360卫士 是 木马？

　　换了台电脑使用，装上了QQ电脑管家。使用过程中QQ电脑管家弹出如下提示：

用FileInfo提取这个被QQ电脑管家报为木马的文件的信息：

文件说明符 : C:\Program Files\Common Files\2.1.exe
属性 : A---
数字签名:360.cn
PE文件:是
语言 : 中文(简体，中国)
文件版本 : 7, 5, 0, 1231
说明 : 360安全卫士 主程序
版权 : (C) 360.cn Inc. All Rights Reserved.
产品版本 : 7, 5, 0, 1231
产品名称 : 360安全卫士
公司名称 : 360.cn
内部名称 : 360Safe
源文件名 : 360Safe.EXE
创建时间 : 2012-2-20 21:44:5
修改时间 : 2012-1-2 11:6:22
大小 : 882008 字节 861.344 KB
MD5 : 85f3403cbc0a73cc43241e644b11c6fa
SHA1: F0185B542712B5BED0F975C8D11665E18FBD358D
CRC32: 3ad81b86

原来是360卫士……

难道上误报？上传　https://www.virustotal.com/　使用多引擎扫描结果如下：

（https://www.virustotal.com/file/8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274/analysis/1335935256/）

SHA256:	8ed8cbdc05804d8fcc61674ed93eb3ad55fd6cfe675a8d724298e9eff1cae274
SHA1:	f0185b542712b5bed0f975c8d11665e18fbd358d
MD5:	85f3403cbc0a73cc43241e644b11c6fa
File size:	861.3 KB ( 882008 bytes )
File name:	2.1.exe
File type:	Win32 EXE
Detection ratio:	33 / 42
Analysis date:	2012-05-02 05:07:36 UTC ( 0 分钟 ago )

details

AntivirusResultUpdate

AhnLab-V3	Trojan/Win32.Scar	20120501
AntiVir	TR/Crypt.XPACK.Gen3	20120502
Antiy-AVL	Trojan/Win32.Scar.gen	20120502
Avast	Win32:Sentry [Trj]	20120502
AVG	Clicker.AUYR	20120501
BitDefender	Trojan.Clicker.NAA	20120502
ByteHero	-	20120430
CAT-QuickHeal	-	20120501
ClamAV	-	20120501
Commtouch	-	20120502
Comodo	UnclassifiedMalware	20120501
DrWeb	Trojan.MulDrop2.62632	20120502
Emsisoft	Trojan-Clicker.Win32.Cookster!IK	20120502
eSafe	Win32.TRCrypt.XPACK	20120430
eTrust-Vet	Win32/Cookster.E	20120501
F-Prot	-	20120501
F-Secure	Trojan.Clicker.NAA	20120502
Fortinet	W32/Scar.EID!tr	20120502
GData	Trojan.Clicker.NAA	20120502
Ikarus	Trojan-Clicker.Win32.Cookster	20120502
Jiangmin	Trojan/JmGeneric.bwc	20120502
K7AntiVirus	Riskware	20120501
Kaspersky	Trojan.Win32.Scar.fuwz	20120502
McAfee	Generic.dx!bcsf	20120502
McAfee-GW-Edition	Generic.dx!bcsf	20120501
Microsoft	TrojanClicker:Win32/Cookster.A	20120501
NOD32	Win32/TrojanClicker.Cookster.A	20120502
Norman	W32/Troj_Generic.HYXO	20120501
nProtect	Trojan-Clicker/W32.Agent.882008	20120501
Panda	Generic Trojan	20120501
PCTools	Trojan.ADH	20120430
Rising	Trojan.Win32.Generic.12B09877	20120428
Sophos	-	20120502
SUPERAntiSpyware	-	20120402
Symantec	Trojan.ADH	20120502
TheHacker	-	20120502
TrendMicro	TROJ_CLICKER.JDM	20120502
TrendMicro-HouseCall	TROJ_CLICKER.JDM	20120502
VBA32	Trojan.Scar.fuwz	20120430
VIPRE	Trojan.Win32.Generic!BT	20120502
ViRobot	-	20120502
VirusBuster	Trojan.CL.Cookster!/GvIURofFQc	20120501

