致：“孤独更可靠”——yeyinhi.exe被灭了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛致：“孤独更可靠”——yeyinhi.exe被灭了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12 3 4

1 / 4 页

跳转页

致：“孤独更可靠”——yeyinhi.exe被灭了

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:17 \| 只看楼主短消息资料字号：小中大 1楼致：“孤独更可靠”——yeyinhi.exe被灭了 1、删除的病毒文件附件: 文件名:155847200767210650.jpg 下载次数:287 文件类型:image/pjpeg 文件大小: 上传时间:2007-6-7 21:17:01 描述: 预览信息:EXIF信息 User Comment : LEAD Technologies Inc. V1.01 2007-06-08 14:37:43.560000000
baohe 大版主帖子:72578 注册: 2003-04-10 来自:	分享到：

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:17 \| 只看楼主短消息资料字号：小中大 2楼 2、删除的病毒文件附件: 文件名:155847200767210725.jpg 下载次数:285 文件类型:image/pjpeg 文件大小: 上传时间:2007-6-7 21:17:36 描述: 预览信息:EXIF信息 User Comment : LEAD Technologies Inc. V1.01
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:18 \| 只看楼主短消息资料字号：小中大 3楼 3、用工具恢复IFEO 附件: 文件名:155847200767210755.jpg 下载次数:311 文件类型:image/pjpeg 文件大小: 上传时间:2007-6-7 21:18:06 描述: 预览信息:EXIF信息 User Comment : LEAD Technologies Inc. V1.01
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:18 \| 只看楼主短消息资料字号：小中大 4楼 4、工具的效果不错！附件: 文件名:155847200767210818.jpg 下载次数:308 文件类型:image/pjpeg 文件大小: 上传时间:2007-6-7 21:18:30 描述: 预览信息:EXIF信息 User Comment : LEAD Technologies Inc. V1.01
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:19 \| 只看楼主短消息资料字号：小中大 5楼中毒后的SRENG日志：启动项目注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <yeyinhi><C:\Program Files\Common Files\Microsoft Shared\pumthsg.exe> [N/A] <ykubdte><C:\Program Files\Common Files\System\rujrmue.exe> [N/A] <cmdbcs><C:\windows\cmdbcs.exe> [N/A] <mppds><C:\windows\mppds.exe> [N/A] <upxdnd><C:\windows\upxdnd.exe> [N/A] <Kvsc3><C:\windows\Kvsc3.exe> [N/A] ================================== 正在运行的进程 [PID: 636][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [PID: 2840][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [PID: 3092][C:\Program Files\Tiny Firewall Pro\amon.exe] [Computer Associates International, Inc., 6.5.3.2] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [PID: 3592][C:\Program Files\Tiny Firewall Pro\cfgtool.exe] [Computer Associates International, Inc., 6.0.0.52] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [PID: 3292][C:\Program Files\SREng2\SREng.exe] [Smallfrogs Studio, 2.3.13.690] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] [PID: 3916][C:\Program Files\Common Files\System\rujrmue.exe] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] [PID: 1776][C:\Program Files\Common Files\Microsoft Shared\pumthsg.exe] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [PID: 2848][C:\Program Files\7G17.exe] [N/A, N/A] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] [PID: 2804][C:\windows\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [PID: 2676][C:\DOCUME~1\baohelin\LOCALS~1\Temp\11.exe] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [PID: 3196][C:\DOCUME~1\baohelin\LOCALS~1\Temp\12.exe] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [PID: 3352][C:\DOCUME~1\baohelin\LOCALS~1\Temp\13.exe] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [PID: 1988][C:\DOCUME~1\baohelin\LOCALS~1\Temp\16.exe] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [PID: 2552][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll] [N/A, N/A] [C:\windows\system32\upxdnd.dll] [N/A, N/A] [C:\windows\system32\aadaru.dll] [N/A, N/A] [C:\windows\system32\cmdbcs.dll] [N/A, N/A] [C:\windows\system32\Kvsc3.dll] [N/A, N/A] ================================== Autorun.inf [D:\] [AutoRun] open=yeyinhi.exe shell\open=打开(&O) shell\open\Command=yeyinhi.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=yeyinhi.exe
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:20 \| 只看楼主短消息资料字号：小中大 6楼中毒后的autoruns日志： HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + cmdbcsc:\windows\cmdbcs.exe + Kvsc3c:\windows\kvsc3.exe + mppdsc:\windows\mppds.exe + upxdndc:\windows\upxdnd.exe + yeyinhic:\program files\common files\microsoft shared\pumthsg.exe + ykubdtec:\program files\common files\system\rujrmue.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + 360rpt.exec:\program files\common files\microsoft shared\pumthsg.exe + 360Safe.exec:\program files\common files\microsoft shared\pumthsg.exe + 360tray.exec:\program files\common files\microsoft shared\pumthsg.exe + adam.exec:\program files\common files\microsoft shared\pumthsg.exe + AgentSvr.exec:\program files\common files\microsoft shared\pumthsg.exe + AppSvc32.exec:\program files\common files\microsoft shared\pumthsg.exe + ArSwp.exec:\program files\common files\microsoft shared\pumthsg.exe + AST.exec:\program files\common files\microsoft shared\pumthsg.exe + autoruns.exec:\program files\common files\microsoft shared\pumthsg.exe + avconsol.exec:\program files\common files\microsoft shared\pumthsg.exe + avgrssvc.exec:\program files\common files\microsoft shared\pumthsg.exe + AvMonitor.exec:\program files\common files\microsoft shared\pumthsg.exe + avp.comc:\program files\common files\microsoft shared\pumthsg.exe + avp.exec:\program files\common files\microsoft shared\pumthsg.exe + CCenter.exec:\program files\common files\microsoft shared\pumthsg.exe + ccSvcHst.exec:\program files\common files\microsoft shared\pumthsg.exe + EGHOST.exec:\program files\common files\microsoft shared\pumthsg.exe + FileDsty.exec:\program files\common files\microsoft shared\pumthsg.exe + FTCleanerShell.exec:\program files\common files\microsoft shared\pumthsg.exe + FYFireWall.exec:\program files\common files\microsoft shared\pumthsg.exe + HijackThis.exec:\program files\common files\microsoft shared\pumthsg.exe + IceSword.exec:\program files\common files\microsoft shared\pumthsg.exe + iparmo.exec:\program files\common files\microsoft shared\pumthsg.exe + Iparmor.exec:\program files\common files\microsoft shared\pumthsg.exe + isPwdSvc.exec:\program files\common files\microsoft shared\pumthsg.exe + kabaload.exec:\program files\common files\microsoft shared\pumthsg.exe + KaScrScn.SCRc:\program files\common files\microsoft shared\pumthsg.exe + KASMain.exec:\program files\common files\microsoft shared\pumthsg.exe + KASTask.exec:\program files\common files\microsoft shared\pumthsg.exe + KAV32.exec:\program