‹‹ 上一主题 | 下一主题 ››
发新话题
打印

【转】近期各类U盘病毒专杀指令6-8更新

-1437-

版主

Rank: 7Rank: 7Rank: 7
1# 发表于 2007-6-14 22:29  只看该作者

【转】近期各类U盘病毒专杀指令6-8更新

转自:草莽书生  原创作品  (由于是别人的原创~如要转载~请注明出处)

(博客地址:http://hi.baidu.com/egomoo/blog/ ... 16ed7277fb5d8.html)

OnLineGames 新变种csyywll.exe专杀指令

8个随机字母U盘病毒已内含3个版本的变异特征码

主要特征:C:\Program Files\Common Files\Microsoft Shared\MSInfo\ 33947F71.dll,CA785F1A.dat,c:\windows\helpCA785F1A.chm        三个随机名称文件

新增cmxpbpl.exe oobtwtr.exe hwxwctd.exe bhdhsmb.exe 貌似随机的7个字母类恶性U盘病毒

所有杀毒软件打不开 杀毒软件无法安装

如何操作:
附件: 您所在的用户组无法下载或查看附件

TOP

-1437-

版主

Rank: 7Rank: 7Rank: 7
2# 发表于 2007-6-14 22:30  只看该作者
核心指令内容如下:

************

[config]
Name=近期各类U盘病毒专杀指令
Detail=所有杀毒软件打不开       杀毒软件无法安装 OnLineGames变种专杀指令 oobtwtr.exe bhdhsmb.exe       hwxwctd.exe
Writer=狗狗 不做偶像 草莽书生
Date=2007-6-8
Num=5265
[/config]
[file]
%windir%\system32\drivers\npf.sys
%windir%\system32\Kvsc3.dll
%windir%\system32\msdebug.dll
%windir%\system32\nwiztlbu.exe
%windir%\system32\Packet.dll
%windir%\system32\RemoteDbg.dll
%windir%\system32\testdll.dll
%windir%\system32\WanPacket.dll
%windir%\system32\win1ogo.exe
%windir%\system32\windds32.dll
%windir%\system32\winpcap.exe
%windir%\system32\wpcap.dll
%windir%\system32\xpdhcp.dll
%windir%\system32\egclmvo.exe
%windir%\system32\cyqttve.exe
%windir%\system32\meex.com
%windir%\Kvsc3.exe
%windir%\testexe.exe
C:\Program Files\Common Files\cssrs.exe
%windir%\system32\DirectX\DirectX.ini
%windir%\system32\Kvsc3.dll
%windir%\system32\msdebug.dll
%windir%\system32\nwiztlbu.exe
%windir%\system32\Packet.dll
%windir%\system32\RemoteDbg.dll
%windir%\system32\testdll.dll
%windir%\system32\WanPacket.dll
%windir%\system32\win1ogo.exe
%windir%\system32\windds32.dll
%windir%\system32\winpcap.exe
%windir%\system32\wpcap.dll
%windir%\system32\xpdhcp.dll
C:\C3CD8CF4.exe
D:\C3CD8CF4.exe
E:\C3CD8CF4.exe
F:\C3CD8CF4.exe
G:\C3CD8CF4.exe
H:\C3CD8CF4.exe
c:\ddtshtk.exe
c:\dhnanrj.exe
%temp%c0nime.exe
%temp%crasos.exe
%temp%daso.exe
%temp%daso0.dll
%temp%expseny.exe
%temp%fyso.exe
%temp%fyso0.dll
%temp%fyzo0.dll
%temp%gjzo.exe
%temp%gjzo0.dll
%temp%gjzo1.dll
%temp%iexpl0re.exe
%temp%jtso.exe
%temp%jtso0.dll
%temp%lgsy0.dll
%temp%lgsy1.dll
%temp%mhso.exe
%temp%mhso0.dll
%temp%msxo0.dll
%temp%qjso.exe
%temp%qjso0.dll
%temp%ravwl.exe
%temp%rxso.exe
%temp%rxso0.dll
%temp%svchost.exe
%temp%testexe.exe
%temp%upxdnd.dll
%temp%upxdnd.exe
%temp%wdso.exe
%temp%wdso0.dll
%temp%wgso.exe
%temp%wgso0.dll
%temp%woso.exe
%temp%woso0.dll
%temp%ztso.exe
%temp%ztso0.dll
c:\eepjpcgm.exe
c:\fmvluab.exe
c:\gvkfbrq.exe
c:\ipsaofj.exe
c:\kocmbcd.exe
c:\kohhdpk.exe
c:\ktehgep.exe
c:\mjsqkvk.exe
c:\mwtkwro.exe
c:\nkuxqmj.exe
c:\nqgphqd.exe
c:\omwmstj.exe
c:\progra~1\common~1\micros~1\msinfo\mydll.dll
c:\progra~1\common~1\micros~1\msinfo\syswfgqq2.dll
c:\progra~1\common~1\micros~1\msinfo\zysxmsxt.sys
c:\progra~1\intern~1\hijack.bak
c:\progra~1\intern~1\hijack.dll
c:\progra~1\intern~1\plugins\binnice.bak
c:\progra~1\intern~1\plugins\binnice.dll
c:\progra~1\intern~1\plugins\system64.sys
c:\progra~1\intern~1\romdrivers.bak
c:\progra~1\intern~1\romdrivers.dll
c:\progra~1\uninst~1\thdkkdg.exe
c:\rising.exe
c:\udjudwq.exe
c:\uvmmind.exe
c:\vlskjgs.exe
c:\vummind.exe
%windir%\antiadwa.exe
%windir%\avpsrv.exe
%windir%\bgswitch.exe
%windir%\cmdbcs.exe
%windir%\cmdbs.exe
%windir%\cnzz.exe
%windir%\expl0rer.exe
%windir%\ganran.txt
%windir%\imeinputs.exe
%windir%\jasvavm.exe
%windir%\ksvsvc.exe
%windir%\kvsc3.exe
%windir%\logo1_.exe
%windir%\mppds.exe
%windir%\mppdss.exe
%windir%\mpppds.exe
%windir%\msccrt.exe
%windir%\msimms32.exe
%windir%\nwnslop.exe
%windir%\nzttdll.exe
%windir%\playusbsvr.exe
%windir%\preupd.dll
%windir%\richdll.dll
%windir%\rinsins.exe
%windir%\ronney.exe
%windir%\shualai.exe
%windir%\svchost.exe
%windir%\system32\avpsrv.dll
%windir%\system32\avwcpa.dll
%windir%\system32\bbdgkkt.exe
%windir%\system32\bbqpri.dll
%windir%\system32\buchehuo.exe
%windir%\system32\cbkdkiw.exe
%windir%\system32\cgxusmp.exe
%windir%\system32\cmdbcs.dll
%windir%\system32\cmdbs.dll
%windir%\system32\cnzz.dll
%windir%\system32\ctfnom.exe