ssdeep

24576:fSM735L5U/KeyV2fUmmDTAF1bD8p5/mdD0kL:/735LKaTAT0p5/mLL

TrID

Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEiD packer identifier

Armadillo v1.71

ExifTool

SpecialBuild.............: LegalTrademarks..........: SubsystemVersion.........: 4.0Comments.................: LinkerVersion............: 6.0ImageVersion.............: 0.0FileSubtype..............: 0FileVersionNumber........: 7.5.0.1231LanguageCode.............: Chinese (Simplified)FileFlagsMask............: 0x003fFileDescription..........: 360CharacterSet.............: UnicodeInitializedDataSize......: 438272FileOS...................: Win32PrivateBuild.............: MIMEType.................: application/octet-streamLegalCopyright...........: (C) 360.cn Inc. All Rights Reserved.FileVersion..............: 7, 5, 0, 1231TimeStamp................: 2011:11:13 12:13:58+01:00FileType.................: Win32 EXEPEType...................: PE32InternalName.............: 360SafeProductVersion...........: 7, 5, 0, 1231UninitializedDataSize....: 0OSVersion................: 4.0OriginalFilename.........: 360Safe.EXESubsystem................: Windows GUIMachineType..............: Intel 386 or later, and compatiblesCompanyName..............: 360.cnCodeSize.................: 450560ProductName..............: 360ProductVersionNumber.....: 7.5.0.1231EntryPoint...............: 0x26f7eObjectFileType...........: Executable application

Sigcheck

publisher................: 360.cnproduct..................: 360____internal name............: 360Safecopyright................: (C) 360.cn Inc. All Rights Reserved.original name............: 360Safe.EXEcomments.................: file version.............: 7, 5, 0, 1231description..............: 360____ ___

