BitDefender发布超级工厂病毒Stuxnet的专杀工具（转自比特梵德官方论坛）

JusticeH

不要怕，点下去


主画面

点击后即开始扫描
上面那一段话的意思是
当发现有感染后，会先清除rookit、然后重新开机
重开机后，会再扫描一次，清除剩下的worm

第二分页画面

这里可以选择扫描的位置

第三分页画面

这里就是扫描报告

附注
如果本身有装bd，而且开启ids的话
ids会跳出视窗拦截喔 [:27:]

红蛋蛋

Intrusion Detection System (IDS)

BitDefender detects and blocks attempts to change critical system files or registry entries and warns about attacks performed by code injection (DLL injection).

The Intrusion Detection System included in BitDefender 2011 looks for the following signs:
Unauthorized attempt to access the network;
Unauthorized attempt to access the memory;
Unauthorized attempt to access COM objects;
Unauthorized attempt to access the Windows Registry;
Unauthorized attempt to access System API;
Attempt to kill BitDefender processes;
Attempt to inject into processes.

红蛋蛋

(**) Most common process actions considered suspect by Active Virus Control:
Not waiting for/requesting any type of user interaction
Not displaying any type of UI when terminating the execution
Copying or moving files in C:\Windows\ or C:\Windows\Systme32\
Having as an icon and unrelated types of an icon (e.g. a process that has as an icon a folder icon; social engineering tactics)
Executing code in other processes’ space (trying to execute code with higher privileges)
Running files that have been created by themselves with information stored in its binary file.
Copying its own contents inside a different file on a disk (replicating itself)
Adding itself in the startup sequence of the Operating System.
Hiding themselves from typical process enumeration applications.
Dropping drivers in C:\Windows\System32\ and registering them

Important note:
None of the actions listed above is relevant enough by itself. This is why Active Virus Control keeps a score and monitors the process until a threshold is reached. Identifying only one of this actions, renders that specific process as suspect (to some degree), but not as malicious.



已经将该问题反馈到总部  多谢JusticeH 提醒

inception

最近一直听说这个病毒，可是就是没有看到中毒之后系统会出现什么症状

ruoxixi

纯支持下

chengdushao

世界顶级杀毒软件

lurebreast

好东西，收藏了

CarterJames

值得选择~~