360衛士 是 ***？

　　換了臺電腦使用，裝上了QQ電腦管家。使用過程當中QQ電腦管家彈出以下提示：

 

用FileInfo提取這個被QQ電腦管家報爲***的文件的信息：

文件說明符 : C:\Program Files\Common Files\2.1.exe
屬性 : A---
數字簽名:360.cn
PE文件:是
語言 : 中文(簡體，中國)
文件版本 : 7, 5, 0, 1231
說明 : 360安全衛士 主程序
版權 : (C) 360.cn Inc. All Rights Reserved.
產品版本 : 7, 5, 0, 1231
產品名稱 : 360安全衛士
公司名稱 : 360.cn
內部名稱 : 360Safe
源文件名 : 360Safe.EXE
建立時間 : 2012-2-20 21:44:5
修改時間 : 2012-1-2 11:6:22
大小 : 882008 字節 861.344 KB
MD5 : 85f3403cbc0a73cc43241e644b11c6fa
SHA1: F0185B542712B5BED0F975C8D11665E18FBD358D
CRC32: 3ad81b86

 

原來是360衛士……

 

難道上誤報？上傳　https://www.virustotal.com/　使用多引擎掃描結果以下：

（https://www.virustotal.com/file/8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274/analysis/1335935256/）

SHA256:	8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274
SHA1:	f0185b542712b5bed0f975c8d11665e18fbd358d
MD5:	85f3403cbc0a73cc43241e644b11c6fa
File size:	861.3 KB ( 882008 bytes )
File name:	2.1.exe
File type:	Win32 EXE
Detection ratio:	33 / 42
Analysis date:	2012-05-02 05:07:36 UTC ( 0 分鐘 ago )

details

Antivirus	Result	Update
AhnLab-V3	Trojan/Win32.Scar	20120501
AntiVir	TR/Crypt.XPACK.Gen3	20120502
Antiy-AVL	Trojan/Win32.Scar.gen	20120502
Avast	Win32:Sentry [Trj]	20120502
AVG	Clicker.AUYR	20120501
BitDefender	Trojan.Clicker.NAA	20120502
ByteHero	-	20120430
CAT-QuickHeal	-	20120501
ClamAV	-	20120501
Commtouch	-	20120502
Comodo	UnclassifiedMalware	20120501
DrWeb	Trojan.MulDrop2.62632	20120502
Emsisoft	Trojan-Clicker.Win32.Cookster!IK	20120502
eSafe	Win32.TRCrypt.XPACK	20120430
eTrust-Vet	Win32/Cookster.E	20120501
F-Prot	-	20120501
F-Secure	Trojan.Clicker.NAA	20120502
Fortinet	W32/Scar.EID!tr	20120502
GData	Trojan.Clicker.NAA	20120502
Ikarus	Trojan-Clicker.Win32.Cookster	20120502
Jiangmin	Trojan/JmGeneric.bwc	20120502
K7AntiVirus	Riskware	20120501
Kaspersky	Trojan.Win32.Scar.fuwz	20120502
McAfee	Generic.dx!bcsf	20120502
McAfee-GW-Edition	Generic.dx!bcsf	20120501
Microsoft	TrojanClicker:Win32/Cookster.A	20120501
NOD32	Win32/TrojanClicker.Cookster.A	20120502
Norman	W32/Troj_Generic.HYXO	20120501
nProtect	Trojan-Clicker/W32.Agent.882008	20120501
Panda	Generic Trojan	20120501
PCTools	Trojan.ADH	20120430
Rising	Trojan.Win32.Generic.12B09877	20120428
Sophos	-	20120502
SUPERAntiSpyware	-	20120402
Symantec	Trojan.ADH	20120502
TheHacker	-	20120502
TrendMicro	TROJ_CLICKER.JDM	20120502
TrendMicro-HouseCall	TROJ_CLICKER.JDM	20120502
VBA32	Trojan.Scar.fuwz	20120430
VIPRE	Trojan.Win32.Generic!BT	20120502
ViRobot	-	20120502
VirusBuster	Trojan.CL.Cookster!/GvIURofFQc	20120501

ssdeep 24576:fSM735L5U/KeyV2fUmmDTAF1bD8p5/mdD0kL:/735LKaTAT0p5/mLL

TrID Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEiD packer identifier Armadillo v1.71

