我的电脑中了一种儒虫,会在不定的时候产生3 个文件。rdsndin.exe;ntfsnlpa.exe;hclean32.exe
并且在上网过程中,弹出对话框说你中了某个病毒,要你去某个网站去杀毒!
上面的病毒 我把注册表一个一个找,硬盘全搜,DOS杀毒。等全用。好象金山2005能杀,但杀不掉。上网后只要一用IE,就会复发!
我查了很多国外的网站,发现是新病毒,儒虫! 金山好象是7月发现的!但杀不掉!
找了2天终于,在我国台湾找到解决方案! 不知道有无效》 太激动了!
毒發作情形 1: Modifies the HOSTS file
--------------------------------------------------------------------------------
語言: English
平台: Windows 98, ME, NT, 2000, XP
加密: 不會
病毒大小: 4,096 Bytes
可偵測之最新病毒碼: 2.752.03
可偵測之最新掃瞄引擎: 6.810
發現日期: 2005/07/29
可偵測的日期: 2005/07/29
--------------------------------------------------------------------------------
詳細內容:
Upon execution, this Trojan modifies an affected system's HOSTS file, which contains host name to IP address mappings. It is usually located in the following folders:
%System%\drivers\etc
%Windows%
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP. %Windows% is the Windows folder, usually C:\Windows or C:\WINNT.)
It deletes all the current contents of the HOSTS file and replaces them with the following line:
localhost 127.0.0.1
It also creates the following registry entry to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
hclean32.exe = path of this Trojan}\hclean32.exe?
It also creates the following registry key as part of its installation routine:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Ruins
This Trojan runs on Windows 98, ME, NT, 2000, and XP.
說明產生日期: 2005/08/03
台湾的科技不容轻视啊! 我们国内的还要努力啊
