遇一中毒贼深的电脑
来源:互联网 发布:手机教学互动软件 编辑:程序博客网 时间:2024/04/28 09:50
更新:这篇可能需要可终于搞掂Caepero.dll 配合使用。
病毒多的都写不下了。嗨,服了。
还是列些主要的吧:
//服务里都被添加了
HKLM/System/CurrentControlSet/Services
+ 148F06D4 B32B22A0 Microsoft Corporation c:/windows/system32/59f3e12c.exe
+ 3584E332 BCD57646 c:/windows/system32/e9711700.exe
+ 148F06D4 B32B22A0 Microsoft Corporation c:/windows/system32/59f3e12c.exe
+ 3584E332 BCD57646 c:/windows/system32/e9711700.exe
//ati2evxx.dll也被利用了
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
+ AVPSrv c:/windows/avpsrv.exe
+ cmdbcs c:/windows/cmdbcs.exe
+ DbgHlp32 c:/windows/dbghlp32.exe
+ Kvsc3 c:/windows/kvsc3.exe
+ LotusHlp c:/windows/lotushlp.exe
+ mppds c:/windows/mppds.exe
+ msccrt c:/windows/msccrt.exe
+ MsIMMs32 c:/windows/msimms32.exe
+ MsPrint32D c:/windows/msprint32d.exe
+ NAVMon32 c:/windows/navmon32.exe
+ NVDispDrv c:/windows/kycvcu.exe
+ PTSShell c:/windows/ptsshell.exe
+ RegSrv64D c:/windows/regsrv64d.exe
+ SHAProc c:/windows/shaproc.exe
+ SSLDyn c:/windows/ssldyn.exe
+ upxdnd c:/windows/upxdnd.exe
+ WinForm c:/windows/winform.exe
+ WINSvr32 c:/windows/winsvr32.exe
+ WinSysM File not found: C:/WINDOWS/533931M.exe
+ WSockDrv32 c:/windows/oqedrh.exe
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
+ avwgimn.dll c:/windows/fonts/avwgimn.dll
+ avwljmn.dll c:/windows/fonts/avwljmn.dll
+ avzxnmn.dll c:/windows/fonts/avzxnmn.dll
+ ekrxglrzyzj.dll Windows XP MSPLAY API DLL Microsoft Corporation c:/windows/system32/ekrxglrzyzj.dll
+ gjcsdyc.dll c:/windows/fonts/gjcsdyc.dll
+ gjfhbyc.dll c:/windows/fonts/gjfhbyc.dll
+ gjtmbyc.dll c:/windows/fonts/gjtmbyc.dll
+ IGB_DJOL_1007.dll c:/windows/system32/igb_djol_1007.dll
+ IGB_DJOL_1009.dll c:/windows/system32/igb_djol_1009.dll
+ jsqsbyc.dll c:/windows/system32/jsqsbyc.dll
+ jsqxbyc.dll File not found: C:/WINDOWS/Fonts/jsqxbyc.dll
+ jsqxcyc.dll c:/windows/fonts/jsqxcyc.dll
+ kaqhmzy.dll c:/windows/fonts/kaqhmzy.dll
+ kawdizy.dll c:/windows/system32/kawdizy.dll
+ kvdxsmma.dll File not found: C:/WINDOWS/system32/kvdxsmma.dll
+ kvdxsoma.dll c:/windows/fonts/kvdxsoma.dll
+ raqjkpi.dll File not found: C:/WINDOWS/system32/raqjkpi.dll
+ raqjlpi.dll File not found: C:/WINDOWS/Fonts/raqjlpi.dll
+ raqjmpi.dll c:/windows/fonts/raqjmpi.dll
+ rarjfpi.dll c:/windows/fonts/rarjfpi.dll
+ rsjzbpm.dll c:/windows/fonts/rsjzbpm.dll
+ rsmyjpm.dll c:/windows/system32/rsmyjpm.dll
+ rsztnpm.dll c:/windows/system32/rsztnpm.dll
+ swrcfzc.dll File not found: C:/WINDOWS/system32/swrcfzc.dll
+ swrcgzc.dll c:/windows/fonts/swrcgzc.dll
+ wn_sys8x.sys c:/program files/internet explorer/plugins/wn_sys8x.sys
+ wsmsezx.dll File not found: C:/WINDOWS/system32/wsmsezx.dll
+ wsmsfzx.dll c:/windows/fonts/wsmsfzx.dll
+ AVPSrv c:/windows/avpsrv.exe
+ cmdbcs c:/windows/cmdbcs.exe
+ DbgHlp32 c:/windows/dbghlp32.exe
+ Kvsc3 c:/windows/kvsc3.exe
+ LotusHlp c:/windows/lotushlp.exe
+ mppds c:/windows/mppds.exe
+ msccrt c:/windows/msccrt.exe
+ MsIMMs32 c:/windows/msimms32.exe
+ MsPrint32D c:/windows/msprint32d.exe
+ NAVMon32 c:/windows/navmon32.exe
+ NVDispDrv c:/windows/kycvcu.exe
+ PTSShell c:/windows/ptsshell.exe
+ RegSrv64D c:/windows/regsrv64d.exe
+ SHAProc c:/windows/shaproc.exe
+ SSLDyn c:/windows/ssldyn.exe
+ upxdnd c:/windows/upxdnd.exe
+ WinForm c:/windows/winform.exe
+ WINSvr32 c:/windows/winsvr32.exe
+ WinSysM File not found: C:/WINDOWS/533931M.exe
+ WSockDrv32 c:/windows/oqedrh.exe
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
+ avwgimn.dll c:/windows/fonts/avwgimn.dll
+ avwljmn.dll c:/windows/fonts/avwljmn.dll
+ avzxnmn.dll c:/windows/fonts/avzxnmn.dll
+ ekrxglrzyzj.dll Windows XP MSPLAY API DLL Microsoft Corporation c:/windows/system32/ekrxglrzyzj.dll
+ gjcsdyc.dll c:/windows/fonts/gjcsdyc.dll
+ gjfhbyc.dll c:/windows/fonts/gjfhbyc.dll
+ gjtmbyc.dll c:/windows/fonts/gjtmbyc.dll
+ IGB_DJOL_1007.dll c:/windows/system32/igb_djol_1007.dll
+ IGB_DJOL_1009.dll c:/windows/system32/igb_djol_1009.dll
+ jsqsbyc.dll c:/windows/system32/jsqsbyc.dll
+ jsqxbyc.dll File not found: C:/WINDOWS/Fonts/jsqxbyc.dll
+ jsqxcyc.dll c:/windows/fonts/jsqxcyc.dll
+ kaqhmzy.dll c:/windows/fonts/kaqhmzy.dll
+ kawdizy.dll c:/windows/system32/kawdizy.dll
+ kvdxsmma.dll File not found: C:/WINDOWS/system32/kvdxsmma.dll
+ kvdxsoma.dll c:/windows/fonts/kvdxsoma.dll
+ raqjkpi.dll File not found: C:/WINDOWS/system32/raqjkpi.dll
+ raqjlpi.dll File not found: C:/WINDOWS/Fonts/raqjlpi.dll
+ raqjmpi.dll c:/windows/fonts/raqjmpi.dll
+ rarjfpi.dll c:/windows/fonts/rarjfpi.dll
+ rsjzbpm.dll c:/windows/fonts/rsjzbpm.dll
+ rsmyjpm.dll c:/windows/system32/rsmyjpm.dll
+ rsztnpm.dll c:/windows/system32/rsztnpm.dll
+ swrcfzc.dll File not found: C:/WINDOWS/system32/swrcfzc.dll
+ swrcgzc.dll c:/windows/fonts/swrcgzc.dll
+ wn_sys8x.sys c:/program files/internet explorer/plugins/wn_sys8x.sys
+ wsmsezx.dll File not found: C:/WINDOWS/system32/wsmsezx.dll
+ wsmsfzx.dll c:/windows/fonts/wsmsfzx.dll
等等,不再写了。
C:/windows/fonts文件夹中有许多隐藏的dll和exe文件,这都是病毒,在windows任务管理器中是看不到的,需要使用命令行模式查看,命令"dir /ah *.dll *.exe"查看,删除命令"del /ah *.dll *.exe",很可能还删不掉,病毒也不是那么容易删除的。
C:/windows/system32中也有N多绝大部分都是6个随机字符串的dll文件,还有K*.exe,文件名类似于windows的补丁文件,初此之外还有。
C:/windows目录下也是一堆病毒。
C:/windows/system32中也有N多绝大部分都是6个随机字符串的dll文件,还有K*.exe,文件名类似于windows的补丁文件,初此之外还有。
C:/windows目录下也是一堆病毒。
File C:/Program Files/Common Files/System/mgmtapi.acm is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/Program Files/Common Files/System/msaudi32.acm is infected by Win32:Hupigon-ENQ [Trj], Moved to chest
File C:/Program Files/Common Files/System/msg80.acm is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/Program Files/Internet Explorer/IEXPLORE32.Sys is infected by Win32:Delf-DUO [Trj], Moved to chest
File C:/Program Files/Internet Explorer/PLUGINS/Wn_Sys8x.Sys is infected by Win32:Delf-FZG [Trj], Moved to chest
File C:/RECYCLER/S-1-5-21-1292428093-1788223648-1417001333-1003/Dc112.exe/[Upack] is infected by Win32:Agent-LSI [Trj], Moved to chest 这里有一对Dc*文件,全是病毒。
File C:/Program Files/Common Files/System/msaudi32.acm is infected by Win32:Hupigon-ENQ [Trj], Moved to chest
File C:/Program Files/Common Files/System/msg80.acm is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/Program Files/Internet Explorer/IEXPLORE32.Sys is infected by Win32:Delf-DUO [Trj], Moved to chest
File C:/Program Files/Internet Explorer/PLUGINS/Wn_Sys8x.Sys is infected by Win32:Delf-FZG [Trj], Moved to chest
File C:/RECYCLER/S-1-5-21-1292428093-1788223648-1417001333-1003/Dc112.exe/[Upack] is infected by Win32:Agent-LSI [Trj], Moved to chest 这里有一对Dc*文件,全是病毒。
File C:/WINDOWS/system32/MCI32.dll is infected by Win32:Hupigon-ENQ [Trj], Moved to chest
File C:/WINDOWS/system32/MCI321.dll is infected by Win32:Hupigon-ENQ [Trj], Moved to chest
File C:/WINDOWS/system32/mscat.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mscat1.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mmtask.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mmtask1.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/n1197187301k.exe/[Upack] is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/system32/n1197978886k.exe/[NsPack] is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/system32/PTSShell.dll is infected by Win32:Agent-CNF [Trj], Moved to chest
File C:/WINDOWS/system32/scvhost.exe/[Upack] is infected by Win32:Small-GXN [Trj], Moved to chest
File D:/Documents and Settings/jinru/Local Settings/Temp/ch100.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP3/A0000362.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP3/A0000776.exe is infected by Win32:Trojan-gen {VC}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP54/A0003022.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP60/A0010381.dll is infected by Win32:Loof-B [Trj], Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP60/A0010638.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/drivers/cdnprot.sys is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/drivers/ndsgqb.sys is infected by Win32:Agent-KHP [Trj], Moved to chest
File C:/WINDOWS/system32/BCD57646.DLL is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/533931MM.DLL is infected by Win32:OnLineGames-BOM [Trj], Moved to chest
File C:/WINDOWS/system32/MCI321.dll is infected by Win32:Hupigon-ENQ [Trj], Moved to chest
File C:/WINDOWS/system32/mscat.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mscat1.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mmtask.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/mmtask1.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/n1197187301k.exe/[Upack] is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/system32/n1197978886k.exe/[NsPack] is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/system32/PTSShell.dll is infected by Win32:Agent-CNF [Trj], Moved to chest
File C:/WINDOWS/system32/scvhost.exe/[Upack] is infected by Win32:Small-GXN [Trj], Moved to chest
File D:/Documents and Settings/jinru/Local Settings/Temp/ch100.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP3/A0000362.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP3/A0000776.exe is infected by Win32:Trojan-gen {VC}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP54/A0003022.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP60/A0010381.dll is infected by Win32:Loof-B [Trj], Moved to chest
File D:/System Volume Information/_restore{7F62705C-139B-4229-B6BC-06033E80223D}/RP60/A0010638.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/drivers/cdnprot.sys is infected by Win32:Adware-gen [Adw], Moved to chest
File C:/WINDOWS/system32/drivers/ndsgqb.sys is infected by Win32:Agent-KHP [Trj], Moved to chest
File C:/WINDOWS/system32/BCD57646.DLL is infected by Win32:AutoRun-IC, Moved to chest
File C:/WINDOWS/533931MM.DLL is infected by Win32:OnLineGames-BOM [Trj], Moved to chest
。。
不写了,总之,安装Avast杀毒软件后,执行开机扫描杀毒,能得到比这个多得多的病毒列表,这只是其中一部分。当然,auto.exe/autorun.inf是少不了的.
恶意木马分析及清除:mscat1.dll,mci321.dll,mmtask1.dll,Proc.sys
另外注意这个File C:/WINDOWS/system32/Caepero.dll is infected by Win32:Zbot-D [Trj], Deleted,删不掉。使用冰刃也删不掉,不知道这是什么东东,会添加到AppInit_dlls中。
更新:怎样彻底干掉Caepero.dll 终于搞掂Caepero.dll
- 遇一中毒贼深的电脑
- 区域一中的No.1
- 区域一中的No.2
- 区域一中的No.3
- 区域一中的No.4
- 分类一中的第一篇文章
- 分类一中的第二篇文章
- 我的高中--电白一中
- 实验一中的OOP思想
- hadoop版本一中的线程唤醒问题
- myeclipse 8.5的一中反编译方法
- 第十四周 项目一中的任务三
- xml的一中解析方法pull
- Java中一中读入字符的方法
- 晋城一中oj 神奇的序列
- XX一中母亲写给高一禽兽儿子的信
- 在中文中夹杂英文是不是一中很装逼的行为?
- 一对多和多对一中各个参数的说明
- 在Excel中固定行标题和列标题
- SQL語法
- aaaaa
- 图表的绘制(使用Dundas组件)
- 关于Java占用内存的研究
- 遇一中毒贼深的电脑
- KYL-320M 数传电台
- 要将XX标记为系统必备,必须对其进行强签名
- 识别用例之间的关系
- 数据库 schema含义
- C#基础学习日志===>Method<===
- RUP之用例间的关系
- Java向Web站点发送POST请求
- 链接地址无文件名的实现方式----URL重写技术http://hi.baidu.com/fuyujiang/blog/item/fdf8830aed20923ab0351d12.html
