扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
来源:ZDNet安全频道整理 2008年7月31日
TAIL_JQG病毒情况分析:
建立新档-
1.%System%\HDDGuard.dll (New Malware.ca )
2.%System%\lssass.exe (Trojan-Downloader.Zlob.GEN [PCTools] New Malware.aj )
3.[file and pathname of the sample #1]
TAIL_JQG专杀方法清除步骤:
TAIL_JQG专杀方法清除步骤
1.关闭系统还原功能,重启电脑进入安全模式;
2.下载killbox(本站首页有免费版下载)及SRENG(注册表清理),删除病毒文件及注册表键值: TAIL_JQG专杀方法
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\lssass.exe.
TAIL_JQG病毒文件 C:\_uninsep.bat.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\HDDGuard.dll.
注册表文件
"HKLM\System\CurrentControlSet\Services\DeepFree Update".
"ImagePath"="C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys" in key "HKLM\System\CurrentControlSet\Services\DeepFree Update".
"DisplayName"="DeepFree Update" in key "HKLM\System\CurrentControlSet\Services\DeepFree Update".
"HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
"ImagePath"="C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys" in key "HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
"DisplayName"="ATI2HDDSRV" in key "HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avp.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avp.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\runiep.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\runiep.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\PFW.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\PFW.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\FYFireWall.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\FYFireWall.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwmain.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwmain.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwsrv.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwsrv.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KAVPF.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KAVPF.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KPFW32.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KPFW32.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32kui.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32kui.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32.exeNavapsvc.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32.exeNavapsvc.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Navapw32.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Navapw32.exe".
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avconsol.exe".
"Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avconsol.exe".
Windows服务 C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys".
进程 "C:\WINDOWS\SYSTEM32\lssass.exe".
* Creates a mutex 2008-1-25.
Windows服务C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys".
进程C:\Program Files\Internet Explorer\iexplore.exe"TAIL_ANTI".
进程C:\Program Files\Internet Explorer\iexplore.exe"TAIL_JQG".
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。