ExifTool SpecialBuild.............: LegalTrademarks..........: SubsystemVersion.........: 4.0Comments.................: LinkerVersion............: 6.0ImageVersion.............: 0.0FileSubtype..............: 0FileVersionNumber........: 7.5.0.1231LanguageCode.............: Chinese (Simplified)FileFlagsMask............: 0x003fFileDescription..........: 360CharacterSet.............: UnicodeInitializedDataSize......: 438272FileOS...................: Win32PrivateBuild.............: MIMEType.................: application/octet-streamLegalCopyright...........: (C) 360.cn Inc. All Rights Reserved.FileVersion..............: 7, 5, 0, 1231TimeStamp................: 2011:11:13 12:13:58+01:00FileType.................: Win32 EXEPEType...................: PE32InternalName.............: 360SafeProductVersion...........: 7, 5, 0, 1231UninitializedDataSize....: 0OSVersion................: 4.0OriginalFilename.........: 360Safe.EXESubsystem................: Windows GUIMachineType..............: Intel 386 or later, and compatiblesCompanyName..............: 360.cnCodeSize.................: 450560ProductName..............: 360ProductVersionNumber.....: 7.5.0.1231EntryPoint...............: 0x26f7eObjectFileType...........: Executable application

Sigcheck publisher................: 360.cnproduct..................: 360____internal name............: 360Safecopyright................: (C) 360.cn Inc. All Rights Reserved.original name............: 360Safe.EXEcomments.................: file version.............: 7, 5, 0, 1231description..............: 360____ ___

