瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » mms.exe 怎么能彻底清除
cnn250 - 2009-1-31 23:57:00
mms.exe  这个进程怎么禁止?我电脑只要随便一开网页,过一会这个进程就会出来,而且有背景音乐,一段一段的。瑞星全盘杀毒也查不出问题来,只能手动关了mms.exe才能停止背景音乐
有什么解决办法么?
谢谢各位了

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5)
夲號ヱ被ジ盜 - 2009-2-1 0:00:00
请去官网下载最新版本SREng工具使用:

http://www.kztechs.com/sreng/download.html
解压运行SRENG**.EXE
点智能扫描(保证mms.exe运行)
保存日志后上传
如果知道
mms.exe的路径的话,发上来
imeleven - 2009-2-1 2:04:00
我来回复吧》
imeleven - 2009-2-1 2:07:00
不好意思,上面是还没写完手误发帖了。
mms.exe的路径是在system32里面。
在临时文件夹里面也有一个,不过好像一删它,它就消失。
这个木马是指向一个网站:
http://my.51robot.info/mms.exe
从这个地址就可以下载到样本。各位小心。



PS: 不知道是哪个贱人注册的网址。NND,专门注册个网址来放病毒。


51robot.info的详细信息:

Access to INFO WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Afilias registry database. The data in this record is provided by
Afilias Limited for informational purposes only, and Afilias does not
guarantee its accuracy.  This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. Afilias reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy.
Domain ID:D27374306-LRMS
Domain Name:51ROBOT.INFO
Created On:07-Jan-2009 16:23:27 UTC
Last Updated On:07-Jan-2009 16:23:29 UTC
Expiration Date:07-Jan-2010 16:23:27 UTC
Sponsoring Registrar:GoDaddy.com Inc. (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:GODA-057754607
Registrant Name:Leefox Cao
Registrant Organization:
Registrant Street1:Weyi Road
Registrant Street2:
Registrant Street3:
Registrant City:Jinglan
Registrant State/Province:Joint
Registrant Postal Code:220099
Registrant Country:CN
Registrant Phone:+86.6028877663
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:leefox.s@gmail.com
Admin ID:GODA-257754607
Admin Name:Leefox Cao
Admin Organization:
Admin Street1:Weyi Road
Admin Street2:
Admin Street3:
Admin City:Jinglan
Admin State/Province:Joint
Admin Postal Code:220099
Admin Country:CN
Admin Phone:+86.6028877663
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:leefox.s@gmail.com
Billing ID:GODA-357754607
Billing Name:Leefox Cao
Billing Organization:
Billing Street1:Weyi Road
Billing Street2:
Billing Street3:
Billing City:Jinglan
Billing State/Province:Joint
Billing Postal Code:220099
Billing Country:CN
Billing Phone:+86.6028877663
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:leefox.s@gmail.com
Tech ID:GODA-157754607
Tech Name:Leefox Cao
Tech Organization:
Tech Street1:Weyi Road
Tech Street2:
Tech Street3:
Tech City:Jinglan
Tech State/Province:Joint
Tech Postal Code:220099
Tech Country:CN
Tech Phone:+86.6028877663
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:leefox.s@gmail.com
Name Server:NS27.DOMAINCONTROL.COM
Name Server:NS28.DOMAINCONTROL.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
imeleven - 2009-2-1 9:59:00
有没有人帮忙看看啊。。谢谢啦。。
backway - 2009-2-1 10:18:00
照上面的上传sreng日志
imeleven - 2009-2-1 11:17:00
请看附件。。谢谢啦。。

附件: SRengLOG.txt
aaccbbdd - 2009-2-1 11:33:00
c:\windows\system32\mms.exe
c:\windows\system32\utscsi.exe
发到可疑文件交流区鉴定
backway - 2009-2-1 11:34:00
建议将c:\windows\system32\mms.exe上传到http://www.virscan.org/并反馈结果
imeleven - 2009-2-1 11:48:00
VirSCAN.org Scanned Report :
Scanned time  : 2009/01/29 21:25:40 (CST)
Scanner results: 27%的杀软(10/37)报告发现病毒
File Name      : mms.exe
File Size      : 52736 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 91bf28d0f4e912ab4c8506b49c3bbcbe
SHA1          : 30beb340250bc5eccf22914147eb73319ed36dac
Online report  : http://virscan.org/report/6663e629ab009d207057cc2b82ecc0c9.html

