9,506
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
ahking 2004-07-16
- 打赏
- 举报
??
ahking 2004-07-15
- 打赏
- 举报
怎么发病毒样本啊?
virm 2004-07-15
- 打赏
- 举报
因为run33.exe在作怪,它会自动启动并检查附带文件和注册表项目
你结束进程看看
最好是进入到安全模式,仔细删除上面的注册键和病毒文件
对了麻烦打包发给我病毒样本(把他们添加到加密码的压缩文件)
chen_cang@163.com
你结束进程看看
最好是进入到安全模式,仔细删除上面的注册键和病毒文件
对了麻烦打包发给我病毒样本(把他们添加到加密码的压缩文件)
chen_cang@163.com
ahking 2004-07-15
- 打赏
- 举报
???
ahking 2004-07-13
- 打赏
- 举报
最重要特征就是在windows下自动生成secure.html文件,而且是每个几秒就生成,所以无法删除,注册表相关键值删掉无效
virm 2004-07-12
- 打赏
- 举报
-----http://www.sophos.com/virusinfo/analyses/trojstartpabt.html--------------
[Trojan.Win32.Harnig.c]
The Trojan copies itself to reg33.exe in the Windows folder and sets the following regitry entry to ensure that the copy is run each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Run32
= <Windows>\run33.exe
Troj/StartPa-BT modifies Internet Explorer settings by creating the following registry entries:
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
= <Windows>\secure.html
HKLM\Software\Microsoft\Internet Explorer\Main\Local Page
= <Windows>\secure.html
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
= <Windows>\secure.html
The Trojan also removes the registry entries :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Key2
[Trojan.Win32.Harnig.c]
The Trojan copies itself to reg33.exe in the Windows folder and sets the following regitry entry to ensure that the copy is run each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Run32
= <Windows>\run33.exe
Troj/StartPa-BT modifies Internet Explorer settings by creating the following registry entries:
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
= <Windows>\secure.html
HKLM\Software\Microsoft\Internet Explorer\Main\Local Page
= <Windows>\secure.html
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
= <Windows>\secure.html
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
= <Windows>\secure.html
The Trojan also removes the registry entries :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Key2
virm 2004-07-12
- 打赏
- 举报
参看http://db.kingsoft.com/c/2004/04/08/110660.shtml
由于本人没有病毒样本,所以无法提供具体的清除办法,请将相关信息反馈给我
QQ 10501353 Email chen_cang@eyou.com
由于本人没有病毒样本,所以无法提供具体的清除办法,请将相关信息反馈给我
QQ 10501353 Email chen_cang@eyou.com
ahking 2004-07-12
- 打赏
- 举报
都不管用啊
xjp6688 2004-07-08
- 打赏
- 举报
up
qiang312 2004-07-08
- 打赏
- 举报
进入安全模式删除和运行msconfig->启动 找到C:\WINNT\secure.html并去掉勾,然后重新启动
如果不行看看这里的说法:http://blog.msnfans.com/chergen/archives/4473.html
如果不行看看这里的说法:http://blog.msnfans.com/chergen/archives/4473.html
Aceryt 2004-07-08
- 打赏
- 举报
打补丁,停掉IIS,杀毒
ahking 2004-07-08
- 打赏
- 举报
help
