请大家注意Rootkit.Win32.Vanti.di 病毒!!!
杀毒软件报告这个是木马程序,但并不能清除,重启后依然存在。
病毒扑特征:
c:\documents and settings\roker\local settings\temp\foxrar.exe 115.5 KB
c:\Documents and Settings\Roker\Local Settings\Temp\so.dll 31KB
c:\documents and settings\roker\local settings\temp\ud2aniap.dll 18.5 KB
在上面地址有这三个文件存在,前两个可以删掉,最后那个不行,杀毒软件会提示重启删除,但重启后并不能删除,感染源不明。该病毒会占用大量系统内存。属Rootkit.Win32.Vanti.XX 类型。检查注册表,发现与winrar 3420版本有关系。
注册表值:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6\profiles\Behavior_Blocking\profiles\pdm\settings\AppsMonitoring_List\0015\TrustedImageList\0018]
"
ObjectSize"=hex:00,4a,00,00,00,00,00,00
"Hash"=hex:bd,9b,11,d3,c6,34,a6,22
"bInUse"=dword:00000001
"bIsAllowed"=dword:00000001
"ImagePath"="D:\\Documents and Settings\\Roker\\Local Settings\\Temp\\ud2aniap.dll"
"tCreation"=dword:44d9972b
"tModify"=dword:44d9a584
"Version"="3, 4, 2, 0"
"Vendor"="WinRAR archiver"
"Description"="WinRAR.exe"
"MSCheck"=dword:00000002
请高手解决,大家注意!
