科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网安全频道TAIL_JQG病毒分析以及查杀方法

TAIL_JQG病毒分析以及查杀方法

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

本文介绍了TAIL_JQG病毒症状以及查杀方法。

来源:ZDNet安全频道整理 2008年7月31日

关键字: TAIL_JQG病毒 TAIL_JQG专杀 TAIL_JQG查杀 TAIL_JQG

  • 评论
  • 分享微博
  • 分享邮件

TAIL_JQG病毒情况分析:

建立新档-
1.%System%\HDDGuard.dll (New Malware.ca )
2.%System%\lssass.exe (Trojan-Downloader.Zlob.GEN [PCTools] New Malware.aj )
3.[file and pathname of the sample #1]

TAIL_JQG专杀方法清除步骤:

TAIL_JQG专杀方法清除步骤
1.关闭系统还原功能,重启电脑进入安全模式;
2.下载killbox(本站首页有免费版下载)及SRENG(注册表清理),删除病毒文件及注册表键值: TAIL_JQG专杀方法

TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\lssass.exe.
TAIL_JQG病毒文件 C:\_uninsep.bat.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys.
TAIL_JQG病毒文件 C:\WINDOWS\SYSTEM32\HDDGuard.dll.

注册表文件
  "HKLM\System\CurrentControlSet\Services\DeepFree Update".
  "ImagePath"="C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys" in key "HKLM\System\CurrentControlSet\Services\DeepFree Update".
  "DisplayName"="DeepFree Update" in key "HKLM\System\CurrentControlSet\Services\DeepFree Update".
  "HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
  "ImagePath"="C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys" in key "HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
  "DisplayName"="ATI2HDDSRV" in key "HKLM\System\CurrentControlSet\Services\ATI2HDDSRV".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avp.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avp.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\runiep.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\runiep.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\PFW.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\PFW.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\FYFireWall.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\FYFireWall.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwmain.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwmain.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwsrv.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\rfwsrv.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KAVPF.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KAVPF.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KPFW32.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\KPFW32.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32kui.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32kui.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32.exeNavapsvc.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\nod32.exeNavapsvc.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Navapw32.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Navapw32.exe".
  "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avconsol.exe".
  "Debugger"="ntsd -d" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\avconsol.exe".

Windows服务 C:\WINDOWS\SYSTEM32\drivers\pcihdd2.sys".
进程 "C:\WINDOWS\SYSTEM32\lssass.exe".
* Creates a mutex 2008-1-25.
Windows服务C:\WINDOWS\SYSTEM32\drivers\ati32srv.sys".
进程C:\Program Files\Internet Explorer\iexplore.exe"TAIL_ANTI".
进程C:\Program Files\Internet Explorer\iexplore.exe"TAIL_JQG".

    • 评论
    • 分享微博
    • 分享邮件
          VIP专区
          邮件订阅

          如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

          重磅专题
          往期文章
          最新文章

          业界热点:

          北京第二十六维信息技术有限公司(至顶网)版权所有. 京ICP备15039648号-7 京ICP证161336号 京公网安备 11010802021500号