开发学院网络安全安全技术 9348.cn流氓分析及查杀 阅读

9348.cn流氓分析及查杀

 2010-04-26 00:00:00 来源:WEB开发网   
核心提示: 00005df0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ...............00005bc0h: 7C F7 52 80 00 D7 55 80 5C 00 52 00 65 00 67 00 ; |鱎 .譛 \.R.e.g.

00005df0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ; ...............

00005bc0h: 7C F7 52 80 00 D7 55 80 5C 00 52 00 65 00 67 00 ; |鱎 .譛 \.R.e.g.

00005bd0h: 69 00 73 00 74 00 72 00 79 00 5C 00 4D 00 61 00 ; i.s.t.r.y.\.M.a.

00005be0h: 63 00 68 00 69 00 6E 00 65 00 5C 00 53 00 79 00 ; c.h.i.n.e.\.S.y.

00005bf0h: 73 00 74 00 65 00 6D 00 5C 00 43 00 75 00 72 00 ; s.t.e.m.\.C.u.r.

00005c00h: 72 00 65 00 6E 00 74 00 43 00 6F 00 6E 00 74 00 ; r.e.n.t.C.o.n.t.

00005c10h: 72 00 6F 00 6C 00 53 00 65 00 74 00 5C 00 53 00 ; r.o.l.S.e.t.\.S.

00005c20h: 65 00 72 00 76 00 69 00 63 00 65 00 73 00 5C 00 ; e.r.v.i.c.e.s.\.

00005c30h: 6A 00 75 00 64 00 63 00 64 00 73 00             ; j.u.d.c.d.s.

Atool 擦除文件oanth.sys 重启后干掉 ,世界又恢复了,期间用了360扫描,把我的comres.dll和sptd.sys都干掉了 晕,这个9348.cn的驱动名字变化好像挺多的,看来还是要东特征码了 内核内存查杀

手动解决方法是把这个驱动对应的注册表启动项目judcds 干掉,

竟然发现了一篇帖子讲的用

http://musicao.blogbus.com/logs/41134745.html

9348.cn 流氓

不知道这个流氓下一步是不是就要保护它的注册表启动项了 或者关机回写。。。

另外驱动中还有如下一些域名

2548.cn   2345.com 3929.cn 6700.cn kzxf.cn kz123.cn

00005827h: 00 32 00 33 00 34 00 35 00 2E 00 63 00 6F 00 6D ; .2.3.4.5...c.o.m

00005837h: 00 00 00 00 00 32 00 36 00 35 00 2E 00 63 00 6F ; .....2.6.5...c.o

00005847h: 00 6D 00 00 00 68 00 61 00 6F 00 31 00 32 00 33 ; .m...h.a.o.1.2.3

00005857h: 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 62 00 61 ; ...c.o.m.....b.a

00005867h: 00 69 00 64 00 75 00 2E 00 63 00 6F 00 6D 00 00 ; .i.d.u...c.o.m..

00005877h: 00 77 00 77 00 77 00 2E 00 67 00 6F 00 6F 00 67 ; .w.w.w...g.o.o.g

00005887h: 00 6C 00 65 00 2E 00 63 00 6E 00 00 00 77 00 77 ; .l.e...c.n...w.w

00005897h: 00 77 00 2E 00 36 00 37 00 30 00 30 00 2E 00 63 ; .w...6.7.0.0...c

000058a7h: 00 6E 00 00 00 77 00 77 00 77 00 2E 00 6B 00 7A ; .n...w.w.w...k.z

000058b7h: 00 78 00 66 00 2E 00 6E 00 65 00 74 00 00 00 00 ; .x.f...n.e.t....

000058c7h: 00 77 00 77 00 77 00 2E 00 33 00 39 00 32 00 39 ; .w.w.w...3.9.2.9

000058d7h: 00 2E 00 63 00 6E 00 00 00 77 00 77 00 77 00 2E ; ...c.n...w.w.w..

000058e7h: 00 32 00 35 00 34 00 38 00 2E 00 63 00 6E 00 00 ; .2.5.4.8...c.n..

000058f7h: 00 77 00 77 00 77 00 2E 00 6B 00 7A 00 31 00 32 ; .w.w.w...k.z.1.2

00005907h: 00 33 00 2E 00 63 00 6E 00 00 00 00 00 77 00 77 ; .3...c.n.....w.w

00005917h: 00 77 00 2E 00 39 00 33 00 34 00 38 00 2E 00 63 ; .w...9.3.4.8...c

00005927h: 00 6E 00 00 00 77 00 77 00 77 00 2E 00 37 00 32 ; .n...w.w.w...7.2

00005937h: 00 34 00 31 00 2E 00 63 00 ; .4.1...c.

上一页  1 2 3 

Tags:cn 流氓 分析

编辑录入:爽爽 [复制链接] [打 印]
[]
  • 好
  • 好的评价 如果觉得好,就请您
      0%(0)
  • 差
  • 差的评价 如果觉得差,就请您
      0%(0)
赞助商链接