大小: 24576 字节
_^7:5P��[� 文件版本: 5.2600.2180
zb$�>� jhI 修改时间: 2006年9月24日, 22:18:38
#B�+#Bx@@ MD5: CBDCF0AB0561540891A3E466147A4CE4
�^}lt�c��K SHA1: C3AC9EDF18A70304DEDE80AEABC0CA86AE9FED64
Cz&���^=>� CRC32: CD11CF59
$M�����[| R�\]/�o,�� 测试系统WINDOWS2000
YW�i&V~~f; 病毒发作过程:
jZLiR�=[L( 写入文件项
*@0�&�~��1 C:\Documents and Settings\XXX\Local Settings\Temp\~DF1244.tmp
$�p>/6=de: C:\Documents and Settings\XXX\Local Settings\Temp\~DF6AE.tmp
�T AX[go(T C:\WINNT\system32\EXPLORER.EXE
&>�\+u`Q$� C:\WINNT\system32\wsctf.exe
uM{,I���'� �##':}�1*e 病毒开启进程:
G&�a42;x�Q C:\WINNT\system32\EXPLORER.EXE
�tBE���$�9 C:\WINNT\system32\wsctf.exe
9~~cw��� Z >Psx�y�g36 注册表动作
]UYT1rYJCP HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run
@�0�%ho9[ HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon
Eh3'<A|@'K �2�RTt�+12 简单清除方法:
�_~hQ!?/�q 首先用组合键CTRL+ALT+DEL调出WINDOWS任务栏管理器
/*
N�� }�� 结束病毒进程EXPLORER.EXE,wsctf.exe
4�U8'��Z|� 然后删除病毒创建的文件EXPLORER.EXE,wsctf.exe
���i=a�gE� 清空C:\Documents and Settings\XXX\Local Settings\Temp目录临时文件。
9�{=-7�r�` 最后清除病毒注册信息。
Gy>A^:Ts"@ 完成。
[$J<1Z�AC X";K$�jN#t File: wsctf.exe
�_+TO�8;�B Status: INFECTED/MALWARE
�0��1�l.k MD5: cbdcf0ab0561540891a3e466147a4ce4
*rf@1=yh�� Packers detected: -
�Vg"kP�(�� Bit9 reports: Not analyzed yet (more info)
zVP, E�l{k �wM|[�G�oF Scanner results
8`�<Di1;%8 Scan taken on 10 Oct 2007 12:42:47 (GMT)
�}-�;^-�!� A-Squared Found nothing
~�Wd�|0\�l AntiVir Found TR/VB.HM
3|�#�yG�/u ArcaVir Found nothing
h@*xZ&%kC� Avast Found Win32:Looked-B
8g8M,�nRB� AVG Antivirus Found Worm/VB.AEM
)|^@�)fT-( BitDefender Found Win32.Worm.WTC
z�\?3Cc�sF ClamAV Found nothing
86x�z:�3`- CPsecure Found nothing
Is}�wa)��$ Dr.Web Found Win32.HLLW.Wtc
Gl>!!<-�VE F-Prot Antivirus Found W32/Legendmir.CTS
��|zh�{[�p F-Secure Anti-Virus Found Virus.Win32.VB.bu
�@lan�v;> Fortinet Found W32/LegendMir.CTS!tr.pws
=hpb/&Ty`Y Kaspersky Anti-Virus Found Virus.Win32.VB.bu
$,"���"U�� NOD32 Found Win32/VB.NIH
S.FK�]#Z]� Norman Virus Control Found W32/VBTroj.DVI
$JG �%
D}[ Panda Antivirus Found Trj/VB.SG
L�Bu|Sj�aS Rising Antivirus Found Trojan.PSW.SBoy.b
mqqwV�>�"* Sophos Antivirus Found Troj/VB-DBU
3sRh�&
L VirusBuster Found nothing
�,A��x�Vn� VBA32 Found Virus.Win32.VB.bu
1>�Ux�9�._ !��[(pE�M 病毒样本位置:
Gt�kU�c*ku http://avfbbs.80port.net/read.php?tid=18399
