关于ANI病毒，安妮病毒的解决办法

=|HERO|=redone

高危!Windows ANI漏洞官方补丁下载 & r; @9 z i3 V0 ^该漏洞名称为：GDI漏洞导致远程执行代码（925902），影响所有基于NT架构Windows系统，安全级别为高危级，建议所有用户立即更新。该补丁替代了06年发布的KB912919，微软本次同时发布了针对7种操作系统的补丁。 论坛发布的图片，链接均有可能让浏览者中招，只要没有打上微软新补丁，中招率接近100% 7 l3 u2 i$ |$ e& I2 Z3 M1 F0 i3 ^同时我们看到国外也有类似的情况出现： : S$ u3 ]# }6 B+ L, U% d" nMcAfee: TrendMicro: % l. v1 }% J. [. ^; D相关链接： 2007-03-29 23:25 更新： 2007-04-04 09:03 更新： 6 M% f8 U1 K9 T/ oMicrosoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902) ! L/ o; a0 E1 h- f8 a% P

各版本操作系统补丁（KB925902）下载页面，均不需要正版验证： 5 h; J7 |( _9 Z( }( o, KXP补丁 : l2 N% k0 m1 ~( W! [微软恶意软件删除工具 VISTA补丁 8 b& y7 R' K0 |) G# R2003补丁 : ] \+ O9 K1 |0 M8 A' p: |2000补丁 ) N9 l7 D3 c' i! b8 W - i7 r' M( C: f% _5 Y

pwch

N年前就打过免疫器

8 Y1 x0 V% k8 c" D  I, j- v) y1 s* ?$ ]N-1年前就打好了官方补丁

, F0 Q/ R9 S6 O, c; }当时偶发帖子还木有人理

=|HERO|=aodaod

哦哦！正在下

=|HERO|=Yuchuan

http://securityresponse.symantec ... 3724-99&tabid=2
8 q  r9 I! ~' l
, n6 L8 k) q! `病毒特征
The Trojan arrives as a malformed animated cursor (an .ani file). When a malformed .ani file is viewed using Windows Explorer or Internet Explorer, Trojan.Anicmoo.D performs the following actions:
: q# @2 v" j4 C, i! n
/ \: u9 U. H# WDownloads a file from a predetermined domain. The domain may be any of the following:


) j8 e7 [% R* C0 n# f9 tkutsap.com
; m6 n; h! L: l  [& b" K( Z+ Fvxiframe.biz
) k4 m) U; t* j' ]5 v: Usweetbar.com
& N* F" p7 c! @) J: u1 }  b1 C( Otroyanov.net
1 ^! `$ d. P) K+ T1 l2 a3 ?+ s8 M" ~

/ S3 V; ?9 ^# Q( fSaves the downloaded file and executes it. The file may have one of the following names:
, S' ?* N: R; U! K

[Current folder]\mhh.exe
%UserProfile%\Desktop\mhh.exe
%System%\web.exe
1 p& Y+ b+ B2 |. {5 P6 ?
Note:
# ~3 |* B4 k% R! y[Current folder] is the folder where the Trojan was originally executed.
& N/ |$ H! D) t2 I%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
# J& ?' [# ^: H% r' G

+ Q" ?- h' v: EEnds the Trojan processes after a period of time has elapsed. This period of time depends on the CPU speed and other environmental factors.
& q7 @0 S* P6 T/ `3 `$ X) c

2 W1 n# m5 F5 H. W清除方法
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
9 z, d& o3 J) I. h% ~: P  WRun a full system scan and delete all the files detected as Trojan.Anicmoo .

=|HERO|=HUMMER

o

=|HERO|=LonWang

顶...
9 s- Z& v( u' Y. I9 }  N  L
6 ]) g, Z, h0 M
好像自动更新里面已经安装完了...

=|HERO|=YDE

有没有瘟98的补丁啊

quicksand1984

谢谢拉　红一大哥　你９了我