HBKrnl木马、GameThief.sidp盗号木马怎么么彻底删除

发表于 2008-9-24 14:44

请教：HBKrnl木马、GameThief.sidp盗号木马怎么彻底删除？谢谢

发表于 2008-9-24 15:27

根据你所说的是个盗号木马的话，它应该在windows目录下有一个exe文件，在system32目录下有一个dll文件，你可以将这两个文件剪切到桌面然后重新启动机器，或者直接断电。要是中的并不是单纯是个盗号木马的话就需要知道更多的信息了。

给据你提供的文件名，我找到这样一篇报告，你去看看，或许对你删除病毒有帮助。
http://www.antiy.com/cn/security/2008/r080416_002.htm

如果不能删除的话，希望你提供更多的信息。

发表于 2008-9-24 16:02

楼主
.rdata:004020C0 0000000B C HBmhly.dll
.rdata:004020CB 0000000C C HB1000Y.dll
.rdata:004020D7 0000000C C HBWOOOL.dll
.rdata:004020E3 0000000A C HBXY2.dll
.rdata:004020ED 0000000B C HBJXSJ.dll
.rdata:004020F8 0000000A C HBSO2.dll
.rdata:00402102 0000000A C HBFS2.dll
.rdata:0040210C 0000000A C HBXY3.dll
.rdata:00402116 0000000A C HBSHQ.dll
.rdata:00402120 00000009 C HBFY.dll
.rdata:00402129 0000000D C HBWULIN2.dll
.rdata:00402136 0000000A C HBW2I.dll
.rdata:00402140 0000000B C HBKDXY.dll
.rdata:0040214B 0000000D C HBWORLD2.dll
.rdata:00402158 0000000D C HBASKTAO.dll
.rdata:00402165 0000000E C HBZHUXIAN.dll
.rdata:00402173 0000000A C HBWOW.dll
.rdata:0040217D 0000000B C HBZERO.dll
.rdata:00402188 00000009 C HBBO.dll
.rdata:00402191 0000000E C HBCONQUER.dll
.rdata:0040219F 0000000B C HBSOUL.dll
.rdata:004021AA 0000000C C HBCHIBI.dll
.rdata:004021B6 0000000A C HBDNF.dll
.rdata:004021C0 0000000F C HBWARLORDS.dll
.rdata:004021CF 00000009 C HBTL.dll
.rdata:004021D8 00000010 C HBPICKCHINA.dll
.rdata:004021E8 00000009 C HBCT.dll
.rdata:004021F1 00000009 C HBGC.dll
.rdata:004021FA 00000009 C HBHM.dll
.rdata:00402203 0000000A C HBHX2.dll
.rdata:0040220D 0000000B C HBQQHX.dll
.rdata:00402218 0000000A C HBTW2.dll
.rdata:00402222 0000000B C HBQQSG.dll
.rdata:0040222D 0000000C C HBQQFFO.dll
.rdata:00402239 00000009 C HBZT.dll
.rdata:00402242 0000000B C HBMIR2.dll
.rdata:0040224D 0000000B C HBRXJH.dll
.rdata:00402258 00000009 C HBYY.dll
.rdata:00402261 0000000A C HBMXD.dll
.rdata:0040226B 00000009 C HBSQ.dll
.rdata:00402274 00000009 C HBTJ.dll
.rdata:0040227D 0000000B C HBFHZL.dll
.rdata:00402288 0000000B C HBWLQX.dll
.rdata:00402293 0000000B C HBLYFX.dll
.rdata:0040229E 00000009 C HBR2.dll
.rdata:004022A7 0000000A C HBCHD.dll
.rdata:004022B1 00000009 C HBTZ.dll
.rdata:004022BA 0000000B C HBQQXX.dll
.rdata:004022C5 00000009 C HBWD.dll
.rdata:004022CE 00000009 C HBZG.dll
.rdata:004022D7 0000000B C HBPPBL.dll
.rdata:004022E2 0000000A C HBXMJ.dll
.rdata:004022EC 0000000B C HBJTLQ.dll
.rdata:004022F7 0000000B C HBQJSJ.dll
.rdata:00402305 0000000F C StartServiceEx
.rdata:00402314 0000000E C StopServiceEx
.rdata:00402322 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
.rdata:00402357 0000000D C AppInit_DLLs
.rdata:00402366 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
.rdata:00402394 0000000C C HBService32
.rdata:004023A0 0000000B C System.exe
.rdata:004023AB 0000000E C HBInjectMutex
.rdata:004023B9 00000011 C \\\\.\\slHBKernel32
.rdata:004023CA 00000018 C \\drivers\\HBKernel32.sys
.rdata:004023E2 0000000B C HBKernel32
.rdata:004023ED 00000012 C HBKernel32 Driver

这个木马群是目前挂马的主要威胁
这个病毒的进程是 system.exe  启动两个随机名的驱动,自启动
楼主用atool就可以干掉,

到下面三个目录把没有版本的新创建的文件删除掉就可以

C:\windows\system32下
c:\doucum~\admin \Loca~\ temp下
c:\program file\internet explorere\pplugin
强制删除大部分文件

采用磁盘擦除,C:\windows\system32\driver\hbkernel.sys 提示重启,重启后可能有很多dll提示未加载成功,

[ 本帖最后由 CuteK 于 2008-9-26 13:38 编辑 ]

发表于 2008-9-24 16:36

		自动登录	找回密码
密码			注册创意安天

HBKrnl木马、GameThief.sidp盗号木马怎么么彻底删除

相关帖子