[警惕]AV终结者变种 推荐
2007-06-22 18:06
176 查看
其实就是随机7,没什么长进.....
过今天(07.6.22)的AVG、DR、瑞星等.....
唯一值得一提的是这次下载木马群没有把音乐的旋律弄的断断续续.....
Aditional Information
File size: 44124 bytes
CRC32 : 6A85852A
MD5: 8d31b1a7fc034a92d694feab335ce7b4
SHA1: 55c48ef73fde6c5906e6b8a529d57c2e28860a7d
SHA160 : 55C48EF73FDE6C5906E6B8A529D57C2E28860A7D
packers: NsPack
Languages:Borland Delphi 6.0-7.0
不写详细分析了,没多大变动....想看的在我博客里自己找吧,随机7的标题....
http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/ff361e4e097d6acbd1c86ac4.html
解决方法:
http://free.ys168.com/?gudugengkekao1
下载:
http://ys-C.ys168.com/?DubaTool_AV_Killer.COM_67eo0c0bs5bt5bso0bs0bit7bspm0c2bp0bs1bis0cj6z99f11f09z" target=_blank>DubaTool_AV_Killer.COM 271KB (金山的专杀)
官方下载地址:
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
http://duba-011.duba.net/duba/kavtools/DubaTool_AV_Killer.COM
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
升级时,防火墙放行.......
然后清理剩余的木马群:
下载:
http://ys-C.ys168.com/?修复IFEO之XP系统专用.rar_67ep0c0bs5bt5bs4bsq0bit7bspm0c2b5bsht0c0bs7bu14z97f14z" target=_blank>修复IFEO之XP系统专用.rar 72KB
http://ys-C.ys168.com/?冰刃(增强版).rar_67ep0c0bs5bt5bs4bsr0bit7bspm0c2b5bt0clmloju14z97f14z" target=_blank>冰刃(增强版).rar 555KB
http://ys-I.ys168.com/?SREng.rar_73eo0c0bs5bt5bsn0cr0bit7bspm0c2b5btol0cmphu14z97f14z" target=_blank>SREng.rar 597KB
首先运行修复IFEO的,然后打开冰刃的文件功能,删除下面的(不一定全):
(先搜索每个分区下有没有Autorun.inf和随机字符病毒,有的话用冰刃删除)
C:\Program Files\0603.exe
C:\Program Files\DLD.DAT
C:\Program Files\hyorkaj.inf
C:\Program Files\meex.exe
C:\Windows\system32\RemoteDbg.dll
C:\Program Files\.inf
C:\Program Files\3.hiv
C:\Program Files\4.hiv
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGQQ2.dll
C:\Windows\mppds.exe
C:\Windows\upxdnd.exe
C:\Windows\system32\15.dll
C:\Windows\system32\mppds.dll
C:\Windows\system32\upxdnd.dll
打开SREng删除:
注册表:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wnhgxjs><C:\Program Files\Common Files\Microsoft Shared\imnasqe.exe> []
<hyorkaj><C:\Program Files\Common Files\System\随机7位病毒.exe> []
<><C:\Program Files\Common Files\Microsoft Shared\随机7位病毒.exe> [N/A]
<mppds><C:\winnt\mppds.exe> []
<upxdnd><C:\winnt\upxdnd.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll> []
<{C51C4AFB-8A3A-6C1E-BA41-C20F02940603}><C:\winnt\system32\15.dll> []
服务
[WIKLD / WIKLD][Stopped/Manual Start]
<C:\DOCUME~1\admin\LOCALS~1\Temp\WIKLD.exe><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\winnt\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
然后重启电脑,修改QQ、邮箱、网游等密码。。收工``
就跟了一会,没截图了 - -```
鄙视下那些垃圾AV终结者。。
拜托.....出来混下点本钱....(下载木马群过程中还莫名其妙死了几个,心寒啊)
过今天(07.6.22)的AVG、DR、瑞星等.....
唯一值得一提的是这次下载木马群没有把音乐的旋律弄的断断续续.....
