给大家看看这个

显示全部楼层 · 发表于 2008-7-4 19:05:03

这个地址http://www.ecraft.cn/home/index.htm，点任意链接下载程序：setup.exe（这个链接到http://www.maishu123.cn/setup.exe）.

这个毒比较厉害，中了很难杀（杀了重启还生），但是卡巴能防住。

[ 本帖最后由小小爬蔷虎于 2008-7-4 19:08 编辑 ]

显示全部楼层 · 发表于 2008-7-4 19:09:02

2008/7/4 19:07:15 Detected: not-a-virus:AdWare.Win32.BHO.apu E:\QQDownload\setup.exe/map2.exe/data0002
2008/7/4 19:07:16 Detected: Trojan-PSW.Win32.OnLineGames.adio E:\QQDownload\setup.exe/691368.exe/setup1368.exe/NSPack
2008/7/4 19:07:16 Detected: Trojan-Downloader.Win32.Adload.pf E:\QQDownload\setup.exe/691368.exe/691.exe/ASPack
2008/7/4 19:07:16 Detected: not-a-virus:AdWare.Win32.BHO.apu E:\QQDownload\setup.exe/map2.exe/data0002
2008/7/4 19:07:16 Detected: Trojan-PSW.Win32.OnLineGames.adio E:\QQDownload\setup.exe/691368.exe/setup1368.exe/NSPack
2008/7/4 19:07:16 Detected: Trojan-Downloader.Win32.Adload.pf E:\QQDownload\setup.exe/691368.exe/691.exe/ASPack

[ 本帖最后由 zwl2828 于 2008-7-4 19:35 编辑 ]

显示全部楼层 · 发表于 2008-7-4 19:16:00

如果中了此毒，应该如何查杀？我装了8.0.0.357，刚好那次退出了，要命。卡巴是不停的提示重启后删除，可是就是删不掉。没办法重装了。

显示全部楼层 · 发表于 2008-7-4 19:20:28

[Found security risk] <W32/Injector.A.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\setup(2).rar->setup.exe->(RAR)->691368.exe->(RAR)->setup1368.exe
[Found downloader] <W32/Downloader.M.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\All Users\Documents\Test\setup(2).rar->setup.exe->(RAR)->691368.exe->(RAR)->691.exe->(Aspack)

---------------------------------------------------------------------
Scan ended: 2008-7-4, 19:20:16
Duration: 0:00:02

Scan result:

Scanned files:    6
Infected objects:    2
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2008-7-4 19:21:08

病毒 2008-07-04 19:20:48 C:\Documents and Settings\Administrator\桌面\setup(1).rar\setup.exe\BindFile\691368.exe\BindFile\691.exe Win32.TrojDownloader.Adload.pf.106496 隔离成功
病毒 2008-07-04 19:20:48 C:\Documents and Settings\Administrator\桌面\setup(1).rar\setup.exe\BindFile\691368.exe\BindFile\setup1368.exe Win32.Troj.Downloader.gy.90112 隔离成功

显示全部楼层 · 发表于 2008-7-4 19:34:53

原帖由小小爬蔷虎于 2008-7-4 19:16 发表
如果中了此毒，应该如何查杀？我装了8.0.0.357，刚好那次退出了，要命。卡巴是不停的提示重启后删除，可是就是删不掉。没办法重装了。

1、可以使用金山清理专家检查恶评软件；
2、检查完毕后，请使用里面的系统修复工具；
3、也可以用以下方法手动杀毒。

删除以下文件：
%ProgramFiles%\Common Files\CPUSH\cpush.dll
%ProgramFiles%\Common Files\CPUSH\Uninst.exe
%System%\map2.exe
%System%\setup.bat
%System%\yoyo1060.exe
[file and pathname of the sample #1]

删除以下文件夹：
%ProgramFiles%\Common Files\CPUSH

删除以下注册表键值：

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevzPoupopzAd.AJLogc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevzPoupopzAd.AJLogc.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevzPoupopzAd.AKLogc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevzPoupopzAd.AKLogc\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevzPoupopzAd.AKLogc\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediasPop.PopCoco
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediasPop.PopCoco\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediasPop.PopCoco\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediasPop.PopCoco.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediasPop.PopCoco.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch
HKEY_LOCAL_MACHINE\SOFTWARE\cpush
HKEY_LOCAL_MACHINE\SOFTWARE\cpush\update
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins\Common

[ 本帖最后由 zwl2828 于 2008-7-4 19:53 编辑 ]

显示全部楼层 · 发表于 2008-7-4 19:50:16

红伞杀！！！

显示全部楼层 · 发表于 2008-7-4 19:54:11

显示全部楼层 · 发表于 2008-7-4 20:07:41

江民无视

显示全部楼层 · 发表于 2008-7-4 20:29:55

[病毒样本] 给大家看看这个

本帖子中包含更多资源

Kaspersky Internet Security 2009

本帖子中包含更多资源

F-Prot 4.4.4

评分

本帖子中包含更多资源

本帖子中包含更多资源