您的位置:首页 > 职场人生

[警惕]AV终结者变种 推荐

2007-06-22 18:06 176 查看
其实就是随机7,没什么长进.....

过今天(07.6.22)的AVG、DR、瑞星等.....

唯一值得一提的是这次下载木马群没有把音乐的旋律弄的断断续续.....

Aditional Information

File size: 44124 bytes
CRC32 : 6A85852A
MD5: 8d31b1a7fc034a92d694feab335ce7b4
SHA1: 55c48ef73fde6c5906e6b8a529d57c2e28860a7d
SHA160 : 55C48EF73FDE6C5906E6B8A529D57C2E28860A7D
packers: NsPack
Languages:Borland Delphi 6.0-7.0

不写详细分析了,没多大变动....想看的在我博客里自己找吧,随机7的标题....

http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/ff361e4e097d6acbd1c86ac4.html

解决方法:

http://free.ys168.com/?gudugengkekao1

下载:


http://ys-C.ys168.com/?DubaTool_AV_Killer.COM_67eo0c0bs5bt5bso0bs0bit7bspm0c2bp0bs1bis0cj6z99f11f09z" target=_blank>DubaTool_AV_Killer.COM 271KB (金山的专杀)

官方下载地址:

www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]

http://duba-011.duba.net/duba/kavtools/DubaTool_AV_Killer.COM

www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]

www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM" target=_blank>http://down.[url]www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer.COM[/url]

升级时,防火墙放行.......

然后清理剩余的木马群:

下载:


http://ys-C.ys168.com/?修复IFEO之XP系统专用.rar_67ep0c0bs5bt5bs4bsq0bit7bspm0c2b5bsht0c0bs7bu14z97f14z" target=_blank>修复IFEO之XP系统专用.rar 72KB


http://ys-C.ys168.com/?冰刃(增强版).rar_67ep0c0bs5bt5bs4bsr0bit7bspm0c2b5bt0clmloju14z97f14z" target=_blank>冰刃(增强版).rar 555KB


http://ys-I.ys168.com/?SREng.rar_73eo0c0bs5bt5bsn0cr0bit7bspm0c2b5btol0cmphu14z97f14z" target=_blank>SREng.rar 597KB

首先运行修复IFEO的,然后打开冰刃的文件功能,删除下面的(不一定全):

(先搜索每个分区下有没有Autorun.inf和随机字符病毒,有的话用冰刃删除)

C:\Program Files\0603.exe
C:\Program Files\DLD.DAT
C:\Program Files\hyorkaj.inf
C:\Program Files\meex.exe
C:\Windows\system32\RemoteDbg.dll
C:\Program Files\.inf
C:\Program Files\3.hiv
C:\Program Files\4.hiv
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGQQ2.dll
C:\Windows\mppds.exe
C:\Windows\upxdnd.exe
C:\Windows\system32\15.dll
C:\Windows\system32\mppds.dll
C:\Windows\system32\upxdnd.dll

打开SREng删除:

注册表:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wnhgxjs><C:\Program Files\Common Files\Microsoft Shared\imnasqe.exe> []
<hyorkaj><C:\Program Files\Common Files\System\随机7位病毒.exe> []
<><C:\Program Files\Common Files\Microsoft Shared\随机7位病毒.exe> [N/A]
<mppds><C:\winnt\mppds.exe> []
<upxdnd><C:\winnt\upxdnd.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll> []
<{C51C4AFB-8A3A-6C1E-BA41-C20F02940603}><C:\winnt\system32\15.dll> []

服务

[WIKLD / WIKLD][Stopped/Manual Start]
<C:\DOCUME~1\admin\LOCALS~1\Temp\WIKLD.exe><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\winnt\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>

然后重启电脑,修改QQ、邮箱、网游等密码。。收工``

就跟了一会,没截图了 - -```

鄙视下那些垃圾AV终结者。。

拜托.....出来混下点本钱....(下载木马群过程中还莫名其妙死了几个,心寒啊)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  职场 休闲 AV终结者 随机7位病毒 随机7变种
相关文章推荐
新的分享
章节导航