收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 最没人性的USP10.dll病毒样本
1234下一页
返回列表 发新帖
楼主: dayang1717
 收起左侧

[病毒样本] 最没人性的USP10.dll病毒样本

[复制链接]
dokhell
发表于 2009-2-6 17:37:14 | 显示全部楼层
为什么不把毒网封了?难道是安全公司故意放纵?太猖狂了吧。
回复

举报

luxiao200888
发表于 2009-2-6 17:38:58 | 显示全部楼层
TR/Dropper.Gen
回复

举报

dayang1717
 楼主| 发表于 2009-2-6 18:07:00 | 显示全部楼层
为什么不把毒网封了?难道是安全公司故意放纵?太猖狂了吧。

卖网马的都公开卖,都有自己的BLOG,都没事,别说他们挂马的了
回复

举报

tracydk
发表于 2009-2-6 18:31:55 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

拂晓时分
发表于 2009-2-6 18:51:37 | 显示全部楼层
脱壳后红伞还是报
回复

举报

g753852123
发表于 2009-2-6 18:59:57 | 显示全部楼层
哇哈哈
请勿灌水!

望注意!


[ 本帖最后由 aarwwefdds 于 2009-2-7 16:37 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1经验 -2 收起 理由
aarwwefdds -2 抱歉,这个帖子按规定属于恶意灌水,望注意

查看全部评分

回复

举报

wptyh73hm
发表于 2009-2-6 20:05:17 | 显示全部楼层
Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL:  http://bbs.kafan.cn/attachment.p ... e6&t=1233921779
Information:  Is the TR/Dropper.Gen Trojan  


