瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 大家有没有中过这种病毒,是不是新品种
simonqqq - 2007-4-13 11:51:00


近日,系统中发现新增名为microsoft.exe的用户进程和dcomsvr.exe系统进程。
使用资源管理器单独终止microsoft.exe时系统会重新加入进程,先终止dcomsvr.exe在终止microsoft.exe系统大约会在5分钟后重新加入这两个进程。
google搜索microsoft.exe为高波病毒,dcomsvr.exe没有信息,使用高波专杀(卡卡助手和金山高波专杀工具)却无法发现病毒。


simonqqq - 2007-4-13 11:56:00


[DCOMSvr.EXE]
PID=0xc30
CommandLine=C:\WINDOWS\system32\DCOMSvr.EXE
DCOMSvr.EXE
0x400000
C:\WINDOWS\system32\DCOMSvr.EXE



2007-04-1310:44:58

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24


simonqqq - 2007-4-13 11:56:00

[microsoft.exe]
PID=0x9b8
CommandLine=C:\WINDOWS\system32\microsoft.exeC:\WINDOWS\system32\wscuiex.cpl,Run
microsoft.exe
0x1000000
C:\WINDOWS\system32\microsoft.exe
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RunaDLLasanApp
2004-08-0400:52:38

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTImageHelper
2004-08-0400:52:12

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

wscuiex.cpl
0x10000000
C:\WINDOWS\system32\wscuiex.cpl
1,0,0,0
mcsoft
动态链接库
2007-04-1301:51:58

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.032-BitDLL
2004-08-0400:52:28

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.0HelperforWindowsNT
2004-08-0400:52:28

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2726(xpsp_sp2_gdr.050725-1528)
MicrosoftCorporation
MicrosoftOLEforWindows
2005-07-2612:39:50

WININET.dll
0x76680000
C:\WINDOWS\system32\wininet.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
InternetExtensionsforWin32
2007-01-0421:38:44

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
CryptoAPI32
2004-08-0400:52:08

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ASN.1RuntimeAPIs
2004-08-0400:52:16

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
MicrosoftCorporation

2004-08-0400:52:22

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

urlmon.dll
0x75c60000
C:\WINDOWS\system32\urlmon.dll
6.00.2900.3072(xpsp_sp2_gdr.070124-2319)
MicrosoftCorporation
OLE32ExtensionsforWin32
2007-01-2520:52:06

VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
VersionCheckingandFileInstallationLibraries
2004-08-0400:52:26

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2976(xpsp_sp2_gdr.060817-0106)
MicrosoftCorporation
NetWin32APIDLL
2006-08-1720:29:48

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

uxtheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftUxThemeLibrary
2004-08-0400:52:26

MSCTF.dll
0x74680000
C:\WINDOWS\system32\MSCTF.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MSCTFServerDLL
2004-08-0400:52:16

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTextFrameWorkServiceIME
2004-08-0400:51:20

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

CLBCATQ.DLL
0x76fa0000
C:\WINDOWS\system32\clbcatq.dll
2001.12.4414.308
MicrosoftCorporation

2005-07-2612:39:46

COMRes.dll
0x77020000
C:\WINDOWS\system32\comres.dll
2001.12.4414.258
MicrosoftCorporation

2004-08-0400:52:08

shdocvw.dll
0x7e550000
C:\WINDOWS\system32\shdocvw.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellDocObjectandControlLibrary
2007-01-0421:38:32

CRYPTUI.dll
0x75430000
C:\WINDOWS\system32\cryptui.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustUIProvider
2004-08-0400:52:08

WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustVerificationAPIs
2004-08-0400:52:28

WLDAP32.dll
0x76f30000
C:\WINDOWS\system32\wldap32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Win32LDAPAPIDLL
2004-08-0400:52:28

xpsp2res.dll
0x20000000
C:\WINDOWS\system32\xpsp2res.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ServicePack2Messages
2004-08-0400:51:48

msi.dll
0xc70000
C:\WINDOWS\system32\msi.dll
3.1.4000.2435
MicrosoftCorporation
WindowsInstaller
2005-05-0414:45:32

SXS.DLL
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.3019(xpsp_sp2_gdr.061019-0414)
MicrosoftCorporation
Fusion2.5
2006-10-2009:37:48

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24

shell32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

mlang.dll
0x74cf0000
C:\WINDOWS\system32\mlang.dll
6.00.2900.2530(xpsp.040919-1030)
MicrosoftCorporation
MultiLanguageSupportDLL
2004-10-1604:54:42

wsock32.dll
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket32-BitDLL
2004-08-0400:52:28

mswsock.dll
0x719c0000
C:\WINDOWS\system32\mswsock.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftWindowsSockets2.0ServiceProvider
2004-08-0400:52:20

hnetcfg.dll
0x60fd0000
C:\WINDOWS\system32\hnetcfg.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
HomeNetworkingConfigurationManager
2004-08-0400:52:12

RASAPI32.DLL
0x76eb0000
C:\WINDOWS\system32\rasapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessAPI
2004-08-0400:52:22

rasman.dll
0x76e60000
C:\WINDOWS\system32\rasman.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessConnectionManager
2004-08-0400:52:24

TAPI32.dll
0x76e80000
C:\WINDOWS\system32\tapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Microsoft(R)Windows(TM)TelephonyAPIClientDLL
2004-08-0400:52:26

rtutils.dll
0x76e50000
C:\WINDOWS\system32\rtutils.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RoutingUtilities
2004-08-0400:52:24

WINMM.dll
0x76b10000
C:\WINDOWS\system32\winmm.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MCIAPIDLL
2004-08-0400:52:28

wshtcpip.dll
0x71a00000
C:\WINDOWS\system32\wshtcpip.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocketsHelperDLL
2004-08-0400:52:28

msv1_0.dll
0x77c40000
C:\WINDOWS\system32\msv1_0.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftAuthenticationPackagev1.0
2004-08-0400:52:20

iphlpapi.dll
0x76d30000
C:\WINDOWS\system32\iphlpapi.dll
5.1.2600.2912(xpsp_sp2_gdr.060519-0003)
MicrosoftCorporation
IPHelperAPI
2006-05-1921:14:08

sensapi.dll
0x72240000
C:\WINDOWS\system32\sensapi.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SENSConnectivityAPIDLL
2004-08-0400:52:24

USERENV.dll
0x759d0000
C:\WINDOWS\system32\userenv.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Userenv
2004-08-0400:52:26

rsaenh.dll
0xffd0000
C:\WINDOWS\system32\rsaenh.dll
5.1.2600.2161(xpsp.040706-1629)
MicrosoftCorporation
MicrosoftEnhancedCryptographicProvider
2004-08-0322:31:44

ieprot.dll
0x16e0000
C:\ProgramFiles\Rising\AntiSpyware\ieprot.dll
1,0,0,10
BeijingRisingTechnologyCo.,Ltd.
IEProtector
2007-04-1310:13:26

DNSAPI.dll
0x76ef0000
C:\WINDOWS\system32\dnsapi.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
DNSClientAPIDLL
2006-06-2701:41:40

rasadhlp.dll
0x76f90000
C:\WINDOWS\system32\rasadhlp.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
RemoteAccessAutoDialHelper
2006-06-2701:41:40


303266474 - 2007-4-13 13:02:00
请下载SREng(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip
1
查看完整版本: 大家有没有中过这种病毒,是不是新品种
© 2000 - 2026 Rising Corp. Ltd.