当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 14 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : 昨天听说w32codecs有毒,看看这个毒会不会起作用啊
帖子发表于 : 2005-10-13 11:48 
头像

注册: 2005-09-08 9:01
帖子: 251
送出感谢: 0 次
接收感谢: 0 次
昨天听说w32codecs有毒,不过找不到这个贴发哪里了,
今天我查了一下,还真是的!

一个是我以前官方源里安装的,显示有W32/Magistr.a@MM
另一个是从Mplayer的官方下的,也是同一个毒,倒底是怎么回事啊?

不会有什么危害吧?删了会不会不能播什么文件呢?


附件:
Screenshot-Aegis Virus Scanner-1.png
Screenshot-Aegis Virus Scanner-1.png [ 16.27 KiB | 被浏览 1154 次 ]

Screenshot-Aegis Virus Scanner.png
Screenshot-Aegis Virus Scanner.png [ 16.24 KiB | 被浏览 1102 次 ]



_________________
BenQ P41-C30
\找不到64位软件已经是历史了
页首
 用户资料  
 
2 楼 
 文章标题 :
帖子发表于 : 2005-10-13 11:55 
论坛管理员

注册: 2005-03-27 0:06
帖子: 10110
系统: Ubuntu 12.04
送出感谢: 7
接收感谢: 127
且不说是误报,就算不是,在Linux下运行Windows程序,不借助wine,你试试有多困难,何况还是病毒?哈,基本一点危害的可能性都没有。


页首
 用户资料  
 
3 楼 
 文章标题 :
帖子发表于 : 2005-10-13 12:18 
头像

注册: 2005-05-19 18:38
帖子: 1989
地址: 湖南永州
送出感谢: 0 次
接收感谢: 1
那我的 xp 怎么有哪么多同样的毒

也是 W32/Magistr.a@MM


页首
 用户资料  
 
4 楼 
 文章标题 :
帖子发表于 : 2005-10-13 12:21 
论坛管理员

注册: 2005-03-27 0:06
帖子: 10110
系统: Ubuntu 12.04
送出感谢: 7
接收感谢: 127
推荐windows下使用卡巴斯基杀毒试试。


页首
 用户资料  
 
5 楼 
 文章标题 : Re: 昨天听说w32codecs有毒,看看这个毒会不会起作用啊
帖子发表于 : 2005-10-31 22:12 

注册: 2005-08-10 22:05
帖子: 6
送出感谢: 0 次
接收感谢: 0 次
snonow 写道:
昨天听说w32codecs有毒,不过找不到这个贴发哪里了,
今天我查了一下,还真是的!

一个是我以前官方源里安装的,显示有W32/Magistr.a@MM
另一个是从Mplayer的官方下的,也是同一个毒,倒底是怎么回事啊?

不会有什么危害吧?删了会不会不能播什么文件呢?


请问:这个图形界面的杀毒软件是怎么安装的啊?


页首
 用户资料  
 
6 楼 
 文章标题 :
帖子发表于 : 2005-10-31 22:58 
头像

注册: 2005-08-14 21:55
帖子: 58436
地址: 长沙
送出感谢: 4
接收感谢: 272
看到标题。然后google,就可以找到了。

要是有毒,这边可以把他瓮死的。


_________________
● 鸣学


页首
 用户资料  
 
7 楼 
 文章标题 : LINUX下的杀毒软件不行
帖子发表于 : 2005-12-07 9:22 

注册: 2005-04-19 11:33
帖子: 167
送出感谢: 0 次
接收感谢: 0 次
LINUX下杀毒软件还没有达到WINDOWS下的发达地步,所以你用的那个东东它是碰到.DLL文件就说有毒,不用理它,


页首
 用户资料  
 
8 楼 
 文章标题 :
帖子发表于 : 2005-12-07 12:05 
头像

注册: 2005-05-19 18:38
帖子: 1989
地址: 湖南永州
送出感谢: 0 次
接收感谢: 1
不是病毒,删除后windows 用不了


页首
 用户资料  
 
9 楼 
 文章标题 :
帖子发表于 : 2007-08-02 7:44 
头像

注册: 2007-07-11 17:19
帖子: 251
送出感谢: 0 次
接收感谢: 0 次
不要大意了,病毒就是病毒.


页首
 用户资料  
 
10 楼 
 文章标题 :
帖子发表于 : 2007-08-02 8:18 
头像

注册: 2007-01-15 17:15
帖子: 3766
送出感谢: 0 次
接收感谢: 0 次
引用:
W32/Magistr.a@MM

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases

* I-Worm.Magistr (AVP)

* Magistr (F-Secure)

* PE_MAGISTR.A (Trend)

* W32.Magistr.24876@mm (Symantec)

* W32/Disemboweler (Panda)

* W32/Magistr-a (Sophos)

* W32/Magistr.a.dam1

* W32/Magistr.dam

* W32/Magistr.dam2

* W32/Magistr@MM

Characteristics
Characteristics -

W32/Magistr@MM is a combination of a files infector virus and e-mail worm.
- The viral code infects 32 bit PE type files (.exe) in the WINDOWS directory and subdirectories.
- It uses mass mailing techniques to send itself to email addresses stored in several places.
- It installs itself to run at each system startup.

Five minutes after the virus is run, it attempts a mailing routine. Email addresses are gathered from the Windows Address Book, Outlook Express mailboxes, and Netscape mailboxes (addresses found in email messages within existing mailboxes are gathered), and these file locations and addresses are saved to a hidden .DAT file somewhere on the hard disk (varies). The messages sent by the worm contain varying subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non .EXE or non-viral files along with an infectious .EXE file. The second letter of the e-mail address in the From: field is often changed by the virus. As a result, replying to the message will fail due to the invalid address.

The virus proceeds by infecting 32 bit PE (Portable Executable) type .EXE files found in the WINDOWS SYSTEM directory and subdirectories. The viral code is encrypted, polymorphic, and uses anti-debugging techniques to make it difficult to detect. Email addresses have been seen encrypted in infected files. These addresses are believed to represent other users that have also been infected from the same point of origin.

In the decrypted body of the virus code, the following comments exist:

ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler.
by: The Judges Disemboweler.
written in Malmo (Sweden)
W32/Magistr@MM has a payload routine that, on some systems, may result in cmos/bios info being erased as well as destroying sectors on the hard disk.
Symptoms
Symptoms -

- Icons on the desktop move when the mouse cursor passes over them.
- Increase in size of .EXE files (adds 24Kb or more).
- Infected files use a modified access date of the time of the infection.
- Presence of a newly created .DAT file containing email addresses (representing those users which were sent the virus).
-Entry in WIN.INI RUN=(App).
-Entry in Registry, run key value:
HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\AppName (varies)=C:\WINDOWS\SYSTEM\(App).EXE (varies).

Method of Infection
Method of Infection -

This worm arrives as an .EXE file with varying filenames. Executing this attachment infects your machine which is used to propagate the virus.

When first run, the virus may copy one .EXE file in the WINDOWS or WINDOWS SYSTEM directory using the same name with an altered last character.

For example, CFGWIZ32.EXE becomes CFGWIZ31.EXE, PSTORES.EXE becomes PSTORER.EXE, etc (this naming convention seems to be consistent where the last character of the filename is decreased by a factor of 1) .

This copy is then infected and a WIN.INI entry, or a registry run key value may be created, to execute this infected file upon system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
CFGWIZ31=C:\WINDOWS\SYSTEM\CFGWZ31.EXE

This copied executable infects other PE .EXE files in the SYSTEM directory and subdirectories, when run. It also infects over open network shares.

This virus will create a .DAT file on the local file system which contains strings of the files used to grab email address from (.dbx, .mbx, .wab), and also strings of email addresses which will be used as a target list. The .DAT file will be named after the machine name, but in an offset method. For instance, here is a corresponding list of letter equivalents used:

original letter corresponds to a -> y b -> x c -> w d -> v e -> u f -> t g -> s h -> r i -> q j -> p k -> o l -> n m -> m n -> l o -> k p -> j q -> i r -> h s -> g t -> f u -> e v -> d w -> c x -> b y -> a z -> z

Numbers are not affected. So a machine name of ABC-123 would have a .DAT file on the local system named YXW-123.DAT.

An additional item of note is that this worm often alters the REPLY-TO email address when mailing itself to others. In a similar fashion to the other name changes made by this virus, one letter of the address is incremented or decremented. Thus when attempting to contact the infected user to alert them, the message is often returned do to this address modification.
Removal -
Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations
Variants
Variants -

* W32/Magistr.dam3


页首
 用户资料  
 
11 楼 
 文章标题 :
帖子发表于 : 2007-08-02 13:52 

注册: 2005-03-28 22:30
帖子: 136
送出感谢: 0 次
接收感谢: 0 次
这个帖怎么发“娱乐游戏”版块来了?


页首
 用户资料  
 
12 楼 
 文章标题 :
帖子发表于 : 2007-08-05 16:52 

注册: 2007-08-05 16:17
帖子: 5
送出感谢: 0 次
接收感谢: 0 次
:shock: 我才装了,不会真有毒吧?咋办呢?


页首
 用户资料  
 
13 楼 
 文章标题 :
帖子发表于 : 2007-08-05 16:57 
头像

注册: 2006-12-23 13:46
帖子: 9203
地址: Azores Islands
送出感谢: 0 次
接收感谢: 1
考古帖


_________________
no security measure is worth anything if an attacker has physical access to the machine


页首
 用户资料  
 
14 楼 
 文章标题 :
帖子发表于 : 2007-08-05 17:01 
头像

注册: 2006-07-02 11:16
帖子: 12522
地址: 廣州
送出感谢: 0 次
接收感谢: 8
图片

掘坟...


_________________
^_^ ~~~
要理解递归,首先要理解递归。

地球人都知道,理论上,理论跟实际是没有差别的,但实际上,理论跟实际的差别是相当大滴。


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 14 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译