事件始末
如果你收到一張帶有《汶川速遞》的圖片檔案。在任何環境下都不要打開它,且立即刪除它。如果你打開了它,你會失去個人電腦上的一切東西。這是一個新的病毒,已經確認了它的危險性,而防毒軟體不能清除它。他的目標是摧毀個人電腦。 這是最近在QQ群,百度貼吧廣泛轉發的一個帖子。
電腦病毒病毒檔案
汶川速遞考證結果如下:
將產生的病毒檔案為fmsbbqi.dll/exe, yuiabct.exe/dll, bincdwsa.dll/exe, winsvr64.dll/exe,ptshell.exe/dll,dionpis.exe/dll,ticisms.exe/dll
病毒檔案在windows/system32\ msosdrop00.dll, msosfmsq00.dll, msoscqit00.dll, msosdohs00.dll, nicozftp00.dll, msosping00.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "AppInit_Dlls"=hex(2):6d,00,73,00,6f,00,73,00,64,00,72,00,6f,00,70,00,30,00,30,\ 00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,66,00,6d,00,73,00,\ 71,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,63,\ 00,71,00,69,00,74,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,\ 6f,00,73,00,64,00,6f,00,68,00,73,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,\ 00,6e,00,69,00,63,00,6f,00,7a,00,66,00,74,00,70,00,30,00,30,00,2e,00,64,00,\ 6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,70,00,69,00,6e,00,67,00,30,00,30,\ 00,2e,00,64,00,6c,00,6c,00,00,00
在安全模式下無法刪除.在cmd 下用命令導出進程所調用的Dll檔案.只有 system idle process 0 暫缺 System 4 暫缺 smss.exe 796 ntdll.dll csrss.exe 852 ntdll.dll, CSRSRV.dll, basesrv.dll, winsrv.dll, USER32.dll, KERNEL32.dll, gdi32.dll, lpk.dll, usp10.dll, msvcrt.dll, ADVAPI32.dll, RPCRT4.dll, sxs.dll 這幾個進程沒有調用以上病毒檔案. 其他全部調用.
破解方法:在msosdrop00.dll, msosfmsq00.dll, msoscqit00.dll, msosdohs00.dll, nicozftp00.dll, msosping00.dll這個幾檔案右鍵屬性.安全項.把所有用戶的許可權都設為拒絕讀取與運行. 重啟電腦就可以刪除了.再到註冊表里清除一下.就OK 了.
如果你的磁碟格式為FAT32,這種格式是不能設定安全配置的,需要轉換成NTFS格式才行 命令: convert c: /fs:ntfs (c:代表c盤)
