|
| [原创]木马winamps.exe realupdate.exe ScNotify.dll解决方法 |
| 作者 网络vs浪子 查看 1564 发表时间 2006/12/30 05:45 【论坛浏览】 |
|
该木马运行后生成以下文件:nvmdmwpjbz C:\WINDOWS\realupdate.exenvmdmwpjbz C:\WINDOWS\winamps.exenvmdmwpjbz C:\WINDOWS\POPNTS.DLLnvmdmwpjbz C:\WINDOWS\ScNotify.dllnvmdmwpjbz C:\WINDOWS\system32\{pchome}\.setupf\avps.exenvmdmwpjbz C:\WINDOWS\system32\{pchome}\.setupf\dllhosts.dllnvmdmwpjbz C:\WINDOWS\system32\{pchome}\.setupf\novel.exenvmdmwpjbz C:\WINDOWS\system32\{pchome}\.setupf\up.datnvmdmwpjbz C:\WINDOWS\system32\{pchome}\.setupf\verx.datnvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 添加注册表:nvmdmwpjbz [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]nvmdmwpjbz "updatereal"="C:\windows\realupdate.exe other"nvmdmwpjbz "winsamps"="C:\windows\winamps.exe"nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 在[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]添加nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz ScCardLogn项目指向“C:\windows\ScNotify.dll”nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 在[HKEY_CLASSES_ROOT\CLSID]和[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID]添加{DE7C3CF0-4B15-nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 11D1-ABED-709549C10000}项目指向“C:\WINDOWS\POPNTS.DLL”nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz SRENG日志可看出:nvmdmwpjbz 注册表nvmdmwpjbz [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]nvmdmwpjbz <updatereal><C:\windows\realupdate.exe other> [N/A]nvmdmwpjbz <winsamps><C:\windows\winamps.exe> []nvmdmwpjbz [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]nvmdmwpjbz <WinlogonNotify: ScCardLogn><C:\windows\ScNotify.dll> [Microsoft Corporation]nvmdmwpjbz 浏览器加载项nvmdmwpjbz [IEHlprObj Class]nvmdmwpjbz {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\windows\POPNTS.DLL, >nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 手工解决方法:nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 1.删除病毒添加的注册表项:nvmdmwpjbz [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]nvmdmwpjbz "updatereal"="C:\windows\realupdate.exe other"nvmdmwpjbz "winsamps"="C:\windows\winamps.exe"nvmdmwpjbz [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]nvmdmwpjbz ScCardLogn子键nvmdmwpjbz [HKEY_CLASSES_ROOT\CLSID]和[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID]nvmdmwpjbz {DE7C3CF0-4B15-11D1-ABED-709549C10000}子键nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 2.重新启动系统nvmdmwpjbz nvmdmwpjbz nvmdmwpjbz 3.删除病毒文件nvmdmwpjbz C:\WINDOWS\realupdate.exenvmdmwpjbz C:\WINDOWS\winamps.exenvmdmwpjbz C:\WINDOWS\POPNTS.DLLnvmdmwpjbz C:\WINDOWS\ScNotify.dllnvmdmwpjbz C:\WINDOWS\system32\{pchome}\整个目录nvmdmwpjbz nvmdmwpjbz  nvmdmwpjbznvmdmwpjbz nvmdmwpjbz  nvmdmwpjbznvmdmwpjbz |
| 序号 | 评论者 | 共有评论 0 【论坛浏览】 【发表评论】 | 评论时间 |
| 当前无任何评论,或评论已被禁止显示 | |||
共有评论数 0 每页显示 10
|
|||
