查看: 6433|回复: 8
收起左侧

关于几个不好判断的进程!

[复制链接]
terryyule
发表于 2007-6-17 14:25:21 | 显示全部楼层 |阅读模式
lbrtfdc.sys
pcidump.sys
changer.sys
i2omgmt.sys

请问各位高手能不能就经验告诉小弟  这几个驱动文件是做什么用的  如果是病毒的  能告诉我是哪种病毒吗?

邮箱 : [email=yc-zr@163.com]yc-zr@163.com[/email]
不留名
发表于 2007-6-17 14:48:41 | 显示全部楼层
不认识...认为有问题...扫SRE日志上来看下.
ooo-ppp
发表于 2007-6-17 17:11:54 | 显示全部楼层
百度一下,再结合其文件属性,创建及修改时间,所属公司,做综合判断后,确定删除与否.
姑苏残月
发表于 2007-6-17 17:15:04 | 显示全部楼层
同意2楼意见,怀疑有问题的话,扫日志上来
ALEXBLAIR
发表于 2007-6-17 22:44:40 | 显示全部楼层

文件详细信息:

[lbrtfdc.sys]

Description:

Important: Some malware camouflage themselves as lbrtfdc.sys, particularly if they are located in c:\windows or c:\windows\system32 folder.Thus check the lbrtfdc.sys process on your pc whether it is pest.

/*不是系统文件,有的木马利用它*/
//=======================================

[pcidump.sys]
PCIDUMP.SYS is a file recently detected by the Prevx database. This file is yet to be determined globally as Good or Bad, therefore it is currently classified as Unknown. However if it is malware then it may well be caught by the behaviour protection in Prevx

If this file breaks one of the 4 Prevx "Axes of Evil", it will be immediately determined as a Bad. The only way to safeguard against this possible threat is by installing Prevx which has the ability to protect you from all bad files from the instant they are determined.

/*不是系统文件,有的木马利用它*/
//=======================================

[changer.sys]
Name        Changer.sys
Size (bytes)        9.216
Version        5.2.3790.0 (srv03_rtm.030324-2048)
Company        Microsoft Corporation
Description        SCSI CD-ROM Driver
{光驱驱动}
/*正常的驱动*/
//=======================================

[i2omgmt.sys]
Description:
i2omgmt.sys is located in the folder C:\Windows\System32\drivers. The file size on Windows XP is 8192 bytes.

The driver can be started or stopped from Services in the Control Panel or by other programs. The file is a Windows system file. The program is not visible. The file is a Microsoft signed file. There is no detailed description of this service.

i2omgmt.sys seems to be a compressed file. Therefore the technical security rating is 0% dangerous.

Important:
Some malware camouflage themselves as i2omgmt.sys, particularly if they are located in
c:\windows or c:\windows\system32 folder.Thus check the i2omgmt.sys process on your pc whether it is pest.
/*系统文件,但是容易被木马利用,我的电脑上没有这个文件.(winxpsp2_sch)*/
//=======================================

[ 本帖最后由 ALEXBLAIR 于 2007-6-17 22:57 编辑 ]
ALEXBLAIR
发表于 2007-6-17 22:48:12 | 显示全部楼层

补充说明

此帖的文件信息已经发到楼主的信箱中,请查收....

[ 本帖最后由 ALEXBLAIR 于 2007-6-17 22:58 编辑 ]
wuhaomh
头像被屏蔽
发表于 2007-6-17 23:01:33 | 显示全部楼层