--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.74, VDF 7.1.1.235
回复

举报

zeadstone
发表于 2009-2-6 20:15:24 | 显示全部楼层
微点

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

xiaojinglf
发表于 2009-2-7 12:38:01 | 显示全部楼层
----------------------------------
增加值:272
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14DFEBE4-FA9E-4B87-9DD6-2C452D0D35FE}\InProcServer32\: "C:\WINDOWS\system32\hkdfebek.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14DFEBE4-FA9E-4B87-9DD6-2C452D0D35FE}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2746FE56-834C-499D-A799-11CC86602459}\InProcServer32\: "C:\WINDOWS\system32\inkmfelm.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2746FE56-834C-499D-A799-11CC86602459}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8FC6E0-7DC6-4903-9192-413FEE254A64}\InProcServer32\: "C:\WINDOWS\system32\kbofcmeg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8FC6E0-7DC6-4903-9192-413FEE254A64}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D4473D1-0B79-4785-AA2C-4524D13CDF62}\InProcServer32\: "C:\WINDOWS\system32\ldkknjdh.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D4473D1-0B79-4785-AA2C-4524D13CDF62}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7957A2E8-7A4E-46BE-8029-827D4FC7AE15}\InProcServer32\: "C:\WINDOWS\system32\nplnaieo.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7957A2E8-7A4E-46BE-8029-827D4FC7AE15}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889DD9D8-E2D5-4431-AD28-52A39F623998}\InProcServer32\: "C:\WINDOWS\system32\oopddpdo.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889DD9D8-E2D5-4431-AD28-52A39F623998}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F41BFD2-6EA6-4D01-ABDD-AB9A7A69D75A}\InProcServer32\: "C:\WINDOWS\system32\pfkhbfdi.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F41BFD2-6EA6-4D01-ABDD-AB9A7A69D75A}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0AC98F8-793D-4BDA-9042-DBF14431A895}\InProcServer32\: "C:\WINDOWS\system32\bgacpofo.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0AC98F8-793D-4BDA-9042-DBF14431A895}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE6F0799-280F-45B9-986C-9D4AC34858D4}\InProcServer32\: "C:\WINDOWS\system32\bemfgnpp.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE6F0799-280F-45B9-986C-9D4AC34858D4}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE89E88F-9BF0-418A-8208-6328876F7F97}\InProcServer32\: "C:\WINDOWS\system32\deopeoof.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE89E88F-9BF0-418A-8208-6328876F7F97}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3F9DDFB-145A-41B4-9D7B-335E979F4AC5}\InProcServer32\: "C:\WINDOWS\system32\fjfpddfb.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3F9DDFB-145A-41B4-9D7B-335E979F4AC5}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD27F82B-3C08-490E-8229-1066B80CA6A9}\InProcServer32\: "C:\WINDOWS\system32\fdinfoib.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD27F82B-3C08-490E-8229-1066B80CA6A9}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEF9DB9A-788A-4F4A-B9CB-043779C281ED}\InProcServer32\: "C:\WINDOWS\system32\fefpdbpa.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEF9DB9A-788A-4F4A-B9CB-043779C281ED}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFDA53F0-B750-4C8B-B8F1-F82989974B94}\InProcServer32\: "C:\WINDOWS\system32\ffdaljfg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFDA53F0-B750-4C8B-B8F1-F82989974B94}\InProcServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9F41BFD2-6EA6-4D01-ABDD-AB9A7A69D75A}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BE6F0799-280F-45B9-986C-9D4AC34858D4}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{889DD9D8-E2D5-4431-AD28-52A39F623998}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FFDA53F0-B750-4C8B-B8F1-F82989974B94}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7957A2E8-7A4E-46BE-8029-827D4FC7AE15}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B0AC98F8-793D-4BDA-9042-DBF14431A895}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{DE89E88F-9BF0-418A-8208-6328876F7F97}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4B8FC6E0-7DC6-4903-9192-413FEE254A64}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2746FE56-834C-499D-A799-11CC86602459}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{F3F9DDFB-145A-41B4-9D7B-335E979F4AC5}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14DFEBE4-FA9E-4B87-9DD6-2C452D0D35FE}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FEF9DB9A-788A-4F4A-B9CB-043779C281ED}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5D4473D1-0B79-4785-AA2C-4524D13CDF62}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FD27F82B-3C08-490E-8229-1066B80CA6A9}:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BE9DEA3A-893C-43F3-BC33-99574575A9F0}: ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Alcmtr: 61 6E 79 6D 69 65 33 36 30 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\9F41BFD2: "{9F41BFD2-6EA6-4D01-ABDD-AB9A7A69D75A}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\BE6F0799: "{BE6F0799-280F-45B9-986C-9D4AC34858D4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\889DD9D8: "{889DD9D8-E2D5-4431-AD28-52A39F623998}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\FFDA53F0: "{FFDA53F0-B750-4C8B-B8F1-F82989974B94}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\7957A2E8: "{7957A2E8-7A4E-46BE-8029-827D4FC7AE15}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\B0AC98F8: "{B0AC98F8-793D-4BDA-9042-DBF14431A895}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DE89E88F: "{DE89E88F-9BF0-418A-8208-6328876F7F97}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\4B8FC6E0: "{4B8FC6E0-7DC6-4903-9192-413FEE254A64}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\2746FE56: "{2746FE56-834C-499D-A799-11CC86602459}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\F3F9DDFB: "{F3F9DDFB-145A-41B4-9D7B-335E979F4AC5}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\14DFEBE4: "{14DFEBE4-FA9E-4B87-9DD6-2C452D0D35FE}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\FEF9DB9A: "{FEF9DB9A-788A-4F4A-B9CB-043779C281ED}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\5D4473D1: "{5D4473D1-0B79-4785-AA2C-4524D13CDF62}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\FD27F82B: "{FD27F82B-3C08-490E-8229-1066B80CA6A9}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe\Debugger: "svchost.exe"


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IO\0000\Control\ActiveService: "io"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAFEMON0\0000\Control\ActiveService: "SafeMon0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\Enum\Count: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\Enum\NextInstance: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\Enum\INITSTARTFAILED: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\Start: 0x00000003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiffei\ImagePath: "System32\Drivers\msiffei.sys"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\Enum\0: "Root\LEGACY_SAFEMON0\0000"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\Start: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\ImagePath: "\??\C:\WINDOWS\system32\14BA6A93.dat"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeMon0\DisplayName: "Safe Mon 360"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IO\0000\Control\ActiveService: "io"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAFEMON0\0000\Control\ActiveService: "SafeMon0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\Enum\Count: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\Enum\NextInstance: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\Enum\INITSTARTFAILED: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\Start: 0x00000003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei\ImagePath: "System32\Drivers\msiffei.sys"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\Enum\0: "Root\LEGACY_SAFEMON0\0000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\Type: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\Start: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\ErrorControl: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\ImagePath: "\??\C:\WINDOWS\system32\14BA6A93.dat"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafeMon0\DisplayName: "Safe Mon 360"
----------------------------------
修改值:38
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: "C:\WINDOWS\fonts\CtmRes.dll C:\WINDOWS\fonts\ComRes.dll pfkhbfdi.dll,bemfgnpp.dll,oopddpdo.dll,ffdaljfg.dll,nplnaieo.dll,bgacpofo.dll,deopeoof.dll,kbofcmeg.dll,inkmfelm.dll,fjfpddfb.dll,hkdfebek.dll,fefpdbpa.dll,ldkknjdh.dll,fdinfoib.dll"

