瑞星卡卡安全论坛

引用:

【饭后点心的贴子】猫斑,如果能成功弄到样本的话,能写篇分析或者杀的方法吗,万一这个毒传播开来,也能在第一时间做点防范.现在还不知道这毒的具体情况.估计等我下班到家,你们已经分析出来了...... ………………

今天情人节应该不会那么快的吧谁没有点私事啊~~你说是不是

是啊......今天估计到家,都半夜了......明天来看看吧......情人节中这东西,那兄弟真是背啊.也许是时候去买采票了.

楼主机器没有SREng嘛??如果有的话我就可以试一下让它扫份日志.

今天我就有私事......估计到家都半夜了.明天来看看.今天中这个毒,不知道是他运气好还是不好.反正是没电脑用,只能陪女朋友了.

试试HIJACKTHIS。说不定可以。

我中过这个病毒

要不就试试在线杀毒或者DOS下杀毒,也可以在DOS下把那个病毒体文件删除了.不过有点麻烦,只要你懂DOS,相信在DOS下应该可以把病毒干掉的.

请把病毒文件的后缀名该为.TQC发给我
我也想看看~~
dina77cn@yahoo.com.cn
发过了通知我一下

我也要一份
b43ok@yahoo.com.cn
那么多人关注，应该会有成果的

楼主好惨

楼主说谎一流.

是不是好几个病毒一起作用的结果的啊~~好象单个病毒做这样~~有点~~出乎意料

真要扫其实有个办法
把SREng刻张盘回去
理论上应该能扫下吧

首先先同情下楼主..换了是我就全盘格了

情人节也没得太平.可怜哦..快点把样本弄出来让猫叔给看看是啥毒

期待病毒分析

我也把盘全格了 昨天回去起不来机器了 安全模式也进不去！

唉 要是谁再中了这种病毒 希望大家直接格盘吧 别由于了

鄙视所有病毒制作者 一群败类

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <yassistse><C:\progra~1\yahoo!\assistant\yassistse.exe>  [(Verified)Yahoo! China]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [(Verified)YAHOO Corporation Limited]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[aliide / aliide][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K6 Processor Driver / AmdK6][Stopped/Manual Start]
  <System32\DRIVERS\amdk6.sys><Microsoft Corporation>
[AMD K7 Processor Driver / AmdK7][Stopped/Manual Start]
  <System32\DRIVERS\amdk7.sys><Microsoft Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bguhovhx / bguhovhx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bguhovhx.sys><Yahoo! China Corporation>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Transmeta Crusoe Processor Driver / Crusoe][Stopped/Manual Start]
  <system32\drivers\crusoe.sys><Microsoft Corporation>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[iirsp / iirsp][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[laqgrh / laqgrh][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\laqgrh.sys><N/A>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\G:\好东西\沙漠\npkcrypt.sys><N/A>
[nv4 / nv4][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[Toside / Toside][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[Viaide / Viaide][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[NDIS5 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonw2k][Stopped/Manual Start]
  <system32\DRIVERS\yukonw2k.sys><Marvell Semiconductor Inc.>

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[aliide / aliide][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K6 Processor Driver / AmdK6][Stopped/Manual Start]
  <System32\DRIVERS\amdk6.sys><Microsoft Corporation>
[AMD K7 Processor Driver / AmdK7][Stopped/Manual Start]
  <System32\DRIVERS\amdk7.sys><Microsoft Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bguhovhx / bguhovhx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bguhovhx.sys><Yahoo! China Corporation>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Transmeta Crusoe Processor Driver / Crusoe][Stopped/Manual Start]
  <system32\drivers\crusoe.sys><Microsoft Corporation>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[iirsp / iirsp][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[laqgrh / laqgrh][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\laqgrh.sys><N/A>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\G:\好东西\沙漠\npkcrypt.sys><N/A>
[nv4 / nv4][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[Toside / Toside][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[Viaide / Viaide][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[NDIS5 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonw2k][Stopped/Manual Start]
  <system32\DRIVERS\yukonw2k.sys><Marvell Semiconductor Inc.>

格完之后新弄好的系统 猫叔给看看还有毒吗

【回复“々瓦解々”的帖子】
[laqgrh / laqgrh][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\laqgrh.sys><N/A>————不明驱动项。

<yassistse><C:\progra~1\yahoo!\assistant\yassistse.exe> [(Verified)Yahoo! China]————雅虎助手。有人将其列为流氓；有人认为可以接受。怎么处理？自己看着办吧。

谢谢猫叔 

我也下载个SSM  下次抓到厉害的病毒一定发给你

希望到时候要帮忙呀

在这里也同时谢谢关心在下的各位 同志们辛苦了！

够恨，分区吧

呵呵.好多人啊.
帮主,割了吧,都焦了.

引用:

【yulf的贴子】呵呵.好多人啊. 帮主,割了吧,都焦了. ………………

哈哈!多悲壮的帖子,被你搞成这样

极度关注中...

【回复“々瓦解々”的帖子】我把系统重装了啊！

好猛啊

。。看的我都不敢上网了