瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 淘宝流行的压缩包爆炸病毒,已点击,求高手告诉怎么杀掉此毒~

12   2  /  2  页   跳转

[求助] 淘宝流行的压缩包爆炸病毒,已点击,求高手告诉怎么杀掉此毒~

收藏
fy08
头像
叱咤花甲狮
  • 帖子:3198
  • 注册: 2007-01-27
  • 来自:都立夜兔工业高中
论坛9周年纪念冰激凌10温馨圣诞国庆61周年2010国庆勋章闪亮的光棍
发表于: 2011-05-14 19:56 | 短消息 资料
字号: 11楼

回复: 淘宝流行的压缩包爆炸病毒,已点击,求高手告诉怎么杀掉此毒~

额 一下这些是我在沙箱里运行这个病毒的一个日志 希望对LZ有所帮助

2011-05-14 19:54:38 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\sechost.dll C:\Windows\System32\sechost.dll
2011-05-14 19:54:38 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\imm32.dll C:\Windows\System32\imm32.dll
2011-05-14 19:54:38 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\imm32.dll C:\Windows\System32\imm32.dll
2011-05-14 19:54:38 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll C:\Program Files\Common Files\Kingsoft\kiscommon\security\ksde\kisdcom.dll
2011-05-14 19:54:39 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\uxtheme.dll C:\Windows\System32\uxtheme.dll
2011-05-14 19:54:39 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kwsui.dll
2011-05-14 19:54:39 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\version.dll C:\Windows\System32\version.dll
2011-05-14 19:54:39 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\winmm.dll C:\Windows\System32\winmm.dll
2011-05-14 19:54:40 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll C:\Program Files\Common Files\Kingsoft\kiscommon\kswebshield.dll
2011-05-14 19:54:40 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件D:\Program Files\KSafe\ksfmon.dll D:\Program Files\KSafe\ksfmon.dll
2011-05-14 19:54:40 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\dwmapi.dll C:\Windows\System32\dwmapi.dll
2011-05-14 19:54:40 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\cryptbase.dll C:\Windows\System32\cryptbase.dll
2011-05-14 19:54:41 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
2011-05-14 19:54:41 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\secur32.dll C:\Windows\System32\secur32.dll
2011-05-14 19:54:41 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\sspicli.dll C:\Windows\System32\sspicli.dll
2011-05-14 19:54:41 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-05-14 19:54:41 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\profapi.dll C:\Windows\System32\profapi.dll
2011-05-14 19:54:42 C:\Users\Jimmy\Desktop\baobei1.exe写文件C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2011-05-14 19:54:42 C:\Users\Jimmy\Desktop\baobei1.exe写文件C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写文件C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\KSafeBox\9FFAD8C2\Users\Jimmy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\dnsapi.dll C:\Windows\System32\dnsapi.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\IPHLPAPI.DLL C:\Windows\System32\IPHLPAPI.DLL
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\winnsi.dll C:\Windows\System32\winnsi.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\rasapi32.dll C:\Windows\System32\rasapi32.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\rasman.dll C:\Windows\System32\rasman.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\rtutils.dll C:\Windows\System32\rtutils.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASAPI32
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe打开服务RASMAN RASMAN
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\kingsoft\KSBReg\9FFAD8C2\HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\baobei1_RASMANCS
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe打开服务Sens Sens
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe打开服务RASMAN RASMAN
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe写注册表HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\mswsock.dll C:\Windows\System32\mswsock.dll
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe加载库文件C:\Windows\System32\WSHTCPIP.DLL C:\Windows\System32\WSHTCPIP.DLL
2011-05-14 19:54:44 C:\Users\Jimmy\Desktop\baobei1.exe创建注册表键值HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_USERS\S-1-5-21-4220385740-4025949234-3541773174-1001\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
gototop
 
lacus~
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2011-05-14
  • 来自:
发表于: 2011-05-15 01:49 | 只看楼主 短消息 资料
字号: 12楼

回复:淘宝流行的压缩包爆炸病毒,已点击,求高手告诉怎么杀掉此毒~

谢谢哦~~~非常感谢你们,ADL.。。。。 fy08你的分析已收到哦,非常感谢。。
瑞星邮件回复我的是,扫描的听诊器结果显示无毒。。。我准备再观察一阵子,谢谢你们哦 !!
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT