ntrusion.Win.NETAPI.buffer-overflow.exploit! 139(以附日志） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 ntrusion.Win.NETAPI.buffer-overflow.exploit! 139(以附日志）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

ntrusion.Win.NETAPI.buffer-overflow.exploit! 139(以附日志）

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 15:49 \| 只看楼主短消息资料字号：小中大 1楼 ntrusion.Win.NETAPI.buffer-overflow.exploit! 139(以附日志）怎么办啊老报这个攻击我已经把补丁都打了 2007-03-22 10:50:26
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	分享到：

姑苏残月叱咤花甲狮帖子:2464 注册: 2007-01-27 来自:	发表于： 2007-03-21 15:53 \| 短消息资料字号：小中大 2楼不明白你的话. 但是我感觉,既然提示了,那么攻击一般是被阻断了
姑苏残月叱咤花甲狮帖子:2464 注册: 2007-01-27 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 16:03 \| 只看楼主短消息资料字号：小中大 3楼不是啊老有攻击局域网很慢啊攻击的机器已经打完了所有补丁和在最新的病毒库下杀了毒
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 16:04 \| 只看楼主短消息资料字号：小中大 4楼局域网里的机器还会报你无权关机
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

枫笑九洲强壮不惑狮帖子:881 注册: 2007-03-19 来自:	发表于： 2007-03-21 16:07 \| 短消息资料字号：小中大 5楼下载 System Repair Engineer， http://www.kztechs.com/sreng/download.html 1 解压缩sreng2.zip 2 运行SREng.exe 3 智能扫描=》扫描=》保存报告 4 把日志中的报告完整拷贝贴上来，不要修改
枫笑九洲强壮不惑狮帖子:881 注册: 2007-03-19 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 16:23 \| 只看楼主短消息资料字号：小中大 6楼 [CODE] 2007-03-20,16:22:03 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher] <igfxtray><C:\WINNT\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxhkcmd><C:\WINNT\system32\hkcmd.exe> [(Verified)Microsoft Windows 2000 Publisher] <igfxpers><C:\WINNT\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows 2000 Publisher] <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Microsoft Windows 2000 Publisher] <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher] <Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] <WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll> [(Verified)Symantec Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP> [(Verified)Microsoft Windows 2000 Publisher] ================================== 启动文件夹 [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N> [Symantec Fax Starter Edition Port] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Symantec Fax Starter Edition Port.lnk --> C:\PROGRA~1\MICROS~2\Office\2052\OLFSNT40.EXE [Microsoft Corporation]><N> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [LiveUpdate / LiveUpdate][Stopped/Manual Start] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation> [Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation> [Symantec Event Manager / ccEvtMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation> [Symantec Settings Manager / ccSetMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation> [Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start] <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation> [SavRoam / SavRoam][Running/Auto Start] <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec> [Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation> [Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start] <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation> [Microsoft Hosting Service / Microsoft Hosting Service][Running/Auto Start] <"C:\WINNT\system32\dllcache\winshosting.exe"><N/A> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [dmboot / dmboot][Stopped/Disabled] <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [ialm / ialm][Running/Manual Start] <system32\DRIVERS\ialmnt5.sys><Intel Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [SymEvent / SymEvent][Running/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation> [SPBBCDrv / SPBBCDrv][Running/System Start] <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation> [SAVRT / SAVRT][Running/System Start] <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation> [SAVRTPEL / SAVRTPEL][Running/System Start] <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation> [SYMTDI / SYMTDI][Running/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation> [NAVEX15 / NAVEX15][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070319.016\navex15.sys><Symantec Corporation> [NAVENG / NAVENG][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070319.016\naveng.sys><Symantec Corporation> [Symantec Eraser Control driver / eeCtrl][Running/System Start] <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation> ==================================
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 16:23 \| 只看楼主短消息资料字号：小中大 7楼浏览器加载项 [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation> ================================== 正在运行的进程 [PID: 148][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 172][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 192][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [PID: 220][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 812][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\alsndmgr.cpl] [Realtek Semiconductor Corp., 2, 2, 0, 55] [C:\WINNT\system32\powercfg.cpl] [Microsoft Corporation, 5.00.3502.6601] [C:\WINNT\system32\igfxcpl.cpl] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.4384] [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.1.0.394] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4384] [PID: 884][C:\WINNT\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.4384] [PID: 892][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4384] [PID: 900][C:\WINNT\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384] [PID: 908][C:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 48] [PID: 916][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000] [PID: 1064][C:\WINNT\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\WINNT\system32\wups.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\WINNT\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [PID: 552][C:\Program Files\360safe\360Safe.exe] [奇虎网, 3, 2, 0, 1002] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001] [C:\Program Files\360safe\AntiEng.dll] [360Safe.com, 3, 0, 2, 2000] [C:\Program Files\360safe\Antispy.dll] [奇虎网, 1, 0, 0, 1002] [C:\Program Files\360safe\CleanHis.dll] [奇虎网, 3, 0, 2, 1000] [C:\Program Files\360safe\AntiActi.dll] [360Safe.com, 2, 0, 0, 3000] [C:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011] [C:\Program Files\360safe\LeakCheck.dll] [360Safe.com, 2, 0, 0, 3001] [PID: 32152][C:\Program Files\Unitech\通用海运管理系统4.2版\gsms.exe] [, ] [C:\Program Files\Unitech\通用海运管理系统4.2版\PBVM70.dll] [Sybase Inc., 7.0.00.5031] [C:\Program Files\Unitech\通用海运管理系统4.2版\libjcc.dll] [N/A, ] [C:\Program Files\Unitech\通用海运管理系统4.2版\pbMSS70.dll] [Sybase Inc., 7.0.3.10047] [C:\Program Files\Unitech\通用海运管理系统4.2版\ntwdblib.dll] [Microsoft Corporation, 1998.11.13] [C:\Program Files\Unitech\通用海运管理系统4.2版\DBNMPNTW.DLL] [Microsoft Corporation, 1999.10.20] [C:\Program Files\Unitech\通用海运管理系统4.2版\pbODB70.dll] [Sybase Inc., 7.0.00.5031] [C:\WINNT\system32\sqlsrv32.dll] [Microsoft Corporation, 3.70.1146] [C:\WINNT\system32\SQLWOA.dll] [Microsoft Corporation, 1999.10.20] [C:\Program Files\Unitech\通用海运管理系统4.2版\pbdwe70.dll] [Sybase Inc., 7.0.00.5031] [PID: 35572][C:\WINNT\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4384] [C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4384] [PID: 36380][C:\Program Files\Outlook Express\msimn.exe] [Microsoft Corporation, 6.00.2800.1807] [C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\msratelc.dll] [Microsoft Corporation, 6.00.2800.1106] [PID: 38664][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [PID: 95676][F:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS Error. [C:\WINNT\system32\WScript.exe "%1" %] .JS Error. [C:\WINNT\system32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 17:20 \| 只看楼主短消息资料字号：小中大 8楼 ????
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-03-21 17:24 \| 短消息资料字号：小中大 9楼【回复“yangkovic”的帖子】 C:\WINNT\system32\setup\wmpocm.exe 找到这个文件，用WINRAR打包，加密（解压密码用123），发到：baohelin@yahoo.com.cn 帮你看看。务必打包，加密，再发，否则，可能被邮箱杀软干掉。
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:	发表于： 2007-03-21 18:23 \| 只看楼主短消息资料字号：小中大 10楼我已经发了谢谢你帮助万分感谢
yangkovic 初生襁褓狮帖子:27 注册: 2005-04-18 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT