设为首页 - 加入收藏 郑州电脑维修网(hcyzs.cn),专注电脑维修,打印机维修加粉,公司组网布网,监控安防等数十年!
热搜: RJ-11 TP-LINK 北京路虎4s店地址 black jordan
广告位
当前位置: 主页 > 软件专栏 > 病毒安全 >

C:\WINDOWS\Debug\debug.exe病毒查杀步凑

2010-08-21 14:07 [病毒安全] 来源于:
导读:文件变化: 释放文件C:\WINDOWS\Debug\debug.exeC:\WINDOWS\Web\css.cssC:\MSDOS.logC:\WINDOWS\Temp\~tmp83.tmp在D盘 E盘下 生成gbk.com和autorun.infC:\WINDOWS\Web\css.css插入其他进程结束如下进程kvmonxp.kxpkvsrvxp.exetrojdi

文件变化:
释放文件
C:WINDOWSDebugdebug.exe
C:WINDOWSWebcss.css
C:MSDOS.log
C:WINDOWSTemp~tmp83.tmp
在D盘 E盘下 生成gbk.com和autorun.inf

C:WINDOWSWebcss.css插入其他进程

结束如下进程
kvmonxp.kxp
kvsrvxp.exe
trojdie.kxp
kregex.exe
uihost.exe
avp.exe
avp.exe
360safe.exe
runiep.exe
ras.exe
ccenter.exe
ravtask.exe
ravmon.exe
ravmond.exe
ravstub.exe
kwatch.exe
kavstart.exe
kpfwsvc.exe
kmailmon.exe
kpfw32.exe
kavsvc.exe
kav.exe

关闭如下服务 并把相应服务的启动类型改为 禁用
sharedaccess
ccenter
kvsrvxp
kvwsc
kavsvc
kingsoft antivirus kwatch service
kingsoft personal firewall service
rsravmon service
rising proxy service
rising process communication center
rising personal firewall service
卡巴斯基反病毒6.0个人版

创建如下影像劫持项
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsconime.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.COM
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File 

(编辑:admin)

网友评论
推荐文章