请输入您要查询的百科知识:

 

词条 Win32.Rukap.gen
释义

文件名称:directx.exe

文件大小:58880字节

字串6

AV命名:Backdoor.Win32.Rukap.gen(卡吧斯基)

字串2

感染平台:MS-DOS executable (EXE), OS/2 or MS Windows(9X以上系统) 字串5

加壳方式:UPX 0.89.6 - 1.02 / 1.05 - 1.24

字串4

编写语言:Microsoft Visual C++ 6.0 字串6

病毒类型:Backdoor.Win32 字串6

文件MD5:4f381a8be1b3f72613ffc408ffbe849f 字串5

危害等级:☆ 字串3

传播方式:网.页漏洞 字串8

字串7

行为分析:

字串6

1、释放病毒文件: 字串4

%systemroot%\\tools\\explorer.exe 126976 字节

字串3

%systemroot%\\syste.m32\\directx.exe 58880 字节

字串8

2、注册为系统服务(DirectSupk),实现服务方式启动:

字串9

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\

字串7

Services\\DirectSupk]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\

74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\

00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\

64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00

"DisplayName"="DirectX Service"

"ObjectName"="LocalSystem"

"Description"="Improve the performance of games and multimedia programs"

字串8

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3

Services\\DirectSupk\\Security]

"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\

00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\

05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\

20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\

00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\

00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2

3、%systemroot%\\tools\\explorer.exe 正面连接:

字串9

尝试访问207.46.18.** 204.13.161.*** 222.77.14.** 63.81.164.*等

字串3

字串5

解决方法: 字串1

http://free.ys168.com/?gudugengkekao1下载:

字串7

sreng2.5.zip 780KB

字串4

直接放.桌面,断开网络。

字串2

1、打开SREng,删除下面服务:

字串2

[DirectX Service / DirectSupk][Stopped/Auto Start]

<%病毒路径%\\directx.exe>

字串6

注:%病毒路径%是变量,可能路径会不一样,可以区别文件名。 字串7

2、重启电脑,删除: 字串6

%systemroot%\\tools\\explorer.exe 字串4

%systemroot%\\system32\\directx.exe 字串9

注:%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME)

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2025/4/3 23:56:12