_A00F1C639.exe病毒解决方案
_A00F1C639.exe病毒解决方案文件名称:_A00F1C639.exe
文件大小:44,032 bytes
AV命名:Trojan.Vundo.B
文件MD5:397B76A35E61C5F170A174E874890490
病毒类型:木马下载器
主要行为:
1、释放文件:
C:\Documents and Settings\孤独更可靠\Local Settings\Temp\_A00F1C639.exe
44,032 bytes
C:\windows\system32\__c001D4EC.dat
27,648 bytes
2、添加启动项:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
A00F1C639 = " C:\Documents and Settings\孤独更可靠\Local Settings\Temp\_A00F1C639.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001D4EC]
Asynchronous = 0x00000001
DllName = "%System%\__c001D4EC.dat"
Impersonate = 0x00000000
Startup = "B"
Logon = "B"
3、注入IE,并连接x1.theaction****.com,尝试下载木马(未实现)
4、插入系统所有运行中的进程,并安装全局钩子
解决方法:
1、重启计算机,按F8进入安全模式。
2、删除文件:
C:\Documents and Settings\user\Local Settings\Temp\_A00F1C639.exe
44,032 bytes
C:\windows\system32\__c001D4EC.dat
27,648 bytes
注:C:\Documents and Settings\ user是你的用户名
3、删除启动项:
A00F1C639
[img]http://resource.communicatte.com/photo/view/7fc57029e28514b14d84d2f1394e9/e8aecd3ba13b60274d93397286454d8f?d.jpg[/img]
页:
[1]