Aditional Information
File size: 44124 bytes
CRC32 : 6A85852A
MD5: 8d31b1a7fc034a92d694feab335ce7b4
SHA1: 55c48ef73fde6c5906e6b8a529d57c2e28860a7d
SHA160 : 55C48EF73FDE6C5906E6B8A529D57C2E28860A7D
packers: NsPack
Languages:Borland Delphi 6.0-7.0
不写详细分析了,没多大变动....想看的在我博客里自己找吧,随机7的标题....
http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/ff361e4e097d6acbd1c86ac4.html
解决方法:
http://free.ys168.com/?gudugengkekao1
下载:
http://ys-C.ys168.com/?DubaTool_AV_Killer.COM_67eo0c0bs5bt5bso0bs0bit7bspm0c2bp0bs1bis0cj6z99f11f09z" target=_blank>DubaTool_AV_Killer.COM 271KB (金山的专杀)
官方下载地址:
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
http://duba-011.duba.net/duba/kavtools/DubaTool_AV_Killer.COM
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]
升级时,防火墙放行.......
然后清理剩余的木马群:
下载:
http://ys-C.ys168.com/?修复IFEO之XP系统专用.rar_67ep0c0bs5bt5bs4bsq0bit7bspm0c2b5bsht0c0bs7bu14z97f14z" target=_blank>修复IFEO之XP系统专用.rar 72KB
http://ys-C.ys168.com/?冰刃(增强版).rar_67ep0c0bs5bt5bs4bsr0bit7bspm0c2b5bt0clmloju14z97f14z" target=_blank>冰刃(增强版).rar 555KB
http://ys-I.ys168.com/?SREng.rar_73eo0c0bs5bt5bsn0cr0bit7bspm0c2b5btol0cmphu14z97f14z" target=_blank>SREng.rar 597KB
首先运行修复IFEO的,然后打开冰刃的文件功能,删除下面的(不一定全):
(先搜索每个分区下有没有Autorun.inf和随机字符病毒,有的话用冰刃删除)
C:\Program Files\0603.exe
C:\Program Files\DLD.DAT
C:\Program Files\hyorkaj.inf
C:\Program Files\meex.exe
C:\Windows\system32\RemoteDbg.dll
C:\Program Files\.inf
C:\Program Files\3.hiv
C:\Program Files\4.hiv
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGQQ2.dll
C:\Windows\mppds.exe
C:\Windows\upxdnd.exe
C:\Windows\system32\15.dll
C:\Windows\system32\mppds.dll
C:\Windows\system32\upxdnd.dll
打开SREng删除:
注册表:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wnhgxjs><C:\Program Files\Common Files\Microsoft Shared\imnasqe.exe> []
<hyorkaj><C:\Program Files\Common Files\System\随机7位病毒.exe> []
<><C:\Program Files\Common Files\Microsoft Shared\随机7位病毒.exe> [N/A]
<mppds><C:\winnt\mppds.exe> []
<upxdnd><C:\winnt\upxdnd.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll> []
<{C51C4AFB-8A3A-6C1E-BA41-C20F02940603}><C:\winnt\system32\15.dll> []
服务
[WIKLD / WIKLD][Stopped/Manual Start]
<C:\DOCUME~1\admin\LOCALS~1\Temp\WIKLD.exe><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\winnt\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
然后重启电脑,修改QQ、邮箱、网游等密码。。收工``
就跟了一会,没截图了 - -```
鄙视下那些垃圾AV终结者。。
拜托.....出来混下点本钱....(下载木马群过程中还莫名其妙死了几个,心寒啊)
相关文章推荐
- 警惕电子邮件安全风险 推荐企业加密解决方案
- 警惕最近横行的磁碟机。 推荐
- 警惕“无所不能症” 推荐
- 警惕新MSN蠕虫(album.scr)Backdoor.Win32.IRCBot.acd 推荐
- 警惕‘浩’字病毒` 推荐
- 警惕企业管理中的“稻草人”现象 推荐
- 警惕仿熊猫烧香的病毒 推荐
- 警惕钓鱼网``` 推荐
- 警惕MSN变种蠕虫 推荐
- 6月第4周安全回顾 Firefox3存在严重漏洞 警惕Storm蠕虫 推荐
- 【警惕!!!】MSN蠕虫 推荐
- 警惕工作中的“假设综合症” 推荐
- [警惕]小红猫(setup.exe) 推荐
- 警惕!社会网络网站使欺诈变得更容易 推荐
- 警惕—VB版“熊猫烧香” 推荐
- 警惕!Cisco产品的假冒和水货 推荐
- 警惕覆盖文件类的病毒(Trojan.Win32.Agent.cli ) 推荐
- 警惕谷歌新形式的垄断 推荐
- 好书推荐:Windows应用程序捆绑核心编程
- 如何理解和应用Java的多态 推荐