帮忙!!急!!logogo.exe inudhya.dll 病毒!! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛帮忙!!急!!logogo.exe inudhya.dll 病毒!!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 3 页

跳转页

帮忙!!急!!logogo.exe inudhya.dll 病毒!!

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:15 \| 只看楼主短消息资料字号：小中大 11楼 [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621] [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1] [F:\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2] [C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0] [F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\jh.dll] [N/A, ] [F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [f:\new folder\nfio.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\basegui.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\FSSync.dll] [Kaspersky Lab, 6.0.5.621] [f:\new folder\winreg.ppl] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1] [PID: 3812 / wzh][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621] [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1] [F:\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2] [C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0] [F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\jh.dll] [N/A, ] [F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\nfio.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\basegui.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\thpimpl.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\FSSync.dll] [Kaspersky Lab, 6.0.5.621] [f:\new folder\winreg.ppl] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1] [PID: 2868 / wzh][C:\Program Files\FlashGet\flashget.exe] [Amaze Soft, 1, 6, 5, 0] [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\jh.dll] [N/A, ] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1] [PID: 444 / wzh][F:\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.3.0.220] [F:\Thunder\Program\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 8] [F:\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 71] [F:\Thunder\Program\log4cplus.dll] [, 1, 0, 2, 1] [F:\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [F:\Thunder\Program\asyn_dns.dll] [N/A, ] [F:\Thunder\Program\msgmanage.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 15] [F:\Thunder\Program\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 2, 0, 148] [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [F:\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 1, 0, 18] [F:\Thunder\Program\FloatBar.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [F:\New Folder\adialhk.dll] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\jh.dll] [N/A, ] [F:\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 11] [F:\Thunder\Components\InMedia\iEmbed04.dll] [　, 2, 3, 0, 37] [F:\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 8] [F:\New Folder\scrchpg.dll] [Kaspersky Lab, 6.0.2.621] [F:\Thunder\Program\iTargetAd.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 55] [F:\New Folder\klscav.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prremote.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prloader.dll] [Kaspersky Lab, 6.0.2.621] [F:\New Folder\prkernel.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\params.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\pxstub.ppl] [Kaspersky Lab, 6.0.2.621] [f:\new folder\tempfile.ppl] [Kaspersky Lab, 6.0.2.621] [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1] [PID: 272 / wzh][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [C:\WINDOWS\System32\jh.dll] [N/A, ] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1] [PID: 1496 / wzh][C:\Documents and Settings\wzh\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\System32\RemoteDbg.dll] [N/A, ] [C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:16 \| 只看楼主短消息资料字号：小中大 12楼文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}]
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:16 \| 只看楼主短消息资料字号：小中大 13楼 ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] OPEN=setup.exe shellexecute=setup.exe shell\打开(&O)\command=setup.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeSystemtimePrivilege [PID = 1468, C:\WINDOWS\SYSTEM32\RESETSERVICE.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2036, C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2036, C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2044, C:\WINDOWS\VM_STI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2044, C:\WINDOWS\VM_STI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 192, F:\CYBERLINK DVD\POWERDVD\PDVDSERV.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 192, F:\CYBERLINK DVD\POWERDVD\PDVDSERV.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2868, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2868, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 444, F:\THUNDER\PROGRAM\THUNDER5.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 444, F:\THUNDER\PROGRAM\THUNDER5.EXE] ================================== API HOOK RVA 错误： LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys) RVA 错误： LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys) RVA 错误： LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys) RVA 错误： LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys) RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\System32\drivers\klif.sys) ================================== 隐藏进程 N/A ==================================
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:19 \| 只看楼主短消息资料字号：小中大 14楼这个是我在病毒进程和文件都删除的情况下扫描的,中病毒时windows\system内有文件logogo.exe和inudhya.dll两个文件,各盘中有autorun.inf和setup.exe,进程中有logogo.exe和conime.exe
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:21 \| 只看楼主短消息资料字号：小中大 15楼还有启动项中的logogo.exe也被我用msconfig删了
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:24 \| 只看楼主短消息资料字号：小中大 16楼昨天还同时中了*pri.dll的病毒我用专杀杀了
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:46 \| 只看楼主短消息资料字号：小中大 17楼有没有高手可以给指点一下...跪求啊
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 18:50 \| 只看楼主短消息资料字号：小中大 18楼我在运行迅雷的时候卡巴告诉我程序模块 C:\Documents and Settings\wzh\桌面\1_.ii 正在安装正在运行但没有通知用户.这个行为类似于木马行为(Trojan Downloader/Dropper).
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-02 20:55 \| 只看楼主短消息资料字号：小中大 19楼自己顶啊..高手怎么还不来
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:	发表于： 2007-09-04 20:21 \| 只看楼主短消息资料字号：小中大 20楼 ren ne..
wzh8877 初生襁褓狮帖子:24 注册: 2007-09-02 来自:

<<上一主题|下一主题>>

2 / 3 页

跳转页

页面顶部

Powered by Discuz!NT