关于“IGM.EXE”病毒紧急公告及解决方案 - 【 360病毒木马专区】 - 我是网管论坛

爱丽舍

认证会员

病毒木马

优秀会员

UID 242558
精华 1
积分 624
帖子 7516
MST币 18699 点
BST币 624 点赚取
阅读权限 150
注册 2004-9-19
来自保定
状态离线

#1

大中小

[ 使用道具 ]

发表于 2007-10-24 18:56 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

爱琴思邮件系统iGENUS V5.0

关于“IGM.EXE”病毒紧急公告及解决方案

本帖发表在我是网管论坛，帖子地址：http://bbs.54master.com/206136,1,1

近日发现IGM.EXE病毒大范围传播，很多网吧深受其害；大家务必引起重视。

目前发现该病毒不能够穿透还原，但是如果局域网内一有台中该病毒的话（如网游服务器）；整个局域网就会受到影响；甚至瘫痪

该病毒利用MAC地址欺骗进行局域网传播。木马程序发作的时候会发出大量的数据包导致局域网通讯拥塞，用户会感觉上网速度越来越慢，掉线；甚至无法上网，同时造成整个局域网的不稳定。拦截局域网用户打开的网页。加载hxxp://ask.35832.com/main.js从上面的网站下载木马盗号器，然后打开的网页会自动关闭。

IGM 病毒特征：
进程文件：IGM 或 IGM.exe
进程位置：%windir%\
程序名称：Troj_dl.Win32.Delf.IGM
程序用途：通过IE下载其他病毒，感染文件.盗取QQ.游戏帐号密码 ==
传播方式：局域网 IE
进程分析：该病毒修改注册表创建Run/WinSysM＝C:\WINDOWS\IGM.exe实现自启动，病毒可能在各盘符下会生成:auto.exe,autorun.inf。并可能将大量病毒模块*****MM.DLL注入进程SVCHOST.EXE开始大量下载木马病毒木马病毒自相残杀后在临时文件夹下随机生成病毒名并运行。
igm.exe病毒中毒症状：
1.MSconfig的启动项及进程里发现IGM.EXE
2.还自动启动保护
3.中毒的电脑劫持路由，修改MAC，IP，并不停的向局域网机器发MAC欺骗包

生成相关文件
系统
%windir%\igm.exe
%windir%\system32\rsjzbpm.dll
%windir%\system32\racvsvc.exe
%windir%\system32\drivers\svchost.exe
%windir%\cmdbcs.exe
%windir%\dbghlp32.exe
%windir%\nvdispdrv.exe
%windir%\upxdnd.exe
%windir%\AVPSrv.exe
%windir%\DiskMan32.exe
%windir%\Kvsc3.exe
%windir%\lqvytv.exe
%windir%\MsIMMs32.exe
%windir%\system32\cmdbcs.dll
%windir%\system32\dbghlp32.dll
%windir%\system32\upxdnd.dll
%windir%\system32\yfmtdiouaf.dll
c:\program files\microsoft activesync\rapiproxystub.dll
临时文件夹下\*.exe
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
   <upxdnd><%windir%\upxdnd.exe>
   <WinSysM><%windir%\IGM.exe>
   <NVDispDrv><%windir%\NVDispDrv.exe>
   <DbgHlp32><%windir%\DbgHlp32.exe>
   <cmdbcs><%windir%\cmdbcs.exe>
   <KVP><%windir%\system32\drivers\svchost.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
   <RavRuneip><%windir%\system32\RacvSvc.EXE yfmtdiouaf.dll,HHanMa>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   <AppInit_DLLs><rsjzbpm.dll>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
   <{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}><%windir%\system32\rsjzbpm.dll>

相关网站IP:
212.22.225.82
203.174.87.210
64.233.167.99
58.211.79.107
219.153.42.98
221.130.191.207
218.75.91.248
60.190.110.47
解决办法：
把下面代码保存成批处理通过欲留通道加载！

md %windir%\IGM.exe
md %windir%\IG.exe
md %windir%\IGW.exe
md %windir%\AVPSrv.exe
md %windir%\DiskMan32.exe
md %windir%\Kvsc3.exe
md %windir%\lqvytv.exe
md %windir%\MsIMMs32.exe
md %windir%\system32\racvsvc.exe
md %windir%\system32\drivers\svchost.exe
md %windir%\cmdbcs.exe
md %windir%\dbghlp32.exe
md %windir%\nvdispdrv.exe
md %windir%\upxdnd.exe
md %Temp%\QQSC.exe
md %Temp%\close.exe
md %Temp%\tomons.exe
ATTRIB +R +H +S %windir%\IGM.exe
ATTRIB +R +H +S %windir%\IG.exe
ATTRIB +R +H +S %windir%\IGW.exe
ATTRIB +R +H +S %windir%\system32\racvsvc.exe
ATTRIB +R +H +S %windir%\system32\drivers\svchost.exe
ATTRIB +R +H +S %windir%\cmdbcs.exe
ATTRIB +R +H +S %windir%\dbghlp32.exe
ATTRIB +R +H +S %windir%\nvdispdrv.exe
ATTRIB +R +H +S %windir%\upxdnd.exe
ATTRIB +R +H +S %windir%\AVPSrv.exe
ATTRIB +R +H +S %windir%\DiskMan32.exe
ATTRIB +R +H +S %windir%\Kvsc3.exe
ATTRIB +R +H +S %windir%\lqvytv.exe
ATTRIB +R +H +S %windir%\MsIMMs32.exe
ATTRIB +R +H +S %Temp%\QQSC.exe
ATTRIB +R +H +S %Temp%\close.exe
ATTRIB +R +H +S %Temp%\tomons.exe
echo y| CACLS %windir%\IGM.exe /c /p everyone:n
echo y| CACLS %windir%\IG.exe /c /p everyone:n
echo y| CACLS %windir%\IGW.exe /c /p everyone:n
echo y| CACLS %windir%\system32\racvsvc.exe /c /p everyone:n
echo y| CACLS %windir%\system32\drivers\svchost.exe /c /p everyone:n
echo y| CACLS %windir%\cmdbcs.exe /c /p everyone:n
echo y| CACLS %windir%\dbghlp32.exe /c /p everyone:n
echo y| CACLS %windir%\nvdispdrv.exe /c /p everyone:n
echo y| CACLS %windir%\upxdnd.exe /c /p everyone:n
echo y| CACLS %windir%\AVPSrv.exe /c /p everyone:n
echo y| CACLS %windir%\DiskMan32.exe /c /p everyone:n
echo y| CACLS %windir%\Kvsc3.exe /c /p everyone:n
echo y| CACLS %windir%\lqvytv.exe /c /p everyone:n
echo y| CACLS %windir%\MsIMMs32.exe /c /p everyone:n
echo y| CACLS %Temp%\QQSC.exe /c /p everyone:n
echo y| CACLS %Temp%\close.exe /c /p everyone:n
echo y| CACLS %Temp%\tomons.exe /c /p everyone:n
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IGM.exe" /v debugger /t reg_sz /d debugfile.exe /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IG.exe" /v debugger /t reg_sz /d debugfile.exe /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe" /v debugger /t reg_sz /d debugfile.exe /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kvsc3.exe" /v debugger /t reg_sz /d debugfile.exe /f

在这病毒横行的年代，网络没有绝对的安全；因为总是先有“魔”后有“道”，安全一定是“适度的”。但是，我们并不能因此放任自流，维持“适度”安全离不开建立一套完整的管理和技术保障体系。

转自http://hi.baidu.com/nndewo/blog/item/16e63e1f984fa5cba6866954.html

[ 点这里复制网址，推荐给你QQ/MSN上的好友们! ]

