临时发布一个 最新病毒的公告 目前网上 没有有效方案 完全自我分析(第三次更新 果然是

MYV3 木马清道夫 360安全以上三款 无效
瑞星 江民什么的写注册表太恶心 没测

具体这个病毒做什么的 不知道..还没等他发作就被我歼灭了..

病毒来源大概是 俺看电影的时候中的
有可能是电影附带的..

症状是 自动写启动项
而且反复删删不掉
并且 每次生成随即的一个新病毒模块组
名称自动变更

根据我的观测发现 在注册表中 关联了一个old.com的东西 具体是网站还是什么 没测
下面连接了 几个病毒的EXE 除了有一个被我杀了外 其他的..

agetltys.exe 原始病毒名称 这个是在win/sys32下
new.exe 自运行型病毒 发作后生成主要核心 C盘跟目录下
BCCBBD.exe 罪魁祸首 这个完仍啊  连续发作啊 第一次在 WWW8886888/XXXX/XXX/的启动文件夹下
第二次 ALL USER的启动文件夹下

这个部分只是迷惑人心的

他把病毒原形藏匿在 C:\Program Files\Common Files\Microsoft Shared\MSInfo 一个
C:\Program Files\Common Files\system一个 每个文件下都是完整的一套
病毒具有强里的感染性  发作时伪装成两个 BCD1B7BC.hlp文件
另外一个是71BCBBDC.chm文件

再生性也很强 根据鄙人的模块分析后得到一个结论

基本上把他附带的那个模块 (我看到的是2个)全部加载到系统中
最可恶的一点 在安全模式杀不掉 需要在普通模式下把模块组变更名称 然后进入安全模式删除
71BCBBDC.dat 一般的 只要删目录下的这个文件 他就会暂时停止运行

我所看到的发作效果是 自动关闭QQ?就这一点能耐?

其他的没看到目前..

截止发稿时..刚点了一下 病毒..结果又运行了..

好强的能力 ..如果又有新的发现我会随时更新的

以下更新部分 果然是来感染QQ的

Microsoft Windows XP Service Pack 2 [Build 5.1.2600]

t!8 15.75.440  3FF2317230C8957DD86A490DF98E44EA
-----------------------------------
Type: EXCEPTION_ACCESS_VIOLATION
Address: 0x0128204F
Error: Write address 0x012A1394

Call stack:
0x01280000[204F] BCD1B7BC.dll: (1244176,19413017,24,14)
0x01280000[24FB] BCD1B7BC.dll: (1244648,19430201,1244212,0)
0x01280000[7A7B] BCD1B7BC.dll: (262144,1244304,1244280,2010279494)
0x01280000[7BFB] BCD1B7BC.dll: (0,0,1244304,0)
0x77D10000[16E46] USER32.dll: (262144,0,1244304,19430352)
0x77D10000[3F180] USER32.dll: (8499400,2,0,0)
0x77D10000[B3B4] USER32.dll: (1244376,24,8499400,2)
0x7C920000[EAE3] ntdll.dll: (1434040,0,1989738496,1244468)
0x76990000[49768] ole32.dll: (0,1,0,1989738496)
0x76990000[7619D] ole32.dll: (1989738496,0,1,0)
0x76990000[12109] ole32.dll: (1989738496,0,1,2435848)
0x7C920000[11A7] ntdll.dll: (1989812417,1989738496,0,1)
0x7C920000[23F31] ntdll.dll: (3276853,1,0,0)
0x7C800000[1CA3E] kernel32.dll: (0,2011755440,-1,1244940)
0x7C800000[1CAB6] kernel32.dll: (0,1244956,2009112184,0)
0x77BE0000[29D45] msvcrt.dll: (0,1385269,1244976,2009112208)
0x77BE0000[29E78] msvcrt.dll: (0,0,0,1245120)
0x77BE0000[29E90] msvcrt.dll: (0,3276853,3276850,2147344384)
0x00400000[761BD] QQ.exe: (3276853,3276850,2147344384,-2141958659)
0X7C800000[16D4F] kernel32.dll: (2088856920,0,0,0)
0X7C800000[399F3] kernel32.dll: (0,0,0,0)


