“Win32.Rukap.gen”的意思、由来-中文百科全书

文件名称：directx.exe

文件大小：58880字节

字串6

AV命名：Backdoor.Win32.Rukap.gen（卡吧斯基）

字串2

感染平台：MS-DOS executable (EXE), OS/2 or MS Windows（9X以上系统）字串5

加壳方式：UPX 0.89.6 - 1.02 / 1.05 - 1.24

字串4

编写语言：Microsoft Visual C++ 6.0 字串6

病毒类型：Backdoor.Win32 字串6

文件MD5：4f381a8be1b3f72613ffc408ffbe849f 字串5

危害等级：☆ 字串3

传播方式：网.页漏洞字串8

字串7

行为分析：

字串6

1、释放病毒文件：字串4

%systemroot%\\tools\\explorer.exe 126976 字节

字串3

%systemroot%\\syste.m32\\directx.exe 58880 字节

字串8

2、注册为系统服务（DirectSupk），实现服务方式启动：

字串9

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\

字串7

Services\\DirectSupk]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\

74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\

00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\

64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00

"DisplayName"="DirectX Service"

"ObjectName"="LocalSystem"

"Description"="Improve the performance of games and multimedia programs"

字串8

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3

Services\\DirectSupk\\Security]

"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\

00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\

05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\

20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\

00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\

00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2

3、%systemroot%\\tools\\explorer.exe 正面连接：

字串9

尝试访问207.46.18.** 204.13.161.*** 222.77.14.** 63.81.164.*等

字串3

字串5

解决方法：字串1

http://free.ys168.com/?gudugengkekao1下载：

字串7

sreng2.5.zip 780KB

字串4

直接放.桌面，断开网络。

字串2

1、打开SREng，删除下面服务：

字串2

[DirectX Service / DirectSupk][Stopped/Auto Start]

<%病毒路径%\\directx.exe>

字串6

注：%病毒路径%是变量，可能路径会不一样，可以区别文件名。字串7

2、重启电脑，删除：字串6

%systemroot%\\tools\\explorer.exe 字串4

%systemroot%\\system32\\directx.exe 字串9

注：%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME）

词条	Win32.Rukap.gen
释义	文件名称：directx.exe 文件大小：58880字节字串6 AV命名：Backdoor.Win32.Rukap.gen（卡吧斯基）字串2 感染平台：MS-DOS executable (EXE), OS/2 or MS Windows（9X以上系统）字串5 加壳方式：UPX 0.89.6 - 1.02 / 1.05 - 1.24 字串4 编写语言：Microsoft Visual C++ 6.0 字串6 病毒类型：Backdoor.Win32 字串6 文件MD5：4f381a8be1b3f72613ffc408ffbe849f 字串5 危害等级：☆ 字串3 传播方式：网.页漏洞字串8 字串7 行为分析：字串6 1、释放病毒文件：字串4 %systemroot%\\tools\\explorer.exe 126976 字节字串3 %systemroot%\\syste.m32\\directx.exe 58880 字节字串8 2、注册为系统服务（DirectSupk），实现服务方式启动：字串9 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串7 Services\\DirectSupk] "Type"=dword:00000010 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\ 74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\ 00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\ 64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00 "DisplayName"="DirectX Service" "ObjectName"="LocalSystem" "Description"="Improve the performance of games and multimedia programs" 字串8 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3 Services\\DirectSupk\\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\ 05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\ 20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\ 00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2 3、%systemroot%\\tools\\explorer.exe 正面连接：字串9 尝试访问207.46.18. 204.13.161.* 222.77.14.** 63.81.164.*等字串3 字串5 解决方法：字串1 http://free.ys168.com/?gudugengkekao1下载：字串7 sreng2.5.zip 780KB 字串4 直接放.桌面，断开网络。字串2 1、打开SREng，删除下面服务：字串2 [DirectX Service / DirectSupk][Stopped/Auto Start] <%病毒路径%\\directx.exe> 字串6 注：%病毒路径%是变量，可能路径会不一样，可以区别文件名。字串7 2、重启电脑，删除：字串6 %systemroot%\\tools\\explorer.exe 字串4 %systemroot%\\system32\\directx.exe 字串9 注：%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME）
随便看	散水头镇散绥散碎的原色散塔林会散摊子散谈散套散套针散体散体词散体大赋散体赋散体文学散天花·舟泊中川散瞳散瞳剂散瞳验光散头菊蒿散亡散尾葵散尾葵属散尾南椰散尾棕散文散文2006年精选集