4月1日抓的avp.exe病毒，会全盘感染exe ，引起nsis error错误

qcqyt

虚拟机运行了一下感染exe.但未见提示nsis error错误.只是说用不了.
这是病毒施放在C盘根目录下的winsys.inf
的内容

;-------------------------------------------------------------------------
; NDISPROT.INF -- Network Monitor Protocol Driver
;
; Copyright (c) 2003, Microsoft Corporation
;-------------------------------------------------------------------------
[version]
Signature   = "$Windows NT$"
Class       = NetTrans
ClassGUID   = {4d36e975-e325-11ce-bfc1-08002be10318}
Provider    = %Msft%
LayoutFile  = layout.inf
DriverVer   = 10/01/2002,6.0.4063.0

[Manufacturer]
%Msft%=MSFT,NTx86,NTia64,NTamd64

; For Win2k
[MSFT]
%NDISPROT_Desc%=Install, MS_NDISPROT

; For XP and later
[MSFT.NTx86]
%NDISPROT_Desc%=Install, MS_NDISPROT

[MSFT.NTia64]
%NDISPROT_Desc%=Install, MS_NDISPROT

[MSFT.NTamd64]
%NDISPROT_Desc%=Install, MS_NDISPROT

;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
Characteristics=0x0 ;
CopyFiles=CpyFiles_Sys

;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR,Ndi,Service,,"Ndisprot"
HKR,Ndi,HelpText,,%NDISPROT_HelpText%
HKR, Ndi\Interfaces, UpperRange,, noupper
HKR,"Ndi\Interfaces","LowerRange",,"ndis5,ndis4,ndis5_prot"

;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
AddService=Ndisprot,,NDISPROT_Service_Inst

[NDISPROT_Service_Inst]
DisplayName     = %NDISPROT_Desc%
ServiceType     = 1 ;SERVICE_KERNEL_DRIVER
StartType       = 3 ;SERVICE_MANUAL_START
ErrorControl    = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary   = %12%\winsys.sys
LoadOrderGroup  = NDIS
Description     = %NDISPROT_Desc%

[Install.Remove.Services]
DelService=Ndisprot,0x200

;-------------------------------------------------------------------------
; Declare Destination Directories for file copy/deletion
;-------------------------------------------------------------------------
[DestinationDirs]
CpyFiles_Sys    = 12    ; DIRID_DRIVERS


;-------------------------------------------------------------------------
; Files to Copy/Delete - Referenced by Install and Remove sections above
;-------------------------------------------------------------------------
[CpyFiles_Sys]
winsys.sys,,,2

[Strings]
Msft = "Microsoft"
NDISPROT_Desc = Network Monitor Protocol Driver"
NDISPROT_HelpText = "Netmon 数据包捕获驱动程序允许 Netmon 用户界面获取来自外部网络的数据包。"

ses11

咔吧没下就报了啊,新装的6试下杀毒能力啊.

maomao2005020

ess删除！

scottxzt

2008-04-09 17:55:41        注册表保护(创建注册表值)     操作:阻止
进程路径:C:\windows\system32\services.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinCOM
注册表名称:[Key]2008-04-09 17:55:41        注册表保护(创建注册表值)     操作:阻止
进程路径:C:\Documents and Settings\dell\桌面\wincom.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinCOM
注册表名称:[Key]
2008-04-09 17:55:41        注册表保护(创建注册表值)     操作:阻止
进程路径:C:\Documents and Settings\dell\桌面\wincom.exe
注册表路径:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinCOM
注册表名称:[Key]

scottxzt

2008-04-09 17:52:52        应用程序保护(修改其它进程内存)     操作:阻止
进程路径:C:\Documents and Settings\dell\桌面\avp.exe
目标进程:C:\Program Files\Internet Explorer\IEXPLORE.EXE

2008-04-09 17:53:05        文件保护(修改文件)     操作:阻止
进程路径:C:\Documents and Settings\dell\桌面\avp.exe
文件路径:E:\download\HIPS\mp.071212.1.2.10571.0168.r1.exe

28654621

D:\download\41AVPE~1.RAR>>avp.exe        TrojanDownloader.Delf.ggg.igfo        木马        还未处理
D:\download\41AVPE~1.RAR>>wincom.exe        Trojan.Agent.jca.vapg        木马        还未处理