Modules:
-----------------------------------
[ 0x00400000 ] D:\Program Files\Tencent\qq\QQ.exe [0.0.0.0,2006-09-07 12:20:49]
[ 0x00570000 ] D:\Program Files\Tencent\qq\QQHelperDll.dll [1.0.0.1,2006-08-23 10:29:34]
[ 0x01280000 ] C:\Program Files\Common Files\Microsoft Shared\MSINFO\BCD1B7BC.dll [,1992-06-20 06:22:17]
[ 0x013A0000 ] D:\Program Files\Tencent\qq\LoginCtrl.dll [1.0.0.1,2006-08-23 19:03:32]
[ 0x01410000 ] D:\Program Files\Tencent\qq\npkcntc.dll [2006.6.27.1,2006-08-15 17:09:47]
[ 0x01460000 ] D:\Program Files\Tencent\qq\npkpdb.dll [2003.10.1.1,2003-10-09 12:33:47]
[ 0x01740000 ] C:\WINDOWS\system32\msi.dll [3.1.4000.2435,2005-05-02 23:51:33]
[ 0x021E0000 ] D:\Program Files\Tencent\qq\QQRes.dll [1.0.0.1,2006-08-22 19:44:04]
[ 0x02720000 ] D:\Program Files\Tencent\qq\GroupLive.dll [,2006-10-23 15:36:59]
[ 0x02D20000 ] D:\Program Files\Tencent\qq\QQPlugin.dll [,2006-08-23 14:31:50]
[ 0x02EE0000 ] D:\Program Files\Tencent\qq\CQQApplication.dll [,2006-08-23 17:01:00]
[ 0x02FF0000 ] C:\WINDOWS\system32\TcpIpDog1.dll [,2006-07-13 16:10:28]
[ 0x03650000 ] D:\Program Files\Tencent\qq\QQSpace.dll [1.0.0.1,2006-10-19 12:16:11]
[ 0x08650000 ] C:\WINDOWS\system32\shdoclc.dll [6.0.2900.2180,2004-08-17 07:38:25]
[ 0x0A450000 ] D:\Program Files\Tencent\qq\QQAddr.dll [5.0.101.240,2006-08-17 10:38:45]
[ 0x10000000 ] D:\Program Files\Tencent\qq\QQBaseClassInDll.dll [1.0.0.1,2006-09-11 11:27:21]
[ 0x20000000 ] C:\WINDOWS\system32\xpsp2res.dll [5.1.2600.2180,2004-08-17 07:40:46]
[ 0x30000000 ] C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx [8.0.22.0,2005-08-28 04:38:47]
[ 0x4A3E0000 ] C:\WINDOWS\system32\winabc.ime [5.1.2600.2180,2004-08-17 07:38:58]
[ 0x4A410000 ] C:\WINDOWS\system32\WINHTTP.dll [5.1.2600.2180,2004-08-17 07:39:02]
[ 0x4ACD0000 ] C:\WINDOWS\system32\pintlgnt.ime [5.3.0.4427,2004-08-17 07:38:32]
[ 0x5ADC0000 ] C:\WINDOWS\system32\UxTheme.dll [6.0.2900.2180,2004-08-17 07:38:34]
[ 0x5D170000 ] C:\WINDOWS\system32\COMCTL32.dll [5.82.2900.2180,2004-08-17 07:38:02]
[ 0x5DD50000 ] C:\WINDOWS\system32\msxml3.dll [8.50.2162.0,2004-08-17 07:40:56]
[ 0x5EFE0000 ] C:\WINDOWS\system32\OLEPRO32.DLL [5.1.2600.2180,2004-08-17 07:39:26]
[ 0x5FDD0000 ] C:\WINDOWS\system32\NETAPI32.dll [5.1.2600.2952,2006-07-14 23:41:05]
[ 0x60090000 ] D:\Program Files\Tencent\qq\BasicCtrlDll.dll [5.0.200.370,2006-08-16 16:12:18]
[ 0x60110000 ] D:\Program Files\Tencent\qq\BQQApplication.dll [,2006-08-22 19:12:37]
[ 0x60130000 ] D:\Program Files\Tencent\qq\CameraDll.dll [1.0.0.1,2006-08-19 15:38:47]
[ 0x60170000 ] D:\Program Files\Tencent\qq\CommercesMng.dll [1.0.0.1,2006-08-22 19:35:38]
[ 0x60350000 ] D:\Program Files\Tencent\qq\FlashAvatarDll.dll [1.4.0.1,2005-05-26 13:00:02]
[ 0x60390000 ] D:\Program Files\Tencent\qq\gdiplus.dll [5.1.3102.2180,2004-08-04 15:50:55]
[ 0x60650000 ] D:\Program Files\Tencent\qq\GroupConnection.dll [0.3.3.5,2006-08-10 16:53:55]
