压缩文件里的压缩文件有木马病毒!费尔ESS3.0没反应!

显示全部楼层 · 发表于 2008-8-27 12:38:41

大蜘蛛和kis8.0都报警了!压缩文件里面的压缩文件"网络隐行人.zip"含有病毒木马!

显示全部楼层 · 发表于 2008-8-27 12:52:33

这两个附件，kis8.0均报无毒。

显示全部楼层 · 发表于 2008-8-27 12:56:56

挺好用的，好在mcafee没有误报

显示全部楼层 · 发表于 2008-8-27 16:00:45

趋势KILL

显示全部楼层 · 发表于 2008-8-27 16:02:41

费尔未报，启动时候，微点杀之！

显示全部楼层 · 发表于 2008-8-27 16:14:17

伞扫描无反应！不过没解压，不知解压了会咋样

显示全部楼层 · 发表于 2008-8-27 16:20:08

cls
@echo off
Echo WINDOS XP 服务优化批处理......
Echo 由  [安全中国日志网]  出品 Http://blog.safe119.cn
rem WINDOS XP 服务优化批处理文件!!!
rem 由  [安全中国日志网]  出品，请不要改动版权信息! Http://blog.safe119.cn
@pause

@rem  Alerter
@rem 优化建议：停用
sc config Alerter start= DISABLED

@rem  Application Layer Gateway Service
@rem 优化建议：停用
sc config ALG start= DISABLED

@rem Application Management
@rem 优化建议：手动
sc config AppMgmt start= DEMAND

@rem Windows Audio
@rem 优化建议：自动
sc config AudioSrv start= AUTO

@rem Background Intelligent Transfer Service
@rem 优化建议：停用
sc config BITS start= DISABLED

@rem Computer Browser
@rem 优化建议：停用
sc config Browser start= DISABLED

@rem Indexing Service (索引服务)
@rem 优化建议：停用
sc config CiSvc start= DISABLED

@rem  ClipBook
@rem 优化建议：停用
sc config ClipSrv start= DISABLED

@rem COM+ System Application
@rem 优化建议：手动
sc config COMSysApp start= DEMAND

@rem Cryptographic Services
@rem 优化建议：手动
sc config CryptSvc start= DEMAND

@rem  DCOM Server Process Launcher
@rem 优化建议：自动
sc config DcomLaunch start= AUTO

@rem DHCP Client
@rem 优化建议：手动
sc config Dhcp start= AUTO

@rem Logical Disk Manager Administrative Service
@rem 优化建议：手动
sc config dmadmin start= DEMAND

@rem Logical Disk Manager
@rem 优化建议：自动
sc config dmserver start= AUTO

@rem DNS Client
@rem 优化建议：手动
sc config Dnscache start= AUTO

@rem Error Reporting Service
@rem 优化建议：停用
sc config ERSvc start= DISABLED

@rem Event Log
@rem 优化建议：自动
sc config Eventlog start= AUTO

@rem COM+ Event System
@rem 优化建议：手动
sc config EventSystem start= DEMAND

@rem Help and Support
@rem 优化建议：停用
sc config helpsvc start= DISABLED

@rem Human Interface Device Access
@rem 优化建议：停用
sc config HidServ start= DISABLED

@rem  http sll
sc config HTTPFilter start= DEMAND

@rem IMAPI CD-Burning COM Service
@rem 优化建议：停用
sc config ImapiService start= DISABLED

@rem Server
@rem 优化建议：自动
sc config lanmanserver start= AUTO

@rem Workstation
@rem 优化建议：自动
sc config lanmanworkstation start= AUTO

@rem TCP/IP NetBIOS Helper
@rem 优化建议：停用
sc config LmHosts start= DISABLED

@rem Messenger
@rem 优化建议：停用
sc config Messenger start= DISABLED

@rem NetMeetingremote Desktop Sharing
@rem 优化建议：停用
sc config mnmsrvc start= DISABLED

@rem Distributed Transaction Coordinator
@rem 优化建议：停用
sc config MSDTC start= DISABLED

@rem Windows Installer
@rem 优化建议：手动
sc config MSIServer start= DEMAND

@rem Network DDE
@rem 优化建议：停用
sc config NetDDE start= DISABLED

@rem Network DDE DSDM
@rem 优化建议：停用
sc config NetDDEdsdm start= DISABLED

@rem Net Logon
@rem 优化建议：停用
sc config Netlogon start= DISABLED

@rem Network Connections (网络联机)
@rem 优化建议：手动
sc config Netman start= DEMAND

@rem Network Location Awareness (NLA)
@rem 优化建议：停用
sc config Nla start= DISABLED

@rem NT LM Security Support Provider
@rem 优化建议：停用
sc config NtLmSsp start= DISABLED

