最近网站挂马比较验证,我的电脑的也超卡,建议大家下360safe,
文件名称:image.JPG-www.photobucket.com
文件大小:10752 bytes
AV命名:(暂无,哈哈``因为全部过了``)
加壳方式:未知
编写语言:Delphi
病毒类型:IRCBot
文件MD5:0e404cb8b010273ef085afe9c90e8de1
行为:
1、释放病毒副本:
%Systemroot%\system32\rpmsvc.exe 10752 字节
C:\Documents and Settings\%Users%\Local Settings\Temp\image11.zip 10912 字节
2、添加启动项,开机启动:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
注册表值 Remote Terminal Service = REG_SZ, "rpmsvc.exe "
3、连接IRC服务器(s**.gnode.com),接受远程控制,感染的计算机沦为肉机。
4、查找MSN好友,发送临时文件夹的病毒压缩包和一些诱人词语:
可能是下面的随机一条:
Quote:
This picture isnt you... right?
newest pics for ya :)
hey did i ever show you this picture of me?
is it ok if I add this pic to my new slideshow?
can i up some of these pics of ya to my myspace profile?
Wow i think i found your pic on myspace!
hah I think I found an old pic of us!
haha lets hope your parents dont see this picture of you :D
you care if i put this pictuer of you in my new album?
OMFG!!!!!!!! :D
wow! look at this old picture i found
sorry about the messup i fixed the pic! Try it one more time pz
is this pic tooo sexy for photobucket??
wow I just dyed my hair... You will never believe the color it is now. lol And dont laugh
my crazy sister wants u to see these pics for some reason... take a look
Can i put this pic of you into my new myspace album?
Take a look at the new pics already! :p
I cant believe they wanted me to upload this picture to facebook lol. Its terrible. Like my outfit tho?
Lmfao hey im sending my new pictures! Check em out!
I've been editing some pics you should def see em lol!
dude i just got these pictures off my digital for you! Gimme a moment to find em and send
Wanna see my pics before i send em to facebook?
do you think this picture is too kinky for Myspace?
Hey accept my pictures, i got a bunch from when i was like a toddler :X
I think this picture is terrible. but my friends on myspace want to see it. please dont show noone.
Hey just finished new myspace album! :) theres a few kinky ones in there!
OMG, i found ur pic on cuteornot.com! Check it out
hey you got a myspace album? anyways heres my new myspace album :) accept k?
do I look dumb in this picture? I want to put it on myspace.
hey man accept my pics. :( i just edited it to look maad funny..
Dude i found your picture on hotornot.com! Take a look!
瀑布汗,又是这套,I服了You。
(对方如果接收并执行的话,将成为新的传播体)
解决方法:
哈哈``不需要任何工具
1、关闭网络连接。
2、打开任务管理器(ctrl+alt+del组合键调用任务管理器),结束rpmsvc.exe进程。
3、打开注册表(开始菜单-运行-输入“regedit”进入注册表依次找到说明选项并按提示操作),到HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run。
删除:<Remote Terminal Service><rpmsvc.exe>
4、删除rpmsvc.exe(C:\Windows\system32那里)
5、记得要清空临时文件夹。
PS:病毒文件名如果不一样的话,可自己变通哈`