[ 0x606C0000 ] D:\Program Files\Tencent\qq\HostingMgr.dll [1.0.0.1,2006-08-22 19:33:41]
[ 0x60790000 ] D:\Program Files\Tencent\qq\ImageOle.dll [1.0.0.1,2006-08-22 19:02:54]
[ 0x609B0000 ] D:\Program Files\Tencent\qq\LongConnection.dll [5.0.200.160,2006-08-17 17:01:06]
[ 0x60A90000 ] D:\Program Files\Tencent\qq\MailSummary.dll [1.0.0.1,2006-08-22 20:03:35]
[ 0x60AC0000 ] D:\Program Files\Tencent\qq\MFC42.DLL [6.0.8665.0,1999-12-11 01:17:01]
[ 0x60C60000 ] D:\Program Files\Tencent\qq\NewSkin.dll [1.0.0.1,2006-08-22 19:12:04]
[ 0x60D40000 ] D:\Program Files\Tencent\qq\PersonalDesktop.dll [1.0.0.2,2006-08-22 20:05:55]
[ 0x60FD0000 ] C:\WINDOWS\system32\hnetcfg.dll [5.1.2600.2180,2004-08-17 07:37:44]
[ 0x611B0000 ] D:\Program Files\Tencent\qq\QQAllInOne.dll [,2006-08-22 20:02:36]
[ 0x61380000 ] D:\Program Files\Tencent\qq\QQAPI.dll [1.0.0.1,2006-08-22 19:29:15]
[ 0x613C0000 ] D:\Program Files\Tencent\qq\QQAvatar.dll [,2006-08-22 19:18:15]
[ 0x61630000 ] D:\Program Files\Tencent\qq\QQConfigPlugin.dll [1.0.0.1,2006-08-22 19:29:26]
[ 0x61640000 ] D:\Program Files\Tencent\qq\QQCustomFace.dll [,2006-08-22 19:45:28]
[ 0x616D0000 ] D:\Program Files\Tencent\qq\QQGroupMng.dll [1.0.0.1,2006-08-22 19:27:02]
[ 0x61810000 ] D:\Program Files\Tencent\qq\QQMagicFace.dll [1.0.0.1,2006-08-22 19:39:02]
[ 0x61820000 ] D:\Program Files\Tencent\qq\QQMainFrame.dll [,2006-08-22 19:38:34]
[ 0x619C0000 ] D:\Program Files\Tencent\qq\QQPet.dll [1.0.0.1,2006-08-22 19:34:45]
[ 0x61BE0000 ] C:\WINDOWS\system32\MFC42LOC.DLL [6.0.8665.0,2001-09-01 07:01:06]
[ 0x61F50000 ] D:\Program Files\Tencent\qq\QQSceneMng.dll [,2006-08-22 19:44:48]
[ 0x62020000 ] D:\Program Files\Tencent\qq\QQSysMsgMng.dll [,2006-08-22 19:11:27]
[ 0x620B0000 ] D:\Program Files\Tencent\qq\QQZip.dll [0.3.2.4,2006-08-09 14:34:44]
[ 0x62110000 ] D:\Program Files\Tencent\qq\QRingMng.dll [,2006-08-22 19:24:18]
[ 0x62130000 ] D:\Program Files\Tencent\qq\RICHED20.dll [5.31.23.1218,2003-03-26 11:45:31]
[ 0x621A0000 ] D:\Program Files\Tencent\qq\RICHED32.DLL [5.0.2134.1,1999-12-11 01:14:55]
[ 0x62350000 ] D:\Program Files\Tencent\qq\SCCore.dll [2.0.0.1,2006-08-07 11:12:33]
[ 0x624A0000 ] D:\Program Files\Tencent\qq\TIMProxy.dll [0.3.2.4,2005-08-18 15:39:48]
[ 0x624E0000 ] D:\Program Files\Tencent\qq\UserDefinedHead.dll [1.0.0.1,2006-08-22 19:34:16]
[ 0x62510000 ] D:\Program Files\Tencent\qq\vbscript.dll [5.6.0.7426,2002-02-27 06:58:03]
[ 0x62C20000 ] C:\WINDOWS\system32\LPK.DLL [5.1.2600.2180,2004-08-17 07:37:58]
[ 0x68D60000 ] C:\WINDOWS\system32\DBGHELP.dll [5.1.2600.2180,2004-08-17 07:37:37]
[ 0x70E20000 ] C:\WINDOWS\system32\asycfilt.dll [5.1.2600.2180,2004-08-17 07:38:10]
[ 0x719C0000 ] C:\WINDOWS\system32\mswsock.dll [5.1.2600.2180,2004-08-17 07:40:52]
[ 0x71A00000 ] C:\WINDOWS\System32\wshtcpip.dll [5.1.2600.2180,2004-08-17 07:39:46]