@rem @rem ovable Storage
@rem 优化建议：手动
sc config NtmsSvc start= DEMAND

@rem  Office Source Engine (office 2003)
@rem 优化建议：禁用
@rem  sc config ose start= DEMAND

@rem Plug and Play
@rem 优化建议：自动
sc config PlugPlay start= AUTO

@rem IPSEC Services
@rem 优化建议：手动
sc config PolicyAgent start= DEMAND

@rem Protected Storage
@rem 优化建议：自动
sc config ProtectedStorage start= AUTO

@rem remote Access Auto Connection Manager
@rem 优化建议：手动
sc config RasAuto start= DEMAND

@rem remote Access Connection Manager
@rem 优化建议：手动
sc config RasMan start= DEMAND

@rem remote Desktop Help Session Manager
@rem 优化建议： DISABLED
sc config RDSessMgr start= DISABLED

@rem Routing andremote Access
@rem 优化建议：停用
sc config remoteAccess start= DISABLED

@rem remote Registry
@rem 优化建议：停用
sc config remoteRegistry start= DISABLED

@rem remote Procedure Call (RPC) Locator
@rem 优化建议： DISABLED
sc config RpcLocator start= DISABLED

@rem remote Procedure Call (RPC)
@rem 优化建议：自动
sc config RpcSs start= AUTO

@rem Security Accounts Manager
@rem 优化建议：自动
sc config SamSs start= AUTO

@rem Smart Card
@rem 优化建议：停用
sc config SCardSvr start= DISABLED

@rem Task Scheduler
@rem 优化建议：停用
sc config Schedule start= DISABLED

@rem Secondary Logon
@rem 优化建议：自动
sc config seclogon start= AUTO

@rem System Event Notification
@rem 优化建议：自动
sc config SENS start= AUTO

@rem Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
@rem 优化建议：停用
sc config SharedAccess start= DEMAND

@rem Shell Hardware Detection
@rem 优化建议：自动
sc config ShellHWDetection start= AUTO

@rem Print Spooler
@rem 优化建议：停用
sc config Spooler start= AUTO

@rem Windows Image Acquisition (WIA)
@rem 优化建议：停用
sc config stisvc start= DEMAND

@rem MS Software Shadow Copy Provider
@rem 优化建议：停用
sc config swprv start= DISABLED

@rem Performance Logs and Alerts
@rem 优化建议：停用
sc config SysmonLog start= DISABLED

@rem Telephony
@rem 优化建议：手动
sc config TapiSrv start= DEMAND

@rem Terminal Services
@rem 优化建议：停用
sc config TermService start= DISABLED

@rem Themes
@rem 建议：自动
sc config Themes start= AUTO

@rem Distributed Link Tracking Client
@rem 优化建议：停用
sc config TrkWks start= DISABLED

@rem Windows User Mode Driver Framework
@rem 优化建议：手动
sc config UMWdf start= DEMAND

@rem Uninterruptible Power Supply
@rem @rem 优化建议：停用
sc config UPS start= DISABLED

@rem Volume Shadow Copy
@rem 优化建议：停用
sc config VSS start= DISABLED

@rem Windows Time
@rem 优化建议：停用
sc config W32Time start= DISABLED

@rem WebClient
@rem 优化建议：停用
sc config WebClient start= DISABLED

@rem Windows Management Instrumentation (WMI)
@rem 优化建议：自动
sc config winmgmt start= AUTO

@rem Portable Media Serial Number
@rem 优化建议：停用
sc config WmdmPmSN start= DISABLED

@rem Windows Management Instrumentation Driver Extensions
@rem 优化建议：手动
sc config Wmi start= DEMAND

@rem WMI Performance Adapter
@rem 优化建议：停用
sc config WmiApSrv start= DISABLED

@rem Automatic Updates
@rem 优化建议：手动
sc config wuauserv start= DEMAND

@rem Wireless Zero Configuration
@rem 优化建议：已停用
sc config WZCSVC start= DISABLED

@rem  Network Provisioning Service
@rem 优化建议：手动
sc config xmlprov start= DEMAND

@rem DCOM Server Process Launcher
@rem 优化建议：自动
sc config DcomLaunch start= AUTO

@rem Fast User Switching Compatibility
@rem 优化建议：手动
sc config FastUserSwitchingCompatibility start= DEMAND

@REM System Restore Service
@rem 优化建议：停用
sc config srservice start= DISABLED

@REM SSDP Discovery Service
@rem 优化建议：自动
sc config SSDPSRV start= AUTO

@rem telnet
@rem 优化建议：停用
sc config TlntSvr start= DISABLED

@rem Universal Plug and Play Device Host
@rem 优化建议：手动
sc config upnphost start= DEMAND