files\common files\microsoft shared\pumthsg.exe + KAVDX.exec:\program files\common files\microsoft shared\pumthsg.exe + KAVPF.exec:\program files\common files\microsoft shared\pumthsg.exe + KAVPFW.exec:\program files\common files\microsoft shared\pumthsg.exe + KAVSetup.exec:\program files\common files\microsoft shared\pumthsg.exe + KAVStart.exec:\program files\common files\microsoft shared\pumthsg.exe + KISLnchr.exec:\program files\common files\microsoft shared\pumthsg.exe + KMailMon.exec:\program files\common files\microsoft shared\pumthsg.exe + KMFilter.exec:\program files\common files\microsoft shared\pumthsg.exe + KPFW32.exec:\program files\common files\microsoft shared\pumthsg.exe + KPFW32X.exec:\program files\common files\microsoft shared\pumthsg.exe + KPfwSvc.exec:\program files\common files\microsoft shared\pumthsg.exe + KRegEx.exec:\program files\common files\microsoft shared\pumthsg.exe + KRepair.comc:\program files\common files\microsoft shared\pumthsg.exe + KsLoader.exec:\program files\common files\microsoft shared\pumthsg.exe + KVCenter.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KvDetect.exec:\program files\common files\microsoft shared\pumthsg.exe + KvfwMcl.exec:\program files\common files\microsoft shared\pumthsg.exe + KVMonXP.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KVMonXP_1.kxpc:\program files\common files\microsoft shared\pumthsg.exe + kvol.exec:\program files\common files\microsoft shared\pumthsg.exe + kvolself.exec:\program files\common files\microsoft shared\pumthsg.exe + KvReport.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KVScan.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KVSrvXP.exec:\program files\common files\microsoft shared\pumthsg.exe + KVStub.kxpc:\program files\common files\microsoft shared\pumthsg.exe + kvupload.exec:\program files\common files\microsoft shared\pumthsg.exe + kvwsc.exec:\program files\common files\microsoft shared\pumthsg.exe + KvXP.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KvXP_1.kxpc:\program files\common files\microsoft shared\pumthsg.exe + KWatch.exec:\program files\common files\microsoft shared\pumthsg.exe + KWatch9x.exec:\program files\common files\microsoft shared\pumthsg.exe + KWatchX.exec:\program files\common files\microsoft shared\pumthsg.exe + loaddll.exec:\program files\common files\microsoft shared\pumthsg.exe + MagicSet.exec:\program files\common files\microsoft shared\pumthsg.exe + mcconsol.exec:\program files\common files\microsoft shared\pumthsg.exe + mmqczj.exec:\program files\common files\microsoft shared\pumthsg.exe + mmsk.exec:\program files\common files\microsoft shared\pumthsg.exe + Navapsvc.exec:\program files\common files\microsoft shared\pumthsg.exe + Navapw32.exec:\program files\common files\microsoft shared\pumthsg.exe + nod32.exec:\program files\common files\microsoft shared\pumthsg.exe + nod32krn.exec:\program files\common files\microsoft shared\pumthsg.exe + nod32kui.exec:\program files\common files\microsoft shared\pumthsg.exe + NPFMntor.exec:\program files\common files\microsoft shared\pumthsg.exe + PFW.exec:\program files\common files\microsoft shared\pumthsg.exe + PFWLiveUpdate.exec:\program files\common files\microsoft shared\pumthsg.exe + QHSET.exec:\program files\common files\microsoft shared\pumthsg.exe + QQDoctor.exec:\program files\common files\microsoft shared\pumthsg.exe + QQKav.exec:\program files\common files\microsoft shared\pumthsg.exe + Ras.exec:\program files\common files\microsoft shared\pumthsg.exe + Rav.exec:\program files\common files\microsoft shared\pumthsg.exe + RavMon.exec:\program files\common files\microsoft shared\pumthsg.exe + RavMonD.exec:\program files\common files\microsoft shared\pumthsg.exe + RavStub.exec:\program files\common files\microsoft shared\pumthsg.exe + RavTask.exec:\program files\common files\microsoft shared\pumthsg.exe + RegClean.exec:\program files\common files\microsoft shared\pumthsg.exe + rfwcfg.exec:\program files\common files\microsoft shared\pumthsg.exe + rfwmain.exec:\program files\common files\microsoft shared\pumthsg.exe + rfwsrv.exec:\program files\common files\microsoft shared\pumthsg.exe + RsAgent.exec:\program files\common files\microsoft shared\pumthsg.exe + Rsaupd.exec:\program files\common files\microsoft shared\pumthsg.exe + runiep.exec:\program files\common files\microsoft shared\pumthsg.exe + safelive.exec:\program files\common files\microsoft shared\pumthsg.exe + scan32.exec:\program files\common files\microsoft shared\pumthsg.exe + shcfg32.exec:\program files\common files\microsoft shared\pumthsg.exe + SmartUp.exec:\program files\common files\microsoft shared\pumthsg.exe + SREng.EXEc:\program files\common files\microsoft shared\pumthsg.exe + symlcsvc.exec:\program files\common files\microsoft shared\pumthsg.exe + SysSafe.exec:\program files\common files\microsoft shared\pumthsg.exe + TrojanDetector.exec:\program files\common files\microsoft shared\pumthsg.exe + Trojanwall.exec:\program files\common files\microsoft shared\pumthsg.exe + TrojDie.kxpc:\program files\common files\microsoft shared\pumthsg.exe + UIHost.exec:\program files\common files\microsoft shared\pumthsg.exe + UmxAgent.exec:\program files\common files\microsoft shared\pumthsg.exe + UmxAttachment.exec:\program files\common files\microsoft shared\pumthsg.exe + UmxCfg.exec:\program files\common files\microsoft shared\pumthsg.exe + UmxFwHlp.exec:\program files\common files\microsoft shared\pumthsg.exe + UmxPol.exec:\program files\common files\microsoft shared\pumthsg.exe + upiea.exec:\program files\common files\microsoft shared\pumthsg.exe + UpLive.exec:\program files\common files\microsoft shared\pumthsg.exe + USBCleaner.exec:\program files\common files\microsoft shared\pumthsg.exe + vsstat.exec:\program files\common files\microsoft shared\pumthsg.exe + webscanx.exec:\program files\common files\microsoft shared\pumthsg.exe + WoptiClean.exec:\program files\common files\microsoft shared\pumthsg.exe
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-06-07 21:23 \| 只看楼主短消息资料字号：小中大 7楼注意：瑞星用户，杀毒后，system32文件夹中的bsmain.exe要更名（被病毒bak了）。
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

