【推荐】"Backdoor.Agent.ddb "的查杀...
今天接到从 newcenturymoon 发来的样本..测试了下..
运行病毒后..生成:
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jggfj.exe
C:\Progra~1\NetMeeting\nmview.dll
HijackThis 扫描可发现:
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jggfj.exe
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
SREng 扫描发现一个C:\WINDOWS\System32\hgfs.dll 插入 Explorer.exe
【解决】
结束
C:\WINDOWS\System32\hgfs.dll 必须用killbox删除..(按图上的选择后删除..)
用HijackThis 修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jggfj.exe
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
删除
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jggfj.exe
C:\Progra~1\NetMeeting\nmview.dll
------------------------------------------------------------------------
killbox下载地址:
http://forum.ikaka.com/topic.asp?board=28&artid=6979213 (4楼)
