標題: C:WINDOWSDebugdebug.exe病毒查殺步湊 (一) [打印本頁]

---

作者: maitissot    時間: 2012-12-11 12:46

歐美77p2p | 77p2p影片網分享平台 | 77p2p影片網線上觀看 | 77p2p影片網亞洲區 | 77p2p線上 | 77p2p影片網2 | 777p2p免費 | hk 77p2p 影片網 | 77p2p影片網 | 77p2p日韓 | live 173 | 173視訊辣妹 | live173影音live秀 | 影音173 | 173視訊美女聊天kk俱樂部 | live 173 視訊辣妹部落格 | live173 影音視訊 live 秀 | 免費dvd偷拍173 | 辣美眉173show影片免費看 | 173liveshow影音 | 85cc成人片西洋片 home | 85ccc | 85cc成人影片觀看 | 大奶妹做愛影片85cc | 85cc免費影片欣賞 | 85cc 免費影片觀看 | 85cc 免費影城 亞洲短片 | 85cc免費觀看 | 85cc無碼 | 85cc成人片觀看85 | 情人視訊聊天 | 成人視訊聊天 | 視訊聊天網 | 0401視訊聊天室 | 免費視訊聊天網 | 視訊聊天 | 視訊聊天 | 金瓶梅影音視訊聊天室 | 影音免費視訊聊天室 | ut視訊聊天 | 後宮視訊聊天室 | 情人視訊聊天室網 | uthome視訊聊天室 | 國外視訊聊天 | 視訊聊天戀愛ing | 0509 免費視訊聊天秀 | 080視訊聊天室 | 彩虹視訊聊天室 | uthome視訊聊天 | 視訊聊天俱樂部

---

作者: iatricwwe2395    時間: 2012-12-11 13:42     標題: C:WINDOWSDebugdebug.exe病毒查殺步湊 (一)

檔變化:
釋放檔
C:WINDOWSDebugdebug.exe
C:WINDOWSWebcss.css
C:MSDOS.log
C:WINDOWSTemp~tmp83.tmp
在D盤 E盤下 生成gbk.com和autorun.inf

C:WINDOWSWebcss.css插入其他進程

結束如下進程
kvmonxp.kxp
kvsrvxp.exe
trojdie.kxp
kregex.exe
uihost.exe
avp.exe
avp.exe
360safe.exe
runiep.exe
ras.exe
ccenter.exe
ravtask.exe
ravmon.exe
ravmond.exe
ravstub.exe
kwatch.exe
kavstart.exe
kpfwsvc.exe
kmailmon.exe
kpfw32.exe
kavsvc.exe
kav.exe

關閉如下服務 並把相應服務的啟動類型改為 禁用
sharedaccess
ccenter
kvsrvxp
kvwsc
kavsvc
kingsoft antivirus kwatch service
kingsoft personal firewall service
rsravmon service
rising proxy service
rising process communication center
rising personal firewall service
卡巴斯基反病毒6.0個人版

創建如下影像劫持項
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsconime.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.COM
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File

---

歡迎光臨 Newray影視論壇 (http://yehliou.info/)

Powered by Discuz! 7.0.0