关于ANI病毒，安妮病毒的解决办法

=|HERO|=redone

高危!Windows ANI漏洞官方补丁下载 该漏洞名称为：GDI漏洞导致远程执行代码（925902），影响所有基于NT架构Windows系统，安全级别为高危级，建议所有用户立即更新。该补丁替代了06年发布的KB912919，微软本次同时发布了针对7种操作系统的补丁。 论坛发布的图片，链接均有可能让浏览者中招，只要没有打上微软新补丁，中招率接近100% / A E8 `0 _1 R同时我们看到国外也有类似的情况出现： McAfee: TrendMicro: 相关链接： - s8 |. J% h" ]7 ~ f& j# S2007-03-29 23:25 更新： 2007-04-04 09:03 更新： Microsoft Security Bulletin MS07-017 / _0 t1 Y, B; oVulnerabilities in GDI Could Allow Remote Code Execution (925902) ! t. h9 |* ~/ ?5 M

各版本操作系统补丁（KB925902）下载页面，均不需要正版验证： + r8 [# N; E9 r6 W- V, b1 B: iXP补丁 4 w9 i O' V1 Z, Q( K8 G1 j; `# ~' Y微软恶意软件删除工具 VISTA补丁 3 [9 g& [' g8 J) G2003补丁 2000补丁 : a! C" j6 k% l/ f, y0 \( P- L

pwch

N年前就打过免疫器

N-1年前就打好了官方补丁
- D9 f, z6 C5 h$ p% B8 j; P3 t2 o8 i
当时偶发帖子还木有人理

=|HERO|=aodaod

哦哦！正在下

=|HERO|=Yuchuan

http://securityresponse.symantec ... 3724-99&tabid=2

病毒特征
The Trojan arrives as a malformed animated cursor (an .ani file). When a malformed .ani file is viewed using Windows Explorer or Internet Explorer, Trojan.Anicmoo.D performs the following actions:
, s0 ^! R( B4 a/ t% V
Downloads a file from a predetermined domain. The domain may be any of the following:

4 U4 }0 G! @; b' ~6 s
kutsap.com
vxiframe.biz
sweetbar.com
. F4 h. d+ K. _" Vtroyanov.net
1 S5 L6 `7 W' z, W/ \6 G. F
# A5 h, z2 v, o# }
' y1 F5 @; s3 K/ sSaves the downloaded file and executes it. The file may have one of the following names:
5 x1 d8 c# `( m
* l$ [+ W! L2 D$ z8 G
. u1 p' T0 k5 |3 p$ r  ^[Current folder]\mhh.exe
%UserProfile%\Desktop\mhh.exe
/ y1 m& x4 r( ^& F- R3 `4 E' T) p+ R! E%System%\web.exe
5 D' _/ x% }& e5 @1 f
/ g$ S! R1 V" H0 B, ]: F' [Note:
7 O( ]) [% x$ I[Current folder] is the folder where the Trojan was originally executed.
%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
* O7 B6 \2 J) M5 \0 h& y%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
; t$ f4 O" T4 U: e

Ends the Trojan processes after a period of time has elapsed. This period of time depends on the CPU speed and other environmental factors.
5 L) ^: C, N( e" _) v
' Z" B3 G' {1 S8 A+ X4 q2 k( Q
+ J) ]# d5 {/ v9 I* ?$ a# ~7 A清除方法
" p6 I+ H* Z) w" l! VThe following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
  X8 |5 A) p. G$ l
Disable System Restore (Windows Me/XP).
* l/ e% \7 _1 Y9 O! ^Update the virus definitions.
Run a full system scan and delete all the files detected as Trojan.Anicmoo .

=|HERO|=HUMMER

o

=|HERO|=LonWang

顶...
0 q4 [7 G# w3 P7 _1 C  g( ^8 T* S- e

) P9 f* g) P$ N% v5 y: X7 k好像自动更新里面已经安装完了...

=|HERO|=YDE

有没有瘟98的补丁啊

quicksand1984

谢谢拉　红一大哥　你９了我