瑞星卡卡安全论坛技术交流区系统软件 【求助】 SMSS 佩服拉~!

1   1  /  1  页   跳转

【求助】 SMSS 佩服拉~!

收藏
jhv120
头像
拙长孩提狮
  • 帖子:58
  • 注册: 2006-05-06
  • 来自:
发表于: 2006-08-31 22:24 | 只看楼主 短消息 资料
字号: 1楼

【求助】 SMSS 佩服拉~!

天啊,一开机就有一个SMSS和一个smss两个程序,俺觉得SMSS应该是木马,用任务管理器无法结束,不过用“卡卡”进程管理可以结束(c:\windows\SMSS.exe)。 文件扇了重起又有了,用组策略散列规则禁止这个文件,哇呀~!所有的.exe程序都无法运行。用杀毒软件,查不出来(瑞星2006和卡巴斯基),瑞星防火墙无法启动,一启就弹确定。扇了,安了个卡巴斯基防火墙,启动后出现“SMSS访问网络”禁止掉,之后,不多久,防火墙自动关了,连卡巴斯基杀毒软件一起关了,手动将其运行,防火墙里的所有规则全部清空了,之后手动填写规则让防火墙阻止SMSS,但填完不到1分钟,这条规则就自动被扇了~! 到网上去下了个木马清道夫,安装之后,无法运行,就和瑞星防火墙一样,弹个确定。扇了,又下了个木马克星,同样的现象,无法运行。 我的天那~!~!~!
最后编辑2006-09-01 13:03:26
分享到:
gototop
 
注意安全
头像
快乐黄口狮
  • 帖子:208
  • 注册: 2005-03-18
  • 来自:
发表于: 2006-08-31 22:54 | 短消息 资料
字号: 2楼

找一种进程管理器,看一下smss都关联了哪些dll文件,仔细分辨对比一下
gototop
 
jhv120
头像
拙长孩提狮
  • 帖子:58
  • 注册: 2006-05-06
  • 来自:
发表于: 2006-09-01 08:22 | 只看楼主 短消息 资料
字号: 3楼

有啊,用卡可的进程就可以看到,太多了~!

这里贴不下,里面好多,俺都不懂也~!
gototop
 
jhv120
头像
拙长孩提狮
  • 帖子:58
  • 注册: 2006-05-06
  • 来自:
发表于: 2006-09-01 08:39 | 只看楼主 短消息 资料
字号: 4楼

[SMSS.EXE]
PID = 0x518
CommandLine = C:\WINDOWS\SMSS.EXE
SMSS.EXE
0x400000
C:\WINDOWS\SMSS.EXE
0.00.0096
rZqONQDREsOc3TbW5Xyp

2006-08-31 14:54:43

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2004-08-17 20:00:00

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2004-08-17 20:00:00

MSVBVM50.DLL
0x74020000
C:\WINDOWS\system32\msvbvm50.dll
05.02.8244 (SP2)
Microsoft Corporation
Visual Basic Virtual Machine
2004-08-17 20:00:00

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
Microsoft Corporation
Windows XP USER API Client DLL
2005-03-03 02:10:05

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
GDI Client DLL
2004-08-17 20:00:00

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2004-08-17 20:00:00

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2004-08-17 20:00:00

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)
Microsoft Corporation
Microsoft OLE for Windows
2005-07-26 12:39:50

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2004-08-17 20:00:00

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
Microsoft Corporation

2004-08-17 20:00:00

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP IMM32 API Client DLL
2004-08-17 20:00:00

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2004-08-17 20:00:00

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2004-08-17 20:00:00

uxtheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft UxTheme Library
2004-08-17 20:00:00

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Text Frame Work Service IME
2004-08-17 20:00:00

psapi.dll
0x76bc0000
C:\WINDOWS\system32\psapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Process Status Helper
2004-08-17 20:00:00

VERSION.DLL
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Version Checking and File Installation Libraries
2004-08-17 20:00:00

MSCTF.dll
0x74680000
C:\WINDOWS\system32\MSCTF.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
MSCTF Server DLL
2004-08-17 20:00:00

CLBCATQ.DLL
0x76fa0000
C:\WINDOWS\system32\clbcatq.dll
2001.12.4414.308
Microsoft Corporation

2005-07-26 12:39:45

COMRes.dll
0x77020000
C:\WINDOWS\system32\comres.dll
2001.12.4414.258
Microsoft Corporation

2004-08-17 20:00:00

shdocvw.dll
0x76370000
C:\WINDOWS\system32\shdocvw.dll
6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)
Microsoft Corporation
Shell Doc Object and Control Library
2005-09-03 07:53:27

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Crypto API32
2004-08-17 20:00:00

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
ASN.1 Runtime APIs
2004-08-17 20:00:00

CRYPTUI.dll
0x75430000
C:\WINDOWS\system32\cryptui.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Trust UI Provider
2004-08-17 20:00:00

WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Trust Verification APIs
2004-08-17 20:00:00

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Image Helper
2004-08-17 20:00:00

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Net Win32 API DLL
2004-08-17 20:00:00

WININET.dll
0x76680000
C:\WINDOWS\system32\wininet.dll
6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)
Microsoft Corporation
Internet Extensions for Win32
2005-09-03 07:53:28

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)
Microsoft Corporation
Shell Light-weight Utility Library
2005-09-03 07:53:28

WLDAP32.dll
0x76f30000
C:\WINDOWS\system32\wldap32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Win32 LDAP API DLL
2004-08-17 20:00:00

