Qq Computer Manager vs Kingsoft guard

The QQ Computer Manager installed on the computer was originally designed to accelerate the QQ level. Today, I accidentally tried the trojan scanning and Removal Function of the manager. The result is a bit confusing:

 

 

01-qq Computer Manager 4.5 () Trojan scan results

Use fileinfo to extract file information:

 

File Description: D:/■ // data recovery/easyrecovery/easyrecovery.exe
Attribute: ---
Digital Signature: No
PE file: Yes
Language: Chinese (China)
File version: 1.00.27.51
Notes: easyrecovery
Copyright: Copyright (c) 2001-2002 ontrack data recovery Inc.
Product Version: 6.10.07
Product Name: ontrack easyrecovery professional
Company Name: ontrack data recovery Inc.
Legal trademark: easyrecovery professional is a trademark of ontrack data recovery Inc.
Internal name: easyrecovery
Source File Name: easyrecovery.exe
Creation Time: 17:36:21
Modification time: 20:57:34
Size: 198144 bytes, 193.512 KB
MD5: d17a1eb904ba666bc82949f21113d721
Sha1: 44c909e29a1288af1d07c13dd7b5bc308e01620d
CRC32: a1a000098

 

File Description: C:/program files/Lenovo/hide partition management/sysdll/rebootsystem1.exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 15:10:28
Modification time:
Size: 172116 bytes, 168.84 KB
MD5: 076bff16a7500e14d9855c832ac5429b
Sha1: aaa4dfa684a69175f2cd4891ab619971cbf29a4b
CRC32: 64d95dae

File Description: C:/Windows/system32/Drivers/lnrmjrri. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 9:37:44
Modification time: 9:37:46
Size: 29184 bytes, 28.512 KB
MD5: 405ffd5b45d7fea1fd97086e8d33c585
Sha1: c602a4af880a99a07fe3da52bb70e226902dabca
CRC32: fd9468d5

File Description: C:/Windows/system32/Drivers/hcrnfnqo. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29184 bytes, 28.512 KB
MD5: 405ffd5b45d7fea1fd97086e8d33c585
Sha1: c602a4af880a99a07fe3da52bb70e226902dabca
CRC32: fd9468d5

 

File Description: C:/Windows/system32/Drivers/nsuoktre. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29184 bytes, 28.512 KB
MD5: 405ffd5b45d7fea1fd97086e8d33c585
Sha1: c602a4af880a99a07fe3da52bb70e226902dabca
CRC32: fd9468d5

File Description: C:/Windows/system32/Drivers/ugijuors. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29184 bytes, 28.512 KB
MD5: 405ffd5b45d7fea1fd97086e8d33c585
Sha1: c602a4af880a99a07fe3da52bb70e226902dabca
CRC32: fd9468d5

File Description: C:/Windows/system32/Drivers/rtsdjcbu. sys
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Size: 29184 bytes, 28.512 KB
MD5: 405ffd5b45d7fea1fd97086e8d33c585
Sha1: c602a4af880a99a07fe3da52bb70e226902dabca
CRC32: fd9468d5

 

The first two are false positives, and the content of the last five sys files is exactly the same.

For five sys files, press the file name Google. Only rtsdjcbu. sys can be accessed by Google:

 

[In progress] [rootkit virus] Win32/small. NMC-Trojan scan-360 Forum
Http://www.google.com.hk/search? Hl = ZH-CN & newwindow = 1 & Safe = strict & biw = 874 & BiH = 645 & Q = rtsdjcbu. sys & AQ = F & AQI = & AQL = & OQ =

 

Google:
Http://www.google.com.hk/url? Authorization % 3f_log_from % 3 drss & Ei = 1rwgtdfsoiiecjgy5ecb & USG = AFQjCNEI2_O21HVr-rts_mbqpJf2fcI_UA
That is
Http://www.sophos.com/security/analyses/viruses-and-spyware/trojmsvloga.html? _ Log_from = RSS

 

02-google-related information on the Sophos website

 

Upload ugijuors. sys to http://virusscan.jotti.org:

03-ugijuors.sys online scan results

 

Upload rebootsystem1.exe to http://virusscan.jotti.org/with the following result scanned:

04-rebootsystem1.exe online scan results

 

Anti-Virus Software abroad does not know Lenovo's stuff?

 

Upload easyrecovery.exe to http://virusscan.jotti.org:

05-easyrecovery.exe online scan results

 

I upgraded my QQ Computer Manager to the latest version. Why did the official version 4.5 and 4.6 come out?

 

Specify C:/Windows/system32/drivers, C:/program files/Lenovo/hide partition management, D: /■ // data recovery/easyrecovery three folders for scanning:

4.5-QQ Computer Manager () Trojan scan results

 

False positives remain.

 

It's the turn of Kingsoft guard to make the debut.

 

Upgrade Kingsoft guard to the latest version, and then specify C:/Windows/system32/drivers, C:/program files/Lenovo/hidden partition management, D: /■ // data recovery/easyrecovery three folders for scanning:

07-time when the scan result of Kingsoft guard is displayed. The prompt message box of the scan result is a bit redundant.

 

08-Kingsoft guard scan results show more detailed information than QQ Manager

 

As a result, Kingsoft guard reported a false positive.

Add C:/program files/Lenovo/hidden partition management/sysdll/rebootsystem1.exe to the whitelist, rename the five sys files, and then use Kingsoft guard to process the files. The result is as follows:

 

09-Kingsoft guard handling result

 

Although Kingsoft guard could not find 5 sys files, it still reported that all 6 threats were handled. However, when Kingsoft guard was shut down, it reported that "there are still exceptions not handled "?

Regardless of the scanning speed, scanning results, or the content of the scan report, Kingsoft guard is slightly better than QQ Computer Manager.