优盘中autorun.inf的变种病毒，病毒描述：VBS:Malware-gen高手请进，电脑差USB接口的东东都会中毒

显示全部楼层 · 2009-1-20 15:54:56

反病毒引擎版本最后更新扫描结果
a-squared 4.0.0.73 2009.01.10 Trojan-Dropper.Win32.Flystud!IK
AntiVir 7.9.0.54 2009.01.09 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.10 W32/Nuj.A.gen!Eldorado
AVG 8.0.0.229 2009.01.09 SHeur2.FTU
BitDefender 7.2 2009.01.10 Trojan.AgentMB.YUDN3731763
F-Prot 4.4.4.56 2009.01.09 W32/Nuj.A.gen!Eldorado
GData 19 2009.01.10 Trojan.AgentMB.YUDN3731763
Ikarus T3.1.1.45.0 2009.01.10 Trojan-Dropper.Win32.Flystud
McRising 21.11.52.00 2009.01.10 Worm.Win32.Autorun.eyr
SecureWeb-Gateway 6.7.6 2009.01.10 Trojan.Dropper.Gen
附加信息
File size: 1403479 bytes
MD5...: 6044447ed77f107556566edba75c0979
SHA1..: 29353a44aa841b5a1b36c9b2324e8634b09d62e7
SHA256: 63c75abdf03b8417a26caee545082935902112a7fab38645b50b32d8d5fe621e
SHA512: 3bbd722896e376b2364746ba3baeccf32785cdd36fab833a2c93548ab875abf2
2b13c1340ac89ef08bfe667a92cb0e9586968146cbc7f8c4323f76cd75545e70
ssdeep: 24576:fU5HaYmzj2oo7xsAW7+gZEcRVTmUnhI0kZzpU/:ft1XUlstCsEcrmUnmrf
A
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40140b
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x51ec 0x6000 7.01 9ab0af70f25e061492aff44ac856f6be
.rdata 0x7000 0xa4a 0x1000 3.58 367b7ce38d0c4c17f01e370dc697df5b
.data 0x8000 0x1f58 0x2000 4.61 e206116d39577d02a11bc0a12d9e8956
.data 0xa000 0x65000 0x65000 7.99 24134e003084d6408b63b9ab703e9466
.rsrc 0x6f000 0x3bf0 0x4000 3.40 825a8015620dc174a1747b2d60c4feb4
( 2 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW
> USER32.dll: MessageBoxA, wsprintfA
( 0 exports )
建立相同的文件名，格式化，删除文件，在运行里面上删除都不行
这些是网上病毒的分析，10/37个病毒
请提出实用的回答

千问 · 2009-1-20 15:54:56

中了U盘病毒，下载一个360安全卫士。用360U盘病毒专杀清理病毒，查杀效果不错。360安全卫士的U盘病毒免疫功能可以防止病毒感染电脑。...

千问 · 2009-1-20 15:54:56

这么多英文看得懂么>直接在U盘下把autorun.inf删除(可能找不到,借助杀毒软件隔离),建一个autorun.inf名字的文件夹,一切就OK了.也不会中毒了....

千问 · 2009-1-20 15:54:56

用360安全卫士，我家用的就是，据说360安全卫士连新病毒“母马”（能生“小木马”的病毒，可以破了种种杀毒软件，已经入侵600万台电脑）都能杀掉呢！实在不可以就重装电脑吧！...