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
6.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
User Experience Controls Library
2004-08-17 20:00:00

SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.2763 (xpsp_sp2_gdr.050922-1642)
Microsoft Corporation
Windows Shell Common Dll
2005-09-23 11:06:30

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Controls Library
2004-08-17 20:00:00

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Security Support Provider Interface
2004-08-17 20:00:00

urlmon.dll
0x75c60000
C:\WINDOWS\system32\urlmon.dll
6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)
Microsoft Corporation
OLE32 Extensions for Win32
2005-09-03 07:53:28

appHelp.dll
0x76d70000
C:\WINDOWS\system32\apphelp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Application Compatibility Client Library
2004-08-17 20:00:00

shdoclc.dll
0x20000000
C:\WINDOWS\system32\shdoclc.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Shell Doc Object and Control Library
2004-08-17 20:00:00
gototop
 
jhv120
头像
拙长孩提狮
  • 帖子:58
  • 注册: 2006-05-06
  • 来自:
发表于: 2006-09-01 08:40 | 只看楼主 短消息 资料
字号: 5楼


xpsp2res.dll
0x1840000
C:\WINDOWS\system32\xpsp2res.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Service Pack 2 Messages
2004-08-17 20:00:00

mlang.dll
0x74cf0000
C:\WINDOWS\system32\mlang.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Multi Language Support DLL
2004-08-17 20:00:00

wsock32.dll
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 32-Bit DLL
2004-08-17 20:00:00

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2004-08-17 20:00:00

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2004-08-17 20:00:00

mswsock.dll
0x719c0000
C:\WINDOWS\system32\mswsock.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Windows Sockets 2.0 Service Provider
2004-08-17 20:00:00

hnetcfg.dll
0x60fd0000
C:\WINDOWS\system32\hnetcfg.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Home Networking Configuration Manager
2004-08-17 20:00:00

wshtcpip.dll
0x71a00000
C:\WINDOWS\system32\wshtcpip.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Sockets Helper DLL
2004-08-17 20:00:00

SXS.DLL
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Fusion 2.5
2004-08-17 20:00:00

mshtml.dll
0x7cc80000
C:\WINDOWS\system32\mshtml.dll
6.00.2900.2769 (xpsp_sp2_gdr.051004-1415)
Microsoft Corporation
Microsoft (R) HTML Viewer
2005-10-04 17:27:32

msls31.dll
0x74620000
C:\WINDOWS\system32\msls31.dll
3.10.349.0
Microsoft Corporation
Microsoft Line Services library file
2004-08-17 20:00:00

SETUPAPI.dll
0x76060000
C:\WINDOWS\system32\setupapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Setup API
2004-08-17 20:00:00

mshtmled.dll
0x753b0000
C:\WINDOWS\system32\mshtmled.dll
6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)
Microsoft Corporation
Microsoft (R) HTML Editing Component
2005-09-03 07:53:27

RASAPI32.DLL
0x76eb0000
C:\WINDOWS\system32\rasapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Access API
2004-08-17 20:00:00

rasman.dll
0x76e60000
C:\WINDOWS\system32\rasman.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Access Connection Manager
2004-08-17 20:00:00

TAPI32.dll
0x76e80000
C:\WINDOWS\system32\tapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft(R) Windows(TM) Telephony API Client DLL
2004-08-17 20:00:00

rtutils.dll
0x76e50000
C:\WINDOWS\system32\rtutils.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Routing Utilities
2004-08-17 20:00:00

WINMM.dll
0x76b10000
C:\WINDOWS\system32\winmm.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
MCI API DLL
2004-08-17 20:00:00

msv1_0.dll
0x77c40000
C:\WINDOWS\system32\msv1_0.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Authentication Package v1.0
2004-08-17 20:00:00

iphlpapi.dll
0x76d30000
C:\WINDOWS\system32\iphlpapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
IP Helper API
2004-08-17 20:00:00

sensapi.dll
0x72240000
C:\WINDOWS\system32\sensapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
SENS Connectivity API DLL
2004-08-17 20:00:00

USERENV.dll
0x759d0000
C:\WINDOWS\system32\userenv.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Userenv
2004-08-17 20:00:00

rsaenh.dll
0xffd0000
C:\WINDOWS\system32\rsaenh.dll
5.1.2600.2161 (xpsp.040706-1629)
Microsoft Corporation
Microsoft Enhanced Cryptographic Provider
2004-08-17 20:00:00

rasadhlp.dll
0x76f90000
C:\WINDOWS\system32\rasadhlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Access AutoDial Helper
2004-08-17 20:00:00

DNSAPI.dll
0x76ef0000
C:\WINDOWS\system32\dnsapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
DNS Client API DLL
2004-08-17 20:00:00

winrnr.dll
0x76f80000
C:\WINDOWS\system32\winrnr.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
LDAP RnR Provider DLL
2004-08-17 20:00:00
gototop
 
jhv120
头像
拙长孩提狮
  • 帖子:58
  • 注册: 2006-05-06
  • 来自:
发表于: 2006-09-01 08:40 | 只看楼主 短消息 资料
字号: 6楼

都是它相关的dll帮俺看看嘛~!
gototop
 
好朋友2
头像
自信弱冠狮
  • 帖子:421
  • 注册: 2005-08-21
  • 来自:
发表于: 2006-09-01 13:11 | 短消息 资料
字号: 7楼

是不是中了橙色八月的种类病毒,去下专杀杀杀看按
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT