遭遇Worm.Win32.Viking,Worm.Win32f.ysv,Trojan.PSW.Win32.OnlineGames等
endurer 原创
2007-07-30 第1版
刚才,“遭遇Worm.Viking.tc,Trojan.PSW.Win32.OnlineGames等”一文中的朋友又来求援,说电脑又出现上次的症状……
过去一看,系统托盘区里小红伞的监控图标不见了,询问得知是他卸载了。
打开瑞星卡卡安全助手检查,发现这次中的标跟上次中的那个极其相似,不同的就是这次没有:
O23 - 服务: WindowsDown (Windows_SystemDown) - C:/WINDOWS/system32/servet.exe | 2007-7-22 15:20:28(自动)
多了:
O23 - 服务: Visual WEB (NetworSVSA) - C:/WINDOWS/system32/wnipsvr.exe -Run | 2007-7-30 9:30:6(自动)
而 O20项则变成了:O20 - AppInit_DLLs = qhbpri.dll
这里就不贴 pe_xscan 的log了。
先把 这项服务及
O23 - 服务: 3CC81B56 (3CC81B56) - C:/WINDOWS/system32/70C59D59.EXE -3CC81B56 | 2007-7-30 16:15:46(自动)
O23 - 服务: 8810C4E6 (8810C4E6) - C:/WINDOWS/system32/27E3671A.EXE -k | 2007-7-23 8:13:10(自动)
停止并禁用了,重启电脑到带网络连接的安全模式。
由于Viking 是感染型病毒,所以还是先下载 DrWeb CureIt 来修复。
不过 DrWeb CureIt 下载速度比较慢(偶发现在网通的线路上下载速度很快),到 http://endurer.ys168.com 下载瑞星杀毒助手Aide4Rav,使用瑞星在线免费查毒扫描C盘,结果如下:
/---
2007-7-30 21:58:47 瑞星杀毒助手
Windows XP Service Pack 2(5.1.2600)
文件名 病毒名
C:/WINDOWS/system32/jhapri.dll Trojan.PSW.Win32.OnlineGames.dli
C:/WINDOWS/system32/upxdnd.dll Trojan.PSW.Win32.OnlineGames.dho
C:/WINDOWS/system32/wgdpri.dll Trojan.PSW.Win32.OnlineGames.doc
C:/WINDOWS/system32/mppds.dll Trojan.PSW.Win32.OnlineGames.dqc
c:/windows/system32/nslkupi.exe>>upack0.34 Hack.Win32.ArpCheater.d
c:/windows/system32/visin.exe>>upack0.39 Trojan.Win32.Agent.ine
c:/windows/system32/wnipsvr.exe>>upack0.34 Worm.Win32f.ysv
C:/WINDOWS/system32/6asx0.dll Trojan.PSW.Win32.XYOnline.co
c:/windows/system32/vbsdaas2.exe>>upack0.39 Trojan.PSW.Win32.WoWar.sz
C:/WINDOWS/system32/xk1s0.dll Trojan.PSW.Win32.WoWar.sz
C:/WINDOWS/system32/xk0s0.dll Trojan.PSW.Win32.OnlineGames.dnf
C:/WINDOWS/system32/xk8s0.dll Trojan.PSW.Win32.OnlineGames.dns
c:/windows/system32/eksdlfs5.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dng
C:/WINDOWS/system32/ls2o0.dll Trojan.PSW.Win32.OnlineGames.dng
c:/windows/system32/dsfids6.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
C:/WINDOWS/system32/9kxk0.dll Trojan.PSW.Win32.OnlineGames.dni
C:/WINDOWS/system32/xdxs0.dll Trojan.PSW.Win32.OnlineGames.dnp
c:/windows/system32/fsfjasj8.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
C:/WINDOWS/system32/as1x0.dll Trojan.PSW.Win32.OnlineGames.dnl
C:/WINDOWS/system32/88xk0.dll Trojan.PSW.Win32.OnlineGames.dnh
C:/WINDOWS/system32/9fdk0.dll Trojan.PSW.Win32.OnlineGames.dnb
C:/WINDOWS/system32/6lsd0.dll Trojan.PSW.Win32.AskTao.ah
C:/WINDOWS/system32/6ksx0.dll Trojan.PSW.Win32.TLOnline.n
C:/WINDOWS/system32/ax1o0.dll Trojan.PSW.Win32.XYOnline.bw
C:/WINDOWS/system32/3sak0.dll Trojan.PSW.Win32.OnlineGames.dnd
C:/WINDOWS/system32/x6dd0.dll Trojan.PSW.Win32.RocOnline.as
c:/windows/system32/27e3671a.exe>>Aspack212r Worm.Win32.Agent.ima
C:/WINDOWS/system32/A1FB9080.DLL Worm.Win32.Agent.ily
C:/WINDOWS/system32/70C59D59.EXE Trojan.IMMSG.Win32.TBMsg.iy
C:/WINDOWS/system32/cmdbcs.dll Trojan.PSW.Win32.OnlineGames.dmg
C:/WINDOWS/system32/DC4BE6F0.DLL Trojan.IMMSG.Win32.TBMsg.iy
c:/windows/system32/dfa73348.exe>>nspack Trojan.DL.Win32.VB.xev
