终于搞掂Caepero.dll

yzd

浏览: 1845561 次
性别:
来自: 北京

最近访客更多访客>>

churchchen86

devcang

ecs2003

southking

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (1784)

社区版块

存档分类

这篇可能需要和遇一中毒贼深的电脑 (trackback)配合使用。

File C:/WINDOWS/system32/Caepero.dll is infected by Win32:Zbot-D [Trj]
这是4个在system32目录下的病毒文件，

2004-08-17 12:00 18,944 Voesahit.sys
2004-08-17 12:00 10,752 Caepero.dll
2004-08-17 12:00 19,968 Zageso5.dll
2004-08-17 12:00 33,280 Sitonesa.dll

除此之外，还有一个位于C:/Program Files/Internet Explorer/PLUGINS下，

2005-01-12 13:54 33,918 Sy_Win7k.Jmp
Wn_Sys8x.Sys（昨天已干掉

遇一中毒贼深的电脑）

另外，这个也不是什么好鸟C:/Program Files/Internet Explorer/

2005-01-08 14:21 24,202 IEXPLORE32.ime

还有C:/windows/system32/目录下还有若干可能存在的文件，mscat.dll msdtc.dll msscds32.dll。

Documents and Settings/All Users/Application Data/Microsoft/Media Player/sqmnoopt01.sqm
Documents and Settings/All Users/Application Data/Microsoft/Media Player/sqmnoopt02.sqm
Documents and Settings/All Users/Application Data/Microsoft/Media Player/sqmnoopt03.sqm
Documents and Settings/All Users/Application Data/Microsoft/Media Player/sqmnoopt04.sqm
Documents and Settings/All Users/Application Data/Microsoft/Media Player/sqmnoopt05.sqm

C:/SEHLog.txt
C:/UpdateLog.txt
C:/ManagerLog.txt
~tmp032434.exe
PopupAD.DLL

注意把这个http://ahead.51down.cc网站屏蔽掉，用记事本打开C:/windows/system32/drivers/etc/HOSTS文件，添加一行“127.0.0.1 ahead.51down.cc ”不带引号哦。

Avast一直提示Caepero.dll是病毒，杀掉后，重启电脑就又有了，而且还添加到注册表项appInit_dlls中，Zageso5.dll和Sitonesa.dll不提示，但这几个文件的创建时间和修改日期都一模一样，令人生疑，一定也是病毒了。不过总是杀不掉，没办法，遂怀疑其它地方还有病毒文件，但是system32，windows，drivers等等目录寻遍了也没找到，后来突然发现浏览器加载项中有个C:/Program Files/Internet Explorer/PLUGINS/Wn_Sys8x.Sys（昨天已干掉），网络上搜索了一下，这个Wn_Sys8x.Sys和Sy_Win7k.Jmp有很大关系，而这个Sy_Win7k.Jmp就在C:/Program Files/Internet Explorer/PLUGINS/下呢，一定是它了，杀。重启电脑，OK，平安无事了。

和前面干掉的那一堆遇一中毒贼深的电脑关系还挺大的，又是木马群。

Sy_Win7k.Jmp | 病毒大百科注：毒霸上这个可能还不一样
恶意木马分析及清除：mscat1.dll,mci321.dll,mmtask1.dll,Proc.sys注：coding_hello没有彻底解决
中了trojan-downloader.win32.zlob.crl木马，怎么都杀不了！注：arswp论坛上没有解决这个问题，我解决了。

这里还有一群逃过杀毒软件扫描的病毒和可疑文件，用我的眼睛就出来一部分：

2004-08-17 12:00 18,944 Voesahit.sys
2004-08-17 12:00 10,752 Caepero.dll
2004-08-17 12:00 19,968 Zageso5.dll
2004-08-17 12:00 33,280 Sitonesa.dll
2004-08-17 20:00 72,832 Regeroi.sys
2005-01-04 20:00 127,488 uboeza.dll
2005-01-04 20:00 28,672 ylfahj.dll
2005-01-04 20:00 26,112 gqwaln.dll
2005-01-04 20:00 28,672 thsbzq.dll
2005-01-04 20:00 27,136 qosvoi.dll
2005-01-04 20:00 26,624 vxlwak.dll
2005-01-04 20:00 26,112 luubyk.dll
2005-01-04 20:00 28,160 akanhk.dll
2005-01-05 20:30 26,112 mzosty.dll
2005-01-06 11:19 127,488 xohwem.dll
2005-01-06 11:19 28,672 eddfgm.dll
2005-01-06 11:19 26,112 zzdbmi.dll
2005-01-06 11:19 28,672 eilzzq.dll
2005-01-06 11:19 27,136 hwkike.dll
2005-01-06 11:19 31,744 rbkoer.dll
2005-01-06 11:19 26,624 kijykq.dll
2005-01-06 11:19 26,112 znrmnh.dll
2005-01-06 11:19 28,160 mhhzeg.dll
2005-01-06 18:40 127,488 guomzp.dll
2005-01-06 18:40 28,672 lsesci.dll
2005-01-06 18:40 26,112 izcusl.dll
2005-01-06 18:40 28,672 djpkjp.dll
2005-01-06 18:40 27,136 vyhdxq.dll
2005-01-06 18:40 26,624 fzpclp.dll
2005-01-06 18:40 31,744 aqqfje.dll
2005-01-06 18:41 28,160 qjplpz.dll
2005-01-06 18:41 26,112 pvbqsd.dll
2005-01-06 19:11 2,216 cid_store.dat
2005-01-06 19:42 127,488 hdouhb.dll
2005-01-06 19:42 28,672 emhqto.dll
2005-01-06 19:42 29,696 hwqsuv.dll
2005-01-06 19:42 26,112 hihmyk.dll
2005-01-06 19:42 27,648 rdxtgl.dll
2005-01-06 19:42 28,672 uolxpv.dll
2005-01-06 19:42 27,136 mljlwn.dll
2005-01-06 19:42 26,624 wevtrp.dll
2005-01-06 19:42 31,744 jcqqea.dll
2005-01-06 19:43 28,160 gylxlt.dll
2005-01-07 19:10 28,672 cbqdzw.dll
2005-01-07 19:10 27,648 jnalnr.dll
2005-01-07 19:10 28,672 jyornd.dll
2005-01-07 19:10 27,136 obzozb.dll
2005-01-07 19:10 26,624 mwtqqo.dll
2005-01-07 19:10 26,112 bezuhx.dll
2005-01-07 19:10 28,160 yztcls.dll
2005-01-07 22:05 12,750 IGB_DJOL_1007.exe
2005-01-07 22:05 7,874 IGB_DJOL_1007.dll
2005-01-07 22:07 28,672 nsrhqp.dll
2005-01-07 22:07 31,744 sezmke.dll
2005-01-08 14:21 24,202 IEXPLORE32.ime
2005-01-09 19:12 31,093 mswlckc32.dll
2005-01-09 19:13 7,916 IGB_DJOL_1009.dll
2005-01-12 13:53 30,685 mswmkbs32.dll
2005-01-12 13:53 30,285 mstfhmzy32.dll
2005-01-12 13:53 12,788 IGB_DJOL_1009.exe
2005-01-12 13:54 33,918 Sy_Win7k.Jmp
2005-01-12 13:54 27,648 zavnos.dll
2005-01-12 13:54 28,672 aydmbg.dll
2005-01-12 13:54 31,744 vwwxei.dll
2005-01-15 16:13 27,136 aljsyh.dll
2005-01-15 16:29 28,672 wazuxr.dll
2005-01-15 16:35 28,672 xlihje.dll
2005-01-15 16:35 29,696 Kvsc3.dll
2005-01-15 16:35 27,648 DbgHlp32.dll
2005-01-15 16:35 27,648 upxdnd.dll
2005-01-15 16:35 26,112 MsPrint32D.dll
2005-01-15 16:35 28,672 cmdbcs.dll
2005-01-15 16:35 26,624 LotusHlp.dll
2005-01-15 16:35 26,112 NAVMon32.dll
2005-01-15 16:35 27,136 msccrt.dll
2005-01-15 16:35 28,160 WINSvr32.dll
2005-01-15 16:35 28,160 WinForm.dll
2005-01-15 16:50 28,672 bqzrka.dll
2005-01-15 16:55 36,864 B32B22A0.DLL
2005-01-15 16:56 31,744 NVDispDrv.dll
2005-01-15 16:56 28,672 AVPSrv.dll
2006-11-11 08:32 4,608 symlcbrd.sys
2007-06-16 09:23 11,192 nztgtlsh.sys
2007-12-09 10:04 127,488 zxvrud.dll
2007-12-09 22:02 11,156 n1197208933k.exe
2007-12-15 19:17 28,160 zhemeg.dll
2007-12-18 09:06 28,160 mrnvqb.dll
2007-12-18 09:06 27,136 zxqhpt.dll
2007-12-18 09:06 28,672 jqaejf.dll
2007-12-18 19:53 28,672 xzomnw.dll
2007-12-18 19:54 28,160 cdjnoj.dll
2007-12-18 19:55 27,136 ysltyi.dll
2007-12-18 20:02 27,136 wjwkeq.dll
2007-12-18 20:02 28,672 tzulml.dll
2007-12-20 08:54 127,488 pildad.dll
2007-12-20 08:54 28,672 zwzxmm.dll
2007-12-20 08:54 27,136 mopazi.dll
2007-12-20 08:54 28,672 oipkts.dll
2007-12-21 16:42 28,672 sbdawo.dll
2007-12-21 16:42 27,136 vbufuy.dll
2007-12-21 16:45 28,672 dvtdya.dll
2007-12-21 18:45 12,586 n1198233914k.exe
2007-12-24 07:04 28,672 lmarnq.dll
2007-12-24 07:04 27,136 joxncd.dll
2007-12-24 07:04 28,672 gyghhs.dll
2007-12-24 10:35 27,136 cpaitt.dll
2007-12-24 10:35 28,672 wewggb.dll
2007-12-24 13:35 12,585 n1198474516k.exe
2007-12-26 11:38 27,136 iwvcvp.dll
2007-12-26 11:38 28,672 mjkubt.dll
2008-01-01 20:37 28,672 pyoelu.dll
2008-01-01 20:37 28,672 xghegd.dll

分享到：