[ 0x71A10000 ] C:\WINDOWS\system32\WS2HELP.dll [5.1.2600.2180,2004-08-17 07:39:36]
[ 0x71A20000 ] C:\WINDOWS\system32\WS2_32.dll [5.1.2600.2180,2004-08-17 07:39:35]
[ 0x71A40000 ] C:\WINDOWS\system32\WSOCK32.dll [5.1.2600.2180,2004-08-17 07:39:48]
[ 0x72210000 ] C:\WINDOWS\system32\DINPUT.dll [5.3.2600.2180,2004-08-17 07:37:58]
[ 0x72240000 ] C:\WINDOWS\system32\sensapi.dll [5.1.2600.2180,2004-08-17 07:38:16]
[ 0x723A0000 ] C:\WINDOWS\system32\mydocs.dll [6.0.2900.2180,2004-08-17 07:41:01]
[ 0x72C80000 ] C:\WINDOWS\system32\msacm32.drv [5.1.2600.0,2001-09-01 06:59:06]
[ 0x72C90000 ] C:\WINDOWS\system32\wdmaud.drv [5.1.2600.2180,2004-08-17 07:38:47]
[ 0x72F70000 ] C:\WINDOWS\system32\WINSPOOL.DRV [5.1.2600.2180,2004-08-17 07:38:34]
[ 0x73620000 ] C:\WINDOWS\system32\msdmo.dll [6.5.2600.2180,2004-08-17 07:39:25]
[ 0x73640000 ] C:\WINDOWS\system32\msctfime.ime [5.1.2600.2180,2004-08-17 07:39:03]
[ 0x73AF0000 ] C:\WINDOWS\system32\AVICAP32.dll [5.1.2600.0,2001-09-01 06:58:59]
[ 0x73B40000 ] C:\WINDOWS\system32\MSVFW32.dll [5.1.2600.2180,2004-08-17 07:40:47]
[ 0x73FA0000 ] C:\WINDOWS\system32\USP10.dll [1.420.2600.2180,2004-08-17 07:38:33]
[ 0x74620000 ] C:\WINDOWS\system32\msls31.dll [3.10.349.0,2001-09-01 06:58:54]
[ 0x74650000 ] C:\WINDOWS\system32\msimtf.dll [5.1.2600.2180,2004-08-17 07:40:05]
[ 0x74680000 ] C:\WINDOWS\system32\MSCTF.dll [5.1.2600.2180,2004-08-17 07:39:02]
[ 0x74CF0000 ] C:\WINDOWS\system32\mlang.dll [6.0.2900.2180,2004-08-17 07:38:01]
[ 0x753B0000 ] C:\WINDOWS\system32\mshtmled.dll [6.0.2900.2180,2004-08-17 07:39:42]
[ 0x75430000 ] C:\WINDOWS\system32\CRYPTUI.dll [5.131.2600.2180,2004-08-17 07:37:32]
[ 0x759D0000 ] C:\WINDOWS\system32\USERENV.dll [5.1.2600.2180,2004-08-17 07:38:32]
[ 0x75AF0000 ] C:\WINDOWS\system32\devenum.dll [6.5.2600.2180,2004-08-17 07:37:49]
[ 0x75BC0000 ] C:\WINDOWS\system32\jscript.dll [5.6.0.8820,2004-08-17 07:37:46]
[ 0x75C60000 ] C:\WINDOWS\system32\urlmon.dll [6.0.2900.2180,2004-08-17 07:38:28]
[ 0x75E00000 ] C:\WINDOWS\system32\SXS.DLL [5.1.2600.2180,2004-08-17 07:41:20]
[ 0x75FF0000 ] C:\WINDOWS\system32\MSVCP60.dll [6.2.3104.0,2004-08-17 07:40:45]
[ 0x76060000 ] C:\WINDOWS\system32\SETUPAPI.dll [5.1.2600.2180,2004-08-17 07:38:20]
[ 0x762F0000 ] C:\WINDOWS\system32\MSIMG32.dll [5.1.2600.2180,2004-08-17 07:40:03]
[ 0x76300000 ] C:\WINDOWS\system32\IMM32.DLL [5.1.2600.2180,2004-08-17 07:38:09]
[ 0x76320000 ] C:\WINDOWS\system32\comdlg32.dll [6.0.2900.2180,2004-08-17 07:38:03]
[ 0x76370000 ] C:\WINDOWS\system32\shdocvw.dll [6.0.2900.2180,2004-08-17 07:38:26]
[ 0x765E0000 ] C:\WINDOWS\system32\CRYPT32.dll [5.131.2600.2180,2004-08-17 07:37:27]
[ 0x76680000 ] C:\WINDOWS\system32\WININET.dll [6.0.2900.2180,2004-08-17 07:39:04]
[ 0x76960000 ] C:\WINDOWS\system32\ntshrui.dll [5.1.2600.2180,2004-08-17 07:38:48]
[ 0x76990000 ] C:\WINDOWS\system32\ole32.dll [5.1.2600.2180,2004-08-17 07:39:21]
