“Win32.Rukap.gen”的意思、由来-中文百科全书

文件名称：directx.exe

文件大小：58880字节

字串6

AV命名：Backdoor.Win32.Rukap.gen（卡吧斯基）

字串2

感染平台：MS-DOS executable (EXE), OS/2 or MS Windows（9X以上系统）字串5

加壳方式：UPX 0.89.6 - 1.02 / 1.05 - 1.24

字串4

编写语言：Microsoft Visual C++ 6.0 字串6

病毒类型：Backdoor.Win32 字串6

文件MD5：4f381a8be1b3f72613ffc408ffbe849f 字串5

危害等级：☆ 字串3

传播方式：网.页漏洞字串8

字串7

行为分析：

字串6

1、释放病毒文件：字串4

%systemroot%\\tools\\explorer.exe 126976 字节

字串3

%systemroot%\\syste.m32\\directx.exe 58880 字节

字串8

2、注册为系统服务（DirectSupk），实现服务方式启动：

字串9

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\

字串7

Services\\DirectSupk]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\

74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\

00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\

64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00

"DisplayName"="DirectX Service"

"ObjectName"="LocalSystem"

"Description"="Improve the performance of games and multimedia programs"

字串8

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3

Services\\DirectSupk\\Security]

"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\

00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\

05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\

20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\

00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\

00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2

3、%systemroot%\\tools\\explorer.exe 正面连接：

字串9

尝试访问207.46.18.** 204.13.161.*** 222.77.14.** 63.81.164.*等

字串3

字串5

解决方法：字串1

http://free.ys168.com/?gudugengkekao1下载：

字串7

sreng2.5.zip 780KB

字串4

直接放.桌面，断开网络。

字串2

1、打开SREng，删除下面服务：

字串2

[DirectX Service / DirectSupk][Stopped/Auto Start]

<%病毒路径%\\directx.exe>

字串6

注：%病毒路径%是变量，可能路径会不一样，可以区别文件名。字串7

2、重启电脑，删除：字串6

%systemroot%\\tools\\explorer.exe 字串4

%systemroot%\\system32\\directx.exe 字串9

注：%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME）

词条	Win32.Rukap.gen
释义	文件名称：directx.exe 文件大小：58880字节字串6 AV命名：Backdoor.Win32.Rukap.gen（卡吧斯基）字串2 感染平台：MS-DOS executable (EXE), OS/2 or MS Windows（9X以上系统）字串5 加壳方式：UPX 0.89.6 - 1.02 / 1.05 - 1.24 字串4 编写语言：Microsoft Visual C++ 6.0 字串6 病毒类型：Backdoor.Win32 字串6 文件MD5：4f381a8be1b3f72613ffc408ffbe849f 字串5 危害等级：☆ 字串3 传播方式：网.页漏洞字串8 字串7 行为分析：字串6 1、释放病毒文件：字串4 %systemroot%\\tools\\explorer.exe 126976 字节字串3 %systemroot%\\syste.m32\\directx.exe 58880 字节字串8 2、注册为系统服务（DirectSupk），实现服务方式启动：字串9 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串7 Services\\DirectSupk] "Type"=dword:00000010 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\ 74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\ 00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\ 64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00 "DisplayName"="DirectX Service" "ObjectName"="LocalSystem" "Description"="Improve the performance of games and multimedia programs" 字串8 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3 Services\\DirectSupk\\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\ 05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\ 20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\ 00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2 3、%systemroot%\\tools\\explorer.exe 正面连接：字串9 尝试访问207.46.18. 204.13.161.* 222.77.14.** 63.81.164.*等字串3 字串5 解决方法：字串1 http://free.ys168.com/?gudugengkekao1下载：字串7 sreng2.5.zip 780KB 字串4 直接放.桌面，断开网络。字串2 1、打开SREng，删除下面服务：字串2 [DirectX Service / DirectSupk][Stopped/Auto Start] <%病毒路径%\\directx.exe> 字串6 注：%病毒路径%是变量，可能路径会不一样，可以区别文件名。字串7 2、重启电脑，删除：字串6 %systemroot%\\tools\\explorer.exe 字串4 %systemroot%\\system32\\directx.exe 字串9 注：%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME）
随便看	红翅薮鹛红翅椋鸟红翅槭红翅鹦鹉红翅鹧鸪红翅鲨红翅鵙鹛红冲红冲发票红虫红虫子红稠鱼红愁绿惨红筹红筹股红筹股指数红筹架构红筹模式红筹企业红筹上市红筹指数红绸裹木红绸军红绸木红磡