专杀3 衍生隐藏目录和具有特殊目录的病毒
本帖最后由 CuteK 于 2009-7-17 18:22 编辑密码 killed
另外字体目录下也有衍生文件
认领: 无
140e00526fdcfee5144bfb2e9557227d ---\7-16\76B9BA7A.dll
664f9c221111d42ac1b0a53b675fbcbd ---\7-16\122B901E.dll
d1c77e499a724d38cccfa83765ee7f59 ---\7-16\704C3595.dll
432212510d356c7feb66e1d87d68f35c ---\7-16\08223B03.dll
d80eed9bf25e757894bc3924a0910436 ---\7-16\A0C86020.dll
06b345a1fcb5e03b43f0cc39db386d1c ---\7-16\AsyncMac.sys
acf5c889327248e858cff88f0296ecb9 ---\7-16\CDuAUVkGy9.dll
968209971cdbb39e1becd6a667745633 ---\7-16\comres.dll
712cc5643c6cba102d6f9a054b36dd9c ---\7-16\cRsAQd4hw.dll
568d60ababf4f0fca0e344dd0d66c01e ---\7-16\dhDhwS7fFW.dll
a2e2ad0dcd6f849977b4f7bb727a6f7a ---\7-16\e999G49bN.dll
5d8b96ee1d1e639c34344587389bdc3f ---\7-16\E4814792.dll
5877ba37bd48c61d855f57754490801b ---\7-16\ed78ab9.dll
4ea3cafe13b6305efc836a413045e34e ---\7-16\GU6f5sW42mdc.dll
62193ed2c6cd3ea4c839f7c134e6a527 ---\7-16\hNdcS96gQxDk.dll
72dcbf1f3288cc843a06108c4ed6cecf ---\7-16\JBn2ypqY23vWX.dll
37a9465d6e89197ff9e7d802e8dc4c80 ---\7-16\JPccCJnKygDdp3.dll
156458079eebe65838227e2397cc45ab ---\7-16\ndxq9awMc.dll
2a87ca7f0a57c7722c8b326717677bfe ---\7-16\qB5BKZy7vR5m.dll
37180ebc7c81d37da0201da2794e5e10 ---\7-16\Qh6xX7VN48sVPnK.dll
edd7403c8d38d44f4d35e7520a785e8f ---\7-16\rav32.exe
edd7403c8d38d44f4d35e7520a785e8f ---\7-16\scvhost.exe
c8a6673b13c24833a0831ba8cc4d601b ---\7-16\skcfujQ5EDN.dll
8bc3a77e33e90fe594b9ad2ac68610f9 ---\7-16\szace.exe
7489ff89edcf8b1034b471f793ffe5d6 ---\7-16\taNjsFa2tT2Dh.dll
654045c3f68c546292f27b65c8cc50fc ---\7-16\up9fEkYRsKHT.dll
e92190b901449d6cdc8f04c39023c387 ---\7-16\userinit1.exe
e92190b901449d6cdc8f04c39023c387 ---\7-16\userinit.exe
968209971cdbb39e1becd6a667745633 ---\7-16\v54M9wWBuNGTf2m.dll
f620888d6fc9c4001b712fa4fdfb726a ---\7-16\Va7SpUWgCA5f.dll
2560cdb211c7d23d191fe091e91404dc --- \7-16\virus.rar
c1b63c0d60d981aa1ff8defdfe5608af --- \7-16\wadSSw5k.dll
863e5dba60e83a6d83cb2fa90f41dbbb --- \7-16\XatgKbDb3Yxc.dll
70be3d56d4be82e50a502b3334aadb88 --- \7-16\xg4hAPNygs29.dll
1d6c521a9effd0569152d959ab047047 --- \7-16\y7YFM8BwXchaasyQ.dll
d20984b6dfdf6ae728490eefa38af8a3 --- \7-16\zHvqM6hMxwpem.dll
在未联网情况下 病毒主体主要是如下进行清除
1、拷贝相同版本的userinit.exe替换%SystemRoot%\system32\userinit.exe
2、删除以下文件:
%SystemDriver%\recycle.{645FF040-5081-101B-9F08-00AA002F954E}
%SystemRoot%\extext12944765t.exe
%SystemDriver%\AUTORUN.IN
%SystemRoot%\system32\scvhost.exe
3、删除以下注册表键值:
键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac
键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec
键:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcidump
键: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[镜像劫持]
键: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
值:RsTray
数据:%SystemRoot%\system32\scvhost.exe
详细行为分析参考
http://www.micropoint.com.cn/NewVirus/newvirus/20090708132130.html
能够清除病毒原体和不联网情况下彻底清除,即可
页:
[1]