被插进程及进程中的病毒模块:
[PID: 1716 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4115]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[PID: 1816 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\HBSO2.dll] [N/A, ]
[C:\WINDOWS\system32\HBmhly.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[C:\WINDOWS\system32\HBFY.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQFFO.dll] [N/A, ]
[PID: 1196 / Administrator][C:\WINDOWS\system32\tp4mon.exe] [IBM Corporation, 6.03 (xpsp.080413-2108)]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[PID: 1724 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[PID: 1824 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)]
[C:\WINDOWS\system32\HBmhly.dll] [N/A, ]
[C:\WINDOWS\system32\HBSO2.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[PID: 2112 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[PID: 2264 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQFFO.dll] [N/A, ]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
[PID: 1432 / Administrator][D:\Program Files\SRENG\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\WINDOWS\system32\HBmhly.dll] [N/A, ]
[C:\WINDOWS\system32\HBSO2.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQFFO.dll] [N/A, ]
[C:\WINDOWS\system32\HBFY.dll] [N/A, ]
[PID: 2892 / Administrator][D:\Program Files\SRENG\SRE4296ba19.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\WINDOWS\system32\HBmhly.dll] [N/A, ]
[C:\WINDOWS\system32\HBSO2.dll] [N/A, ]
[C:\WINDOWS\system32\HBFY.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQSG.dll] [N/A, ]
[C:\WINDOWS\system32\HBQQFFO.dll] [N/A, ]
[C:\WINDOWS\system32\8566F82E.dll] [N/A, ]
————————————————————
建议用IceSword手工杀毒:
1、先禁止进程创建。
2、再结束被插进程(根据上面日志中的PID很容易确认被插进程)。
3、强制删除病毒文件(上述日志显示的进程中的那些dll)。
4、强制删除C:\WINDOWS\system32\c56bcc1.sys和C:\WINDOWS\system32\System.exe。
5、删除下列注册表项:
(1)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run分支下的:
HBService32
(2)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks分支下的:
{8566F82E-03A4-416E-AEAC-66600D8881F1}
(3)HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES分支下的:
c56bcc1