最近为了实习重做了系统,也懒得安补丁和杀毒软件就上网,不知为什么每过一段时间系统就响应迟钝,无法进入待机,无法重启,无法启动任务管理器,强制关机再开机一切正常,还有一个特点就是无论如何也打不开微软的网站(但是可以使用IP访问),学过网络的第一感觉就是DNS解析出现问题了,检查hosts文件,正常,无奈求助google,找到一篇文章说是中了Conficker蠕虫,下了个专杀扫描,NND还真有!这个蠕虫隐藏的很深,利用操作系统的漏洞传播。以后长记性了,就算不装杀毒软件,系统补丁也一定要打!~~~
扫描日志,留个纪念吧...
Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2009
version 3.4.7 May 5 2009 14:39:10
scanning jobs ...
scanning processes ...
scanning threads ...
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
Infected thread was killed in process svchost.exe with PID 1340
scanning modules in svchost.exe...
Spliced function NtQueryInformationProcess fixed in ntdll.dll module
Spliced function NetpwPathCanonicalize fixed in netapi32.dll module
Spliced function NtQueryInformationProcess fixed in ntdll.dll module
Spliced function DnsQuery_A fixed in dnsapi.dll module
Spliced function DnsQuery_UTF8 fixed in dnsapi.dll module
Spliced function DnsQuery_W fixed in dnsapi.dll module
Spliced function Query_Main fixed in dnsapi.dll module
scanning modules in services.exe...
scanning modules in explorer.exe...
scanning C:/WINDOWS/system32 ...
C:/WINDOWS/system32/xbdqz.dll infected Net-Worm.Win32.Kido ...