|
文件: bg_sc.exe 大小: 227817 字节 MD5: A81D0CBA9BB873D31D49DE3ABF2C3508 SHA1: 98989B307A3DE0904339C6042C950B6EFCB5EB72 CRC32: A82183BB ssm的纪录 父级进程: 路径: C:\WINDOWS\explorer.exe PID: 480 信息: Windows Explorer (Microsoft Corporation) 子级进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe 信息: baigoo installer 命令行:"C:\Documents and Settings\user\桌面\bg_sc.exe" 进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 注册表群组: Malware 对象: 注册表键: HKCR\CLSID\{8816EA7A-5944-4277-B98E-2C0A46FB36E9}\InprocServer32 注册表值: (默认) 类型: REG_SZ 值: C:\Program Files\baigoo\bgook.dll 进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 注册表群组: Malware 对象: 注册表键: HKCR\CLSID\{808EAF87-61B8-4EEA-8B85-27480D1BDBEE}\InprocServer32 注册表值: (默认) 类型: REG_SZ 值: C:\Program Files\baigoo\bgook.dll 进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 注册表群组: Malware 对象: 注册表键: HKCR\CLSID\{7905958A-18C2-4139-9957-AE6F2B754818}\InprocServer32 注册表值: (默认) 类型: REG_SZ 进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 注册表群组: Malware 对象: 注册表键: HKCR\CLSID\{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005}\InprocServer32 注册表值: (默认) 类型: REG_SZ 值: C:\Program Files\baigoo\BGooBHO.dll 进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 注册表群组: Machine AutoRun 对象: 注册表键: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 注册表值: bgoomain.exe 类型: REG_SZ 值: C:\PROGRA~1\baigoo\bgoomain.exe 父级进程: 路径: C:\Documents and Settings\user\桌面\bg_sc.exe PID: 2012 信息: baigoo installer 子级进程: 路径: C:\Program Files\baigoo\bgoomain.exe 信息: BGooMain (BGoo) 命令行:"C:\Program Files\baigoo\bgoomain.exe" 进程: 路径: C:\Program Files\baigoo\bgoomain.exe PID: 632 信息: BGooMain (BGoo) 库文件: 路径: C:\Program Files\baigoo\BGooHK.dll 信息: BGooHK ( ) 挂钩类型:WH_CBT(接收绝大多数系统通知). 进程: 路径: C:\Program Files\baigoo\bgoomain.exe PID: 632 信息: BGooMain (BGoo) 磁盘设备: \??\PhysicalDrive0 底层磁盘存取 创建进程bgoomain.exe 释放文件 C:\Program Files\baigoo\bgook.dll C:\Program Files\baigoo\BGooBHO.dll C:\PROGRA~1\baigoo\bgoomain.exe C:\Program Files\baigoo\BGooHK.dll C:\Program Files\baigoo\bgoocfg.ini C:\Program Files\baigoo\bgooex.dll C:\Program Files\baigoo\uninst.exe C:\Program Files\baigoo\plugin\bgoobar\bgoobar.dll C:\Program Files\baigoo\plugin\bgoobar\plugin.ini 注册表添加HKEY_CLASSES_ROOT\CLSID\{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bgoomain.exe 并修改浏览器 sreng日志 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo] 浏览器加载项 [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > 插入[PID: 480 / user][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\baigoo\bgoohk.dll] [ , 1, 0, 0, 1007] [PID: 632 / user][C:\Program Files\baigoo\bgoomain.exe] [BGoo, 1, 0, 0, 1006] [C:\Program Files\baigoo\bgoohk.dll] [ , 1, 0, 0, 1007] [C:\Program Files\baigoo\bgooex.dll] [, 1, 0, 0, 1007] 手动解决: 结束进程bgoomain.exe(ctrl+alt+del组合键调用任务管理器) 使用sreng删除启动项(该软件可到down.45it.com)(详细步骤:打开SREng-启动项目-注册表) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo] 在浏览器加载项中删除(详细步骤:打开SREng-系统修复-浏览器加载项) [Status Class] {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, > 最后到down.45it.com下载并使用360文件粉碎工具删除C:\Program Files\baigoo中的所有文件,并清理垃圾软件。 |