Some experiences on using Kingsoft guard

Source: Internet
Author: User
Tags crc32

Kingsoft guard has been in the computer for a while, and has not seen any movements at ordinary times. Today, I checked the virus on the USB flash drive and finally got a little response. By the way, write down some experiences.

  1. Some functions are invalid when running in a user account with non-administrator permissionsFor example, the V10 engine of the Kingsoft guard Trojan cannot be enabled.


  2. Incomplete Real-time protection functions
Today, a colleague copied the data with a USB flash drive. Kingsoft guard checked that there were malicious programs in the USB flash drive. After clearing the USB flash drive, he checked the USB flash drive and found that there were still problems:

 

(1) autorun. inf for virus startup is not deleted

The content of autorun. inf is:

 

[Autorun]
Shellexecuteappssecret.exe

(2) The EXE files of Trojan viruses disguised as folders are not completely cleared. The following two items are missing.

 

File Description: G:/recycled.exe
Property:-sh-
Digital Signature: No
PE file: Yes
Language: English (USA)
File version: 1.00
Product: 1.00
Product Name: hav_online
Internal name: Task
Source File Name: task.exe
Creation Time: 22:44:34
Modification time: 7:50:56
Size: 112128 bytes, 109.512 KB
MD5: 65fee6921df6aedca88f5bda-bf1d543
Sha1: 8734bce69825b21f3573ca94398647bde49c6eb6
CRC32: 66169b58

 

File Description: G:/recycle.exe
Property:-sh-
Digital Signature: No
PE file: Yes
Language: English (USA)
File version: 1.00
Product: 1.00
Product Name: hav_online
Internal name: Task
Source File Name: task.exe
Creation Time: 22:44:34
Modification time: 7:50:56
Size: 112128 bytes, 109.512 KB
MD5: 65fee6921df6aedca88f5bda-bf1d543
Sha1: 8734bce69825b21f3573ca94398647bde49c6eb6
CRC32: 66169b58

 

This should be an old malicious program, and many anti-virus software can detect it:

Http://www.virustotal.com/file-scan/report.html? Id = Success
Antivirus Version Last update Result
AhnLab-V3 2011.02.14.02 2011.02.14 Win32/Autorun. worm.20.128
AntiVir 7.11.3.93 2011.02.15 TR/Vb. GHS
Antiy-AVL 2.0.3.7 2011.02.15 Trojan/win32.agent. gen
Avast 4.8.1351.0 2011.02.16 Win32: Agent-QTR
Avast5 5.0.677.0 2011.02.16 Win32: Agent-QTR
AVG 10.0.0.1190 2011.02.16 Downloader. agent2.fuq
BitDefender 7.2 2011.02.16 Trojan. generic.1748385
Cat-quickheal 11.00 2011.02.15 Trojandownloader. Agent. GHS
ClamAV 0.96.4.0 2011.02.16 Pua. Packed. PECompact-1
Commtouch 5.2.11.5 2011.02.15 W32/downldr2.bdrf
Comodo 7701 2011.02.15 Trojware. win32.vb. ghs0
Drweb 5.0.2.03300 2011.02.16 Backdoor. bulknet.419
Emsisoft 5.1.0.2 2011.02.15 Virus. worm. VB! Ik
Esafe 7.0.20. 2011.02.15 Win32.agent. GHS
ETrust-vet 36.1.8161 2011.02.15 Win32/sillyfdc. Di
F-Prot 4.6.2.117 2011.02.15 W32/downldr2.bdrf
F-Secure 9.0.16160.0 2011.02.16 Trojan. generic.1748385
Fortinet 4.2.254.0 2011.02.16 -
Gdata 21 2011.02.16 Trojan. generic.1748385
Ikarus T3.1.1.97.0 2011.02.15 Virus. worm. VB
Jiangmin 13.0.900 2011.02.15 Trojandownloader. Agent. xly
K7antivirus 9.85.3859 2011.02.15 Trojan-downloader
Kaspersky 7.0.0.125 2011.02.16 Trojan-Downloader.Win32.Agent.btlp
McAfee 5.400.0.1158 2011.02.16 Generic. dx
McAfee-GW-Edition 2010.1c 2011.02.15 Heuristic. lookslike. win32.suspicious. J! 83
Microsoft 1.6502 2011.02.15 WORM: Win32/Vb. Ha
NOD32 5878 2011.02.15 A variant of Win32/Autorun. VB. Vo
Norman 6.07.03 2011.02.15 W32/agent. edbt
Nprotect September 2011-02-10.01 2011.02.15 Trojan-downloader/w32.agent. g0128.j
Panda 10.0.3.5 2011.02.15 Trj/keylogger. CV
Pctools 7.0.3.5 2011.02.16 Trojan-Downloader.Agent! CT
Prevx 3.0 2011.02.16 High risk spyware
Rising 23.45.01.06 2011.02.15 Worm. win32.vb. QP
Sophos 4.61.0 2011.02.15 Mal/VB-F
SUPERAntiSpyware 4.40.0.1006 2011.02.16 -
Thehacker 6.7.0.1.131 2011.02.15 Trojan/Downloader. Agent. GHS
TrendMicro 9.200.0.1012 2011.02.15 Worm_autorun.qh
TrendMicro-housecall 9.200.0.1012 2011.02.15 Worm_autorun.qh
Vba32 3.12.14.3 2011.02.15 Trojandownloader. Agent. hor
Vipre 8433 2011.02.16 Trojan. win32.generic. Pak! Cobra
ViRobot 2011.2.15.4311 2011.02.15 Trojan. win32.downloader. g0128.c
Virusbuster 13.6.202.1 2011.02.15 Trojan. DL. Agent! 5 gauyxfgjfu

If scan and removal rely on signatures, why are there no names of viruses or Trojans that have been cleared?

(3) No isolation zone? The cleared file cannot be retrieved.

 

  3. Download protection automatically uploads files whose scan results are unknown.

 

I downloaded a self-written program from my mailbox. Without detecting any problems, Kingsoft guard automatically uploaded the Cloud analysis and did not ask if I agreed.

Setting the "No prompt is displayed when the scan result is unknown and the cloud security analysis task is automatically submitted" option under the -- Net shield -- Download protection does not seem to work. It will also be uploaded automatically if no hooks are found.

In addition, this download protection does not seem to check the files transmitted via QQ. A friend's computer won the bid because he accidentally opened the virus file sent via QQ. For details, see:
Http://blog.csdn.net/Purpleendurer/archive/2011/01/22/6159216.aspx

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.