的帳戶Id\Local Settings\Temp\~nsu.tmp\

贊助商連結


bestpika
2007-03-09, 07:52 PM
Virustotal 只有三家掃到...
不過都是報威脅,
沒有半家有名稱的。

丟回去分析看看好了。

黑衣~魂
2007-03-09, 10:12 PM
卡巴分析回覆無毒
Hello, no malicious code was found in this file.
--
Best regards, Shvetsov Dmitry
Virus analyst, Kaspersky Lab.

e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
> Attachment: Au_.zip

i10061i
2007-03-09, 10:27 PM
NOD32也沒掃出來耶

小薪
2007-03-11, 02:43 PM
已把檔案傳給Nod32做分析了
希望會有結果...

kk_pczone
2007-03-12, 11:36 PM
antivir的回覆

The file 'Au_.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content.

大灰芒果
2007-03-13, 12:02 AM
謝謝大家,我想真的是誤判吧…:corkysm: