瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 狂晕,瑞星居然成了病毒,升级后机器居然启动不了!
红迷 - 2006-11-22 20:00:00
这是什么毒啊
真的好厉害啊

附件: 53899620061122195131.gif
红迷 - 2006-11-22 20:01:00
这种病毒的形式就是不断的后台运行IE
然后播放歌曲
chinesalon - 2006-11-22 20:03:00
0.exe不是好东西.删除,包括注册表相关内容,可能还有其它的.
红迷 - 2006-11-22 20:05:00
还有就是在桌面上会有
sfr9s9sf.exe这个文件
太可怕了
mopery - 2006-11-22 20:07:00
这只是临时文件夹里的玩意..

瑞星并无病毒..
红迷 - 2006-11-22 20:17:00
楼上的要我把样本传给你不
红迷 - 2006-11-22 20:18:00
系统自动运行以上图片中的RISING.EXE
但瑞星根本杀不出
chinesalon - 2006-11-22 20:24:00
把你现在运行的进程报上来看看.
红迷 - 2006-11-22 20:34:00
[smss.exe]
PID = 0x164
CommandLine =
smss.exe
0x48580000
C:\WINDOWS\system32\smss.exe
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Windows NT Session Manager
2005-05-13 11:41:25

ntdll.dll
0x7c930000
C:\WINDOWS\system32\ntdll.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
NT Layer DLL
2005-05-13 11:32:55




[csrss.exe]
PID = 0x19c
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe
0x4a680000
c:\windows\system32\csrss.exe
5.2.3790.0 (srv03_rtm.030324-2048)
Microsoft Corporation
Client Server Runtime Process
2005-05-13 11:16:02

ntdll.dll
0x7c930000
C:\WINDOWS\system32\ntdll.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
NT Layer DLL
2005-05-13 11:32:55

CSRSRV.dll
0x75950000
C:\WINDOWS\system32\csrsrv.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Client Server Runtime Process
2005-05-13 11:16:01

basesrv.dll
0x75960000
C:\WINDOWS\system32\basesrv.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Windows NT BASE API Server DLL
2005-05-13 11:12:17

winsrv.dll
0x75980000
C:\WINDOWS\system32\winsrv.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Windows Server DLL
2005-05-13 11:47:35

GDI32.dll
0x77bd0000
C:\WINDOWS\system32\gdi32.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
GDI Client DLL
2005-05-13 11:20:48

ADVAPI32.dll
0x77f30000
C:\WINDOWS\system32\advapi32.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Advanced Windows 32 Base API
2005-05-13 11:10:51

KERNEL32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Microsoft Corporation
Windows NT BASE API Client DLL
2005-05-13 11:25:33
mopery - 2006-11-22 20:40:00
rising.exe 发送 bin59420@yahoo.com.cn 可以给你看看..

但是至少可以确定这不是瑞星的文件..
chinesalon - 2006-11-22 20:41:00
有两个NTDLL.DLL吗?
1
查看完整版本: 狂晕,瑞星居然成了病毒,升级后机器居然启动不了!
© 2000 - 2026 Rising Corp. Ltd.