|
 | 作者: crazyban [crazyban]
 论坛用户 |
登录 |
| 对象名:C:\WINNT\SYSTEM32\sks.exe 病毒名: Backdoor.Ranky 请问为什么总是杀不掉。 |
| 地主 发表时间: 04-02-08 11:43 |
| 回复: gwrmenu [gwrmenu]  论坛用户 |
登录 |
|
我找了一个关于这个病毒的帖子,不过你得把网页编码换成繁体中文才能看。或许对你有用。 |
| B1层 发表时间: 04-02-09 11:04 |
| 回复: gwrmenu [gwrmenu] 论坛用户 |
登录 |
|
backdoor.Ranky 毕�R �@��: Jeson (218.166.77.---) ら戳: 11-29-03 11:51 �nみ�H.叫腊腊Γ.�p�蟾� backdoor.Ranky �含r. иΤ�旄�痉�汉舣�.���荬@传缁蚋�. 叫�i�鲸B�J........谅谅 �^滦セゅ彻 Re: backdoor.Ranky 毕�R �@��: tek (65.65.104.---) ら戳: 11-29-03 12:56 ��.....拜�F�N拜�F�A陈沸ぃ�n�P妓�旱oē�s尿�A�o�@Ω... backdoor.Ranky Τ�X贺ぃ�P�号芎亍A�C�@贺�S�x�W常�|Τ�X�Iぃび�@妓�号埭啤E �p�G�A���含O材�@贺 �Aê或: 浪�d�岐�ヘ�e�O�_Τ�郯拾酽�: �� "�}�l" -> "磅��" -> 块�J cmd.exe -> 块�J netstat -a -n -> т�莠荮AΤ�SΤ 53201 �o�雍荬f(port) �b�]�E ┪�胎t�@贺浪�d�嚎飒k�A�h�O�� CTRL+Shift+Esc -> ち传�� "�B�z�{��" �h�A�莠荬彀é敞SΤ磅�妗E �p�G�AΤ�o�{れ皑�b�]�A叫�w挡�舯讥ΑE 材�@贺浪�d�嚎飒k�A�O┤�A�s材�G贺浪�d快�k常�L�k�P�_�丧为骸E ぃ�Lぃ恨�缂恕A�A常临�O惠�n�� "Windows�u�@恨�z��" �hрウ闽奔�E �p�Gぃ�|�A���竟D狠�fΤ�}�Aê或叫�q�钙N�U更�@�永僧抓s "Active Ports" �亥巍E 爹:�n��挡�舻{Α�涵歃]�A�O�]�唉b磅�妾邯��A�U�A Windows �i�喾|ぃす�\琵�Aр�{Α�R埃 (�]�傲佴b�])�E �w挡�舻{Α�岐喊失@: �p�G�{Α�|�CΩ�郯拾酽妗Aㄤ龟�A�W�豹酣B�J�i�H铬�L�Aэ�hノ�w��家Α�奖当q�o�@�B�J�}�l�A�]�唉w��家Α�O荷�qぃ磅�妾旱{Α�Nぃ磅��... ��и�b�拱渤]�A蛤ㄤ�L炊�qㄏノ�踏@妓�Aぃ�竟D�p�螭链��歃w��家Α�U�A┮�H�oи�Nぃ�A�h量�F�E �b�A挡�舻{Α�帷A叫�A�� "�}�l" -> "磅��" -> 块�J regedit.exe�A�M�岌Aち传��: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 爹:�`�N�bち传�伞A埃�FRun�A�訾@�Uê�痈戤僻ü膝堋Aㄤ�L常叫�� + 才腹 �訾URun�帷A�A�|�o�{regedit.exe�{Α�亥k�胤|�X�{�X�营�兜�A�Aтт�W嘿�� "Services" �涵取A癸�o赣�全謦k龄�A�R埃ウ�E �拽铵�Registry�喊失@: 程�帷Aр赣�{Α�R埃�E ���s币笆�q福�A浪�d挡�G(ㄤ龟�]�i�Hぃ惠�n���s币笆) backdoor.Ranky �N�O�o妓秆�E http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.html и�H�幛-�滦�o�蝇r�焊血k�F..... �^滦セゅ彻 Re: backdoor.Ranky 毕�R �@��: infected (65.95.70.---) ら戳: 11-30-03 04:47 I'm trying to read this instructions, but I can only get the english bits. Can someone please help me? According to the symantic website, I am infected with backdoor.ranky.c, but since it chokes my internet connection I cannot download any of the solutions. How can I remove the problem manually?? �^滦セゅ彻 Re: backdoor.Ranky ok ! �@��: Jeson (218.166.77.---) ら戳: 12-01-03 11:34 Dear tek �D�`谅谅�z.backdoor.Ranky �w�g簿埃�F.谅谅. ���eиい backdoor.Ranky.c 临��拈�O.���O�L�F�@�蝇P戳.�Sい�F backdoor.ranky セ�QЧ�J�F�S�n��拈�F.┋�nΤ�z�豪唉�. �A�@Ω谅谅�z. 临Τ �O�_Τ�兢�backdoor.ranky. a.b.c.d.�氦瑾k�O ? 叫��旧 .谅谅. �]�癌却Xぱ�幛Sㄓ�F........ �D�`谅谅�z ! Jeson. �^滦セゅ彻 Re: backdoor.Ranky.C �@��: billy (218.166.77.---) ら戳: 12-01-03 11:53 1. please going to file inspector(manager) findind infect file like rngmf.exe or sefss.exe...file. please check Norton report and show what's file was infected and finding and delete(remove) this file then restart computer and scan again.check is improved ! 2. Enter ctrl+alt+del going to work manager then into processing program and finding infect file and delete it.ok. 2-1. you can going to under the left side---- Star > execute > key in REGEDIT enter > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run check and finding rngmf and delete this file.then ok. please reference ! Best Rgds. �^滦セゅ彻 Re: backdoor.Ranky.C �@��: tek (65.65.105.---) ら戳: 12-02-03 07:40 Jason, ㄤ龟�@�毹膝为坛Q�f�r/寞挛/れ皑�P�V常蛤�L�胎��`ㄏノ�q福�翰吆D�q�`常Τ�埭j�好霁Y�E �u�n�A策�D�n�Aêㄇ�九@�{Α�A钩�OFirewall, Anti-Virus はτ�N�¥¥Wノ初... ���o�]ぃ�N�怼A�九@�uㄣ�Oぃ惠�n�骸E �@�毪j场�鳘汗q福�f�r�n癸�@�x�q福�i�娣P�V�焊堋A�L�坛q�`常�|�gパ: �E郎�驻括� (�pP2P, �U更, �Bね肚倒�A�豪僧�, �导�, �q�v单ヴ�蟥浈L郎�椎�) �E呼��, �趣岷莨q�l�lン�{Α (�pIE, Outlook) �E册ぱ�{Α (�pmIRC) �E跋办呼ю阑 (�p�z�L呼隔�W�邯诰F�i�妾悍P�V) ㄤい�A�@�毪くf�r�酣膝为獭A�堞h常�O�]��: �E�U更┪�嗓)�ㄓ方�旱{Α (�q摸���婴H呼�袱U更ㄓ�旱{Α�]衡�A�]�挨j场�鞅―p�A�s�釜��郅vセō常ぃ�竟D�郅v�qㄤ�L�aよъㄓ�旱{ΑΤ�SΤ拜�D) �E�}币�Bね肚ㄓ�旱{Α�A┪睹拈ぃ��ㄓ方�旱{Α �E�郅v�R�贝c�N�{Α �E�R�}ㄇ�_�_┣┣�汉舣� (�p�獗 B�a�U�傅�) �E�R�莨q�l�lン锣�H�H�B┪�H�K睹�}��ン郎 �Eㄤ�L (�p�Q�Bね┪�a�H�b�L�台膝喂q福�嗓¥pみ┪�c�N贺�U单ㄤ�L薄�p) и�S快�k�u�骇i�D�A100%ぃ�|い�r�嚎飒k�A��и�i�H�i�D�Aи�郅vノ�翰吆D�A琵�A把σ: �E�e┕ Windows Update �w戳�蠓s�t参 �E�w戳�蠓s�粳r�M�兢趵鸬{Α (�`�N�A�N衡�AΤ�九@�{Α�A�]ぃ�N�砉q福�O�w����) �Eр�郅v�q福ぃ�n�邯A叭闽奔 �E锣�H�H�B�UВ�H�s�莩¥,莳奖单岜� �E荷�qぃ�U更�lン���[郎�A�N衡�p�G�O�Bね�H�骸A�]�n��苯�r�@�U �E案焊�y�L�`�N�@�U程�穹s�f�r�F�H�邯岍� (ㄤ龟и�u�含O�馨负袱~�荬@�U) �oㄇ�u�O讽把σ�A�盲'咕恪A�p�G�A临�n�A秆�螃h闽�螃p�蟥九@蛤�O�@�郅v�焊戤篇焊堋A�z�i�H��: れ皑ю阑�氦恫小A�g�韩懿婴摺A�]�堠隼�: http://fetag.org/forum/read.php?f=8&i=3175&t=3175 �p�G�H�W�oㄇ�荬FЧ��ぃ来�Aê或MSΤ�@�颖M��琵�@�毳胃��缺o�@�莳�(for XP): http://www.microsoft.com/taiwan/security/protect/windowsxp/firewall.asp �婴H�]�g�L闽��VBS寞挛�氦恫小Aㄆ龟�W�oㄇ�c�N�{Α�瓒}�l�骇鹄护猹k�A常�苊���: http://tek.fetag.org:8080/read_article.aspx?id=27 癸�f�r/寞挛/れ皑ю阑も�k�Q�n�h�A秆�焊堋Aㄤ龟�A�]�i�H�Qノ: http://securityresponse.symantec.com/ http://www.trendmicro.com/vinfo/zh-tw/default.asp?advis=more&sort=date&order=desc |
| B2层 发表时间: 04-02-09 11:05 |
| 回复: crazyban [crazyban] 论坛用户 |
登录 |
谢谢指点 |
| B3层 发表时间: 04-02-09 17:41 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: 我扫描出病毒Backdoor.Ranky却总也杀不掉,请高手指点