知名的鱼 - 2007-9-7 20:02:00
日志没看出什么,既然瑞星都能杀出来了,应该没有什么危害了。
奇迹天下 - 2007-9-7 20:04:00
丫丫的,这一堆映像劫持,楼主自己加的么
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0sy.exe]
<IFEO[0sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1sy.exe]
<IFEO[1sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\2sy.exe]
<IFEO[2sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3sy.exe]
<IFEO[3sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\4sy.exe]
<IFEO[4sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\5sy.exe]
<IFEO[5sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6sy.exe]
<IFEO[6sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7sy.exe]
<IFEO[7sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8sy.exe]
<IFEO[8sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9sy.exe]
<IFEO[9sy.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c0nime.exe]
<IFEO[c0nime.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.exe]
<IFEO[cmdbcs.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crasos.exe]
<IFEO[crasos.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp10ere.exe]
<IFEO[exp10ere.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp10rer.com]
<IFEO[exp10rer.com]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp10rer.exe]
<IFEO[exp10rer.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp1oere.exe]
<IFEO[exp1oere.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp1orer.com]
<IFEO[exp1orer.com]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exp1orer.exe]
<IFEO[exp1orer.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expl0ere.exe]
<IFEO[expl0ere.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expl0rer.com]
<IFEO[expl0rer.com]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expl0rer.exe]
<IFEO[expl0rer.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexpl0re.exe]
<IFEO[iexpl0re.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logo1_.exe]
<IFEO[logo1_.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logo_.exe]
<IFEO[logo_.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logo_1.exe]
<IFEO[logo_1.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rund1l32.exe]
<IFEO[rund1l32.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundl132.exe]
<IFEO[rundl132.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sp0olsv.exe]
<IFEO[sp0olsv.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spo0lsv.exe]
<IFEO[spo0lsv.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppoolsv.exe]
<IFEO[sppoolsv.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe]
<IFEO[svch0st.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysonling.exe]
<IFEO[sysonling.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\temp~.exe]
<IFEO[temp~.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wc1.exe]
<IFEO[wc1.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wc2.exe]
<IFEO[wc2.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlog0a.exe]
<IFEO[winlog0a.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlog0n.exe]
<IFEO[winlog0n.exe]><c:\\病毒.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~tmp.tmp]
<IFEO[~tmp.tmp]><c:\\病毒.exe> [N/A]
奇迹天下 - 2007-9-7 20:05:00
explore怎么放到启动文件夹启动的?路径也不对啊
[Explorer]
<C:\Documents and Settings\rc\「开始」菜单\程序\启动\Explorer.lnk --> C:\PROGRA~1\jffcx\Explorer.exe
新月剑 - 2007-9-20 21:30:00
YY的,这是我家楼下网吧的扫描日志,注册表里面好多映像劫持,都指向c:\\病毒.EXE,并且在所有盘都出现了0字节的好多EXE文件.DOS下显示是目录,可删不掉,一删就受保护,谁解释下这是病毒不.
涅磐86970 - 2007-9-20 23:14:00
| 引用: |
【新月剑的贴子】YY的,这是我家楼下网吧的扫描日志,注册表里面好多映像劫持,都指向c:\\病毒.EXE,并且在所有盘都出现了0字节的好多EXE文件.DOS下显示是目录,可删不掉,一删就受保护,谁解释下这是病毒不.
……………… |
IFEO重定向技术判病毒"死缓" 猫叔写过
© 2000 - 2026 Rising Corp. Ltd.