不好注册 - 2007-5-20 9:15:00
太长了,只贴一部分吧
[smss.exe]
PID = 0x1b0
CommandLine =
smss.exe
0x48580000
C:\WINDOWS\system32\smss.exe
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Session Manager
2005-05-02 04:30:00
ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2005-05-02 04:30:00
[csrss.exe]
PID = 0x1f0
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe
0x4a680000
c:\windows\system32\csrss.exe
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Client Server Runtime Process
2005-05-02 04:30:00
ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2005-05-02 04:30:00
CSRSRV.dll
0x75aa0000
C:\WINDOWS\system32\csrsrv.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Client Server Runtime Process
2005-05-02 04:30:00
basesrv.dll
0x75ab0000
C:\WINDOWS\system32\basesrv.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Server DLL
2005-05-02 04:30:00
winsrv.dll
0x764e0000
C:\WINDOWS\system32\winsrv.dll
5.1.2600.2622 (xpsp.050301-1521)
Microsoft Corporation
Windows Server DLL
2005-05-02 04:30:00
GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
GDI Client DLL
2005-05-02 04:30:00
KERNEL32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2005-05-02 04:30:00
USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2622 (xpsp.050301-1521)
Microsoft Corporation
Windows XP USER API Client DLL
2005-05-02 04:30:00
LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2005-05-02 04:30:00
USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2005-05-02 04:30:00
msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2005-05-02 04:30:00
ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2005-05-02 04:30:00
RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2005-05-02 04:30:00
sxs.dll
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Fusion 2.5
2005-05-02 04:30:00
[winlogon.exe]
PID = 0x208
CommandLine = winlogon.exe
winlogon.exe
0x1000000
c:\windows\system32\winlogon.exe
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Logon Application
2005-05-02 04:30:00
ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2005-05-02 04:30:00
kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2005-05-02 04:30:00
ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2005-05-02 04:30:00
RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2005-05-02 04:30:00
AUTHZ.dll
0x77fe0000
C:\WINDOWS\system32\authz.dll
5.1.2600.2622 (xpsp.050301-1521)
Microsoft Corporation
Authorization Framework
2005-05-02 04:30:00
msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2005-05-02 04:30:00
CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Crypto API32
2005-05-02 04:30:00
USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2622 (xpsp.050301-1521)
Microsoft Corporation
Windows XP USER API Client DLL
2005-05-02 04:30:00
GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
GDI Client DLL
2005-05-02 04:30:00
MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
ASN.1 Runtime APIs
2005-05-02 04:30:00
NDdeApi.dll
0x758a0000
C:\WINDOWS\system32\nddeapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Network DDE Share Management APIs
2005-05-02 04:30:00
PROFMAP.dll
0x75890000
C:\WINDOWS\system32\profmap.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Userenv
2005-05-02 04:30:00
NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Net Win32 API DLL
2005-05-02 04:30:00
USERENV.dll
0x759d0000
C:\WINDOWS\system32\userenv.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Userenv
2005-05-02 04:30:00
PSAPI.DLL
0x76bc0000
C:\WINDOWS\system32\psapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Process Status Helper
2005-05-02 04:30:00
REGAPI.dll
0x76b90000
C:\WINDOWS\system32\regapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Registry Configuration APIs
2005-05-02 04:30:00
Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Security Support Provider Interface