[ 0x76AF0000 ] C:\WINDOWS\system32\ATL.DLL [3.5.2284.0,2004-08-17 07:38:21]
[ 0x76B10000 ] C:\WINDOWS\system32\WINMM.dll [5.1.2600.2180,2004-08-17 07:39:06]
[ 0x76C00000 ] C:\WINDOWS\system32\WINTRUST.dll [5.131.2600.2180,2004-08-17 07:38:37]
[ 0x76C60000 ] C:\WINDOWS\system32\IMAGEHLP.dll [5.1.2600.2180,2004-08-17 07:37:54]
[ 0x76D30000 ] C:\WINDOWS\system32\iphlpapi.dll [5.1.2600.2180,2004-08-17 07:37:41]
[ 0x76D70000 ] C:\WINDOWS\system32\appHelp.dll [5.1.2600.2180,2004-08-17 07:38:02]
[ 0x76DB0000 ] C:\WINDOWS\system32\MSASN1.dll [5.1.2600.2180,2004-08-17 07:38:55]
[ 0x76E50000 ] C:\WINDOWS\system32\rtutils.dll [5.1.2600.2180,2004-08-17 07:38:23]
[ 0x76E60000 ] C:\WINDOWS\system32\rasman.dll [5.1.2600.2180,2004-08-17 07:38:16]
[ 0x76E80000 ] C:\WINDOWS\system32\TAPI32.dll [5.1.2600.2180,2004-08-17 07:38:27]
[ 0x76EB0000 ] C:\WINDOWS\system32\RASAPI32.DLL [5.1.2600.2180,2004-08-17 07:38:12]
[ 0x76EF0000 ] C:\WINDOWS\system32\DNSAPI.dll [5.1.2600.2180,2004-08-17 07:38:12]
[ 0x76F30000 ] C:\WINDOWS\system32\WLDAP32.dll [5.1.2600.2180,2004-08-17 07:38:40]
[ 0x76F80000 ] C:\WINDOWS\System32\winrnr.dll [5.1.2600.2180,2004-08-17 07:38:30]
[ 0x76F90000 ] C:\WINDOWS\system32\rasadhlp.dll [5.1.2600.2180,2004-08-17 07:38:11]
[ 0x76FA0000 ] C:\WINDOWS\system32\CLBCATQ.DLL [2001.12.4414.258,2004-08-17 07:37:49]
[ 0x77020000 ] C:\WINDOWS\system32\COMRes.dll [2001.12.4414.258,2004-08-17 07:38:07]
[ 0x770F0000 ] C:\WINDOWS\system32\OLEAUT32.dll [5.1.2600.2180,2004-08-17 07:39:22]
[ 0x77180000 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [6.0.2900.2180,2004-08-17 07:37:22]
[ 0x773A0000 ] C:\WINDOWS\system32\SHELL32.dll [6.0.2900.2180,2004-08-17 07:38:27]
[ 0x77BA0000 ] C:\WINDOWS\system32\midimap.dll [5.1.2600.2180,2004-08-17 07:37:57]
[ 0x77BB0000 ] C:\WINDOWS\system32\MSACM32.dll [5.1.2600.2180,2004-08-17 07:38:35]
[ 0x77BD0000 ] C:\WINDOWS\system32\VERSION.dll [5.1.2600.2180,2004-08-17 07:38:31]
[ 0x77BE0000 ] C:\WINDOWS\system32\msvcrt.dll [7.0.2600.2180,2004-08-17 07:40:46]
[ 0x77C40000 ] C:\WINDOWS\system32\msv1_0.dll [5.1.2600.2180,2004-08-17 07:40:43]
[ 0x77D10000 ] C:\WINDOWS\system32\USER32.dll [5.1.2600.2180,2004-08-17 07:38:31]
[ 0x77DA0000 ] C:\WINDOWS\system32\ADVAPI32.dll [5.1.2600.2180,2004-08-17 07:37:49]
[ 0x77E50000 ] C:\WINDOWS\system32\RPCRT4.dll [5.1.2600.2180,2004-08-17 07:38:17]
[ 0x77EF0000 ] C:\WINDOWS\system32\GDI32.dll [5.1.2600.2180,2004-08-17 07:37:35]
[ 0x77F40000 ] C:\WINDOWS\system32\SHLWAPI.dll [6.0.2900.2180,2004-08-17 07:38:32]
[ 0x77FC0000 ] C:\WINDOWS\system32\Secur32.dll [5.1.2600.2180,2004-08-17 07:38:35]
[ 0x7C800000 ] C:\WINDOWS\system32\kernel32.dll [5.1.2600.2180,2004-08-17 07:38:36]
[ 0x7C920000 ] C:\WINDOWS\system32\ntdll.dll [5.1.2600.2180,2004-08-17 07:38:36]
[ 0x7CC80000 ] C:\WINDOWS\system32\mshtml.dll [6.0.2900.2180,2004-08-17 07:39:41]
___________________________________