Scanner        Engine Ver      Sig Ver          Sig Date    Time  Scan result
a-squared      4.0.0.29        20090128170451    2009-01-28  10.85  Trojan.Win32.Agent2!IK
安博士V3      2009.01.29.04  2009.01.29        2009-01-29  2.36  -
AntiVir        7.9.0.60        7.1.1.201        2009-01-29  1.92  TR/Agent.hqw
安天          2.0.18          20090118.2063925  2009-01-18  0.02  -
Authentium    5.1.1          200901281745      2009-01-28  1.12  -
AVAST!        3.0.1          090128-0          2009-01-28  0.00  -
AVG            7.5.52.442      270.10.15/1923    2009-01-29  1.90  Agent.AVWR
BitDefender    7.81008.2617387 7.23382          2009-01-29  2.44  -
CA (VET)      9.0.0.143      31.6.6334        2009-01-29  10.35  -
ClamAV        0.94.2          8918              2009-01-29  0.05  -
Comodo        3.0            952              2009-01-29  1.22  TrojWare.Win32.Agent2.afz
CP Secure      1.1.0.715      2009.01.29        2009-01-29  7.01  -
Dr.Web        4.44.0.9170    2009.01.29        2009-01-29  3.94  -
F-Prot        4.4.4.56        20090128          2009-01-28  1.11  -
F-Secure      5.51.6100      2009.01.29.02    2009-01-29  0.11  Trojan.Win32.Agent2.afz [AVP]
飞塔          2.81-3.117      9.977            2009-01-29  0.34  -
GData          19.2638/19.201  20090129          2009-01-29  4.83  Trojan.Win32.Agent2.afz [Engine:A]
ViRobot        20090128        2009.01.28        2009-01-28  0.41  -
Ikarus        T3.1.01.45      2009.01.29.72228  2009-01-29  3.54  Trojan.Win32.Agent2
江民杀毒      11.0.706        2009.01.29        2009-01-29  3.53  -
卡巴斯基      5.5.10          2009.01.29        2009-01-29  0.05  Trojan.Win32.Agent2.afz
金山毒霸      2008.9.8.18    2009.1.29.21      2009-01-29  5.67  -
迈克菲        5.3.00          5509              2009-01-28  3.17  -
Microsoft      1.4205          2009.01.29        2009-01-29  9.10  -
mks_vir        2.01            2009.01.29        2009-01-29  2.83  -
Norman        5.93.01        5.93.00          2009-01-20  6.85  -
熊猫卫士      9.05.01        2009.01.28        2009-01-28  3.87  -
趋势科技      8.700-1004      5.804.04          2009-01-29  0.06  -
Quick Heal    10.00          2009.01.29        2009-01-29  3.19  -
瑞星          20.0            21.14.20.00      2009-01-28  1.23  -
Sophos        2.83.3          4.38              2009-01-29  2.27  -
Sunbelt        4786            4786              2009-01-28  0.87  -
赛门铁克      1.3.0.24        20090128.003      2009-01-28  1.91  -
nProtect      20090129.01    3074762          2009-01-29  4.45  Trojan/W32.Agent2.52736
The Hacker    6.3.1.5        v00231            2009-01-29  0.51  -
VBA32          3.12.8.11      20090128.1105    2009-01-28  1.71  Trojan-PSW.Delf.26 (paranoid heuristics) (suspicious)
VirusBuster    4.5.11.10      10.100.41/784710  2009-01-28  1.28  -
cnn250 - 2009-2-1 15:09:00
谢谢各位了,期待能简单点的小程序

回2楼那个连接里的文件好想下不来,我晚些时候再试试

问题是瑞星现在为啥不认他是病毒呢?

背景音乐啥都有,刚才出来个电台频道,主持人说这里是xxx,听众进来电话,cnmb。还挺逗,还想继续竟然没有了,哈哈
imeleven - 2009-2-1 19:51:00
解决了!!!
去下个卡巴斯基回来吧,这个东西不单单是个木马,背后还藏有病毒。。

卡巴斯基很神速,我杀了两遍就全部清除了。。:default23:
cnn250 - 2009-2-2 11:14:00
谢谢楼上的,
这让我想起来曾经瑞星和卡巴对这放毒
看看瑞星啥时候能更新到认毒
1
查看完整版本: mms.exe 怎么能彻底清除
© 2000 - 2025 Rising Corp. Ltd.