C:/WINDOWS/system32/TIMHost.dll Trojan.PSW.Win32.RocOnline.t
c:/windows/system32/fsakfask9.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dnh
c:/windows/system32/oigdfgdfl1.exe>>upack0.39 Trojan.PSW.Win32.XYOnline.co
c:/windows/system32/dasxcsx13.exe>>upack0.39 Trojan.PSW.Win32.XYOnline.bw
C:/WINDOWS/system32/WinForm.dll Trojan.PSW.Win32.OnlineGames.dre
C:/WINDOWS/system32/Kvsc3.dll Trojan.PSW.Win32.SunOnline.z
c:/windows/system32/faskflxld3.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dnf
c:/windows/system32/fdaolfdos4.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
c:/windows/system32/slcskxsdl7.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
c:/windows/system32/afslkfasl10.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dnb
c:/windows/system32/kjgagklj11.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
c:/windows/system32/fsafsakx12.exe>>upack0.39 Trojan.PSW.Win32.AskTao.ah
c:/windows/system32/dsakfsak14.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dnd
c:/windows/system32/dasdsaads15.exe>>upack0.39 Trojan.PSW.Win32.RocOnline.as
c:/windows/system32/k11857832156.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/windows/system32/k11857832156.dat>>upack0.34 Trojan.PSW.Win32.OnlineGames.dlr
c:/windows/system32/k11857832145.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/windows/system32/k11857832167.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/windows/system32/k11857832145.dat>>upack0.34 Trojan.PSW.Win32.OnlineGames.dms
c:/windows/system32/k11857832167.dat>>upack0.34 Trojan.PSW.Win32.Zhuxian.y
c:/windows/system32/k118578322010.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/windows/system32/k118578322010.dat>>upack0.34 Trojan.PSW.Win32.WLOnline.jhr
c:/windows/system32/k118578322111.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/windows/system32/k118578322111.dat>>upack0.34 Trojan.PSW.Win32.OnlineGames.dle
C:/WINDOWS/system32/jzepri.dll Trojan.PSW.Win32.ZeroOnline.f
C:/WINDOWS/system32/qjepri.dll Trojan.PSW.Win32.OnlineGames.dod
C:/WINDOWS/system32/xyfpri.dll Trojan.PSW.Win32.XYOnline.cc
C:/WINDOWS/system32/mycpri.dll Trojan.PSW.Win32.RocOnline.ax
C:/WINDOWS/system32/dhbpri.dll Trojan.PSW.Win32.XYOnline.bx
C:/WINDOWS/system32/wdbpri.dll Trojan.PSW.Win32.AskTao.aj
C:/WINDOWS/system32/tllpri.dll Trojan.PSW.Win32.TLOnline.o
C:/WINDOWS/system32/zxepri.dll Trojan.PSW.Win32.OnlineGames.dnj
C:/WINDOWS/system32/tlmpri.dll Trojan.PSW.Win32.OnlineGames.dqr
C:/WINDOWS/system32/wldpri.dll Trojan.PSW.Win32.OnlineGames.dlx
C:/WINDOWS/system32/qhbpri.dll Trojan.PSW.Win32.QQHX.j
C:/WINDOWS/mppds.exe Trojan.PSW.Win32.OnlineGames.drg
c:/windows/~temp546.tmp>>upx_c Trojan.PSW.Win32.OnlineGames.dpp
C:/WINDOWS/RichDll.dll Worm.Win32.Viking.a
C:/WINDOWS/Logo1_.exe Worm.Win32.Viking.b
c:/windows/~tmp6152.exe>>upack0.34 Worm.Win32f.ysv
c:/windows/~tmp7634.exe>>upack0.34 Worm.Win32f.ysv
C:/WINDOWS/TIMHost.exe Trojan.PSW.Win32.RocOnline.t
c:/windows/winform.exe>>upx_c Trojan.PSW.Win32.OnlineGames.dre
c:/windows/kvsc3.exe>>upx_c Trojan.PSW.Win32.SunOnline.z