Portable Executable structural information

Compilation timedatestamp.....: 2011-11-13 11:13:58Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00026F7EPE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 449310 450560 6.62 0f9b34453e554923908bf10cda3164ec.rdata 454656 87842 90112 4.60 a7d94d77583bac6599587fc274245dd2.data 544768 48392 32768 3.76 1770ccb49b49a919dd83fc31f6ab5871.rsrc 593920 299008 299008 5.13 b1fb42f6f7e57b3210e1fc762e639f3bPE Imports....................:comdlg32.dllGetSaveFileNameA, GetOpenFileNameA, GetFileTitleAOLEPRO32.DLLoledlg.dllWININET.dllInternetCanonicalizeUrlA, InternetGetCookieA, InternetSetCookieA, InternetSetStatusCallback, InternetSetOptionExA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, InternetQueryOptionA, InternetCrackUrlA, InternetWriteFile, InternetReadFile, InternetQueryDataAvailable, InternetGetLastResponseInfoA, GopherFindFirstFileA, InternetFindNextFileA, FtpFindFirstFileA, HttpQueryInfoA, HttpSendRequestExA, HttpEndRequestA, HttpSendRequestA, HttpAddRequestHeadersA, InternetErrorDlg, HttpOpenRequestA, GopherOpenFileA, GopherGetAttributeA, GopherCreateLocatorA, FtpGetFileA, FtpPutFileA, FtpOpenFileA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpRemoveDirectoryA, FtpCreateDirectoryA, FtpRenameFileA, FtpDeleteFileA, InternetConnectA, InternetSetFilePointerGDI32.dllSaveDC, RestoreDC, SelectObject, SelectPalette, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, StartDocA, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetViewportExtEx, GetWindowExtEx, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextExtentPoint32A, GetTextMetricsA, CreateFontIndirectA, DPtoLP, LPtoDP, CopyMetaFileA, CreateDCA, GetMapMode, PatBlt, SetRectRgn, CombineRgn, CreateRectRgnIndirect, DeleteDC, GetStockObject, GetDeviceCaps, GetBkColor, GetTextColor, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, GetTextExtentPointA, BitBlt, CreateCompatibleDC, DeleteObject, CreateDIBitmap, CreateBitmapSHELL32.dllDragQueryFileA, DragFinish, SHGetFileInfoA, DragAcceptFiles, ExtractIconAKERNEL32.dllTlsAlloc, GlobalHandle, TlsFree, GlobalReAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, GetPrivateProfileIntA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetCurrentDirectoryA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, FindNextFileA, GetFileAttributesA, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, SetFileAttributesA, SetErrorMode, GlobalSize, RtlUnwind, RaiseException, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCommandLineA, HeapFree, CreateThread, ExitThread, HeapAlloc, GetSystemTime, GetLocalTime, HeapReAlloc, HeapSize, GetACP, SetStdHandle, GetFileType, FatalAppExitA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, FileTimeToLocalFileTime, GetStdHandle, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, GetDriveTypeA, IsBadReadPtr, IsBadCodePtr, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, SetConsoleCtrlHandler, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, InterlockedExchange, ReadFile, CloseHandle, WaitForSingleObject, CreateProcessA, GetStartupInfoA, CreatePipe, GetModuleFileNameA, GetLastError, CreateMutexA, Sleep, ExitProcess, WinExec, CopyFileA, Process32Next, TerminateProcess, FileTimeToSystemTime, MulDiv, GetShortPathNameA, GetThreadLocale, GetStringTypeExA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, MoveFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, GetCurrentProcess, OpenProcess, Process32First, CreateToolhelp32Snapshot, DeleteFileA, WriteFile, SetFilePointer, CreateFileA, GetTickCount, DuplicateHandle, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LocalAlloc, EnterCriticalSection, SetLastError, lstrcpynA, lstrlenW, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, WideCharToMultiByte, FindResourceA, LoadResource, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, FormatMessageA, LocalFree, lstrlenA, SetHandleCountWINSPOOL.DRV DocumentPropertiesA, ClosePrinter, OpenPrinterAADVAPI32.dllRegDeleteValueA, RegCreateKeyA, RegEnumKeyA, RegQueryValueA, RegSetValueA, RegDeleteKeyA, RegCloseKey, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegSetValueExAole32.dllOleInitialize, OleUninitialize, CoUninitialize, CoCreateInstance, CoInitialize, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoDisconnectObject, OleRun, OleDuplicateData, CreateBindCtx, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, StringFromCLSID, CoTreatAsClass, CreateStreamOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, OleSetClipboard, CoRevokeClassObject, CoRegisterClassObject, CoRegisterMessageFilter, CoFreeUnusedLibraries, ReleaseStgMediumCOMCTL32.dllWS2_32.dll -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -USER32.dllDrawTextA, GrayStringA, LoadStringA, LoadCursorA, SetCapture, ReleaseCapture, WaitMessage, GetWindowThreadProcessId, WindowFromPoint, GetClassNameA, PtInRect, InsertMenuA, DeleteMenu, GetMenuStringA, GetSysColorBrush, GetDialogBaseUnits, DestroyMenu, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, AppendMenuA, RemoveMenu, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, DestroyIcon, ClientToScreen, wvsprintfA, CharNextA, MoveWindow, SetWindowTextA, IsDialogMessageA, ScrollWindowEx, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckRadioButton, CheckDlgButton, CharUpperA, GetDesktopWindow, MapDialogRect, SetWindowContextHelpId, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScrollWindow, GetScrollInfo, TabbedTextOutA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, TrackPopupMenu, SetWindowPlacement, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, SetScrollInfo, GetDC, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, ShowOwnedPopups, PostQuitMessage, PostMessageA, OemToCharA, CharToOemA, KillTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, SetTimer, EnableWindow, ShowWindow, LoadIconA, IsWindowUnicode, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret, UnregisterClassA, RemovePropAOLEAUT32.dll-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -PE Exports....................:

First seen by VirusTotal

2012-01-19 01:43:28 UTC ( 3 月, 2 周 ago )

　　42个杀毒软件，32个检测为木马……