查看: 4562|回复: 7
收起左侧

恶意程序 Exploit.Win32.IMG-ANI.gen (修改)

[复制链接]
zhenidren
发表于 2007-6-28 15:44:21 | 显示全部楼层 |阅读模式
  1. 已检测到: 恶意程序 Exploit.Win32.IMG-ANI.gen (修改)        URL:
  2. 已检测到: 木马程序 Trojan-Downloader.JS.Agent.kb        脚本: http://ju.qihoo.com/topframe/din ... r=1081790&d=1081887[1]
  3. 已检测到: 木马程序 Trojan-Downloader.JS.Agent.kb        脚本: http://www.pcgi.cn/html/71/t-6371.html[1]
  4. 已检测到: 木马程序 Trojan-Downloader.JS.Agent.kb        脚本: http://blog.sina.com.cn/anmin0001[1]
  5. 已检测到: 木马程序 Trojan-Downloader.JS.Agent.kb        URL: http://www.6658588.cn/0614.js
  6. 已删除: 木马程序 Trojan-Downloader.JS.Agent.kb        文件: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R854C809\0614[1].js
复制代码
帮你加上代码。
——ppwangs

[ 本帖最后由 PPwangS 于 2007-6-29 00:24 编辑 ]
zhenidren
 楼主| 发表于 2007-6-28 15:47:24 | 显示全部楼层
好厉害哦,
现在一打开网页卡巴就报告恶意程序 Exploit.Win32.IMG-ANI.gen (修改)访问。
有谁他是驻留在哪个地方呢?
zhenidren
 楼主| 发表于 2007-6-28 19:47:55 | 显示全部楼层


  1. 2007-06-28,16:17:46

  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs ([url]http://www.KZTechs.com[/url])

  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件


  13. 启动项目
  14. 注册表
  15. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <kis><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
  17. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  18.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  19.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  20.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  21. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  22.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
  23. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  24.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
  25. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  26.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  27. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  28.     <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]

  29. ==================================
  30. 启动文件夹
  31. N/A

  32. ==================================
  33. 服务
  34. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  35.   <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
  36. [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  37.   <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
  38. [Human Interface Device Access / HidServ][Stopped/Disabled]
  39.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

  40. ==================================
  41. 驱动程序
  42. [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  43.   <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
  44. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  45.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  46. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  47.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  48. [ialm / ialm][Running/Manual Start]
  49.   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
  50. [IdeBusDr / IdeBusDr][Running/Boot Start]
  51.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
  52. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  53.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
  54. [kl1 / kl1][Running/Boot Start]
  55.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  56. [klif / klif][Running/System Start]
  57.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  58. [npkcrypt / npkcrypt][Stopped/Manual Start]
  59.   <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
  60. [npkycryp / npkycryp][Stopped/Manual Start]
  61.   <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
  62. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  63.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  64. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  65.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  66. [Secdrv / Secdrv][Stopped/Manual Start]
  67.   <system32\DRIVERS\secdrv.sys><N/A>
  68. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  69.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  70. [ZSMC USB PC Camera / ZSMC301b][Running/Manual Start]
  71.   <System32\Drivers\usbVM31b.sys><VM>
  72. [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  73.   <system32\drivers\ialmsbw.sys><Intel Corporation>
  74. [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  75.   <system32\drivers\ialmkchw.sys><Intel Corporation>

