VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:a5313bbf652342e8ba1675a4ea61a88e
file type:EXE
Production company:Nenad Hrg (SoftwareOK.com)
version:6.1.7.0---6, 1, 7, 0
Shell or compiler information:COMPILER:Not a valid PE file
File behavior
Behavior description:修改文件内容
details:C:\Windows\Q-Dir.ini---> Offset = 0
C:\Windows\Q-Dir.ini---> Offset = 25
C:\Windows\Q-Dir.ini---> Offset = 139
C:\Windows\Q-Dir.ini---> Offset = 175
C:\Windows\Q-Dir.ini---> Offset = 220
C:\Windows\Q-Dir.ini---> Offset = 261
C:\Windows\Q-Dir.ini---> Offset = 288
C:\Windows\Q-Dir.ini---> Offset = 347
C:\Windows\Q-Dir.ini---> Offset = 388
C:\Windows\Q-Dir.ini---> Offset = 451
C:\Windows\Q-Dir.ini---> Offset = 489
C:\Windows\Q-Dir.ini---> Offset = 529
C:\Windows\Q-Dir.ini---> Offset = 553
C:\Windows\Q-Dir.ini---> Offset = 576
C:\Windows\Q-Dir.ini---> Offset = 601
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\.qdr\
\REGISTRY\MACHINE\SOFTWARE\Classes\qdirdoc\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\qdirdoc\
\REGISTRY\MACHINE\SOFTWARE\Classes\qdirdoc\DefaultIcon\
\REGISTRY\USER\S-*\Software\SoftwareOK.de\Q-Dir\QDir_Id
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\5
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\5\NodeSlot
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\5\MRUListEx
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\KnownFolderDerivedFolderType
\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\5\MRUList
Other behavior
Behavior description:窗口信息
details:Pid = 2732, Hwnd=0x30284, Text = 我接受此许可协议 , ClassName = Button(RadioButton).
Pid = 2732, Hwnd=0x30282, Text = 我不接受此许可协议 , ClassName = Button(RadioButton).
Pid = 2732, Hwnd=0x40280, Text = End User License Agreement ========================== License Nenad Hrg (SoftwareOK.com) THIS SOFTWARE IS FREEWARE ! , ClassName = Edit.
Pid = 2732, Hwnd=0x3027e, Text = OK, ClassName = Button.
Pid = 2732, Hwnd=0x4027c, Text = Language / Sprache : , ClassName = Static.
Pid = 2732, Hwnd=0x4027a, Text = Deutsch, ClassName = Button.
Pid = 2732, Hwnd=0x40274, Text = English, ClassName = Button.
Pid = 2732, Hwnd=0xa028a, Text = 许可协议, ClassName = #32770.
Pid = 2732, Hwnd=0x60270, Text = 计算机, ClassName = ComboBoxEx32.
Pid = 2732, Hwnd=0x602a4, Text = 计算机, ClassName = Edit.
Pid = 2732, Hwnd=0x301e0, Text = ......, ClassName = msctls_statusbar32.
Pid = 2732, Hwnd=0x301ac, Text = 0 个对象, ClassName = msctls_statusbar32.
Pid = 2732, Hwnd=0x30202, Text = 计算机, ClassName = ComboBoxEx32.
Pid = 2732, Hwnd=0x301fe, Text = 计算机, ClassName = Edit.
Pid = 2732, Hwnd=0x301c0, Text = 命名空间树状控制项, ClassName = NamespaceTreeControl.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号