返回列表 发帖
x86 该用户已被删除
楼主 跳转到 » 倒序看帖
打印
tT
x86发表于 2006-8-12 09:05 | 只看该作者

关于adf.com.cn

今天开机的时候,发现启动得特别慢,然后进去了就在进程管理器里发现了一个名为adf.com.cn的进程
不知道这三个键是干啥用的,数值名称都是ImagePath数值都是C:\WINDOWS\adf.com.cn
然后偶用ProcessInfo查看了他加载的模块,发现用到了Ws2_32.dll,于是就用HookSend程序来拦截他往外发送的数据包,结果发现他发送的数据都是到同一个莫名其妙的网站,且一直访问同一页面,拦截数据如下:
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
GET /ip.txt HTTP/1.0
User-Agent: MYURL
Host: ningzi8887.27h.com
Pragma: no-cache
莫名其妙的程序。。。
收藏 分享

x86 该用户已被删除
沙发
x86发表于 2006-8-12 09:07 | 只看该作者

关于adf.com.cn

发现了,是以一个服务的形式启动的。

TOP

x86 该用户已被删除
板凳
x86发表于 2006-8-12 09:22 | 只看该作者

关于adf.com.cn

在服务管理里先停止服务或者net stop adf.com.cn
接着sc delete adf.com.cn
然后在注册表里再搜一遍,把所有与之相关的全部删除
接下来进入c;\windows,在工具选项里选择显示所有文件和系统文件,可以看到adf.com.cn,直接删除重新启动。
这下,系统启动就快多拉:)

TOP

返回列表 回复 发帖