原帖由 随缘92WJC 于 2009-2-5 10:57:00 发表
发现运行该病毒生成的文件名是随机的,gjjorm.dll,郁闷,上传附件
================================
服务
[ovtjkk / ovtjkk][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k ovtjkk-->%SystemRoot%\System32\gjjorm.dll><N/A>
病毒驱动被成功安装。
==============================
正在运行的进程
[PID: 1364 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 2372 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 684 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 1968 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 836 / Administrator][D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\FetionVM.exe] [China Mobile, 1.0.0.0]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 2624 / Administrator][D:\Program Files\TheWorld 2.0\TheWorld.exe] [Phoenix Studio, 2, 4, 0, 2]
[c:\windows\system32\gjjorm.dll] [N/A, ]
[PID: 2280 / Administrator][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,1300,1881]
[c:\windows\system32\gjjorm.dll] [N/A, ]
病毒DLL文件成功插入系统核心进程(WINLOGON.EXE、SVCHOST.EXE)、系统正常进程以及一些应用程序的进程。
=============================