@REM Security Center
@rem 优化建议：停用
sc config wscsvc start= DISABLED

echo "按任意键退出...谢谢使用！安全中国日志:http://blog.safe119.cn"
@pause

[ 本帖最后由 spaceplane 于 2008-8-27 16:24 编辑 ]

显示全部楼层 · 发表于 2008-8-27 16:20:32

@echo off
Echo WINDOS XP 恢复默认服务批处理......
Echo 由 [安全中国日志网] 出品 Http://blog.safe119.cn
rem WINDOS XP 恢复默认服务批处理!!!
rem 由 [安全中国日志网] 出品，请不要改动版权信息! Http://blog.safe119.cn
@pause
sc config Alerter start= DISABLED
sc config ALG start= DEMAND
sc config AppMgmt start= DEMAND
sc config AudioSrv start= AUTO
sc config BITS start= DEMAND
sc config Browser start= AUTO
sc config CiSvc start= DEMAND
sc config ClipSrv start= DISABLED
sc config COMSysApp start= DEMAND
sc config CryptSvc start= AUTO
sc config DcomLaunch start= AUTO
sc config Dhcp start= AUTO
sc config dmadmin start= DEMAND
sc config dmserver start= AUTO
sc config Dnscache start= AUTO
sc config ERSvc start= AUTO
sc config Eventlog start= AUTO
sc config EventSystem start= DEMAND
sc config FastUserSwitchingCompatibility start= DEMAND
sc config helpsvc start= AUTO
sc config HidServ start= DISABLED
sc config HTTPFilter start= DEMAND
sc config ImapiService start= DEMAND
sc config lanmanserver start= AUTO
sc config lanmanworkstation start= AUTO
sc config LmHosts start= AUTO
sc config Messenger start= DISABLED
sc config mnmsrvc start= DEMAND
sc config MSDTC start= DEMAND
sc config MSIServer start= DEMAND
sc config NetDDE start= DISABLED
sc config NetDDEdsdm start= DISABLED
sc config Netlogon start= DEMAND
sc config Netman start= DEMAND
sc config Nla start= DEMAND
sc config NtLmSsp start= DEMAND
sc config NtmsSvc start= DEMAND
sc config PlugPlay start= AUTO
sc config PolicyAgent start= AUTO
sc config ProtectedStorage start= AUTO
sc config RasAuto start= DEMAND
sc config RasMan start= DEMAND
sc config RDSessMgr start= DEMAND
sc config RemoteAccess start= DISABLED
sc config RemoteRegistry start= AUTO
sc config RpcLocator start= DEMAND
sc config RpcSs start= AUTO
sc config RSVP start= DEMAND
sc config SamSs start= AUTO
sc config SCardSvr start= DEMAND
sc config Schedule start= AUTO
sc config seclogon start= AUTO
sc config SENS start= AUTO
sc config SharedAccess start= AUTO
sc config ShellHWDetection start= AUTO
sc config Spooler start= AUTO
sc config srservice start= AUTO
sc config SSDPSRV start= DEMAND
sc config stisvc start= DEMAND
sc config SwPrv start= DEMAND
sc config SysmonLog start= DEMAND
sc config TapiSrv start= DEMAND
sc config TermService start= DEMAND
sc config Themes start= AUTO
sc config TlntSvr start= DISABLED
sc config TrkWks start= AUTO
sc config upnphost start= DEMAND
sc config UPS start= DEMAND
sc config VSS start= DEMAND
sc config W32Time start= AUTO
sc config WebClient start= AUTO
sc config winmgmt start= AUTO
sc config WmdmPmSN start= DEMAND
sc config Wmi start= DEMAND
sc config WmiApSrv start= DEMAND
sc config wscsvc start= AUTO
sc config wuauserv start= AUTO
sc config WZCSVC start= AUTO
sc config xmlprov start= DEMAND
@pause

显示全部楼层 · 发表于 2008-8-27 16:23:00

@echo off
echo 安全中国日志，http://blog.safe119.cn
echo 批处理正在清除系统垃圾文件，请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
echo 清除系统垃圾完成！
echo. & pause

显示全部楼层 · 发表于 2008-8-27 17:12:56

网络隐形人是XX门代理..

没有问题
至于什么是XX门，自己运行运行

[病毒样本] 压缩文件里的压缩文件有木马病毒!费尔ESS3.0没反应!

都不是病毒，WINXP服务优化.bat

WINXP默认服务

清除系统垃圾.bat