c:/windows/cmdbcs.exe>>upx_c Trojan.PSW.Win32.OnlineGames.dmg
c:/windows/msimms32.exe>>upx_c Trojan.PSW.Win32.OnlineGames.drj
c:/windows/windcp32.exe>>upx_c Trojan.PSW.Win32.OnlineGames.drj
C:/WINDOWS/uninstall/rundl132.exe Worm.Win32.Viking.b
c:/windows/upxdnd.exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dho
C:/UPDATE/WINDOWSXP-KB834707-X86-CHS.EXE Worm.Win32.Viking.a
c:/documents and settings/administrator/local settings/temp/go.exe>>upx_c Worm.Win32f.ysd
C:/Documents and Settings/Administrator/Local Settings/Temp/system22.exe Worm.Win32.Viking.a
C:/Documents and Settings/Administrator/Local Settings/Temp/woso.exe Trojan.PSW.ZhengTu.jzd
C:/Documents and Settings/Administrator/Local Settings/Temp/woso0.dll Trojan.PSW.Win32.OnlineGames.dfu
C:/Documents and Settings/Administrator/Local Settings/Temp/woso1.dll Trojan.PSW.Win32.OnlineGames.dfu
c:/documents and settings/administrator/local settings/temp/ztso.exe>>spack_a Trojan.PSW.ZhengTu.jzd
C:/Documents and Settings/Administrator/Local Settings/Temp/ztso0.dll Trojan.PSW.Win32.OnlineGames.dfh
c:/documents and settings/administrator/local settings/temp/rxso.exe>>spack_a Trojan.PSW.Win32.SunOnline.b
C:/Documents and Settings/Administrator/Local Settings/Temp/rxso0.dll Trojan.PSW.Win32.OnlineGames.djd
c:/documents and settings/administrator/local settings/temp/wdso.exe>>spack_a Trojan.PSW.Win32.SunOnline.b
C:/Documents and Settings/Administrator/Local Settings/Temp/wdso0.dll Trojan.PSW.Win32.OnlineGames.dqn
C:/Documents and Settings/Administrator/Local Settings/Temp/zxso0.dll Trojan.PSW.Win32.OnlineGames.dft
c:/documents and settings/administrator/local settings/temp/qjso.exe>>spack_a Trojan.PSW.WLOnline.jed
C:/Documents and Settings/Administrator/Local Settings/Temp/qjso0.dll Trojan.PSW.Win32.OnlineGames
c:/documents and settings/administrator/local settings/temp/tlso.exe>>spack_a Trojan.PSW.OnlineGames.bto
C:/Documents and Settings/Administrator/Local Settings/Temp/tlso0.dll Trojan.PSW.Win32.OnlineGames.dfq
c:/documents and settings/administrator/local settings/temp/wlso.exe>>spack_a Trojan.PSW.ZhengTu.jzd
C:/Documents and Settings/Administrator/Local Settings/Temp/wlso0.dll Trojan.PSW.Win32.OnlineGames.dfr
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/h8sz1hkp/4[1].exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dho
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/h8sz1hkp/7[1].exe>>upack0.34 Trojan.PSW.Win32.OnlineGames.dli
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/h8sz1hkp/13[1].exe>>upack0.34 Trojan.PSW.Win32.ZeroOnline.g
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/h8sz1hkp/15[1].exe>>upack0.34 Trojan.PSW.Win32.QQHX.j
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/h8sz1hkp/s368[1].exe>>upx_c Trojan.PSW.Win32.OnlineGames.dpp
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/idfod4z6/5[1].exe>>upack0.34 Trojan.PSW.Win32.AskTao.aj
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/4xyn816j/12[1].exe>>upack0.34 Trojan.PSW.Win32.OnlineGames.doc