以下部分第三次更新 在QQ目录下 生成BCD1B7BC.EXE 图片样的隐藏文件
并且每次启动QQ自动运行一次

对这个病毒 本人称他为 卓帕卡布拉 1号病毒

汗,要是我中了,我就重装算了

还是格式化最好

大妈真有心情啊...

什么时候重出江湖，教训一下这些无耻的家伙。

电脑里病毒 很多  不怕这个

看的H电影。。。。

audiocd  在 2006-11-2 02:19 PM 发表:

看的H电影。。。。

haha

- -

不知趣的家伙啊

DC叔叔，灭了他们吧:ohh:

卡巴可以解决这病毒的..=,=

下个HijackThis扫描下...估计IE被KACHA了

唱着歌  在 2006-11-2 16:37 发表:

卡巴可以解决这病毒的..=,=

下个HijackThis扫描下...估计IE被KACHA了

行吗？？？我去试试．．．．．．．．

不知道偶家瑞星顶的住吗....

藕昨天中了个 把我的IE改了 还进不了安全模式

那个大个能帮我设置下卡的高级模式

偶用的金山...

PS:卓帕卡布拉病毒.....这个...

啥叫百毒不清

偶系统3年米重装了

刚刚抱回来了不到一个月……希望捱到过年回家就好~

暂时还没中。。。。。是针对QQ的？那我就放心了。。。。QQ早就不用了。。。。。

哇
   这么严重了？

忽忽米事!偶的QQ丢了20秒偶就找回来了!不怕!嘿嘿