【木馬】可否幫我確定壓縮檔理的檔案確實含有木馬程式,謝謝

[shichien]

我用卡巴有檢測到木馬程式 Rootkit.Win32.Agent.ff
請問這是屬於甚麼樣的木馬程式,還是誤判而已...

[martin0129]

我用卡巴有檢測到木馬程式 Rootkit.Win32.Agent.ff
請問這是屬於甚麼樣的木馬程式,還是誤判而已...

Antivir 也檢測到 rootkit

[yuping]

[ file data ]
* name: =?utf-8?q?13266d1177871650.attachment.rar?=
* size: 420274
* md5.: c363c6d5b4fce17f22a58a349b1088b6
* sha1: a9203231e2c59ddf6113bc00b7634129c7f9afc0

[ scan result ]
AhnLab-V3 2007.4.28.0/20070427 found nothing
AntiVir 7.4.0.15/20070429 found [RKit/Agent.FF]
Authentium 4.93.8/20070427 found nothing
Avast 4.7.981.0/20070430 found nothing
AVG 7.5.0.467/20070429 found nothing
BitDefender 7.2/20070430 found nothing
CAT-QuickHeal 9.00/20070428 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070429 found nothing
DrWeb 4.33/20070429 found nothing
eSafe 7.0.15.0/20070429 found nothing
eTrust-Vet 30.7.3601/20070427 found nothing
Ewido 4.0/20070429 found nothing
F-Prot 4.3.2.48/20070427 found nothing
F-Secure 6.70.13030.0/20070430 found [Rootkit.Win32.Agent.ff]
FileAdvisor 1/20070430 found nothing
Fortinet 2.85.0.0/20070429 found nothing
Ikarus T3.1.1.5/20070429 found [Rootkit.Win32.Agent.ff]
Kaspersky 4.0.2.24/20070430 found [Rootkit.Win32.Agent.ff]
McAfee 5019/20070427 found [New Malware.z]
Microsoft 1.2405/20070429 found nothing
NOD32v2 2228/20070429 found nothing
Norman 5.80.02/20070427 found nothing
Panda 9.0.0.4/20070429 found [Suspicious file]
Prevx1 V2/20070430 found nothing
Sophos 4.17.0/20070428 found nothing
Sunbelt 2.2.907.0/20070419 found [VIPRE.Suspicious]
TheHacker 6.1.6.095/20070415 found nothing
VBA32 3.11.4/20070429 found nothing
VirusBuster 4.3.7:9/20070429 found nothing
Webwasher-Gateway 6.0.1/20070429 found [Rootkit.Agent.FF]

[shisin]

上傳至Virus Total的偵測結果：

[shichien]

看來真的是有木馬了,電腦來去重灌好了,多謝各位幫忙^^

[大灰芒果]

我用卡巴有檢測到木馬程式 Rootkit.Win32.Agent.ff
請問這是屬於甚麼樣的木馬程式,還是誤判而已...

光看檔名，就知道有問題了…
看看我用 AntiVir PE Classic 的掃描結果：

free.rar
[0] Archive type: RAR
--> free\elfJoJoHookSys.sys
[DETECTION] Contains signature of the rootkit RKIT/Agent.FF
--> free\MapleStoryQQ.exe
[DETECTION] Contains signature of the rootkit RKIT/Agent.FF.1

是比木馬更可怕的 rootkit 程式。(也算是木馬的一種吧？)

[黑衣~魂]

Kaspersky Lab:
Hello,
elfJoJoHookSys.sys, MapleStoryQQ.exe_ - Rootkit.Win32.Agent.ff
These files are already detected. Please update your antivirus bases.
Please quote all when answering.
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
----------------------------
Avira Virus Lab

Filename Result
MapleStoryQQ.exe MALWARE

The file 'MapleStoryQQ.exe' has been determined to be 'MALWARE'. Our analysts named the threat RKit/Agent.FF.1. The term ?RKIT/? denotes a piece of software that uses cloaking techniques to hide itself from view. Therefore it has to be categorized as potentially malicious.Detection is added to our virus definition file (VDF) starting with version 6.38.01.65.
Filename Result

elfJoJoHookSys.sys MALWARE
The file 'elfJoJoHookSys.sys' has been determined to be 'MALWARE'. Our analysts named the threat RKit/Agent.FF. The term ?RKIT/? denotes a piece of software that uses cloaking techniques to hide itself from view. Therefore it has to be categorized as potentially malicious.Detection is added to our virus definition file (VDF) starting with version 6.38.01.65.

[Timothy]

AVG Anti-Spyware 檢測到木馬程式 Rootkit.Agent.ff

[harry_chang2003]

PC-cillin 2007抓到了

[~GG~]

為何Norton 都抓不報?