火影忍者横据古稀狮帖子:7855 注册: 2006-06-29 来自:火星	发表于： 2007-06-07 21:24 \| 短消息资料字号：小中大 8楼额。。。！！MS不强。。！
火影忍者横据古稀狮帖子:7855 注册: 2006-06-29 来自:火星

spiritfire 锋芒艾服狮帖子:1266 注册: 2006-10-22 来自:	发表于： 2007-06-07 21:26 \| 短消息资料字号：小中大 9楼麻烦猫叔了，给我来份！ kyo222222@163.com
spiritfire 锋芒艾服狮帖子:1266 注册: 2006-10-22 来自:

大版主

帖子:72578
注册: 2003-04-10
来自:

年度优秀版主奖

端午辟邪香囊

卡卡名人堂

就爱不长大

论坛9周年纪念

09欢乐圣诞

十周年

年度风云人物

2012我眼中的你们

茶馆劳模

瑞星金牌用户

十一周年勋章

发表于： 2007-06-07 21:30 | 只看楼主 短消息资料

字号：小中大 10楼

引用:

【spiritfire的贴子】麻烦猫叔了，给我来份！
kyo222222@163.com
………………

孤独的网络硬盘有样本下载：http://free.ys168.com/?gudugengkekao1

gototop

<<上一主题|下一主题>>

12 3 4

1 / 4 页

跳转页

页面顶部

Powered by Discuz!NT