我们真的需要杀毒药吗？如果是，为什么？他们是如何激活并进入个人电脑的？

Question

我在不同的网站上读到了PC是如何被病毒感染的，我得到了：

• 电子邮件附件(当然，只有当我得到一个exe并打开或执行一些东西时，对吗？)
• 不要更新窗口
• 下载(和电子邮件附件一样，对吗？)

优点：

• 我想不出有什么值得的。

缺点：

• 失去我的时间和注意力
• 放慢我的电脑速度
• 反病毒占用的硬盘空间
• 让你觉得有人想进入你的电脑。(如熊猫互联网安全公司报告的入侵事件)
• 软件钱
• 更新时间和带宽
• 很多假阳性
• 一直扫描硬盘浪费了我的硬盘寿命
• 文件打开速度慢(其中一些文件)
• 是时候配置防火墙了，该让什么，什么不该进来……
• 使用我的CPU周期，所以浪费了我的CPU生命周期--所有的东西都被使用了，更多的是浪费！如果我运行一台带有防病毒的PC，当然会使用更多的CPU周期，并且会比不与防病毒一起使用的CPU持续时间更短。不管怎么说，这是BS，因为我认为差别并不大，只是一个“亲”的xD。
• 更多的精力，更多的钱

“小心”：

• USB和外部数据设备:病毒被窗口的自动运行功能激活(所以使用url "E:\“打开任何外部数据，比如USB棒)

我很长一段时间没有使用抗病毒软件，而且我对它完全没有意见。我只想知道更多关于这件事的情况。我只想让你知道，我试了很多，因为我认为有必要有一个，但由于我没有，我终于可以工作！ps。我不使用IE

但如果我现在有病毒呢？我的个人电脑比AV更快

我真的想知道我怎么会被感染！

我运行Windows 7时没有任何更新

http://www.eset.com/us/online-scanner扫描结果：

在我的案例中有54种病毒，显然我没有问题，也没有从我的账户中偷来的钱。为什么我不能和他们一起生活？

我担心的是我的system32中的这4种：

 C:\Windows\System32\betrkppfgspiegfq.dll   a variant of Win32/Adware.GooochiBiz.AK application
 C:\Windows\System32\udqrgmdijcsbuayse.exe  Win32/Adware.CashTitan application
 C:\Windows\SysWOW64\betrkppfgspiegfq.dll   a variant of Win32/Adware.GooochiBiz.AK application
 C:\Windows\SysWOW64\udqrgmdijcsbuayse.exe  Win32/Adware.CashTitan application

其他的有：

 C:\Users\Totty\AppData\Local\Temp\0489c538b32e4673bb3259bf16fc4922.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\157347ded2154635b2c01111c9dd7463.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\4efba19df9864e5fbb6b3712f8f96222.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\5c6398aa533d4493be2d4b37e17c1452.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\7505db7e73f94b86b1b0284a64d07350.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\9f9a39b9de8e4ba5b897bdf9a4ffcafc.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\adb91477d7f2470e9be9176c5ceb8c04.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\ed146a5cf2a8499cb357f2dbd7982c6a.exe a variant of MSIL/Injector.BM trojan
 C:\Users\Totty\AppData\Local\Temp\nseECD1.tmp.dll  a variant of Win32/Adware.GooochiBiz.AK application
 C:\Users\Totty\AppData\Local\Temp\nso4711.tmp.dll  a variant of Win32/Adware.GooochiBiz.AK application
 C:\Users\Totty\AppData\Local\Temp\nssA49B.tmp.dll  a variant of Win32/Adware.GooochiBiz.AK application
 C:\Users\Totty\AppData\Local\Temp\nsti.exe NSIS/TrojanDownloader.Agent.NCA trojan
 C:\Users\Totty\AppData\Local\Temp\nsxF836.tmp.dll  a variant of Win32/Adware.GooochiBiz.AK application
 C:\Users\Totty\AppData\Local\Temp\svhost.exe   multiple threats

剩下的是我的急流下载；

所有这些(仅限于病毒描述)：

a variant of Win32/GameHack.F application
probably a variant of Win32/TrojanDownloader.VB.JCXGTJX trojan
Win32/NetTool.EtherDetect application
a variant of Win32/Packed.VMProtect.AAD trojan
probably a variant of Win32/Agent.MFNJEN trojan
a variant of Win32/Packed.VMProtect.AAA trojan
probably a variant of Win32/Spy.Agent.HBNLFMI trojan
probably a variant of Win32/Adware.Agent.NHZBYWN application
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of Win32/Adware.GooochiBiz.AK application
a variant of Win32/Adware.GooochiBiz.AK application
a variant of Win32/Adware.GooochiBiz.AK application
NSIS/TrojanDownloader.Agent.NCA trojan
a variant of Win32/Adware.GooochiBiz.AK application
multiple threats
a variant of Win32/Adware.GooochiBiz.AK application
Win32/Adware.CashTitan application
a variant of Win32/Adware.GooochiBiz.AK application
Win32/Adware.CashTitan application
a variant of Win32/Sefnit.AR trojan
Win32/HackKMS.A application
a variant of Win32/Keygen.BL application
a variant of Win32/Keygen.BH application
a variant of Win32/Keygen.BJ application
Win32/TrojanDownloader.Agent.QCX trojan
a variant of Win32/HackTool.Patcher.O application
probably a variant of Win32/Agent.EMOZOTC trojan
a variant of Win32/Keygen.AS application
Win32/HackTool.Patcher.A application
a variant of Win32/Keygen.AA application
probably a variant of Win32/Spy.Agent.HBNLFMI trojan
a variant of Win32/Sefnit.AL trojan
probably a variant of Win32/Adware.Agent.NHZBYWN application
Win32/NetTool.EtherDetect application
Win32/OpenCandy application
probably a variant of Win32/Spy.Banker.MBDVLVD trojan
a variant of Win32/Packed.VMProtect.AAA trojan
a variant of Win32/Packed.VMProtect.AAA trojan
a variant of Win32/Packed.VMProtect.AAD trojan
a variant of Win32/Packed.VMProtect.AAD trojan
multiple threats
a variant of Win32/Keygen.BH application
a variant of Win32/Keygen.BH application
NSIS/TrojanDownloader.Agent.NCA trojan
Win32/Agent.QTP trojan
Win32/OpenCandy application
a variant of Win32/Keygen.AK application

AVG 2009扫描结果

感染

Trojan horse BackDoor.PoisonIvy.M
Trojan horse BackDoor.PoisonIvy.M
Trojan horse BackDoor.PoisonIvy.M
Virus found Vundo
Virus found Win32/NSAnti
Virus found Win32/NSAnti
Virus found Exploit
Virus found Exploit
Trojan horse Generic11.NYH
Trojan horse Generic11.NYH
Trojan horse Generic14.SAB
Trojan horse Generic14.SAB
Trojan horse Generic10.AGEK
Trojan horse Generic10.AGEK
Trojan horse Generic10.AGEK
Virus found VBS/Agent
Virus found VBS/Agent
Virus found VBS/Agent
Virus found Win32/NSAnti
Virus found Win32/NSAnti

间谍软件

Potentially harmful program Crack.AL
Potentially harmful program HackTool.BVS
Potentially harmful program HackTool.GZA

警告

Found Dialer.Generic
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Doubleclick
Found Tracking cookie.Casalemedia
Found Tracking cookie.Serving-sys
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Atdmt
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Yadro
Found Tracking cookie.Trafic
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tacoda
Found Tracking cookie.Tacoda
Found Tracking cookie.Tacoda
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Serving-sys
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Pro-market
Found Tracking cookie.Overture
Found Tracking cookie.Overture
Found Tracking cookie.2o7
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Hotlog
Found Tracking cookie.Gamershell
Found Tracking cookie.Gamershell
Found Tracking cookie.Fastclick
Found Tracking cookie.Fastclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Casalemedia
Found Tracking cookie.Burstnet
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Adtech
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.247realmedia
Found Tracking cookie.Adbrite
Found Tracking cookie.Yadro
Found Tracking cookie.Yadro
Found Tracking cookie.Yadro
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Webtrends
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.247realmedia
Found Tracking cookie.247realmedia

信息：

Runtime packed upack
Runtime packed upack
Runtime packed upack

Answer 1

您需要防病毒的原因如下：

• 0天
• 未修补的漏洞
• 欺骗
• 你在不属于你的机器上使用USB棒。
• 恶意用户可以使用您的PC (某种方式)
• 避免病毒在所有数据上传播。
• 没有人知道所有的病毒感染载体。你在任何时候都可能遇到一种你不知道的感染方式。

当然，反病毒必须是“愚蠢用户的救生器”，这并不意味着他们对安全专业人员毫无用处。

当然，安全是要付出代价的。但是，如果您有良好的实践，您可以学习如何限制您的反病毒行动，如只扫描文件写入，配置异常的文件扩展名。但你真的需要知道你在做什么。

如果你想确保你没有被感染，你已经不管你是否有反病毒在你的电脑上，运行离线分析。因为你不能保证你的抗病毒能力。

Answer 2

但如果我现在有病毒呢？我的个人电脑比AV更快

病毒(通常)与速度无关。病毒/木马/恶意软件的存在通常是为了使它的作者赚钱。恶意软件作者已经非常擅长于想出一些迂回的方法来做这件事(按问题顺序排列)：

• 修改你所有的网页，以指出他们得到广告钱的东西。
• 试着让你为一些假冒的AV产品付钱。
• 在僵尸网络类场景中使用计算机和带宽。这会消耗带宽，并可能在攻击像Amazon或Yahoo这样的人时牵连到你，这些人肯定不会对你满意:)
• 某些类型的out文件感染者(即Sality和Virut的一些变体)每遇到4或5个可执行文件，就会销毁其中一个。在这种情况下，即使使用A/V工具，感染也无法“治愈”，因为原始病毒被病毒破坏了。此外，由于文件感染这些东西的性质，您通常被迫丢失存储在受影响机器上的任何数据。
• 恶意软件可以盗取个人物品的密码，如银行网站、电子邮件等。
• 恶意软件可以窃取信用卡号码、社保号码和其他敏感信息。如果您的机器可以看到其他人的SSN，那么当您将他们的社交网络泄露到各种身份窃取网络时，他们将不会对您感到高兴。

放慢你的机器速度不是重点。赚钱就是。即使你对你的机器上的这类事情一无所知，你仍然要承担责任，这取决于你通过恶意软件泄露的数据类型。

Answer 3

许多安全专业人员不使用上述相同的逻辑使用反病毒。但是，他们也可以检测他们何时被感染，例如通过监视未知的出站网络流量。

而且，仅仅因为你知道正确的行为并不意味着你不会被感染。计算机中最易受攻击的部分是浏览器、Adobe和Acrobat。我们经常发现，在事实发生后，黑客利用Flash或Acrobat中一个未知的漏洞，控制了人们的机器。所以不管你有多聪明，你还是会被感染的。

另一方面，当黑客对此进行攻击时，他们倾向于选择目前未被反病毒检测到的客户恶意软件。

就像安全中的所有东西一样，使用反病毒是一种权衡，除了你之外，没有人能充分决定你愿意承受什么样的权衡。