威金变种rundl132.exeRichDll.dll解决方法
该变种暂时还没被江民和卡巴查杀,并用了几个专杀就找到一个可查杀修复EXE文件!
病毒运行后,访问网络下载多个木马程序(f1.exe,f2.exe,f3.exe,f4.exe,f5.exe,f6.exe,f7.exe,f8.exe,f9.exe,f10.exe,f11.exe)并运行!生成以下病毒文件(感觉现在的病毒真是变态):
C:DocumentsandSettings你的用户名LocalSettingsTempjts0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempmhso.exe
C:DocumentsandSettings你的用户名LocalSettingsTempmhso0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempmyso.exe
C:DocumentsandSettings你的用户名LocalSettingsTempmyso0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempqqs0.dll
C:DocumentsandSettings你的用户名LocalSettingsTemprxso.exe
C:DocumentsandSettings你的用户名LocalSettingsTemprxso0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempwgs0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempwls0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempwms0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempwos0.dll
C:DocumentsandSettings你的用户名LocalSettingsTempztso.exe
C:DocumentsandSettings你的用户名LocalSettingsTempztso0.dll
C:ProgramFilesInternetExplorerRUNDLL32.exe
C:ProgramFilesInternetExplorerSMSS.EXE
C:WINDOWSjts3.exe
C:WINDOWSqqs3.exe
C:WINDOWSRichDll.dll
C:WINDOWSuninstallrundl132.exe
C:WINDOWSwgs3.exe
C:WINDOWSwls3.exe
C:WINDOWSwms3.exe
C:WINDOWSwos3.exe
添加注册表项:
HKEY_LOCAL_MACHINESOFTWARESoftDownloadWWW
auto="1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
进程文件
load="C:windowsuninstallrundl132.exe"
wos3="C:windowswos3.exe"
ztsa="C:DOCUME~1你的用户名LOCALS~1Tempztso.exe"
rxsa="C:DOCUME~1你的用户名LOCALS~1Temprxso.exe"
mhsa="C:DOCUME~1你的用户名LOCALS~1Tempmhso.exe"
wls3="C:windowswls3.exe"
mysa="C:DOCUME~1adminLOCALS~1Tempmyso.exe"
wgs3="C:windowswgs3.exe"
wms3="C:windowswms3.exe"
jts3="C:windowsjts3.exe"
qqs3="C:windowsqqs3.exe"
并感染除系统文件外所有的.exe文件,大小为:72418字节!
【威金变种 rundl132.exe RichDll.dll,f1.exe,f2.exe,f3.exe,f4,exe,f5.exe,f11.exe解决方法】相关文章:
★ emapicn.exe,winpac.exe恶意插件疯弹广告解决方法
★ 关于rundl132.exe vidll.dll LOGO1.exe 的清除方法