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/4xyn816j/14[1].exe>>upack0.34 Trojan.PSW.Win32.XYOnline.bt
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/4xyn816j/16[1].exe>>upack0.34 Hack.Win32.ArpCheater.d
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o523ox27/go[1].exe>>upx_c Worm.Win32f.ysd
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o523ox27/3[1].exe>>upack0.34 Trojan.PSW.Win32.XYOnline.ca
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/O12BOPE3/1[1].exe Dropper.Win32.XYOnline.e
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/10[1].exe>>upack0.34 Trojan.PSW.Win32.OnlineGames.dse
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/qq[1].exe>>upack0.34 Worm.Win32f.ysv
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/7[1].exe>>spack_a Trojan.PSW.WLOnline.jed
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/11[1].exe>>spack_a Trojan.PSW.OnlineGames.bto
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/20[1].exe>>upack0.34 Hack.Win32.ArpCheater.d
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/zt0616[1].exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/o12bope3/wd0618[1].exe>>upx_c Trojan.PSW.Win32.OnlineGames.drj
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/O12BOPE3/update3[1].exe Trojan.IMMSG.Win32.TBMsg.iy
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/EDPMBQHK/9[1].exe Trojan.PSW.ZhengTu.jzd
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/edpmbqhk/1[1].exe>>upack0.34 Trojan.PSW.Win32.XYOnline.cc
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/edpmbqhk/8[1].exe>>spack_a Trojan.PSW.WLOnline.jed
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/edpmbqhk/12[1].exe>>spack_a Trojan.PSW.ZhengTu.jzd
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/EDPMBQHK/wow0617[1].exe Trojan.PSW.Win32.OnlineGames.drg
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/edpmbqhk/wl0618[1].exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dpq
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/17[1].exe>>upack0.39 Trojan.Win32.Agent.ine
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/8[1].exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dqa
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/TFVVL9OE/3[1].exe Trojan.DL.Win32.Agent.xas
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/5[1].exe>>spack_a Trojan.PSW.Win32.SunOnline.b
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/14[1].exe>>nspack Trojan.PSW.Win32.QQPass.qns
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/mh0618[1].exe>>upx_c Trojan.PSW.Win32.OnlineGames.dre
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/tfvvl9oe/qj0617[1].exe>>upx_c Trojan.PSW.Win32.SunOnline.z
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/cv97embh/2[1].exe>>spack_a Trojan.PSW.ZhengTu.jzd
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/cv97embh/6[1].exe>>spack_a Trojan.PSW.Win32.SunOnline.b
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/CV97EMBH/9[1].exe Trojan.PSW.Win32.OnlineGames.dkh