%windir%\system32\czhtpp.dll
%windir%\system32\dccugmm.exe
%windir%\system32\ddtshtk.exe
%windir%\system32\djsqco.dll
%windir%\system32\dmecvcm.exe
%windir%\system32\dnebdil.exe
%windir%\system32\dnierjk.exe
%windir%\system32\dtjfjr.dll
%windir%\system32\dtstorp.exe
%windir%\system32\elfloj.dll
%windir%\system32\elmiysj.exe
%windir%\system32\epianmj.exe
%windir%\system32\epiaumj.exe
%windir%\system32\exppri.dll
%windir%\system32\fdbohu.dll
%windir%\system32\fksdy.dll
%windir%\system32\gameservet.exe
%windir%\system32\gdipri.dll
%windir%\system32\gnkjkrl.exe
%windir%\system32\gvvmqb.dll
%windir%\system32\gwthtis.exe
%windir%\system32\gyrcwql.exe
%windir%\system32\hreax.dll
%windir%\system32\iakpsa.dll
%windir%\system32\iywdqdf.exe
%windir%\system32\jnxrcy.dll
%windir%\system32\jpqpri.dll
%windir%\system32\jtrwonw.exe
%windir%\system32\jvxnypf.exe
%windir%\system32\kddistu.exe
%windir%\system32\klwxfhe.exe
%windir%\system32\kndncso.exe
%windir%\system32\kpdtuo.dll
%windir%\system32\kvsc3.dll
%windir%\system32\lgwubrw.exe
%windir%\system32\lnmwiid.exe
%windir%\system32\lvblkbg.exe
%windir%\system32\lyleador.exe
%windir%\system32\lyloadar.exe
%windir%\system32\lyloadbr.exe
%windir%\system32\lyloader.exe
%windir%\system32\lyloadhr.exe
%windir%\system32\lyloadmr.exe
%windir%\system32\lyloador.exe
%windir%\system32\lyloadqr.exe
%windir%\system32\lymangr.dll
%windir%\system32\mbgfny.dll
%windir%\system32\meex.com
%windir%\system32\meqjjts.exe
%windir%\system32\mh102.dll
%windir%\system32\mh103.dll
%windir%\system32\mosou.dll
%windir%\system32\mosou.exe
%windir%\system32\moyu102.dll
%windir%\system32\moyu103.dll
%windir%\system32\mppds.dll
%windir%\system32\mppdss.dll
%windir%\system32\mpppds.dll
%windir%\system32\msacn.dll
%windir%\system32\msaudio.sys
%windir%\system32\msccrt.dll
%windir%\system32\msdebug.dll
%windir%\system32\msimms32.dll
%windir%\system32\msport.dll
%windir%\system32\mydata.exe
%windir%\system32\ncvmfq.dll
%windir%\system32\nfamvjc.exe
%windir%\system32\ngpycxm.exe
%windir%\system32\nospri.dll
%windir%\system32\nwizasktao.dll
%windir%\system32\nwizasktao.exe
%windir%\system32\nwizhx2.dll
%windir%\system32\nwizqjsj.dll
%windir%\system32\nwizqjsj.exe
%windir%\system32\nwizqqfo.dll
%windir%\system32\nwizqqhx.exe
%windir%\system32\nwiztlbb.dll
%windir%\system32\nwiztlbb.exe
%windir%\system32\nwiztlbu.exe
%windir%\system32\nwizwmsj2.exe
%windir%\system32\nwizwmsjs.dll
%windir%\system32\nwizwmsjs.exe
%windir%\system32\nwnslop.dll
%windir%\system32\nzttdll.dll
%windir%\system32\oduxyym.exe
%windir%\system32\ouvjwsc.exe
%windir%\system32\pdkpri.dll
%windir%\system32\pgijgph.exe
%windir%\system32\pgijhph.exe
%windir%\system32\phtltter.exe
%windir%\system32\phtlttr.exe
%windir%\system32\pkeusvq.exe
%windir%\system32\qcrwwxc.exe
%windir%\system32\qglsfd.dll
%windir%\system32\qlpuzz.dll
%windir%\system32\qmamxoe.exe
%windir%\system32\ravwl516.dll
%windir%\system32\ravwm523.dll
%windir%\system32\remotedbg.dll
%windir%\system32\rfczpz.dll
%windir%\system32\rlktbi.dll
%windir%\system32\rmwaccq.exe
%windir%\system32\ronney.dll
%windir%\system32\rpcs.exe
%windir%\system32\rvjlrt.dll
%windir%\system32\servet.exe
%windir%\system32\shulbhs.exe
%windir%\system32\sqkswrn.exe
%windir%\system32\srpcs.exe
%windir%\system32\suvtufx.exe
%windir%\system32\sybqnub.exe
%windir%\system32\taxdklr.exe
%windir%\system32\testdll.dll
%windir%\system32\tgxghmf.exe
%windir%\system32\tintsetp.dll
