http://www.lele444.com/?ie18 篡改主页

Hmily 发表于 2010-3-25 15:47

网站链接:http://www.lele444.com/?ie18

该病毒通过网络传播，该病毒篡改主页与正常的篡改主页不同，并不是修改注册表，或者快捷方式，而是采用枚举IE等进程启动或空白页面则进行篡改。

解决方案

步骤1用杀毒软件扫描清理其它连带的病毒木马（尚未发现有杀毒软件可以直接清理掉该病毒经过测试的有卡巴、360杀毒等）

步骤2 关闭QQ看看启动的空白IE是否还被篡改，如果没有篡改说明问题就出在QQ上

步骤3 到QQ目录下查找最新创建的DLL QQ2008\LoginCtrl.dll QQ2009\Bin\TaskTray.dll

删除即可恢复

TaskTray.dll被病毒篡改，正常的qq文件是有数字签名的,而被病毒篡改后的文件是没有数字签名的，而且大小也变得很大

可以重装下qq来解决这个是托盘文件删除了 qq的托盘就不见了

Hmily 发表于 2010-3-25 15:50

LoginCtrl.dll 17.1 MB (17,935,088 字节)MD5: 0204247A864DCDA8B73BDADCA2307399

Delphi写的,这么大看起来是自加,附加数据全是空的00,造成每次文件MD5都不一样,防止被一些软件扫描到,直接重新安装QQ就可以解决了.

Ultra String Reference Fix
Address Disassembly                            Text String
003F274C push LoginCtr.003F27CC                SOFTWARE\Borland\Delphi\RTLFPUMaskValue
003F2780 push LoginCtr.003F27E8                FPUMaskValue
003F2EE9 push LoginCtr.003F2F24                \r\n
003F573D mov ecx,LoginCtr.003F5774             \
003F57D5 mov ecx,LoginCtr.003F580C             \
003F5A6D mov edx,LoginCtr.003F5AD8             abcdefghijklmnopqrstuvwxyz
003F5B33 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5B56 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5B7E mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5BA1 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5BC9 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5BEC mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5C14 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5C37 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5C7B push LoginCtr.003F6254                .lnk
003F5C90 mov edx,LoginCtr.003F6264             c
003F5C95 mov eax,LoginCtr.003F6270             iefile
003F5CD7 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5CF8 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5D1C mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5D45 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5D68 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5D8C mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5DCB mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5DEC mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5E10 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5E36 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5E59 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5E7D mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5ED6 push LoginCtr.003F6254                .lnk
003F5EEB mov edx,LoginCtr.003F62C4             d
003F5EF0 mov eax,LoginCtr.003F6270             iefile
003F5F32 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5F53 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5F77 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5FA0 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F5FC3 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F5FE7 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F6032 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F605C mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F6089 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F60BB mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F60E7 mov edx,LoginCtr.003F61D0             Internet Explorer.lnk
003F6114 mov edx,LoginCtr.003F61F0             Intenent Expleror.lnk
003F614E mov edx,LoginCtr.003F62D0             Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D}
003F6457 push LoginCtr.003F6624                IEFrameWorkerWReBarWindow32
003F646B push LoginCtr.003F662C                WorkerWReBarWindow32
003F647A push LoginCtr.003F6634                ReBarWindow32
003F648B push LoginCtr.003F6644                Address Band Root
003F649C push LoginCtr.003F6658                Edit
003F64B1 push LoginCtr.003F6660                ComboBoxEx32
003F64C2 push LoginCtr.003F6670                ComboBox
003F64D3 push LoginCtr.003F6658                Edit
003F64E8 push LoginCtr.003F6660                ComboBoxEx32
003F64F9 push LoginCtr.003F6670                ComboBox
003F650A push LoginCtr.003F6658                Edit
003F654A mov esi,LoginCtr.003F70B4             iq123.com
003F654A mov esi,LoginCtr.003F70B4             yijidh.com
003F654A mov esi,LoginCtr.003F70B4             250dh.cn
003F654A mov esi,LoginCtr.003F70B4             223.la
003F654A mov esi,LoginCtr.003F70B4             kuku123.com
003F654A mov esi,LoginCtr.003F70B4             930930.com
003F654A mov esi,LoginCtr.003F70B4             7999.com
003F654A mov esi,LoginCtr.003F70B4             9123.com
003F658B push LoginCtr.003F667C                http://www.lele444.com/?ie18
003F6AAB mov edx,LoginCtr.003F6B64             Shareds.dllDllCanUnloadNowDllGetClassObject
003F6AC9 push LoginCtr.003F6B70                DllCanUnloadNowDllGetClassObject
003F6AD9 push LoginCtr.003F6B80                DllGetClassObject
003F6AE9 push LoginCtr.003F6B94                DllRegisterServer
003F6AF9 push LoginCtr.003F6BA8                Q-$-DLL
003F6B0E push LoginCtr.003F6BA8                Q-$-DLL

hixiaosheng 发表于 2010-3-26 14:59

装个08滴QQ玩玩

页: [1]

吾爱破解 - 52pojie.cn's Archiver

http://www.lele444.com/?ie18 篡改主页