词条 | Win32.Rukap.gen |
释义 | 文件名称:directx.exe 文件大小:58880字节 字串6 AV命名:Backdoor.Win32.Rukap.gen(卡吧斯基) 字串2 感染平台:MS-DOS executable (EXE), OS/2 or MS Windows(9X以上系统) 字串5 加壳方式:UPX 0.89.6 - 1.02 / 1.05 - 1.24 字串4 编写语言:Microsoft Visual C++ 6.0 字串6 病毒类型:Backdoor.Win32 字串6 文件MD5:4f381a8be1b3f72613ffc408ffbe849f 字串5 危害等级:☆ 字串3 传播方式:网.页漏洞 字串8 字串7 行为分析: 字串6 1、释放病毒文件: 字串4 %systemroot%\\tools\\explorer.exe 126976 字节 字串3 %systemroot%\\syste.m32\\directx.exe 58880 字节 字串8 2、注册为系统服务(DirectSupk),实现服务方式启动: 字串9 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串7 Services\\DirectSupk] "Type"=dword:00000010 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=hex(2):43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,\\ 74,00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,\\ 00,67,00,73,00,5c,00,61,00,64,00,6d,00,69,00,6e,00,5c,00,4c,68,62,97,5c,00,\\ 64,00,69,00,72,00,65,00,63,00,74,00,78,00,2e,00,65,00,78,00,65,00,00,00 "DisplayName"="DirectX Service" "ObjectName"="LocalSystem" "Description"="Improve the performance of games and multimedia programs" 字串8 [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ 字串3 Services\\DirectSupk\\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\\ 05,12,00,00,00,6d,00,61,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\\ 20,00,00,00,20,02,00,00,75,00,64,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\\ 00,05,20,00,00,00,23,02,00,00,75,00,64,00,01,01,00,00,00,00,00,05,12,00,00,\\ 字串2 3、%systemroot%\\tools\\explorer.exe 正面连接: 字串9 尝试访问207.46.18.** 204.13.161.*** 222.77.14.** 63.81.164.*等 字串3 字串5 解决方法: 字串1 http://free.ys168.com/?gudugengkekao1下载: 字串7 sreng2.5.zip 780KB 字串4 直接放.桌面,断开网络。 字串2 1、打开SREng,删除下面服务: 字串2 [DirectX Service / DirectSupk][Stopped/Auto Start] <%病毒路径%\\directx.exe> 字串6 注:%病毒路径%是变量,可能路径会不一样,可以区别文件名。 字串7 2、重启电脑,删除: 字串6 %systemroot%\\tools\\explorer.exe 字串4 %systemroot%\\system32\\directx.exe 字串9 注:%systemroot%\\是C:\\Windows\\(XP) C:\\Winnt(2K、ME) |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。