  76. ==================================
  77. 浏览器加载项
  78. [启动迅雷5]
  79.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
  80. [Web反病毒保护]
  81.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
  82. [Messenger]
  83.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
  84. [Windows Live Safety Center Base Module]
  85.   {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
  86. [Shockwave Flash Object]
  87.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
  88. [ThunderAtOnce Class]
  89.   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
  90. [QuickTime Object]
  91.   {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Program Files\StormII\Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
  92. [MMCPlayer Class]
  93.   {05C1004E-2596-48E5-8E26-39362985EEB9} <d:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
  94. [InformationCardSigninHelper Class]
  95.   {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
  96. [Windows Media Player]
  97.   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  98. [XML DOM Document]
  99.   {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
  100. [XSL Template]
  101.   {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
  102. [HtmlDlgSafeHelper Class]
  103.   {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
  104. [Tabular Data Control]
  105.   {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
  106. [QuickTime Object]
  107.   {4063BE15-3B08-470D-A0D5-B37161CFFD69} <d:\Program Files\StormII\Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
  108. [Thunder Agent Class]
  109.   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
  110. [HHCtrl Object]
  111.   {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
  112. [Shell Name Space]
  113.   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  114. [Windows Live Safety Center Base Module]
  115.   {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
  116. [PSFactoryBuffer]
  117.   {64AA7031-C150-4118-8D31-FD273A2BB22C} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
  118. [Microsoft Shell UI Helper]
  119.   {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  120. [Windows Media Player]
  121.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  122. [Microsoft Web Browser]
  123.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  124. [Windows Live Safety Center Control Module]
  125.   {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
  126. [GetInfo2 Class]
  127.   {B345F37E-6763-433B-BC53-9B526A9B7B8B} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
  128. [RDS.DataSpace]
  129.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  130. [AUDIO__MP3 Moniker Class]
  131.   {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  132. [VIDEO__X_MS_WMV Moniker Class]
  133.   {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  134. [RealPlayer G2 Control]
  135.   {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
  136. [Shockwave Flash Object]
  137.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
  138. [GetInfo Class]
  139.   {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
  140. [XML HTTP Request]
  141.   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
  142. [Scripting.Dictionary]
  143.   {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
  144. [Vod Class]
  145.   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
  146. [XML DOM Document 3.0]
  147.   {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  148. [Free Threaded XML DOM Document 3.0]
  149.   {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  150. [XML Schema Cache 3.0]
  151.   {F5078F34-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  152. [XML HTTP 3.0]
  153.   {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  154. [XSL Template 3.0]
  155.   {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  156. [XML Data Source Object 3.0]
  157.   {F5078F39-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
  158. [XML DOM Document]
  159.   {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
  160. [Free Threaded XML DOM Document]
  161.   {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
  162. [XML Data Source Object ]
  163.   {F6D90F14-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
  164. [XML HTTP]
  165.   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
  166. [使用迅雷下载]
  167.   <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
  168. [使用迅雷下载全部链接]
  169.   <, N/A>

  170. ==================================
  171. 正在运行的进程
  172. [PID: 516][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  173. [PID: 572][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  174. [PID: 1496][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  175.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
  176.     [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
  177.     [d:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
  178.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  179.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  180.     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,1918]
  181.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
  182.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
  183.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
  184. [PID: 252][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
  185.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
  186.     [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
  187.     [d:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
  188.     [D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  189.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  190.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  191.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  192.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  193.     [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
  194.     [d:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  195.     [d:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  196.     [d:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  197.     [d:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  198.     [d:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  199.     [C:\Program Files\Windows Live Safety Center\custsat.dll]  [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
  200. [PID: 2420][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  201.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
  202.     [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
  203.     [d:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
  204.     [D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

  205. ==================================
  206. 文件关联
  207. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  208. .EXE  OK. ["%1" %*]
  209. .COM  OK. ["%1" %*]
  210. .PIF  OK. ["%1" %*]
  211. .REG  OK. [regedit.exe "%1"]
  212. .BAT  OK. ["%1" %*]
  213. .SCR  OK. ["%1" /S]
  214. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  215. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  216. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  217. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  218. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  219. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  220. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  221. ==================================
  222. Winsock 提供者
  223. N/A

  224. ==================================
  225. Autorun.inf
  226. N/A

  227. ==================================
  228. HOSTS 文件
  229. 127.0.0.1       localhost

  230. ==================================
  231. API HOOK
  232. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CF2B25)
  233. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CF2D67)
  234. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CF2F0B)
  235. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0CF2C49)
  236. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF0CF2E8F)

  237. ==================================
  238. 隐藏进程
  239. N/A

  240. ==================================


复制代码
billy.cheung
发表于 2007-6-28 20:46:45 | 显示全部楼层
LZ这帖有毒,小红伞报ANI
gbz55
发表于 2007-6-28 23:12:05 | 显示全部楼层
2007-06-28_230821.gif

这贴是有问题。我的F-S7.0也报病毒。我的浏览器是OPERA.
zhenidren
 楼主| 发表于 2007-6-29 08:45:45 | 显示全部楼层
是不是光标漏洞还可以被利用,
微软的专业补丁“WindowsXP-KB925902-x86-CHS.exe”我早已经打上了
zhaonimm
发表于 2007-6-29 09:41:09 | 显示全部楼层
你的报告是在正常模式下扫描的  我没看到有病毒的进程。。。。。。。
zhenidren
 楼主| 发表于 2007-6-29 22:19:52 | 显示全部楼层
我认为:
卡巴已经帮我们把威胁在当在外了,
但是,恶意程序 Exploit.Win32.IMG-ANI.gen (修改)已经把某个东东(高手用冰刃应该可以看懂)注入了IE中,
所以在使用浏览器时,新打开一个IE窗口上面就有一个加载项提示,
这个加载项就是"某个东东"随浏览器运行了,
如果你信任他了,运行他了,就会有一屁股的病毒蜂拥而来,
这时如果你有装卡巴,杀猪声声声入耳,
看来,微软还没有很好的解决光标漏洞问题
或者微软的专业补丁“WindowsXP-KB925902-x86-CHS.exe”还是有漏洞。。。。。。?!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 19:52 , Processed in 0.124181 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表