|
|
求助,我的PC中了WORM该用什么杀毒软件呢?
[复制链接]
|
|
|
发表于 21-1-2005 01:06 PM
|
显示全部楼层
这个方法比较新
Step 1
Download this tool finditnt2000xp.zip(thanks zupe)
Download finditnt2000xp.zip.
http://computercops.biz/zx/Zupe/Find%20It%20NT-2K-XP.zip
Unzip the contents of finditnt2000xp.zip to a convenient location.
Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
A command prompt will open and it will search your computer for malicious files.
Once it has finished a Notepad window will pop up with output.txt.
Copy/paste this output.txt in notepad and save it on your Desktop
Step 2
Identify bad files in find.bat log
In a Find.bat log you are looking only for Qoologic Results and Aspack Results
Basically, all the files in Qoologic Results and Aspack Results
are related and should be removed with Killbox along with the
VX2 files. The only files that should not be deleted in these
fields are ntdll.dll (a valid Windows file) and pav.sig
(Panda Antivirus signature file).(note in some logs i see also Incinerator.dll( from System_Mechanic's)witch also is a valid file)
These files are not be visible in a DLLcomprare log . The only
thing you might see is a random six letter running process.
They look kind of like this and always there is one .dat file
C:\WINDOWS\System32\wrkkkr.exe
C:\WINDOWS\system32\ycywwa.exe
C:\WINDOWS\System32\ybipaw.exe
C:\WINDOWS\system32\wawyqi.exe
C:\WINDOWS\system32\psbaaa.exe
C:\WINNT\system32\kwcoqc.exe
C:\WINNT\System32\wrawrr.exe
C:\WINDOWS\SYSTEM32\wpavbu.dat
for example,bad files are in bold
QUOTE
------------ Strings.exe Qoologic Results ------------
C:\WINDOWS\SYSTEM32\ieoapr.dll: updates.qoologic.com
C:\WINDOWS\SYSTEM32\lcwpou.dll: updates.qoologic.com
C:\WINDOWS\SYSTEM32\lhzqwu.exe: updates.qoologic.com
C:\WINDOWS\SYSTEM32\pav.sig: Qoologic
C:\WINDOWS\SYSTEM32\pav.sig: Qoologic
-------------- Strings.exe Aspack Results -------------
C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack
C:\WINDOWS\SYSTEM32\pav.sig: AsPack
C:\WINDOWS\SYSTEM32\vwikra.exe: .aspack
C:\WINDOWS\SYSTEM32\wpavbu.dat: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\khuntg.exe: .aspack
Step 3
Kill off the malicious files
same method like first post,use Killbox to kill bad files
Step 4
Make sure all files are gone
Once you get the new find.bat log you need to make sure every file is gone.
Keep killing files with Killbox until you have received a clean log
Now you have fixed the infection |
|
|
|
|
|
|
|
|
|
|
|
发表于 21-1-2005 01:37 PM
|
显示全部楼层
问题解决了,谢谢你的帮忙..
[ Last edited by 稻草人 on 21-1-2005 at 02:19 PM ] |
|
|
|
|
|
|
|
|
|
|
|
发表于 21-1-2005 02:46 PM
|
显示全部楼层
|
不客气,你中的是最新更厉害的VX2,还没有专门的工具,所以比较麻烦啦 |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
1694 
52