本站声明：以上内容由网友 爱丽舍 提供，与54master立场无关！

[ 顶部 ]

jacky_lee

版主

Windows操作系统

UID 530787
精华 4
积分 1766
帖子 3008
MST币 20637 点
BST币 1766 点赚取
阅读权限 180
注册 2007-6-14
状态离线

#2

大中小

[ 使用道具 ]

发表于 2007-10-24 19:07 [ 资料 ] [ 博客 ] [ 主页 ] [ 短消息 ] [ 加为好友 ]

可恨的病毒啊

本站声明：以上内容由网友 jacky_lee 提供，与54master立场无关！

热爱生活让她变的更充实

[ 顶部 ]

vivaboom

学徒网管

UID 532033
精华 0
积分 45
帖子 168
MST币 721 点
BST币 45 点赚取
阅读权限 60
注册 2007-6-17
状态离线

#3

大中小

[ 使用道具 ]

发表于 2007-10-24 19:21 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

今早没事做，已在服务机上添加，客户机全部更新了IFEO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0sy.exe]
<IFEO[0sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1.com]
<IFEO[1.com]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1.exe]
<IFEO[1.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\10sy.exe]
<IFEO[10sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\11sy.exe]
<IFEO[11sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1sy.exe]
<IFEO[1sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\2sy.exe]
<IFEO[2sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3sy.exe]
<IFEO[3sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\4sy.exe]
<IFEO[4sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\5sy.exe]
<IFEO[5sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6sy.exe]
<IFEO[6sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7sy.exe]
<IFEO[7sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8sy.exe]
<IFEO[8sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9sy.exe]
<IFEO[9sy.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ab6a.exe]
<IFEO[ab6a.exe]><c:\P2P下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\abc.exe]
<IFEO[abc.exe]><c:\P2P下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\biget.exe]
<IFEO[biget.exe]><c:\BT下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bigetloader.exe]
<IFEO[bigetloader.exe]><c:\BT下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitComet.exe]
<IFEO[BitComet.exe]><c:\BT下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitSpirit.exe]
<IFEO[BitSpirit.exe]><c:\P2P下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\byetmr.exe]
<IFEO[byetmr.exe]><c:\P2P下载>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdnup.exe]
<IFEO[cdnup.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.dll]
<IFEO[cmd.dll]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.exe]
<IFEO[cmdbcs.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe]
<IFEO[csrss.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\devgt.exe]
<IFEO[devgt.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuduAcc]
<IFEO[DuduAcc]><c:\DUDU下载工具>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dudupros.exe]
<IFEO[dudupros.exe]><c:\DUDU下载工具>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\duduprosvc.exe]
<IFEO[duduprosvc.exe]><c:\DUDU下载工具>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eexplore.exe]
<IFEO[eexplore.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expl0rer.exe]
<IFEO[expl0rer.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashBT.exe]
<IFEO[FlashBT.exe]><c:\变态快车>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flashget.exe]
<IFEO[flashget.exe]><c:\flashget.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gamesetup.exe]
<IFEO[gamesetup.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\genprotect.exe]
<IFEO[genprotect.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gg.exe]
<IFEO[gg.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexpl0re.exe]
<IFEO[iexpl0re.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexpl0rer.exe]
<IFEO[iexpl0rer.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IGM.exe]
<IFEO[IGM.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internet.exe]
<IFEO[internet.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kamun.exe]
<IFEO[Kamun.exe]><c:\下载类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsc3.exe]
<IFEO[kvsc3.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatlog.exe]
<IFEO[kwatlog.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1.exe]
<IFEO[Logo1.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
<IFEO[Logo1_.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
<IFEO[Logo_1.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mhs2.exe]
<IFEO[mhs2.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msimms32.exe]
<IFEO[msimms32.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSRundll.exe]
<IFEO[MSRundll.exe]><c:\远程>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstsc.exe]
