阿木 2008-7-20 15:54
tail_anti 疑为病毒mm.exe 开的网络进程
tail_anti tail_jqg 疑为病毒mm.exe 开的网络进程 是不是你的电脑是否中了病毒。如果是请留言我可以给你提供解决方法
附上”mm.exe”恶意行为
建立新档-
1.%System%\HDDGuard.dll (New Malware.ca [McAfee])
2.%System%\lssass.exe (Trojan-Downloader.Zlob.GEN [PCTools] New Malware.aj [McAfee])
3.[file and pathname of the sample #1] (Packed/NSPack [PCTools] New Malware.aq [McAfee])
载入系统服务-
1.lssass.exe
2.IEXPLORE.EXE
(以上均由HDDGuard.dll执行)
开启网络连接-
1.tail_anti:80
2.tail_jqg:80
从网路上下载档案-
hxxp://cnxz.kv8.info/images/xin.txt,里面包含如下恶意档案,并附有更新日期2008/1/25:
1.hxxp://444.sqmnoopt.com/xm/gx.exe
2.hxxp://2.kv8.info/xm/aa1.exe
3.hxxp://2.kv8.info/xm/aa2.exe
4.hxxp://2.kv8.info/xm/aa3.exe
5.hxxp://2.kv8.info/xm/aa4.exe
6.hxxp://2.kv8.info/xm/aa5.exe
7.hxxp://2.kv8.info/xm/aa6.exe
8.hxxp://2.kv8.info/xm/aa7.exe
9.hxxp://2.kv8.info/xm/aa8.exe
10.hxxp://2.kv8.info/xm/aa9.exe
11.hxxp://2.kv8.info/xm/aa10.exe
12.hxxp://2.kv8.info/xm/aa11.exe
13.hxxp://2.kv8.info/xm/aa12.exe
14.hxxp://2.kv8.info/xm/aa13.exe
15.hxxp://444.sqmnoopt.com/xm/aa14.exe
16.hxxp://444.sqmnoopt.com/xm/aa15.exe
17.hxxp://444.sqmnoopt.com/xm/aa16.exe
18.hxxp://444.sqmnoopt.com/xm/aa17.exe
19.hxxp://444.sqmnoopt.com/xm/aa18.exe
20.hxxp://444.sqmnoopt.com/xm/aa19.exe
21.hxxp://444.sqmnoopt.com/xm/aa20.exe
22.hxxp://444.sqmnoopt.com/xm/aa21.exe
23.hxxp://444.sqmnoopt.com/xm/aa22.exe
24.hxxp://444.sqmnoopt.com/xm/aa23.exe
25.hxxp://444.sqmnoopt.com/xm/aa24.exe
26.hxxp://444.sqmnoopt.com/xm/aa25.exe
安装Hook-
HDDGuard.dll
特殊行為-
会建立大量登录档来屏蔽非常多的安全软件
