瑞星卡卡安全论坛

在朋友家杀的，处理病毒10分钟，捣鼓系统1小时附杀前日志和杀后日志和样本
这个俗称USP10.DLL的东西没这么可怕，就是一键备份恢复没用
先扫了个日志发现有猫癣特征，就从自动杀毒开始，先下载金山急救箱，断网，处理了病毒启动项，重启后装了杀毒软件全盘杀毒
就完全清除了，没必要手动
这是杀出的：


deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security 2008\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\A&A\Kingsoft Internet Security\ksa\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\My Documents\QQ\usp10.dll
deleted: Trojan program Trojan.Win32.SmallGame.cb File: C:\WINDOWS\system32\HBCHIBI.dll（病毒驱动）
deleted: Trojan program Trojan.Win32.Agent.binb File: C:\WINDOWS\system32\anymie360.dll（病毒驱动）
deleted: Trojan program Trojan-PSW.Win32.Agent.lqp File: C:\WINDOWS\Fonts\ComRes.dll
deleted: Trojan program Trojan-PSW.Win32.Agent.lqp File: C:\WINDOWS\Fonts\ctm04002.ttf
deleted: Trojan program Trojan-PSW.Win32.Agent.lsc File: C:\WINDOWS\Fonts\ctm04004.ttf
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewp File: C:\Documents and Settings\Administrator\Local Settings\Temp\WowInitcode.dat
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewz File: C:\Documents and Settings\Administrator\Local Settings\Temp\wsasystem.gif
deleted: Trojan program Trojan-GameThief.Win32.WOW.ewz File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C2KFA0A3\new1[1].exe
注：盗号木马就不一一标出，太多，写不了          都在TEMP
deleted: Trojan program Trojan-PSW.Win32.Agent.lqo File: C:\Program Files\Internet Explorer\UnxxZun.Zmp//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Microsoft Office\OFFICE11\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Microsoft Office\OFFICE11\2052\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\PowerInfo\DreamPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\TTPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdou File: D:\Program Files\Tencent\QQ\psapi.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQUpdateQzone\191030_20_0\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\Qzone\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQPet\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQPet\QQUpdateQQPet\3_4_0\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQDoctor\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQ\QQDoctor\Hotfix\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Update\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Download\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQGame\Five\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQMusic\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQDownload\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQPet\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Tencent\QQPet\LiveUpdater\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Real\RealPlayer\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Real\RealPlayer\Setup\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\PPLive\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Program\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Program\Update\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\InMedia\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\VPShell\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\WPS Office 2005 OEM\office6\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\WPS Office 2005 OEM\utility\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\CommonHtml\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.yrl File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\kavstart.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\antispy\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\oemupdate\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Update\bin\oemupdate\KSA\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\KSA\PatchBak\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\ÐÂÀ˷ѵãµçÊÓ\feidianTV\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Ç廪×Ϲâ\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Á¬Á¬¿´\usp10.dll
deleted: Trojan program Trojan-Downloader.Win32.Agent.bdhs File: D:\Á¬Á¬¿´4\Á¬Á¬¿´4\Updater\usp10.dll









用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件: 杀毒前日志.log

附件: 杀毒后日志1.log

附件: 完全样本.rar

建议发到“可疑文件交流区”，以免不知情的网友误下载运行。



要我转么？

正好不够可疑文件交流区的下载权限，谢喽:default6:

编辑OK，欢迎借鉴

反正够折腾的.

我的hosts文件消失了,用SRE重置,说没权限.
再早两天的求助里提到过,没人有空理,帖子太多了,很快就沉了.

我怎么这么好清除
难道这是RP问题？:default6: :default6:
补充点：这个毒好像删GHO文件

是贩毒者的RPWT!
反正够阴够损的.
昨天杀时有发现usp10.dll侵入GHOST目录下,不知GHO是否会遭遇破坏?

想起来了是把GHOST的文件删了，开机没这一项了

中这毒能进安全模式不？？

如果你中了 很明显安全模式早就挂了

在虚拟机下测试过几次usp10.dll。刚才也测试了gr.exe.能进·······

你这完全样本里全是已经加库的

你所谓的杀毒软件能处理，是指那其他盘内所有的病毒usp10.dll是已经加库的

如果那usp10.dll刚做了免杀

那么你不手工，怎么去清除其他盘那么多的这病毒文件呢？？？

现在可杀，只是因为看病毒实际样本，好象一直维持在1月31日左右的最后一次免杀

未见新的

那最后一次，各家已经开始大规模加库了