关于ANI病毒,安妮病毒的解决办法
高危!Windows ANI漏洞官方补丁下载该漏洞名称为:GDI漏洞导致远程执行代码(925902),影响所有基于NT架构Windows系统,安全级别为高危级,建议所有用户立即更新。该补丁替代了06年发布的KB912919,微软本次同时发布了针对7种操作系统的补丁。
论坛发布的图片,链接均有可能让浏览者中招,只要没有打上微软新补丁,中招率接近100%
同时我们看到国外也有类似的情况出现:
McAfee:
TrendMicro:
相关链接:
2007-03-29 23:25 更新:
2007-04-04 09:03 更新:
Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
各版本操作系统补丁(KB925902)下载页面,均不需要正版验证:
XP补丁
微软恶意软件删除工具
VISTA补丁
2003补丁
2000补丁
N年前就打过免疫器
N-1年前就打好了官方补丁
当时偶发帖子还木有人理 哦哦!正在下 http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-021610-3724-99&tabid=2
病毒特征
The Trojan arrives as a malformed animated cursor (an .ani file). When a malformed .ani file is viewed using Windows Explorer or Internet Explorer, Trojan.Anicmoo.D performs the following actions:
Downloads a file from a predetermined domain. The domain may be any of the following:
kutsap.com
vxiframe.biz
sweetbar.com
troyanov.net
Saves the downloaded file and executes it. The file may have one of the following names:
\mhh.exe
%UserProfile%\Desktop\mhh.exe
%System%\web.exe
Note:
is the folder where the Trojan was originally executed.
%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Ends the Trojan processes after a period of time has elapsed. This period of time depends on the CPU speed and other environmental factors.
清除方法
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as Trojan.Anicmoo . o 顶...
好像自动更新里面已经安装完了... 有没有瘟98的补丁啊 谢谢拉 红一大哥 你9了我
页:
[1]