公司的香港服务器又重毒了,启动项中有一个DLL9DSYS.EXE ,Baidu搜索查不到任何结果,Google搜索出一堆英文资料。
下面是我搜索到的信息:
-----------------------------------------------------------------------
W32/Sdbot-HZ
Aliases
Backdoor.IRCBot.gen, W32/Sdbot.worm.gen.i
Type
Win32 worm
Description
W32/Sdbot-HZ is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote access
to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-HZ copies itself to the Windows system folder as
DLL9DSYS.EXE and creates entries in the registry at the following locations to
run itself on system startup:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
More: http://www.sophos.com/virusinfo/analyses/w32sdbothz.html
Posted by: Marianna Schmudlach Posted on: 04/30/2004 9:05
-----------------------------------------------------------------------
怪不得直接在HKLM下的RUN和RunServices中删除了启动项,重启后还会有。原来还要删除HKCU下的相关键值,以前还一直不知道。
了解这些字:新的意思 病的意思 毒的意思 介的意思 绍的意思