瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Backdoor.Win32.Bifrose.kt病毒如何删除??

123   3  /  3  页   跳转

Backdoor.Win32.Bifrose.kt病毒如何删除??

收藏
伊网情深
头像
初生襁褓狮
  • 帖子:123
  • 注册: 2006-05-17
  • 来自:
发表于: 2007-10-26 11:21 | 只看楼主 短消息 资料
字号: 21楼

[PID: 3032 / Administrator][C:\windows\system32\壁纸自动换.exe]  [N/A, ]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3088 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
[PID: 3096 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3108 / Administrator][D:\program\豪杰超级解霸 V9\SysExplr.EXE]  [N/A, ]
    [D:\program\豪杰超级解霸 V9\HttpReq.dll]  [N/A, ]
    [D:\program\豪杰超级解霸 V9\CoolMenu.dll]  [N/A, ]
    [D:\program\豪杰超级解霸 V9\httphlp.dll]  [N/A, ]
    [D:\program\豪杰超级解霸 V9\AVCDROM.dll]  [N/A, ]
    [D:\program\豪杰超级解霸 V9\Sys936.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3116 / Administrator][C:\WINDOWS\VM_STI.EXE]  [Vimicro, 4, 2, 1124, 6]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 3128 / Administrator][C:\Program Files\StarSec\ssMgr_ccb.exe]  [, 1, 0, 5, 1026]
    [C:\WINDOWS\system32\SSP11_CCB.dll]  [GDChina, 1, 0, 0, 2]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3144 / Administrator][D:\program\全能助手\TweakAssist\AssistSystray.exe]  [全能助手工作室, 4, 0, 4, 0]
    [D:\program\全能助手\TweakAssist\AssistAlert.dll]  [全能助手工作室, 1, 0, 0, 0]
    [D:\program\全能助手\TweakAssist\AssistBWSpy.dll]  [全能助手工作室, 1, 0, 1, 1]
    [D:\program\全能助手\TweakAssist\TweakAssistKrnl.dll]  [全能助手工作室, 2, 0, 1, 1]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [D:\program\全能助手\TweakAssist\AssistWallpaper.dll]  [全能助手工作室, 2, 0, 0, 3]
    [D:\program\全能助手\TWEAKA~1\AssistImgfmt.dll]  [全能助手工作室, 2, 0, 0, 0]
[PID: 3160 / Administrator][D:\program\瑞星杀毒\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [D:\program\瑞星杀毒\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\program\瑞星杀毒\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\program\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\program\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\program\瑞星杀毒\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3168 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 2608 / Administrator][d:\program\万能五笔\wnwb.exe]  [深圳世强软件开发部 www.wnwb.com , 2005, 11, 19, 1]
    [d:\program\万能五笔\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 4000 / Administrator][D:\program\大智慧\dzh\internet\hypwise.exe]  [大智慧, 1, 0, 0, 1]
    [D:\program\大智慧\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 3932 / Administrator][D:\program\大智慧\dzh\internet\hypmain.exe]  [GreatWise, 5.6.0.2660]
    [D:\program\大智慧\dzh\internet\borlndmm.dll]  [Inprise Corporation, 5.0.6.18]
    [D:\program\大智慧\dzh\internet\zlib.dll]  [N/A, ]
    [D:\program\大智慧\dzh\internet\tcpip.dll]  [, 1, 0, 0, 1]
    [D:\program\大智慧\dzh\internet\hypdown.dll]  [, 1, 0, 0, 1]
    [D:\program\大智慧\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [D:\program\大智慧\dzh\internet\investdll.dll]  [, 1, 0, 0, 3]
    [D:\program\大智慧\dzh\internet\wgdll.dll]  [N/A, ]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [D:\program\大智慧\dzh\internet\olepro32.dll]  [Microsoft Corporation, 5.0.4275]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\program\万能五笔\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[PID: 4084 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [D:\program\全能助手\TweakAssist\AssistIEBar.dll]  [全能助手工作室, 7, 0, 1, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll]  [深圳世强软件开发部, 2005, 8, 30, 1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\program\瑞星杀毒\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [d:\program\万能五笔\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3199 (xpsp_sp2_gdr.070821-1257)]
[PID: 288 / Administrator][D:\PROGRAM\瑞星杀毒\RISING\RAV\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.7]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRAM\瑞星杀毒\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM\瑞星杀毒\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 1972 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 508 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
[PID: 2724 / Administrator][D:\Downloads\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [D:\Downloads\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
伊网情深
头像
初生襁褓狮
  • 帖子:123
  • 注册: 2006-05-17
  • 来自:
发表于: 2007-10-26 11:21 | 只看楼主 短消息 资料
字号: 22楼

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\STARSEC\PLUGSERVER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3032, C:\WINDOWS\SYSTEM32\壁纸自动换.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3108, D:\PROGRAM\豪杰超级解霸 V9\SYSEXPLR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3128, C:\PROGRAM FILES\STARSEC\SSMGR_CCB.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3144, D:\PROGRAM\全能助手\TWEAKASSIST\ASSISTSYSTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3144, D:\PROGRAM\全能助手\TWEAKASSIST\ASSISTSYSTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2608, D:\PROGRAM\万能五笔\WNWB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4000, D:\PROGRAM\大智慧\DZH\INTERNET\HYPWISE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3932, D:\PROGRAM\大智慧\DZH\INTERNET\HYPMAIN.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
oieurew
头像
尚未降生
  • 帖子:123
  • 注册: 2007-07-24
  • 来自:
发表于: 2007-10-30 11:37 | 短消息 资料
字号: 23楼

要想防住Web威胁,最主要的还是要有安全上网的意识吧,别老去不安全的网站就好了
gototop
 
dfiewe
头像
尚未降生
  • 帖子:141
  • 注册: 2007-07-24
  • 来自:
发表于: 2007-10-30 13:35 | 短消息 资料
字号: 24楼

唉,趋势还是不熟悉中国的市场规律啊,挺好的东西,知名度不高。
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2007-10-30 13:56 | 短消息 资料
字号: 25楼

趋势=吃屎~~!!

谁用谁吃屎!!
gototop
 
<<上一主题|下一主题>>
123   3  /  3  页   跳转
页面顶部
Powered by Discuz!NT