加急快报：今天碰上的最新最强的病毒之王 TXPlatf0rmm

x_3max

实在不行就先把客户资料拷贝出来，重做系统。再装“管家婆”。

5551551

原帖由 x_3max 于 2009-5-11 00:34 发表
实在不行就先把客户资料拷贝出来，重做系统。再装“管家婆”。

[:27:] [:27:] 不敢动他的电脑喽，有伙计赔了两千块哦

x_3max

你要先和他沟通，说清楚情况。
征得他的同意后在做。
用sreng扫描一份报告发到病毒救援区 试试。

5551551

原帖由 chaos11 于 2009-5-11 00:28 发表
査过系统驱动被动过了没

杀掉以后立刻断电重启

根据挂盘卡巴杀的结果来看，c:\windows\目录下病毒较多，临时文件夹下面也有很多病毒，然后也有几个在：“c:\windows\system32\drives\”下面的，以驱动形式加载是确定无疑了。另外userinit.exe也中毒过

Anycall-D908

是ROOTKIT吧？这家伙防还好办，要是进入了系统，他的底层操作比你的杀软更底层，那时还真的不知道谁杀谁呢。

病毒还是胜在预防，而不是查杀啊。

果然是好家伙，我的微点和小A给过了的样子，上报先，太危险了这个！

[ 本帖最后由 Anycall-D908 于 2009-5-11 00:54 编辑 ]

x_3max

楼主还在不？
看卡这个帖子http://bbs.kafan.cn/thread-478203-1-1.html 会不会有点启发。

小乔美子

刚试了下 两个月前的红伞 就能杀了

呵呵 强启发


Avira AntiVir Personal
Report file date: 2009年5月11日星期一  01:06





Version information:
BUILD.DAT       : 9.0.0.394     17962 Bytes   2009-4-17 11:20:00
AVSCAN.EXE      : 9.0.3.5      466689 Bytes   2009-4-17 01:57:30
AVSCAN.DLL      : 9.0.3.0       40705 Bytes   2009-2-27 03:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes   2009-2-20 04:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes   2009-2-27 03:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  2008-10-27 05:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes   2009-2-11 13:33:26
ANTIVIR2.VDF    : 7.1.2.105    513536 Bytes    2009-3-3 00:41:14
ANTIVIR3.VDF    : 7.1.2.127    110592 Bytes    2009-3-5 07:58:20
Engineversion   : 8.2.0.100
AEVDF.DLL       : 8.1.1.0      106868 Bytes   2009-1-27 10:36:42
AESCRIPT.DLL    : 8.1.1.56     352634 Bytes   2009-2-26 13:01:56
AESCN.DLL       : 8.1.1.7      127347 Bytes   2009-2-12 04:44:25
AERDL.DLL       : 8.1.1.3      438645 Bytes  2008-10-29 11:24:41
AEPACK.DLL      : 8.1.3.10     397686 Bytes    2009-3-4 06:06:10
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes   2009-2-26 13:01:56
AEHEUR.DLL      : 8.1.0.100   1618295 Bytes   2009-2-25 08:49:16
AEHELP.DLL      : 8.1.2.2      119158 Bytes   2009-2-26 13:01:56
AEGEN.DLL       : 8.1.1.24     336244 Bytes    2009-3-4 06:06:10
AEEMU.DLL       : 8.1.0.9      393588 Bytes   2008-10-9 07:32:40
AECORE.DLL      : 8.1.6.6      176501 Bytes   2009-2-17 07:22:44
AEBB.DLL        : 8.1.0.3       53618 Bytes   2008-10-9 07:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  2008-12-12 01:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes   2008-12-5 03:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes   2009-1-20 07:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes   2008-12-5 03:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes   2009-3-24 08:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes   2009-1-30 03:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes   2009-1-28 08:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes    2009-2-2 01:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes   2008-12-5 03:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes    2009-2-9 04:45:45
RCTEXT.DLL      : 9.0.37.0      86785 Bytes   2009-4-17 03:19:48

Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\Program Files\Avira\filescan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: F:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2009年5月11日星期一  01:06

Starting the file scan:

Begin scan in 'F:\QQdownloads\TXPlatf0rmm.rar'
F:\QQdownloads\TXPlatf0rmm.rar
  [0] Archive type: RAR
    --> TXPlatf0rmm.exe
      [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
    [NOTE]      A backup was created as '4a570a01.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!


End of the scan: 2009年5月11日星期一  01:06
Used time: 00:00 Minute(s)

The scan has been done completely.

      0 Scanned directories
      2 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      1 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes

[ 本帖最后由 小乔美子 于 2009-5-11 01:14 编辑 ]

asinasina

sreng这个要看的你脑细胞.....
见在线沙盘附件分析..

kingmuro

过kv2008

328397663

原帖由 5551551 于 2009-5-11 00:21 发表
闲话少说

某客户电脑有问题，（有跑车的，大老板泊），过去一看，蓝屏，进不了系统，安全模式也进不了。修复之后，能进系统，但杀毒软件安装不了，提示WINDOWS安装服务没有启动。360开启不了，经过杀毒修复之后， ...

Hello,


TXPlatf0rmm.exe - Trojan-Downloader.Win32.Agent.bwqb

Scanned file:   ð÷æûïÐ.zip - Infected ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/cp9m.exe - infected by Trojan-GameThief.Win32.Magania.batl ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/cqsj9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/cqwd9m.exe - infected by Trojan-GameThief.Win32.WOW.mnp ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/dh29m.exe - infected by Trojan-PSW.Win32.LdPinch.afeb ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/dh39m.exe - infected by Trojan-GameThief.Win32.Magania.batl ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/dhwd9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/dj9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/dnf9m.exe - infected by Trojan-GameThief.Win32.WOW.ncj ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/hx29m.exe - infected by Trojan-PSW.Win32.LdPinch.afrc ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/jr9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/jxsj9m.exe - infected by Trojan-GameThief.Win32.XiaJian.df ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/mhxu9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/msx9m.exe - infected by Trojan-GameThief.Win32.WOW.nai ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/mu9m.exe - infected by Trojan-PSW.Win32.LdPinch.afsd ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/qq3g9m.exe - infected by Trojan-PSW.Win32.LdPinch.afsa ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/qqhx9m.exe - infected by Trojan-PSW.Win32.LdPinch.afrc ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/qqma.exe - infected by Trojan-GameThief.Win32.OnLineGames.bkzf ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/qqmo.exe - infected by Trojan-Downloader.Win32.Agent.bwqb ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/rxcq9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/tl9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/tx29m.exe - infected by Trojan-GameThief.Win32.Magania.batl ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/wd9m.exe - infected by Trojan-GameThief.Win32.XiaJian.cq ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/wl9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/wmgj9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/xc9m.exe - infected by Trojan-GameThief.Win32.OnLineGames.uyug ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/zt9m.exe - infected by Trojan-GameThief.Win32.Magania.batl ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/zu9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/zx9m.exe - infected by Trojan-GameThief.Win32.Magania.bbbh ð÷æûïÐ.zip/ÏÂÔØÎï/н¨Îļþ¼Ð (2)/zzh9m.exe - infected by Trojan-GameThief.Win32.OnLineGames.uzdg Statistics: Known viruses: 2166903 Updated: 12-05-2009 File size (Kb): 606 Virus bodies: 29 Files: 29 Warnings: 0 Archives: 1 Suspicious: 0

[ 本帖最后由 328397663 于 2009-5-12 15:31 编辑 ]