返回列表 发帖

svchost.exe应用程序错误。谁来帮帮我

我的电脑一开机就出现。svchost.exe应用程序错误。。。。应用程序异常。未知的软件异常(0XC0000409)。位置为0X75113B3D。 。按确定后玩游戏没有声音。歌也播发不了了?音频设备也没有了

svchost.exe 是个重要系统进程,很多服务都通过它进行加载,当然很多病毒也喜欢用它,所以推断你的某个关键服务被禁止或者中毒了。
Ich liebe Deutschland!Für das Dritte Reich!

TOP

查过没毒!

TOP

明显系统文件有问题,至于怎么出的问题就不得而知了,可能性有很多
Ich liebe Deutschland!Für das Dritte Reich!

TOP

在开杀毒软件时无意间看了篇文章发现次问题
最新病毒
望糨糊XP人士赶快打补丁!!!
http://it.rising.com.cn/Channels ... 5523580d37075.shtml
瑞新有关文章
http://www.microsoft.com/china/t ... letin/ms06-040.mspx
补丁地址!

TOP

补丁是一定要即时打得
Ich liebe Deutschland!Für das Dritte Reich!

TOP

郁闷啊我发现已经晚了
而且不知道为什么我现在瑞新不能升级- -谁有最新的升级包发我下

TOP

www.onlindown.net有病毒库下载
Ich liebe Deutschland!Für das Dritte Reich!

TOP

打不开嘛

TOP

中魔波了....
Destiny Break
Life is like a roller coaster

TOP

郁闷瑞新版本是8月2号的
现在升级不行
不知道怎么杀了...
晕啊

TOP

怎么会升级不了?
Destiny Break
Life is like a roller coaster

TOP

Virus: Worm/IRCBot.9609
CME number: 482
Date discovered: 13/08/2006
Type: Worm
In the wild: Yes
Reported Infections: Low
Distribution Potential: Medium to high
Damage Potential: Medium
Static file: Yes
File size: 9.609 Bytes
MD5 checksum: 9928A1E6601CF00D0B7826D13FB556F0
VDF version: 6.35.01.85
IVDF version: 6.35.01.85

General Methods of propagation:
   • Local network
   • Messenger


Aliases:
   •  Symantec: Backdoor.IRC.Bot
   •  Mcafee: IRC-Mocbot!MS06-040
   •  Kaspersky: Backdoor.Win32.IRCBot.st
   •  TrendMicro: WORM_IRCBOT.JK
   •  F-Secure: Backdoor.Win32.IRCBot.st


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Disable security applications
   • Lowers security settings
   • Registry modification
   • Makes use of software vulnerability
   • Third party control

Files It copies itself to the following location:
   • %SYSDIR%\wgareg.exe



It deletes the initially executed copy of itself.

Registry The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\CurrentControlSet\Services\wgareg]
   • Type = 110
   • Start = 2
   • ErrorControl = 0
   • ImagePath = %SYSDIR%\wgareg.exe
   • DisplayName = Windows Genuine Advantage Registration Service
   • ObjectName = LocalSystem
   • FailureActions = %hex values%
   • Description = Ensures that your copy of Microsoft Windows is genuine and registered. Stopping or disabling this service will result in system instability.

– [HKLM\SYSTEM\CurrentControlSet\Services\wgareg\Security]
   • Security = %hex values%

– [HKLM\SYSTEM\CurrentControlSet\Services\wgareg\Enum]
   • 0 = Root\LEGACY_WGAREG\0000
   • Count = 1
   • NextInstance = 1



The following registry keys are changed:

– [HKLM\SOFTWARE\Microsoft\Ole]
   Old value:
   • EnableDCOM = %user defined settings%
   New value:
   • EnableDCOM = n

– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
   Old value:
   • restrictanonymous = %user defined settings%
   • restrictanonymoussam = %user defined settings%
   New value:
   • restrictanonymous = 1
   • restrictanonymoussam = 1

– [HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
   New value:
   • autoshareserver = 0
   • autosharewks = 0

– [HKLM\SOFTWARE\Microsoft\security center]
   Old value:
   • antivirusdisablenotify = %user defined settings%
   • antivirusoverride = %user defined settings%
   • firewalldisablenotify = %user defined settings%
   • firewalldisableoverride = %user defined settings%
   New value:
   • antivirusdisablenotify = 1
   • antivirusoverride = 1
   • firewalldisablenotify = 1
   • firewalldisableoverride = 1

Deactivate Windows XP Firewall:
– [HKLM\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile]
   Old value:
   • enablefirewall = %user defined settings%
   New value:
   • enablefirewall = 0

– [HKLM\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile]
   Old value:
   • enablefirewall = %user defined settings%
   New value:
   • enablefirewall = 0

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]
   Old value:
   • Start = %user defined settings%
   New value:
   • Start = 4

Messenger It is spreading via Messenger. The characteristics are described below:

– AIM Messenger

Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.


Exploit:
It makes use of the following Exploit:
–MS06-040 (Vulnerability in Server Service)

IRC To deliver system information and to provide remote control it connects to the following IRC Servers:

Server: bniu.house**********
Port: 18067
Channel: #n1
Nickname: n1-%random character string%
Password: nert4mp1

Server: ypgw.wall**********
Port: 18067
Channel: #n1
Nickname: n1-%random character string%
Password: nert4mp1


– Furthermore it has the ability to perform actions such as:
    • Launch DDoS SYN flood
    • Launch DDoS UDP flood
    • Download file
    • Execute file
    • Start spreading routine

Miscellaneous Mutex:
It creates the following Mutex:
   • wgareg

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

See a brief description here.


Inserted by Philipp Wolf on Sun, 13 Aug 2006 15:49 (GMT+1)
Updated by Andrei Gherman on Mon, 14 Aug 2006 13:00 (GMT+1)


楼主说的应该是这个吧。。可耻的瑞星。。比人家老外的晚了一天。。难怪只好意思说是国内率先。。。

TOP

原帖由 Eric..英雄 于 2006-8-15 01:35 发表
怎么会升级不了?

他说产品超过许可的升级次数..无法升级
请等待新版本升级注意1套产品仅授权在1台机器上使用

TOP

原帖由 眼眼12 于 2006-8-15 01:37 发表

他说产品超过许可的升级次数..无法升级
请等待新版本升级注意1套产品仅授权在1台机器上使用


-_,-用我的这个吧。。虽说是国外的免费软件。。但是发现这个病毒升级病毒库比瑞星还要快一天。。

TOP

返回列表