jwxie
2007-11-18, 02:13 AM
這兩天在測試一個遊戲
不知道有沒有被惡意修改
我個人不在行這方面了...所以請各位學長幫幫忙
MsnMsgr.zip
http://www.sendspace.com/file/1jdv5j
我發現我還有一個msnmsgr.exe沒有被 KIS拿掉
但以前好像也有看到MsnMsgr.exe (<~~~~他被拿掉了)
11/16/2007 9:35:46 PM Running process C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe: added to exclusion list.
11/16/2007 9:50:42 PM Update completed successfully
11/16/2007 10:03:28 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1524): suspicious action. Attempt to modify list of modules executed during system startup (key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value Start Menu, data ).
11/16/2007 10:08:28 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1524): attempt to modify list of modules executed during system startup (key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value Start Menu, data ) allowed.
11/16/2007 10:50:52 PM Update completed successfully
11/16/2007 10:52:28 PM Process C:\WINDOWS\system32\svchost.exe (PID: 1280): attempt to hidden launch of Internet browser allowed.
11/16/2007 11:30:17 PM Process C:\WINDOWS\Explorer.EXE (PID: 316): attempt to hidden launch of Internet browser allowed.
11/16/2007 11:30:37 PM Protection of your computer is not running. You are advised to resume protection.
11/16/2007 11:53:34 PM Update completed successfully
11/17/2007 1:18:33 AM Update completed successfully
11/17/2007 1:34:52 AM Running process C:\Program Files\MSN Messenger\MsnMsgr.Exe: detected modification of riskware 'Hidden data sending'.
11/17/2007 1:34:52 AM Process C:\Program Files\MSN Messenger\MsnMsgr.Exe (PID 1180) successfully completed.
11/17/2007 1:34:53 AM C:\Program Files\MSN Messenger\MsnMsgr.Exe quarantined.
11/17/2007 1:35:04 AM Process (PID 316) tried to access Kaspersky Internet Security process (PID 2200), but the action has been blocked by the Self-Defense component. No action on your part is required.
我也跑過了M$社的malwareremove tool
http://www.microsoft.com/security/malwareremove/default.mspx
也是找不到東西....大概是KIS誤報?
贊助商連結
不知道有沒有被惡意修改
我個人不在行這方面了...所以請各位學長幫幫忙
MsnMsgr.zip
http://www.sendspace.com/file/1jdv5j
我發現我還有一個msnmsgr.exe沒有被 KIS拿掉
但以前好像也有看到MsnMsgr.exe (<~~~~他被拿掉了)
11/16/2007 9:35:46 PM Running process C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe: added to exclusion list.
11/16/2007 9:50:42 PM Update completed successfully
11/16/2007 10:03:28 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1524): suspicious action. Attempt to modify list of modules executed during system startup (key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value Start Menu, data ).
11/16/2007 10:08:28 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1524): attempt to modify list of modules executed during system startup (key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value Start Menu, data ) allowed.
11/16/2007 10:50:52 PM Update completed successfully
11/16/2007 10:52:28 PM Process C:\WINDOWS\system32\svchost.exe (PID: 1280): attempt to hidden launch of Internet browser allowed.
11/16/2007 11:30:17 PM Process C:\WINDOWS\Explorer.EXE (PID: 316): attempt to hidden launch of Internet browser allowed.
11/16/2007 11:30:37 PM Protection of your computer is not running. You are advised to resume protection.
11/16/2007 11:53:34 PM Update completed successfully
11/17/2007 1:18:33 AM Update completed successfully
11/17/2007 1:34:52 AM Running process C:\Program Files\MSN Messenger\MsnMsgr.Exe: detected modification of riskware 'Hidden data sending'.
11/17/2007 1:34:52 AM Process C:\Program Files\MSN Messenger\MsnMsgr.Exe (PID 1180) successfully completed.
11/17/2007 1:34:53 AM C:\Program Files\MSN Messenger\MsnMsgr.Exe quarantined.
11/17/2007 1:35:04 AM Process (PID 316) tried to access Kaspersky Internet Security process (PID 2200), but the action has been blocked by the Self-Defense component. No action on your part is required.
我也跑過了M$社的malwareremove tool
http://www.microsoft.com/security/malwareremove/default.mspx
也是找不到東西....大概是KIS誤報?
贊助商連結