Wmps32.exe木马病毒的清除指南(鼠标乱动&失去控制)(Backdoor.Win32.Delf.avu) File: Wmps32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 b698a6eab4f29bc190792ef66f782904
Packers detected: - Scanner results | | AntiVir | Found nothing | | ArcaVir | Found nothing | | Avast | Found Win32:Small-AMI | | AVG Antivirus | Found nothing | | BitDefender | Found nothing | | ClamAV | Found nothing | | Dr.Web | Found Trojan.DownLoader.4293 | | F-Prot Antivirus | Found nothing | | F-Secure Anti-Virus | Found nothing | | Fortinet | Found nothing | | Kaspersky Anti-Virus | Found nothing | | NOD32 | Found probably unknown NewHeur_PE (probable variant) | | Norman Virus Control | Found nothing | | VirusBuster | Found nothing | | VBA32 | Found MalwareScope.Backdoor.Hupigon.6 | | |
注意到卡巴斯基没反应。Kaspersky 6.xxx No act..... 具有windows media player媒体文件的图标,具有隐藏属性(且不可取消)如下图:
 此主题相关图片如下:
此主题相关图片如下:
发作特征:鼠标自己疯狂动作,一次能随机打开几十个文件。 病毒创建了一个NT服务以实现开机自动启动。 SREng日志中可见 [Windows Media  layer Services / Wmps]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\Wmps32.exe><N/A> 清除方法: 用SREng删除该NT服务即可。方法参考 http://www.anti-malware.cn/News/20061220105753.html | 
IP卡
狗仔卡
发表于 2007-6-19 09:38:00
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主