----------------------------------
文件增加:114
----------------------------------
C:\WINDOWS\system32\pfkhbfdi.dll
C:\WINDOWS\system32\bemfgnpp.dll
C:\WINDOWS\system32\oopddpdo.dll
C:\WINDOWS\system32\ffdaljfg.dll
C:\WINDOWS\system32\nplnaieo.dll
C:\WINDOWS\system32\bgacpofo.dll
C:\WINDOWS\system32\deopeoof.dll
C:\WINDOWS\system32\14BA6A93.dat
C:\WINDOWS\system32\kbofcmeg.dll
C:\WINDOWS\system32\inkmfelm.dll
C:\WINDOWS\system32\fjfpddfb.dll
C:\WINDOWS\system32\hkdfebek.dll
C:\WINDOWS\system32\fefpdbpa.dll
C:\WINDOWS\system32\ldkknjdh.dll
C:\WINDOWS\system32\fdinfoib.dll
C:\WINDOWS\system32\anymie360.exe
C:\WINDOWS\system32\anymie360.dll
C:\WINDOWS\Fonts\ComRes.dll
C:\WINDOWS\Fonts\ctm04004.ttf
C:\WINDOWS\Fonts\CtmRes.dll
C:\WINDOWS\Fonts\ctm01025.ttf
C:\WINDOWS\Fonts\ctm01025.fon
C:\WINDOWS\Fonts\ctm12004.ttf
C:\WINDOWS\Fonts\ctm12004.fon
C:\WINDOWS\Fonts\ctm09004.ttf
C:\WINDOWS\Fonts\ctm09004.fon
C:\Documents and Settings\Administrator\Local Settings\Temp\1989504
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR04.500\g\soft\usp10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_1b8.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\1dc7a8.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WowInitcode.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\wsasystem.gif
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR00.109\hyjl2002\还原精灵2002\usp10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\2132879
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.922\hyjl2002\还原精灵2002\usp10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\2217551
C:\Documents and Settings\Administrator\Local Settings\Temp\2238835
C:\Documents and Settings\Administrator\Local Settings\Temp\11231237
C:\Documents and Settings\Administrator\Local Settings\Temp\2314239
C:\Documents and Settings\Administrator\Local Settings\Temp\2316870
C:\Documents and Settings\Administrator\Local Settings\Temp\2327653
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new3[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new5[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new19[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\gr[2].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new22[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\new23[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P6B8LQN\wpad[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new4[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new7[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new11[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new14[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new15[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new18[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new26[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\49I7SP63\new27[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new9[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new10[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new13[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new17[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new21[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\STE3CPM3\new25[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new6[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new8[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new12[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new16[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new20[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new24[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL2RODU7\new28[1].exe
C:\Documents and Settings\Administrator\桌面\usp10.dll
C:\Program Files\Internet Explorer\PowerDn.Rel
C:\Program Files\WinRAR\usp10.dll



----------------------------------
文件修改:
----------------------------------
C:\WINDOWS\system32\sadfasdf.jpg
C:\WINDOWS\Fonts\ctm04004.fon
C:\Documents and Settings\Administrator\Local Settings\Temp\b.bat
C:\Program Files\Internet Explorer\PointDw.Boo
回复

举报

xiaojinglf
发表于 2009-2-7 12:41:42 | 显示全部楼层
进入命令行安全模式使用以下工具杀掉:
autoruns
wsyscheck
为了快速方便,使用小红伞绿色版全盘扫描。帮助快速删除病毒文件。
删除font文件夹中的病毒文件
删除被修改的ctfmon.exe和comres.dll。从正常系统复制修复。

评分

参与人数 1经验 +5 收起 理由
aarwwefdds + 5 版区有你更精彩: )感谢发出解决方案!

查看全部评分

回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-19 12:25 , Processed in 0.531294 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表