qqq111qqq111
新手上路
积分 7
发帖 7
注册 2007-5-1
|
#1 [凝逸反毒]黑洞引擎[吞噬]5
[凝逸反毒]黑洞引擎[吞噬]5
-----
试下:[凝逸反毒]的[黑洞]引擎,
(把木马与注册表值加入【自定吞噬】,就能删除)
1.黑洞吞噬一切启动型病毒
2.吞噬:av终结者.帕虫.随机7/8位病毒,U盘病毒,QQ尾巴,
3.锁定时间.显示文件
方法: 1.点【黑洞】
2.强行关机后,重开机在点次【黑洞】
3.在用杀软扫除病毒
【自定吞噬】
删除难清除木马的文件与注册表目录
【凝逸实验室】-[凝逸反毒]
QQ:503165656
主页:http://hi.baidu.com/503165656
下载:http://groups.google.com/group/503165656/web/nyfd.zip
杀不了,样本发到:503165656@qq.com
[黑洞]引擎的【自定吞噬】说明
http://hi.baidu.com/503165656/bl ... 37acfffd037f4a.html
(把木马与注册表值加入【自定吞噬】,就能删除)
========木马============
C:\DOCUME~1\fu\LOCALS~1\Temp\mhso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\woso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\ztso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\jtso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\wlso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\wgso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\wmso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\fyso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\qjso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\rxso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\wdso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\tlso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\daso.exe
C:\DOCUME~1\fu\LOCALS~1\Temp\zxso.exe
D:\PROGRA~1\StormII\StormSet.dll
C:\WINDOWS\system32\RavExt.dll
%systemroot%\system32\shmgrate.exe
%SystemRoot%\system32\themeui.dll
%ProgramFiles%\Outlook Express\setup50.exe
C:\WINDOWS\INF\msnetmtg.inf
advpack.dll
C:\WINDOWS\INF\msmsgs.inf
advpack.dll
C:\WINDOWS\INF\wmp.inf
v
===注册表===
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32CD708B-60A7-4C00-9377-D73EAA495F0F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
SOFTWARE(HidServ)
==================================
==================可能的====
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Rising\AntiSpyware\runiep.exe
G:\Program Files\Rising\AntiSpyware\RunOnce.exe
==================================
====原记录=======
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<Storm2Set><C:\WINDOWS\system32\rundll32.exe "D:\PROGRA~1\StormII\StormSet.dll",CheckEnv> [(Verified)Beijing Baofeng Inc.]
<thunder_mini><D:\Program Files\Maxthon\Thundermini\ThunderMini.exe> [深圳市三代科技开发有限公司]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<runeip><"G:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<mhsa><C:\DOCUME~1\fu\LOCALS~1\Temp\mhso.exe> [N/A]
<wosa><C:\DOCUME~1\fu\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\fu\LOCALS~1\Temp\ztso.exe> [N/A]
<jtsa><C:\DOCUME~1\fu\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><C:\DOCUME~1\fu\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><C:\DOCUME~1\fu\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><C:\DOCUME~1\fu\LOCALS~1\Temp\wmso.exe> [N/A]
<fysa><C:\DOCUME~1\fu\LOCALS~1\Temp\fyso.exe> [N/A]
<qjsa><C:\DOCUME~1\fu\LOCALS~1\Temp\qjso.exe> [N/A]
<rxsa><C:\DOCUME~1\fu\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><C:\DOCUME~1\fu\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><C:\DOCUME~1\fu\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><C:\DOCUME~1\fu\LOCALS~1\Temp\daso.exe> [N/A]
<zxsa><C:\DOCUME~1\fu\LOCALS~1\Temp\zxso.exe> [N/A]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><G:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
| |
※ ※ ※ 本文纯属【qqq111qqq111】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2007-7-20 11:57 |
|
微点卫士
银牌会员
积分 1198
发帖 1176
注册 2006-6-19
来自 上海市松江区
|
|
|
2007-7-20 13:23 |
|
gudan
高级用户
积分 605
发帖 579
注册 2007-7-20
|
#3
汗,黄金广告位
| |
※ ※ ※ 本文纯属【gudan】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-20 20:49 |
|
baijian_8d
中级用户
积分 289
发帖 286
注册 2007-5-27
|
#4
你广告做的有意义吗?
界面做的那臭。
| |
※ ※ ※ 本文纯属【baijian_8d】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-21 17:38 |
|
恨毒的人
中级用户
积分 273
发帖 273
注册 2007-7-9
来自 次元空间
|
#5 问下..
怎样强行关机???拔电源???
| |
※ ※ ※ 本文纯属【恨毒的人】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
这人很懒~~什么都没写! |
|
|
|
2007-7-21 19:03 |
|
qq2008444
银牌会员
职业潜水艇
积分 5373
发帖 5291
注册 2007-7-7
来自 兰·基亚斯 兰古拉王国
|
#6
| Quote: | Originally posted by 恨毒的人 at 2007-7-21 19:03:
怎样强行关机???拔电源??? |
|
按住电源键{POWER}4秒
你的拔电源也可以..
| |
※ ※ ※ 本文纯属【qq2008444】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
迅雷不及掩耳盗铃,以不变应万变不离其宗,成事不足挂齿,此物最相思风雨中,一屋不扫何以扫天下无敌,东边日出西边雨一直下,举头望明月几时有,呆若木鸡毛当令箭,杀鸡焉用牛刀小试,锋芒毕露春光,围魏救赵宝奎,Very good bye,八格牙鲁冰花,一泻千里共婵娟…… |
|
|
|
2007-7-23 21:41 |
|
leelee
高级用户
积分 582
发帖 568
注册 2006-12-16
|
#7
让我想起了驱逐舰
| |
※ ※ ※ 本文纯属【leelee】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2007-7-27 18:49 |
|
jaber
版主
使用与技巧区版主
积分 2861
发帖 2835
注册 2006-6-6
|
#8
用不来他这个
| |
※ ※ ※ 本文纯属【jaber】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
XP2(原版未打补丁)
单独微点预升级
|
|
|
|
2007-8-9 14:46 |
|
qq2008444
银牌会员
职业潜水艇
积分 5373
发帖 5291
注册 2007-7-7
来自 兰·基亚斯 兰古拉王国
|
#9
能不能删他帖子..
对这种广告贴很烦
| |
※ ※ ※ 本文纯属【qq2008444】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
迅雷不及掩耳盗铃,以不变应万变不离其宗,成事不足挂齿,此物最相思风雨中,一屋不扫何以扫天下无敌,东边日出西边雨一直下,举头望明月几时有,呆若木鸡毛当令箭,杀鸡焉用牛刀小试,锋芒毕露春光,围魏救赵宝奎,Very good bye,八格牙鲁冰花,一泻千里共婵娟…… |
|
|
|
2007-8-9 14:51 |
|