回复 #1 terryyule 的帖子

以下是危险的进程,自己动手,丰衣足食
180ax.exe
a.exe
actalert.exe
adaware.exe
Alchem.exe
alevir.exe
aqadcup.exe
archive.exe
arr.exe
ARUpdate.exe
asm.exe av.exe
avserve.exe
avserve2.exe
backWeb.exe
bargains.exe
basfipm.exe
belt.exe
Biprep.exe
blss.exe bokja.exe
bootconf.exe
bpc.exe brasil.exe
BRIDGE.DLL
Buddy.exe
BUGSFIX.EXE
bundle.exe
bvt.exe
cashback.exe
cdaEngine
cmd32.exe
cmesys.exe
conime.exe
conscorr.exe
crss.exe
cxtpls.exe
datemanager.exe
dcomx.exe
Desktop.exe
directs.exe
divx.exe
dllreg.exe
dmserver.exe
dpi.exe
dssagent.exe
dvdkeyauth.exe
emsw.exe
exdl.exe
exec.exe
EXP.EXE
explore.exe
explored.exe
Fash.exe
ffisearch.exe
fntldr.exe
fsg_4104.exe
FVProtect.exe
game.exe
gator.exe
gmt.exe
goidr.exe
hbinst.exe
hbsrv.exe
hwclock.exe
hxdl.exe
hxiul.exe
iedll.exe
iedriver.exe
IEHost.EXE
iexplorer.exe
infus.exe
infwin.exe
intdel.exe
isass.exe
istsvc.exe
jawa32.exe
jdbgmrg.exe
kazza.exe
keenvalue.exe
kernel32.exe
lass.exe
lmu.exe
loader.exe
lssas.exe
mapisvc32.exe
mario.exe
md.exe
mfin32.exe
mmod.exe
mostat.exe
msapp.exe
msbb.exe
msblast.exe
mscache.exe
msccn32.exe
mscman.exe
msdm.exe
msgfix.exe
msiexec16.exe
msinfo.exe
mslagent.exe
mslaugh.exe
msmc.exe
msmgt.exe
msmsgri32.exe
MSN.exe
msrexe.exe
mssvc32.exe
mssys.exe
msvxd.exe
mwsoemon.exe
mwsvm.exe
netd32.exe
nls.exe
nssys32.exe
nstask32.exe
nsupdate.exe
ntfs64.exe
NTOSA32.exe
omniscient.exe
onsrvr.exe
optimize.exe
P2P Networking.exe
pcsvc.exe
pgmonitr.exe
PIB.exe
powerscan.exe
prizesurfer.exe
prmt.exe
prmvr.exe
ray.exe
rb32.exe
rcsync.exe
rk.exe
run32dll.exe
rundll16.exe
ruxdll32.exe
saap.exe
sahagent.exe
saie.exe
sais.exe
salm.exe
satmat.exe
save.exe
savenow.exe sc.exe
scam32.exe
scrsvr.exe
scvhost.exe
SearchUpdate33.exe
SearchUpgrader.exe
soap.exe
spoler.exe
Ssk.exe
start.exe
stcloader.exe
Susp.exe
svc.exe
svchosts.exe
svshost.exe
SyncroAd.exe
sysfit.exe
system.exe
system32.exe
tb_setup.exe
TBPS.EXE
teekids.exe
tibs3.exe
trickler.exe
ts.exe
ts2.exe
tsa.exe
tsadbot.exe
tsl.exe
tsm2.exe
Tvm.exe
tvmd.exe
tvtmd.exe
update.exe
updater.exe
updmgr.exe
VVSN.exe
wast.exe
web.exe
webdav.exe
webrebates.exe
webrebates0.exe
win-bugsfix.exe
win_upd2.exe
win32.exe
win32us.exe
winactive.exe
winad.exe
winadalt.exe
winadctl.exe
WinAdTools.exe
WINdirect.exe
windows.exe
wingo.exe
wininetd.exe
wininit.exe
winlock.exe
winlogin.exe
winmain.exe
winnet.exe
winppr32.exe
winrarshell32.exe
WinRatchet.exe
WinSched.exe
winservn.exe
winshost.exe
winssk32.exe
winstart.exe
winstart001.exe
WinStatKeep.exe
wintaskad.exe
Wintime.exe
wintsk32.exe
winupdate.exe
winupdt.exe
winupdtl.exe
winxp.exe
wmon32.exe
wnad.exe
wo.exe
wovax.exe
wsup.exe
wsxsvc.exe
wtoolsa.exe
WToolsA.exe
wtoolss.exe
wuamgrd.exe
wupdate.exe
wupdater.exe
wupdmgr.exe
wupdt.exe
Xhrmy.exe
y.exe
terryyule
 楼主| 发表于 2007-6-18 15:37:57 | 显示全部楼层
回5楼 6楼    信息非常有用   邮件已收到   并以回复   再次表示感谢!
guocha007
发表于 2007-6-18 16:44:51 | 显示全部楼层
可以使用超级兔子 检测进程 再决定怎么操作
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 16:06 , Processed in 0.118951 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表