Portable Executable structural information Compilation timedatestamp.....: 2011-11-13 11:13:58Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00026F7EPE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 449310 450560 6.62 0f9b34453e554923908bf10cda3164ec.rdata 454656 87842 90112 4.60 a7d94d77583bac6599587fc274245dd2.data 544768 48392 32768 3.76 1770ccb49b49a919dd83fc31f6ab5871.rsrc 593920 299008 299008 5.13 b1fb42f6f7e57b3210e1fc762e639f3bPE Imports....................:comdlg32.dllGetSaveFileNameA, GetOpenFileNameA, GetFileTitleAOLEPRO32.DLLoledlg.dllWININET.dllInternetCanonicalizeUrlA, InternetGetCookieA, InternetSetCookieA, InternetSetStatusCallback, InternetSetOptionExA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, InternetQueryOptionA, InternetCrackUrlA, InternetWriteFile, InternetReadFile, InternetQueryDataAvailable, InternetGetLastResponseInfoA, GopherFindFirstFileA, InternetFindNextFileA, FtpFindFirstFileA, HttpQueryInfoA, HttpSendRequestExA, HttpEndRequestA, HttpSendRequestA, HttpAddRequestHeadersA, InternetErrorDlg, HttpOpenRequestA, GopherOpenFileA, GopherGetAttributeA, GopherCreateLocatorA, FtpGetFileA, FtpPutFileA, FtpOpenFileA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpRemoveDirectoryA, FtpCreateDirectoryA, FtpRenameFileA, FtpDeleteFileA, InternetConnectA, InternetSetFilePointerGDI32.dllSaveDC, RestoreDC, SelectObject, SelectPalette, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, StartDocA, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetViewportExtEx, GetWindowExtEx, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextExtentPoint32A, GetTextMetricsA, CreateFontIndirectA, DPtoLP, LPtoDP, CopyMetaFileA, CreateDCA, GetMapMode, PatBlt, SetRectRgn, CombineRgn, CreateRectRgnIndirect, DeleteDC, GetStockObject, GetDeviceCaps, GetBkColor, GetTextColor, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, GetTextExtentPointA, BitBlt, CreateCompatibleDC, DeleteObject, CreateDIBitmap, CreateBitmapSHELL32.dllDragQueryFileA, DragFinish, SHGetFileInfoA, DragAcceptFiles, ExtractIconAKERNEL32.dllTlsAlloc, GlobalHandle, TlsFree, GlobalReAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentDirectoryA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, FindNextFileA, GetFileAttributesA, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, SetFileAttributesA, SetErrorMode, GlobalSize, RtlUnwind, RaiseException, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCommandLineA, HeapFree, CreateThread, ExitThread, HeapAlloc, GetSystemTime, GetLocalTime, HeapReAlloc, HeapSize, GetACP, SetStdHandle, GetFileType, FatalAppExitA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, FileTimeToLocalFileTime, GetStdHandle, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, GetDriveTypeA, IsBadReadPtr, IsBadCodePtr, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, SetConsoleCtrlHandler, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, InterlockedExchange, ReadFile, CloseHandle, WaitForSingleObject, CreateProcessA, GetStartupInfoA, CreatePipe, GetModuleFileNameA, GetLastError, CreateMutexA, Sleep, ExitProcess, WinExec, CopyFileA, Process32Next, TerminateProcess, FileTimeToSystemTime, MulDiv, GetShortPathNameA, GetThreadLocale, GetStringTypeExA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, GetCurrentProcess, OpenProcess, Process32First, CreateToolhelp32Snapshot, DeleteFileA, WriteFile, SetFilePointer, CreateFileA, GetTickCount, DuplicateHandle, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LocalAlloc, EnterCriticalSection, SetLastError, lstrcpynA, lstrlenW, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, WideCharToMultiByte, FindResourceA, LoadResource, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, FormatMessageA, LocalFree, lstrlenA, SetHandleCountWINSPOOL.DRV DocumentPropertiesA, ClosePrinter, OpenPrinterAADVAPI32.dllRegDeleteValueA, RegCreateKeyA, RegEnumKeyA, RegQueryValueA, RegSetValueA, RegDeleteKeyA, RegCloseKey, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExAole32.dllOleInitialize, OleUninitialize, CoUninitialize, CoCreateInstance, CoInitialize, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoDisconnectObject, OleRun, OleDuplicateData, CreateBindCtx, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, StringFromCLSID, CoTreatAsClass, CreateStreamOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, OleSetClipboard, CoRevokeClassObject, CoRegisterClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, ReleaseStgMediumCOMCTL32.dllWS2_32.dll -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -USER32.dllDrawTextA, GrayStringA, LoadStringA, LoadCursorA, SetCapture, ReleaseCapture, WaitMessage, GetWindowThreadProcessId, WindowFromPoint, GetClassNameA, PtInRect, InsertMenuA, DeleteMenu, GetMenuStringA, GetSysColorBrush, GetDialogBaseUnits, DestroyMenu, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, AppendMenuA, RemoveMenu, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, DestroyIcon, ClientToScreen, wvsprintfA, CharNextA, MoveWindow, SetWindowTextA, IsDialogMessageA, ScrollWindowEx, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckRadioButton, CheckDlgButton, CharUpperA, GetDesktopWindow, MapDialogRect, SetWindowContextHelpId, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScrollWindow, GetScrollInfo, TabbedTextOutA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, TrackPopupMenu, SetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, SetScrollInfo, GetDC, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, ShowOwnedPopups, PostQuitMessage, PostMessageA, OemToCharA, CharToOemA, KillTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, SetTimer, EnableWindow, ShowWindow, LoadIconA, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, RemovePropAOLEAUT32.dll-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -PE Exports....................:

First seen by VirusTotal 2012-01-19 01:43:28 UTC ( 3 月, 2 周 ago )

 

　　42個殺毒軟件，32個檢測爲***……