Sality专杀 ——安铁诺专杀工具
<P class=0 style="MARGIN-TOP: 5pt; TEXT-ALIGN: justify"><P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN><A href="http://www.sanlen.com/upload/down_image/sl1220500547sality%20专杀%20copy%20copy.jpg"><SPAN class=15 style="FONT-SIZE: 10pt; COLOR: rgb(0,0,255); FONT-FAMILY: 'Times New Roman'; TEXT-DECORATION: underline; mso-spacerun: 'yes'"><FONT face=宋体></FONT></SPAN></A></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>软件名称:Sality专杀 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>软件类别:专杀工具 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>软件版本: </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>软件大小:78.58KB </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>应用平台:Win2003/WinXP/Win2000/NT/WinME/Win9X/ </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>更新时间:2008-09-04 15:42:52 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>授权方式:免费软件 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN><IMG height=8 src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/ksohtml/wps_clip_image1.png" width=539></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>软件说明</FONT></SPAN><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; TEXT-ALIGN: center"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="TEXT-ALIGN: justify"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="TEXT-ALIGN: justify"><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>病毒评估</FONT></SPAN><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="TEXT-ALIGN: justify"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>病毒名称: Sality蠕虫变种Q </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>病毒名称英文:Win32.Sality.q </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>病毒类型:感染型 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>危险级别:★★★☆ </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>传播方式:通过网络共享传播 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>受影响的系统: Windows 2000, Windows XP, Windows Server 2003 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>未受影响的系统:Windows 3.x, Macintosh, Unix, Linux </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>病毒危害:</FONT></SPAN><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">1. <FONT face=宋体>该病毒首先释放病毒体vcmgcd32.dll到%system32%文件夹下。然后加载vcmgcd32.dll到内存。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">2. vcmgcd32.dll<FONT face=宋体>将被注入到其他进程中。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">3. <FONT face=宋体>感染其他可执行程序:枚举注册表RUN下的自启动项得到程序路径,从而进行感染。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">4.<FONT face=宋体>窃取系统信息,并将信息发送到指定的mail.ru域。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">5. <FONT face=宋体>感染本机 .vdb, .avc, .key, .exe, .scr文件。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>传播形式:</FONT></SPAN><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>该病毒属于多形态病毒,感染Win32 PE可运行程序。Win32.Sality.q病毒通过Win32/Bagle family变体下载。该病毒解密自身并在%System32%目录中生成一个vcmgcd32.dll文件。vcmgcd32.dll文件被注入其它的运行程序并运行其主程序代码。该病毒查找本地C:\到 Z:\ 的Windows PE文件进行感染。该病毒不感染大小在4K以下或者在20M以上的文件。病毒在它的固有码运行入口替代代码,并添加一个加密的病毒副本到主文件,随后运行主程序代码来隐藏病毒的存在。</FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体>预防和处理办法:</FONT></SPAN><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">1 <FONT face=宋体>开启杀毒软件进行全面监控,并且及时更新病毒库。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-LEFT: 18pt; TEXT-INDENT: -9pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'">2 <FONT face=宋体>及时升级系统漏洞。 </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0 style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt"><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><FONT face=宋体> </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P>
<P class=0><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: '宋体'; mso-spacerun: 'yes'"><FONT face=宋体>原文地址:</FONT></SPAN><SPAN><A href="http://www.sanlen.com/down/sl_down_164.htm"><SPAN class=15 style="FONT-SIZE: 10pt; COLOR: rgb(0,0,255); FONT-FAMILY: '宋体'; TEXT-DECORATION: underline; mso-spacerun: 'yes'">http://www.sanlen.com/down/sl_down_164.htm</SPAN></A></SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: '宋体'; mso-spacerun: 'yes'"><o:p></o:p></SPAN></P><!--EndFragment-->
页:
[1]