【木馬】在苦主的電腦上找到的(au_.exe)

[大灰芒果]

這隻是在苦主我的電腦上發現的，根據Spyware-Net上的資料，這是一隻木馬。 (而且有一堆防毒軟體抓不到 )

附上 VirusTotal 的掃描結果，也許是誤判？

引用:

作者: http://www.fbmsoftware.com/spyware-net/Process/au__exe/3082/

Component Name: au_.exe

Description of au_.exe
This is a component of SpyFalcon. SpyFalcon is a Trojan disguised as an anti-spyware application. It installs with other Trojans through various security exploits. It typically hijacks the user's desktop, and makes unwanted changes to various user settings.

Recommendation for au_.exe
It is strongly recommended that this spyware be removed from your system immediately.

Trusted: No
Trojan: Yes
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No

Company Name: .
Platforms Affected:
Methods of Distribution: It can be downloaded from the manufacturer's site and could be stealthily installed

發現位置：C:\Documents and Settings\你的帳戶Id\Local Settings\Temp\~nsu.tmp\

[bestpika]

Virustotal 只有三家掃到...
不過都是報威脅，
沒有半家有名稱的。

丟回去分析看看好了。

[黑衣~魂]

卡巴分析回覆無毒
Hello, no malicious code was found in this file.
--
Best regards, Shvetsov Dmitry
Virus analyst, Kaspersky Lab.

e-mail: [email protected]
http://www.kaspersky.com/
> Attachment: Au_.zip

NOD32也沒掃出來耶

[小薪]

已把檔案傳給Nod32做分析了
希望會有結果...

[kk_pczone]

antivir的回覆

The file 'Au_.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content.

[大灰芒果]

謝謝大家，我想真的是誤判吧…