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/cv97embh/16[1].exe>>upack0.39 Trojan.PSW.Win32.OnlineGames.dqa
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/cv97embh/jh0619[1].exe>>upx_c Trojan.PSW.Win32.OnlineGames.dmg
C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5/CV97EMBH/my0616[1].exe Trojan.PSW.Win32.RocOnline.t
c:/documents and settings/administrator/local settings/temporary internet files/content.ie5/cv97embh/fy0619[1].exe>>upx_c Trojan.PSW.Win32.OnlineGames.drj
c:/program files/common files/relive.dll>>upx_c Trojan.PSW.Win32.OnlineGames.dlc
c:/program files/internet explorer/msvcrt.bak>>upx_c Trojan.PSW.Win32.OnlineGames.dlc
c:/program files/internet explorer/msvcrt.dll>>upx_c Trojan.PSW.Win32.OnlineGames.dlc
c:/program files/internet explorer/plugins/newtemp.dll>>upx_c Worm.Win32f.ysd
c:/program files/internet explorer/plugins/newtemp.bak>>upx_c Worm.Win32f.ysd
c:/program files/internet explorer/plugins/syswin64.jmp>>nspack Trojan.PSW.Win32.QQPass.qns
C:/Program Files/Internet Explorer/PLUGINS/SysWin64.Sys Trojan.PSW.Win32.QQPass.qns
C:/Program Files/Lenovo/隐藏分区管理/sysdll/AfterSecStart.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/隐藏分区管理/sysdll/RebootSystem.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/隐藏分区管理/sysdll/WindowsServer2003-KB898439-x64-ENU.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/隐藏分区管理/sysdll/WindowsXP-KB898439-x64-ENU.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/隐藏分区管理/sysdll/WindowsXP-KB898439-x86-CHS.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/隐藏分区管理/sysdll/WindowsXP-KB898439-x86-ENU.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/智能维护3.0/bpd.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/CallZNBS.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/智能维护3.0/drvinst.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/DRVRepair.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/GetPCIX.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/智能维护3.0/LEOSIO.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/LocalRestoreWizard.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/Repair.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/SmartNavigation.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/智能维护3.0/softinst.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/金山词霸2005/KSSetting.exe Worm.Win32.Viking.f
C:/Program Files/Lenovo/金山词霸2005/RegDict.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/金山词霸2005/xdict.exe Worm.Win32.Viking.f
C:/Program Files/Lenovo/金山词霸2005/NewWord.exe Worm.Win32.Viking.f
C:/Program Files/Lenovo/金山词霸2005/RegFixSetup.exe Worm.Win32.Viking.a
C:/Program Files/Lenovo/金山词霸2005/XdictOln.exe Worm.Win32.Viking.f
C:/Program Files/Lenovo/Validate.exe Worm.Win32.Viking.b
C:/Program Files/Lenovo/RegFix.exe Worm.Win32.Viking.a
C:/Program Files/Realtek AC97/alcrmv.exe Worm.Win32.Viking.b
C:/Program Files/Realtek AC97/alcrmv64.exe Worm.Win32.Viking.b
C:/Program Files/Realtek AC97/ChCfg.exe Worm.Win32.Viking.a
C:/Program Files/Realtek AC97/CPLUtl64.exe Worm.Win32.Viking.a
