²¡¶¾ÌØÕ÷£ºÕâÊǸö½«×Ô¼ºÓëÒ»¸öÕ÷;¶à¸ö¸¨Öú¹¤¾ßÀ¦°óÔÚÒ»ÆðµÄÕ÷;µÁºÅľÂí¡£
·¢×÷Ö¢×´£º¿ª»ú¾Íµ¯³öºÜ¶à²¡¶¾¾¯¸æ£¬²¡¶¾ÎļþÊÇztdll.dll£¬¸ôÀëºÍÇå³ý¶¼Ê§°Ü£¬ÖØÐÂÆô¶¯½øÈ밲ȫģʽɱ¶¾£¬°Ñztdll.dllÇå³ýµô£¬ÖØÆôºó½øÈëϵͳÓÖµ¯³öͬÑùµÄ²¡¶¾¾¯¸æ£¬Ö¤Ã÷²¡¶¾Ô´Î´ÕÒµ½¡£
ºóÀ´ÔÚϵͳ½ø³ÌÀï·¢ÏÖÒ»¸ö²»Õý³£µÄ½ø³Ìsvhost32.exe£¬¾¹ý²éÕÒ£¬·¢ÏÖ¹ûÈ»ÊÇËüÔÚ×ö¹Ö£¬ÆäÔËÐÐÔÀíÊÇ¿ª»ú×Ô¶¯¼ÓÔØÔËÐУ¬È»ºóÊÍ·Åztdll.dll¡£
²¡¶¾ÔÀí£º¸Ã²¡¶¾ÔÚ±»Ö´ÐÐʱÊ×ÏÈÖ´ÐÐÀ¦°óµÄ²¡¶¾Ì壬Ȼºóµ¯³öÒ»¸öÕ÷;¶à¿ª¸¨Öú¹¤¾ßµÄ½çÃæ¡£²¡¶¾ÌåÖ´ÐеĹý³ÌÖлáÊͷŲ¡¶¾Îļþµ½ %UserDir%\Local Settings\Temp\zt.exeϲ¢Ö´ÐС£Óɲ¡¶¾Îļþzt.exeÊÍ·ÅÎļþ%system%\dll.dll£¬²¢½«ÆäÉèÖÃΪֻ¶Á¡¢ÏµÍ³ºÍÒþ²ØÊôÐÔ£¬²¢ÇÒÐÞ¸Ä×¢²á±íÏî¡£¸ÃľÂí²¡¶¾²»¶ÏµÄ²éÕÒÕ÷;¿Í»§¶Ë´°¿Ú£¬»ñµÃÓû§ÕʺÅÐÅÏ¢ºó·¢Ë͵½Ö¸¶¨ÍøÕ¾¡£
Çå³ý²¡¶¾°ì·¨£º
1. ÈÎÎñ¹ÜÀíÆ÷Àï½áÊø½ø³Ì svhost32.exe
2. ɾ³ýÎļþ C:\ProgramFiles\svhost32.exe
3. ÔËÐÐregedit.exe½øÈë×¢²á±í£¬É¾³ýÆô¶¯Ï
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"="%ProgramFiles%\svhost32.exe"
| ×ÔÓɹã¸æÇø |
| ¡¡ |