%windir%\system32\tlccxfx.exe
%windir%\system32\tmzrhc.dll
%windir%\system32\tpxdnd.dll
%windir%\system32\twain.dll
%windir%\system32\tzsxc.dll
%windir%\system32\upxdnd.dll
%windir%\system32\uvftynu.exe
%windir%\system32\vayiyct.exe
%windir%\system32\veckdld.exe
%windir%\system32\vnbbdhi.exe
%windir%\system32\vuqewsr.exe
%windir%\system32\vurhtq.dll
%windir%\system32\vvnvqc.dll
%windir%\system32\waxuhr.dll
%windir%\system32\wfaohfv.exe
%windir%\system32\wgptl.dll
%windir%\system32\win1ogo.exe
%windir%\system32\wincdb.dll
%windir%\system32\windds32.dll
%windir%\system32\winform.dll
%windir%\system32\winsock.exe
%windir%\system32\wintdll.dll
%windir%\system32\wkdyyoh.exe
%windir%\system32\wntbhaa.exe
%windir%\system32\wocfiba.exe
%windir%\system32\wojhadp.exe
%windir%\system32\wqdlitd.exe
%windir%\system32\wryftx.dll
%windir%\system32\wscsv.dll
%windir%\system32\wsvbrs.dll
%windir%\system32\wsvbs.dll
%windir%\system32\wtcowje.exe
%windir%\system32\wtrmm.dll
%windir%\system32\wwbjnoo.exe
%windir%\system32\wyenzh.dll
%windir%\system32\xascyiy.exe
%windir%\system32\xpdhcp.dll
%windir%\system32\xpepri.dll
%windir%\system32\xuedfvs.exe
%windir%\system32\ydpioax.exe
%windir%\system32\ygcant.dll
%windir%\system32\ypdvhv.dll
%windir%\system32\ywemgno.exe
%windir%\system32\zqsvx.dll
%windir%\system32\ztinet.exe
%windir%\taskmsn.exe
%windir%\tintsetp.exe
%windir%\tpxdnd.exe
%windir%\uninstall\rundl132.exe
%windir%\unspapik.txt
%windir%\upxdnd.exe
%windir%\wiasevct.txt
%windir%\wiasvctr.txt
%windir%\winamps.dll
%windir%\wincdb.exe
%windir%\winform.exe
%windir%\wintexe.exe
%windir%\wsvbrs.exe
%windir%\wsvbs.exe
%windir%\zgusbsvr.exe
%windir%\system32\jdysium.exe
%windir%\system32\euhrcpx.exe
c:\wuksftu.exe
c:\xdppvex.exe
c:\ymfqplr.exe
d:\autorun.inf
d:\ddtshtk.exe
d:\dhnanrj.exe
d:\eepjpcgm.exe
d:\fmvluab.exe
d:\gvkfbrq.exe
d:\ipsaofj.exe
d:\kocmbcd.exe
d:\kohhdpk.exe
d:\ktehgep.exe
%windir%\Help\CA785F1A.chm[BSDUBYAOFCDGHYHBISCFCGESCEHADWCFFIGADLHODZAFATIZERAUAKERGLETHQCOGRGWDFECDEBP]
%windir%\Help\CA785F1A.chm[BHGWHIIBGQEMBVCKBYFQJFEJDNHHAVIWEUGJBMFUARFSCCDIGLIGEXDDDSCHDKATGVEKHEEJESBU]
%windir%\Help\CA785F1A.chm[BNEYANETJOCMBCBPGPAKGFASDIHZDZBOEIBAGFJVGFGYJEGTFGIKGPGRDCGQJNDABDDEGFHEGRAR]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dat[BNEYANETJOCMBCBPGPAKGFASDIHZDZBOEIBAGFJVGFGYJEGTFGIKGPGRDCGQJNDABDDEGFHEGRAR]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dll[BHGWHGFSHWFVFGDBCTFVCFIGHPCTAPBXAXHUJIDFANGXBEBLEDAJECBNBVDYAGJVBGDRFVJIFKJS]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dll[BMBEEXAMIMHUIMHGFJIREFAJGOFGDKFFHCJRBBAWCFJKBBGACTJTIGEXGPGPHYCLHDDSHCICCQIH]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dat[BHGWHIIBGQEMBVCKBYFQJFEJDNHHAVIWEUGJBMFUARFSCCDIGLIGEXDDDSCHDKATGVEKHEEJESBU]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dat[BSDUBYAOFCDGHYHBISCFCGESCEHADWCFFIGADLHODZAFATIZERAUAKERGLETHQCOGRGWDFECDEBP]
c:\Program Files\Common Files\Microsoft Shared\MSINFO\CA785F1A.dll[BMCZCFFQGUHEGDEDDVGRFLGBHGDJJOJJBPCUEVESHMFCCEGGCTJEDABMBZGTGZBZFBFJIVDRJUJU]
C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchost.exe
C:\Program Files\Internet Explorer\romdrivers.bak
C:\Program Files\Internet Explorer\romdrivers.bkk
C:\Program Files\Internet Explorer\romdrivers.dll
C:\Program Files\Common Files\Microsoft Shared\hwxwctd.exe
C:\Program Files\Common Files\System\bhdhsmb.exe
[/file]

************

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题