<IFEO[mstsc.exe]><c:\远程>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVDispDrv.exe]
<IFEO[NVDispDrv.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvscv32.exe]
<IFEO[nvscv32.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\p2psvr.exe]
<IFEO[p2psvr.exe]><c:\搜狗下载器.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\p4psvr.exe]
<IFEO[p4psvr.exe]><c:\搜狗下载器.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Poco2004.exe]
<IFEO[Poco2004.exe]><c:\下载类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pp.exe]
<IFEO[pp.exe]><c:\PP点点通.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pplive.exe]
<IFEO[pplive.exe]><c:\搜狗下载器.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqfo1.0_dl.exe]
<IFEO[qqfo1.0_dl.exe]><c:\P2P类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Robocop.exe]
<IFEO[Robocop.exe]><c:\网络执法官.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rund1132.exe]
<IFEO[rund1132.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundl132.exe]
<IFEO[rundl132.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RUNDLL2KXP.exe]
<IFEO[RUNDLL2KXP.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rx.exe]
<IFEO[rx.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rx2s.exe]
<IFEO[rx2s.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rxs3.exe]
<IFEO[rxs3.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SixthSense.exe]
<IFEO[SixthSense.exe]><c:\QQ第六感.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spcolsv.exe]
<IFEO[spcolsv.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoclsv.exe]
<IFEO[spoclsv.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppoolsv.exe]
<IFEO[sppoolsv.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperLANadmin.exe]
<IFEO[SuperLANadmin.exe]><c:\破坏类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe]
<IFEO[svch0st.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosi.exe]
<IFEO[svchosi.exe]><c:\病毒类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost32.exe]
<IFEO[svchost32.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWCHOST.exe]
<IFEO[SWCHOST.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe]
<IFEO[system.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemm.exe]
<IFEO[systemm.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemt.exe]
<IFEO[systemt.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemt32.exe]
<IFEO[systemt32.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder.exe]
<IFEO[Thunder.exe]><c:\讯雷.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TuoTu.exe]
<IFEO[TuoTu.exe]><c:\P2P类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upxdnd.exe]
<IFEO[upxdnd.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vagaa.exe]
<IFEO[Vagaa.exe]><c:\哇嘎>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webThunder.exe]
<IFEO[webThunder.exe]><c:\讯雷.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winform.exe]
<IFEO[winform.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winl0gon.exe]
<IFEO[winl0gon.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlog0n.exe]
<IFEO[winlog0n.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe]
<IFEO[winlogin.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogOn.exe]
<IFEO[winlogOn.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPcap.exe]
<IFEO[WinPcap.exe]><c:\破坏类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPcap30.exe]
<IFEO[WinPcap30.exe]><c:\破坏类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wl.exe]
<IFEO[wl.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wls3.exe]
<IFEO[wls3.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlzs.exe]
<IFEO[wlzs.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wowexec.tmp]
<IFEO[wowexec.tmp]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ycnt_nt2.exe]
<IFEO[ycnt_nt2.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yuyuyu.exe]
<IFEO[yuyuyu.exe]><c:\下载类.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zaq5.exe]
<IFEO[zaq5.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zt.exe]
<IFEO[zt.exe]><c:\熊猫烧香>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zts2.exe]
<IFEO[zts2.exe]><c:\熊猫烧香>  [N/A]

[ 本帖最后由 vivaboom 于 2007-10-24 19:24 编辑 ]

本站声明：以上内容由网友 vivaboom 提供，与54master立场无关！

[ 顶部 ]

LG362423

学徒网管

UID 408937
精华 0
积分 0
帖子 208
MST币 241 点
BST币 0 点赚取
阅读权限 60
注册 2006-7-10
来自江西
状态离线

#4

大中小

[ 使用道具 ]

发表于 2007-10-24 19:31 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

晚上我这就有台机子中了这个毒.