2005-05-02 04:30:00
SETUPAPI.dll
0x76060000
C:\WINDOWS\system32\setupapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Setup API
2005-05-02 04:30:00
VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Version Checking and File Installation Libraries
2005-05-02 04:30:00
WINSTA.dll
0x762d0000
C:\WINDOWS\system32\winsta.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Winstation Library
2005-05-02 04:30:00
WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Trust Verification APIs
2005-05-02 04:30:00
IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Image Helper
2005-05-02 04:30:00
WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2005-05-02 04:30:00
WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2005-05-02 04:30:00
IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP IMM32 API Client DLL
2005-05-02 04:30:00
LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2005-05-02 04:30:00
USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2005-05-02 04:30:00
MSGINA.dll
0x758d0000
C:\WINDOWS\system32\msgina.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Logon GINA DLL
2005-05-02 04:30:00
SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.2620 (xpsp.050225-1825)
Microsoft Corporation
Windows Shell Common Dll
2005-05-02 04:30:00
SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.2627 (xpsp.050309-1719)
Microsoft Corporation
Shell Light-weight Utility Library
2005-05-02 04:30:00
COMCTL32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Controls Library
2005-05-02 04:30:00
ODBC32.dll
0x73540000
C:\WINDOWS\system32\odbc32.dll
3.525.1117.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Data Access - ODBC Driver Manager
2005-05-02 04:30:00
comdlg32.dll
0x76320000
C:\WINDOWS\system32\comdlg32.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Dialogs DLL
2005-05-02 04:30:00
comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
6.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
User Experience Controls Library
2005-05-02 04:30:00
odbcint.dll
0x20000000
C:\WINDOWS\system32\odbcint.dll
3.525.1117.0 built by: (_sqlbld)
Microsoft Corporation
Microsoft Data Access - ODBC Resources
2005-05-02 04:30:00
SHSVCS.dll
0x76e10000
C:\WINDOWS\system32\shsvcs.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Shell Services Dll
2005-05-02 04:30:00
sfc.dll
0x76b80000
C:\WINDOWS\system32\sfc.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows File Protection
2005-05-02 04:30:00
sfc_os.dll
聊西网络 - 2007-5-20 9:53:00
机器症状一切正常,但和病毒沾边的,它都会自动把程序(杀毒专杀清理等软件)、窗口(打开盘符会自动生成另一个窗口)(杀毒等所在目录等)、IE(包括绿色N个浏览器)(看什么都正常但搜索病毒和相关信息等)系统就自动关闭,结束进程还会出现)安全模式进不去,重装也不行,没想到病毒非常智能化,
经本人3天的冥思苦想,得出一套方案;
此病毒首先感染C盘 然后D--E---F等 会生成autorun.inf和xdppvex.exe文件 用查看隐藏文件的方法看不见此文件,我将下面文字保存为注册表文件(计事本)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
然后删除每个盘下的autorun.inf和xdppvex.exe
准备一张安装的杀毒光盘,最好国产
重做系统---等系统重做完后 不要打开我的电脑,而是直接用光盘安装杀毒,连接网络升级,然后进安全模式杀毒,完毕后,安装AVG Anti-Spyware 木马专杀和360安全卫士,再彻底检查遍,建议上啊毒用国产因为国产的杀毒对过情比较了解(最近诺顿出现重大问题不要使用),木马专杀推荐AVG Anti-Spyware 这个软件可以查杀的木马非常彻底,最后清除系统垃圾把系统GHOST下备份。
有什么问题可以与我交流和咨询QQ:245178885 liaoxiwangluo@126.com
romeo0079 - 2007-5-23 23:47:00
【回复“不好注册”的帖子】
错了,正确的步骤是先打开注册表 (开始/运行/输入"regedit"),找键
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanc
ed\Folder\Hidden\NOHIDDEN]
把CheckedValue (类型DWORD)改为1(病毒会改变这个键的类型,要删了再新建立)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advance
d\Folder\Hidden\SHOWALL
这里也和上面一样
然后到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN
里把病毒的启动项删去有xdppvex.exe,wntbhaa.exe和lgwubrw.exe.
再到系统盘/windows/system32里把例如212.exe,1092.exe,414.exe,515.exe删去.
此时用右键打开各个盘,选工具/文件夹选项/(显示隐藏文件),删除各个盘的autorun.inf
和xdppvex.exe文件.(一定要删干净,而且不能放在回收站里)
最后,重启,在系统盘里找到xdppvex.exe, wntbhaa.exe和lgwubrw.exe,删除. 删完收功,
更本不用重装系统和系统还原.但此木马是个下其他木马的木马,升级你的杀毒软件,杀其
他木马吧.战争还没结束啊.不行发邮件给我 fbifreedom@yahoo.com.cn
© 2000 - 2026 Rising Corp. Ltd.
