wuauclt.ex
在Windows下使
0
2007/10/21 
10:52 
899
郁闷啊,现在的病毒怎么这么泛滥啊,前几天有个IGM的,今天差点混淆了!!网上的日子也不好飘啊,还是先改了镜像的后缀再说,不然那天给我删除了和感染了,我就草了!!
文件名称: IGW.exe
文件大小: 68913 字节
MD5: 39C920088E5D153C6D2E72613B0E460C
加壳: N/A
编写语言: Delphi
病毒名: kaspersky: Trojan-PSW.Win32.OnLineGames.eif
rising: N/A
duba: N/A
详细资料:
文件变化:
释放文件
%WINDOWS%\IGW.exe
%WINDOWS%\338448WO.DLL
病毒创建启动项:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys"="%WINDOWS%\IGW.exe"
添加注册表:
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="%WINDOWS%\UUUUU12999"
igw.exe病毒清除方法:
1. 结束进程
%WINDOWS%\IGW.exe
2. 删除病毒创建的注册表项
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys"="%WINDOWS%\IGW.exe
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="%WINDOWS%\UUUUU12999"
3. 删除病毒释放的文件
%WINDOWS%\IGW.exe
%WINDOWS%\338448WO.DLL
文件名称: IGW.exe
文件大小: 68913 字节
MD5: 39C920088E5D153C6D2E72613B0E460C
加壳: N/A
编写语言: Delphi
病毒名: kaspersky: Trojan-PSW.Win32.OnLineGames.eif
rising: N/A
duba: N/A
详细资料:
文件变化:
释放文件
%WINDOWS%\IGW.exe
%WINDOWS%\338448WO.DLL
病毒创建启动项:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys"="%WINDOWS%\IGW.exe"
添加注册表:
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="%WINDOWS%\UUUUU12999"
igw.exe病毒清除方法:
1. 结束进程
%WINDOWS%\IGW.exe
2. 删除病毒创建的注册表项
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys"="%WINDOWS%\IGW.exe
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="%WINDOWS%\UUUUU12999"
3. 删除病毒释放的文件
%WINDOWS%\IGW.exe
%WINDOWS%\338448WO.DLL
收藏本文到网摘:
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,left=50,top=50status=no,resizable=yes'));keyit.focus();){kind=logo}