本站声明：以上内容由网友 LG362423 提供，与54master立场无关！

[ 顶部 ]

彬De葬礼

学徒网管

UID 602137
精华 0
积分 21
帖子 515
MST币 441 点
BST币 21 点赚取
阅读权限 60
注册 2007-10-24
来自龙岩
状态离线

#5

大中小

[ 使用道具 ]

发表于 2007-10-24 20:57 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

我们这倒是没碰到...
值得注意~~!

本站声明：以上内容由网友 彬De葬礼 提供，与54master立场无关！

54是展现自我的舞台
54是相互交流,相互提高,寻求帮助的平台
BST是我追逐的目的

[ 顶部 ]

彬De葬礼

学徒网管

UID 602137
精华 0
积分 21
帖子 515
MST币 441 点
BST币 21 点赚取
阅读权限 60
注册 2007-10-24
来自龙岩
状态离线

#6

大中小

[ 使用道具 ]

发表于 2007-10-24 21:13 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

收下了....
我是倒回来看的哦!

本站声明：以上内容由网友 彬De葬礼 提供，与54master立场无关！

54是展现自我的舞台
54是相互交流,相互提高,寻求帮助的平台
BST是我追逐的目的

[ 顶部 ]

CTLCJ

初级网管

UID 386470
精华 0
积分 189
帖子 887
MST币 1400 点
BST币 189 点赚取
阅读权限 80
注册 2006-5-31
来自江苏
状态离线

#7

大中小

[ 使用道具 ]

发表于 2007-10-24 21:41 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

斑竹果然及时,坛子里很多人反映中了这玩意儿.

本站声明：以上内容由网友 CTLCJ 提供，与54master立场无关！

其实我会用签名 REGA

[ 顶部 ]

bunimu

版主

病毒木马

UID 86493
精华 0
积分 283
帖子 1837
MST币 5722 点
BST币 283 点赚取
阅读权限 180
注册 2004-10-16
状态离线

#8

大中小

[ 使用道具 ]

发表于 2007-10-25 07:41 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

支持啊。呵呵~》》

本站声明：以上内容由网友 bunimu 提供，与54master立场无关！

日志工具的地址。下载后扫描然后上传日志
如果问题已经解决，请在标题处编辑“已解决”~

[ 顶部 ]

evil27

学徒网管

UID 576467
精华 0
积分 15
帖子 158
MST币 397 点
BST币 15 点赚取
阅读权限 60
注册 2007-9-6
来自重庆南岸区
状态离线

#9

大中小

[ 使用道具 ]

发表于 2007-10-25 09:48 [ 资料 ] [ 博客 ] [ 主页 ] [ 短消息 ] [ 加为好友 ]

呵呵，我应该是最早中这个毒吧，前一个月前就中了~``麦咖啡没有杀出来，最后用手工加麦咖啡加WINDOWS清理助手搞定了。费了不少时间~~``NND

本站声明：以上内容由网友 evil27 提供，与54master立场无关！

[ 顶部 ]

x10757u

学徒网管

UID 283995
精华 0
积分 13
帖子 277
MST币 1150 点
BST币 13 点赚取
阅读权限 60
注册 2006-4-17
状态离线

#10

大中小

[ 使用道具 ]

发表于 2007-10-25 19:53 [ 资料 ] [ 博客 ] [ 短消息 ] [ 加为好友 ]

苦啊！我这前段时间重装计费系统有几台机子忘了关冰点，连续两天都在八点钟以后掉线，我快疯了，目前只找出几台机子有，不知道今天晚上会怎么样。

本站声明：以上内容由网友 x10757u 提供，与54master立场无关！

流浪的鱼！,游啊游啊游啊游......游到奈何桥!

[ 顶部 ]

打印 \| 推荐 \| 订阅 \| 收藏标题: [病毒讨论] 关于“IGM.EXE”病毒紧急公告及解决方案 (查看:1753 回复:25)
本主题由 System 于 2007-12-31 05:00 解除限时高亮