1234   3  /  4  页   跳转

失望于2007

收藏
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2006-12-30 15:18 | 短消息 资料
字号: 21楼

【回复“小呀小顽童”的帖子】



病毒/木马的加载项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><235780M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><D:\WINDOWS\system32\bdscheca100.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<csrss><; D:\WINDOWS\csrss.exe> [N/A]
<System><; D:\Program Files\Common Files\System\Updaterun.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows installer><; C:\winstall.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<{202718E6-0957-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0957-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]
<{202718E6-0958-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0958-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]

木马服务:

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

病毒/木马驱动:
[MicroSoft Media Services / MediaDrver][Stopped/Manual Start]
<\??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YpOCalLH.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[SVKP / SVKP][Running/Auto Start]
<\??\D:\WINDOWS\system32\SVKP.sys><AntiCracking>

被病毒/木马插入的进程:
[PID: 488][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 540][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 552][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 748][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 796][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 916][D:\Program Files\Rising\Rav1\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 980][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1080][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1120][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1344][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1380][D:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1492][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1568][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1912][D:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 2044][D:\tem\VRV2005\VRV2005\vrv2005\vrvmon.exe] [vrv, 1, 0, 0, 1]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 216][D:\Program Files\Rising\Rav1\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 340][D:\Program Files\Rising\Rav1\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1044][D:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1616][D:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 804][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2772][D:\WINDOWS\system\conime.exe] [N/A, N/A]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 3912][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1316][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2172][D:\RAV\SRENG\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]

被篡改的文件关联:
.TXT Error. [notepad.exe %1]
.REG Error. [regedit.exe %1]
.CHM Error. [D:\WINDOWS\hh.exe %1]
.HLP Error. [D:\WINDOWS\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [D:\WINDOWS\NOTEPAD.EXE %1]
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2006-12-30 15:19 | 短消息 资料
字号: 22楼

【回复“小呀小顽童”的帖子】



病毒/木马的加载项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><235780M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><D:\WINDOWS\system32\bdscheca100.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<csrss><; D:\WINDOWS\csrss.exe> [N/A]
<System><; D:\Program Files\Common Files\System\Updaterun.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows installer><; C:\winstall.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<{202718E6-0957-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0957-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]
<{202718E6-0958-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0958-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]

木马服务:

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

病毒/木马驱动:
[MicroSoft Media Services / MediaDrver][Stopped/Manual Start]
<\??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YpOCalLH.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[SVKP / SVKP][Running/Auto Start]
<\??\D:\WINDOWS\system32\SVKP.sys><AntiCracking>

被病毒/木马插入的进程:
[PID: 488][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 540][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 552][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 748][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 796][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 916][D:\Program Files\Rising\Rav1\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 980][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1080][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1120][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1344][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1380][D:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1492][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1568][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1912][D:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 2044][D:\tem\VRV2005\VRV2005\vrv2005\vrvmon.exe] [vrv, 1, 0, 0, 1]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 216][D:\Program Files\Rising\Rav1\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 340][D:\Program Files\Rising\Rav1\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1044][D:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1616][D:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 804][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2772][D:\WINDOWS\system\conime.exe] [N/A, N/A]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 3912][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1316][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2172][D:\RAV\SRENG\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]

被篡改的文件关联:
.TXT Error. [notepad.exe %1]
.REG Error. [regedit.exe %1]
.CHM Error. [D:\WINDOWS\hh.exe %1]
.HLP Error. [D:\WINDOWS\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [D:\WINDOWS\NOTEPAD.EXE %1]
gototop
 
小呀小顽童
头像
快乐黄口狮
  • 帖子:172
  • 注册: 2004-08-07
  • 来自:
发表于: 2006-12-30 16:45 | 只看楼主 短消息 资料
字号: 23楼

引用:
【baohe的贴子】【回复“小呀小顽童”的帖子】



病毒/木马的加载项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><235780M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><D:\WINDOWS\system32\bdscheca100.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<csrss><; D:\WINDOWS\csrss.exe> [N/A]
<System><; D:\Program Files\Common Files\System\Updaterun.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows installer><; C:\winstall.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<{202718E6-0957-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0957-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]
<{202718E6-0958-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0958-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A]

木马服务:

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

病毒/木马驱动:
[MicroSoft Media Services / MediaDrver][Stopped/Manual Start]
<\??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YpOCalLH.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[SVKP / SVKP][Running/Auto Start]
<\??\D:\WINDOWS\system32\SVKP.sys><AntiCracking>

被病毒/木马插入的进程:
[PID: 488][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 540][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 552][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 748][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 796][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 916][D:\Program Files\Rising\Rav1\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 980][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1080][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1120][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1344][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1380][D:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1492][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 1568][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1912][D:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 2044][D:\tem\VRV2005\VRV2005\vrv2005\vrvmon.exe] [vrv, 1, 0, 0, 1]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 216][D:\Program Files\Rising\Rav1\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 340][D:\Program Files\Rising\Rav1\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1044][D:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1616][D:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[PID: 804][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2772][D:\WINDOWS\system\conime.exe] [N/A, N/A]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 3912][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 1316][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]
[PID: 2172][D:\RAV\SRENG\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\WINDOWS\235780M.BMP] [N/A, N/A]
[D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A]

被篡改的文件关联:
.TXT Error. [notepad.exe %1]
.REG Error. [regedit.exe %1]
.CHM Error. [D:\WINDOWS\hh.exe %1]
.HLP Error. [D:\WINDOWS\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [D:\WINDOWS\NOTEPAD.EXE %1]




………………

p这么严重我怎么办啊?
瑞星查电脑,根本无毒啊。
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-12-30 16:47 | 短消息 资料
字号: 24楼

引用:
【小呀小顽童的贴子】p这么严重我怎么办啊?
瑞星查电脑,根本无毒啊。

………………


rising能查出来还要这个反病毒版做什么?
gototop
 
独孤豪侠
头像
横据古稀狮
  • 帖子:11896
  • 注册: 2005-08-10
  • 来自:花果山
发表于: 2006-12-30 16:54 | 短消息 资料
字号: 25楼

无语.....这么多.格盘重装算了....
汗.......
gototop
 
高歌猛进
头像
初生襁褓狮
  • 帖子:2377
  • 注册: 2006-10-09
  • 来自:
发表于: 2006-12-30 16:55 | 短消息 资料
字号: 26楼

置顶下载IceSword删除,使用方法也见置顶
gototop
 
小呀小顽童
头像
快乐黄口狮
  • 帖子:172
  • 注册: 2004-08-07
  • 来自:
发表于: 2006-12-30 16:56 | 只看楼主 短消息 资料
字号: 27楼

引用:
【叶·幽思的贴子】

rising能查出来还要这个反病毒版做什么?
………………

呵呵~~
有道理,我怎么一直没想到。
到底是出神入化的大侠,高屋见瓴,令我们大开眼界。
gototop
 
小呀小顽童
头像
快乐黄口狮
  • 帖子:172
  • 注册: 2004-08-07
  • 来自:
发表于: 2006-12-30 16:57 | 只看楼主 短消息 资料
字号: 28楼

引用:
【高歌猛进的贴子】置顶下载IceSword删除,使用方法也见置顶
………………

多谢,我已经搞定了一部分了。
gototop
 
叶·幽思
头像
横据古稀狮
  • 帖子:7280
  • 注册: 2005-09-01
  • 来自:Town
冰激凌
发表于: 2006-12-30 17:03 | 短消息 资料
字号: 29楼

D:\WINDOWS\235780M.BMP

这个文件推荐使用killbox替换此文件后删除.
gototop
 
小呀小顽童
头像
快乐黄口狮
  • 帖子:172
  • 注册: 2004-08-07
  • 来自:
发表于: 2006-12-30 17:12 | 只看楼主 短消息 资料
字号: 30楼

引用:
【叶·幽思的贴子】D:\WINDOWS\235780M.BMP

这个文件推荐使用killbox替换此文件后删除.


………………

WIN2003下KILLBOX不可用。

此文件非常难删除,一删除马上就出现了。网上对此有专门对策,现在已解决此文件的问题。其他文件的问题尚未解决。
其实目前虽然中毒较深,但电脑上网打字等无论速度还是应用都无任何影响。
gototop
 
<<上一主题|下一主题>>
1234   3  /  4  页   跳转
页面顶部
Powered by Discuz!NT