C:/Program Files/Realtek AC97/RTLCPL.exe Worm.Win32.Viking.f
C:/Program Files/Realtek AC97/SoundMan.exe Worm.Win32.Viking.b
C:/Program Files/AvRack/rtlrack.exe Worm.Win32.Viking.b
C:/Program Files/Kingsoft/AntiVirus/KAV2005IS/KAVSetup.EXE Worm.Win32.Viking.f
C:/Program Files/Tencent/Viewpoint Media Player/MtsAxInstaller.exe Worm.Win32.Viking.c
C:/Program Files/极品五笔/unins000.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/update/XYUpdate.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/download/GameHallsetup.exe Worm.Win32.Viking.b
C:/Program Files/gamechannel/download/UninstHall.exe Worm.Win32.Viking.a
C:/Program Files/gamechannel/download/gzthsetup.exe Worm.Win32.Viking.b
C:/Program Files/gamechannel/download/gxngsetup.exe Worm.Win32.Viking.b
C:/Program Files/gamechannel/download/zgxqsetup.exe Worm.Win32.Viking.b
C:/Program Files/gamechannel/download/gamedl.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/gzth/UNWISE.EXE Worm.Win32.Viking.b
C:/Program Files/gamechannel/gzth/gzth.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/gxng/UNWISE.EXE Worm.Win32.Viking.b
C:/Program Files/gamechannel/gxng/gxng.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/zgxq/UNWISE.EXE Worm.Win32.Viking.b
C:/Program Files/gamechannel/zgxq/zgxq.exe Worm.Win32.Viking.f
C:/Program Files/gamechannel/UNWISE.EXE Worm.Win32.Viking.b
C:/Program Files/Real/RealPlayer/Setup/setup.exe Worm.Win32.Viking.b
C:/Program Files/Real/RealPlayer/realjbox.exe Worm.Win32.Viking.b
C:/Program Files/Real/RealPlayer/rphelperapp.exe Worm.Win32.Viking.a
C:/Program Files/Real/RealPlayer/fixrjb.exe Worm.Win32.Viking.a
C:/Program Files/ESET/Install/setup.exe Worm.Win32.Viking.b
C:/Program Files/KLPlayer/ac3/ac3config.exe Worm.Win32.Viking.a
C:/Program Files/KLPlayer/SetActiveX.exe Worm.Win32.Viking.b
C:/Program Files/pro14.exe Worm.Win32.Viking.b
C:/deploy/Setup.exe Worm.Win32.Viking.f
c:/pegefile.pif>>upx_c Worm.Win32f.ysd
C:/Hide.exe Worm.Win32.Viking.b
C:/Downloads/Setup.exe Worm.Win32.Viking.f
---/
看来被Viking感染的不少。
用DrWeb CureIt扫描全部磁盘并修复。
重启电脑,进入带网络的安全模式,再次安装 小红伞,可惜升不了级,再次全盘扫描,然后重启电脑到安全模式下,用卡卡安全助手删除 O4,O20,O23,O24等项。
文件说明符 : C:/auto.exe
属性 : --H-
语言 : 英语(美国)
文件版本 :
说明 :
版权 : (C) Microsoft Corporation. All rights reserved.
备注 :
产品版本 :
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
合法商标 :
内部名称 :
源文件名 :
创建时间 : 2007-7-30 16:13:28
修改时间 : 2007-7-23 8:13:10
访问时间 : 2007-7-30 0:0:0
大小 : 21555 字节 21.51 KB
MD5 : 1abb026104f19a8b39ec8a5f8e8a73d5
d:/auto.exe、e:/auto.exe、f:/auto.exe 与 C:/auto.exe 相同。
文件说明符 : C:/WINDOWS/system32/wnipsvr.exe
属性 : A---
语言 : 英语(美国)
文件版本 : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
说明 : Windows XP SP installer downgrade tasks
版权 : ? Microsoft Corporation. All rights reserved.
备注 :
产品版本 : 5.1.2600.2180
产品名称 : Microsoft? Windows? Operating System
公司名称 : Microsoft Corporation
合法商标 :
内部名称 : spdwnwxp
源文件名 : spdwnwxp
创建时间 : 2007-7-30 9:30:5
修改时间 : 2007-7-30 9:30:6
访问时间 : 2007-7-30 0:0:0
大小 : 24508 字节 23.956 KB
MD5 : a897b38b5a60ed3671accd3c26fd3544