遭遇 /Trojan.Win32.Undef.,SERVICES.EXE等1

遭遇 /Trojan.Win32.Undef.,SERVICES.EXE等1

遭遇 /Trojan.Win32.Undef.,SERVICES.EXE等1

endurer 原创 2008-06-11 第1版

一位朋友的电脑在上网过程中突然变得很慢，不仅系统反应速度慢，而且网速也变得很慢，重启电脑后故障依旧，请偶帮忙检修。

打开任务管理器一看，有个名为的进程占用了80%以上的CPU时间，此外还发现两个和，都是以system帐户来运行的，开始还以为是眼花了，擦了擦眼睛再看，没错~

运行U盘上的 pe_xscan 扫描 log 并分析，发现如下可疑项：

pe_xscan 08-04-26 by Purple Endurer
2008-6-11 12:33:15
Windows XP Service Pack 2(5.1.2600)
MSIE:6.0.2900.2180
管理员用户组
正常模式 

C:/WINDOWS/ * 1712 | 2008-6-11 1:39:0 
C:/WINDOWS/System32/ * 2348 | 2008-6-11 1:39:47 C:/WINDOWS/ | 2008-6-11 1:39:47 | NT Service Control Module | 1, 0, 0, 1 | NT Service Control Module | Copyright ? 1996, Microsoft Corporation | 1, 0, 0, 1 | Microsoft| ? | NTSVC | NTSVC.OCX 
C:/WINDOWS/System32/xml/SERVICES.EXE * 2592 | 2008-6-11 1:40:33

O4 - HKLM/../Run: [upxdnd] C:/

O20 - AppInit_DLLs = mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.dll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dscef.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,rhs.dll,rdthr.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll

O23 - 服务: DeepFree Update (DeepFree Update) - C:/WINDOWS/system32/drivers/pcihdd2.sys (手动)O23 - 服务: dohs (dohs) - C:/DOCUME~1/user/LOCALS~1/p (自动)O23 - 服务: kangyi (Windows Media kangyi) - C:/WINDOWS/ | 2008-6-11 1:39:0(自动)O23 - 服务: mhfp (mhfp) - C:/DOCUME~1/user/LOCALS~1/p (自动)O23 - 服务: PciHardDisk (PciHardDisk) - C:/WINDOWS/system32/drivers/pcidisk.sys (手动)O23 - 服务: UmRdp (UserMode Port Redirector) - C:/WINDOWS/system32/ | 2008-6-11 1:39:47(自动)

（未完待续）