Trojan-PSW.Win32.OnLineGames.mu——又一个利用IFEO劫持的变态病毒

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 Trojan-PSW.Win32.OnLineGames.mu——又一个利用IFEO劫持的变态病毒

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 2 页

跳转页

Trojan-PSW.Win32.OnLineGames.mu——又一个利用IFEO劫持的变态病毒

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-04-05 17:45 \| 显示全部短消息资料字号：小中大 11楼 [PID: 1660][C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe] [Computer Associates International, Inc., 6.5.3.2] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 1700][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 1868][C:\Program Files\Common Files\PFShared\UmxPol.exe] [Computer Associates International, Inc., 6, 0, 0, 5] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 196][C:\Program Files\Tiny Firewall Pro\UmxAgent.exe] [Computer Associates International, Inc., 6.0.1.76] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Tiny Firewall Pro\UmxAgentRes.dll] [Tiny Software, Inc., 6.0.1.63] [C:\Program Files\Tiny Firewall Pro\FncIDs.dll] [Computer Associates International, Inc., 6.0.0.1] [C:\windows\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0] [C:\Program Files\Common Files\PFShared\pthexp.dll] [Computer Associates International, Inc., 6.0.0.19] [C:\Program Files\Common Files\PFShared\Nag.dll] [Tiny Software, Inc., 6.0.1.22] [PID: 216][C:\Program Files\Tiny Firewall Pro\UmxTray.exe] [Computer Associates International, Inc., 6.5.1.59] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Tiny Firewall Pro\UmxTrayRes.dll] [Computer Associates International, Inc., 6.5.1.59] [C:\Program Files\Common Files\PFShared\Nag.dll] [Tiny Software, Inc., 6.0.1.22] [PID: 260][C:\windows\System32\Ati2evxx.exe] [N/A, N/A] [C:\windows\System32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\System32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 304][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466] [PID: 548][C:\windows\System32\QCONSVC.EXE] [N/A, N/A] [C:\windows\System32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\System32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 636][C:\windows\system32\shadow\ShadowService.exe] [N/A, N/A] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 664][C:\Program Files\Common Files\PFShared\umxlu.exe] [Tiny Software, Inc., 6.0.1.15] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 1964][C:\windows\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\windows\System32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\System32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 672][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [C:\Program Files\Internet Download Manager\IDMIECC.dll] [Internet Download Manager Corp., Tonec Inc., 1, 0, 2, 1] [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003040700] [C:\Program Files\Internet Download Manager\idmmkb.dll] [N/A, N/A] [PID: 1084][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [PID: 2020][C:\Program Files\Tiny Firewall Pro\amon.exe] [Computer Associates International, Inc., 6.5.3.2] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Tiny Firewall Pro\amonres.dll] [Computer Associates International, Inc., 6.5.1.2] [C:\Program Files\Tiny Firewall Pro\FncIDs.dll] [Computer Associates International, Inc., 6.0.0.1] [C:\Program Files\Tiny Firewall Pro\portnums.dll] [Computer Associates International, Inc., 6.0.0.1]
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-04-05 17:45 \| 显示全部短消息资料字号：小中大 12楼 [PID: 1924][C:\Program Files\Internet Download Manager\IDMan.exe] [Internet Download Manager Corp., Tonec Inc. , 5, 0, 0, 0] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Internet Download Manager\idmmkb.dll] [N/A, N/A] [PID: 3632][C:\Program Files\Opera\Opera.exe] [Opera Software, 8679] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Opera\Opera.dll] [Opera Software, 8679] [C:\Program Files\Opera\Program\Plugins\NPSWF32.dll] [N/A, N/A] [C:\windows\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045] [C:\windows\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045] [PID: 3536][C:\Program Files\Tiny Firewall Pro\cfgtool.exe] [Computer Associates International, Inc., 6.0.0.52] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\Program Files\Tiny Firewall Pro\cfgtoolres.dll] [Computer Associates International, Inc., 6.0.0.28] [C:\Program Files\Common Files\PFShared\Nag.dll] [Tiny Software, Inc., 6.0.1.22] [C:\Program Files\Common Files\PFShared\cfgwi.dll] [Computer Associates International, Inc., 6.0.0.127] [C:\Program Files\Common Files\PFShared\Cfgwires.dll] [Computer Associates International, Inc., 6.0.0.27] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 1.0.1038.0] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Common Files\PFShared\IfaceCtrl.dll] [Computer Associates International, Inc., 6.5.3.3] [C:\windows\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0] [PID: 848][C:\Program Files\SREng2\SREng.exe] [Smallfrogs Studio, 2.3.13.690] [C:\windows\system32\UmxSbxExw.dll] [Computer Associates International, Inc., 6.0.1.58] [C:\windows\system32\UmxSbxw.dll] [Computer Associates International, Inc., 6.0.1.58]
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2007-04-05 17:46 \| 显示全部短消息资料字号：小中大 13楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK 警告！System Repair Engineer 提醒你下面的函数内容与预期值不符，他们可能被一些恶意的软件所修改：入口点错误：TerminateProcess 入口点错误：TerminateThread ================================== [/CODE]
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

大版主

帖子:72578
注册: 2003-04-10
来自:

发表于： 2007-04-06 14:30 | 显示全部 短消息资料

字号：小中大 14楼

引用:

【天月来了的贴子】恩对哦！！！！！

除掉他那宝贝笔记本的驱动以后，就可以作为其他到这求助的对照日志用了。

实际上这的版主早就应该固定一个贴，里面尽量多放些不同的主板的XP和2000的系统SRENG日志，以便对照用。

不知我这想法怎样？
………………

SRENG日志，不存在所谓可供对照的“标准日志”。

1、每个人使用的操作系统不尽相同。
2、每个人安装的软件各式各样。有些软件，用户设置为启动加载，有些软件不被设为启动加载。
3、扫SRENG日志时，处于运行状态的程序数目/种类各不相同。

鉴于以上三条，即使是N个干干净净的系统，它们的SRENG日志也会是N个样子。

<<上一主题|下一主题>>

2 / 2 页

跳转页