环保设施管理:启动项中的KPFW32什么意思呀?
金山网镖里的程序
也有可能是一种恶性儒虫病毒。详细情况:http://www.qiuy.com/diannao/books/software/security/index01/052.htm
是金山毒霸的程序,肯定是你电脑上装了毒霸或是金山防火墙,这个随电脑启动开始运行,保护你的系统,是有用的,不要删除。
是这防火墙程序,要保留的
恶性蠕虫-"赛舍"(Worm.Zezer)分析报告
"AVPTC32.EXE"
"AVPUPD.EXE"
"AVSCHED32.EXE"
"AVWIN95.EXE"
"AVWUPD32.EXE"
"BLACKD.EXE"
"BLACKICE.EXE"
"CCAPP.EXE"
"CFIADMIN.EXE"
"ESAFE.EXE"
"CFIAUDIT.EXE"
"CFIND.EXE"
"CFINET.EXE"
"CFINET32.EXE"
"CLAW95.EXE"
"CLAW95CF.EXE"
"CLAW95CT.EXE"
"CLEANER.EXE"
"CLEANER3.EXE"
"DV95.EXE"
"DV95_O.EXE"
"DVP95.EXE"
"DVP95_0.EXE"
"ECENGINE.EXE"
"EFINET32.EXE"
"ESPWATCH.EXE"
"F-AGNT95.EXE"
"FINDVIRU.EXE"
"FPROT.EXE"
"F-PROT.EXE"
"FPROT95.EXE"
"F-PROT95.EXE"
"FP-WIN.EXE"
"FRW.EXE"
"F-STOPW.EXE"
"IAMAPP.EXE"
"IAMSERV.EXE"
"IBMASN.EXE"
"IBMAVSP.EXE"
"ICLOAD95.EXE"
"ICLOADNT.EXE"
"ICMON.EXE"
"ICMOON.EXE"
"ICSSUPPNT.EXE"
"ICSUPP95.EXE"
"ICSUPPNT.EXE"
"IFACE.EXE"
"IOMON98.EXE"
"JED.EXE"
"JEDI.EXE"
"KPF.EXE"
"KPFW32.EXE"
"LOCKDOWN2000.EXE"
"LOOKOUT.EXE"
"LUALL.EXE"
"MOOLIVE.EXE"
"MPFTRAY.EXE"
"N32SCAN.EXE"
"N32SCANW.EXE"
"NAVAPW32.EXE"
"NAVLU32.EXE"
"NAVNT.EXE"
"NAVSCHED.EXE"
"NAVW.EXE"
"NAVW32.EXE"
"NAVWNT.EXE"
"NISUM.EXE"
"NMAIN.EXE"
"NORMIST.EXE"
"NUPGRADE.EXE"
"NVC95.EXE"
"OUTPOST.EXE"
"PADMIN.EXE"
"PAVCL.EXE"
"PAVSCHED.EXE"
"PAVW.EXE"
"PCCWIN98.EXE"
"PCFWALLICON.EXE"
"PERSFW.EXE"
"RAV7.EXE"
"RAV7WIN.EXE"
"RESCUE.EXE"
"SAFEWEB.EXE"
"SCAN32.EXE"
"SCAN95.EXE"
"SCANPM.EXE"
"SCRSCAN.EXE"
"SERV95.EXE"
"SMC.EXE"
"SPHINX.EXE"
"SWEEP95.EXE"
"TBSCAN.EXE"
"TCA.EXE"
"TDS2-98.EXE"
"TDS2-NT.EXE"
"VCONTROL.EXE"
"VET32.EXE"
"VET95.EXE"
"VET98.EXE"
"VETTRAY.EXE"
"VSCAN40.EXE"
"VSECOMR.EXE"
"VSHWIN32.EXE"
"VSSCAN40.EXE"
"VSSTAT.EXE"
"WEBSCN.EXE"
"WEBSCANX.EXE"
"WFINDV32.EXE"
"ZAPRO.EXE"
"ZONEALARM.EXE"
发帖时间:2006-5-8 13:41:51
作者:coolbo 编辑 删除 引用 第3楼
7、利用系统网络设置来偷取存储于系统中的帐号及密码
解决方案:
1、不要相信微软发送的补丁邮件,微软是不会以邮件方式发送补丁程序的,请使用Windows Update进行补丁升级;
2、为防止该病毒的入侵请尽快升级毒霸到最新,10月9日病毒库可处理该病毒;
3、手工清除方法:
对于WIN9X用户可以在纯DOS模式下删除以下病毒文件:
%WindowsRoot%\Mscsgs.exe、
%WindowsRoot%\System\Mscsgs32.exe、
%WindowsRoot%\Msn_inst.exe、
启动目录\msnexec.exe
对于Win2000/WinXP用户,请使用进程管理器结束名为:“Mscsgs.exe、Mcsgs32.exe、Msn_inst.exe、msnexec.exe”的进程,然后删除以下文件:
%WindowsRoot%\Mscsgs.exe、
%WindowsRoot%\System\Mscsgs32.exe、
%WindowsRoot%\Msn_inst.exe、
启动目录\msnexec.exe
请下载金山毒霸的注册表修复工具( http://www.duba.net/download/3/8.shtml ),回恢对系统功能的限制,然后删除病毒在注册表中添加的项目:
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Run\ Mscsgs "%WindowsRoot%\Mscsgs.exe"
HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\ RunServices "%WindowsRoot%\SYSTEM\Mscsgs32.exe"
HKEY_CURRENT_USER\Software\Zed\Dozer\ Dozer "W32/Dozer by Zed"
HKEY_CURRENT_USER\Software\Zed\Dozer\MSNContacts
最后,将保存在系统中的密码都修改一次。比如:MSN的登录密码,某些网站的登录密码、邮箱的登录密码等等。