进程和DLL文件查询
Systen32.exe 进程资料
Systen32.exe是什么进程?
进程信息 | |
进程文件: | Systen32.exe |
---|---|
进程名称: | Worm_Lovgate.AD |
中文描述: | “爱之门”病毒变种。病毒会将大量可执行文件替换成病毒副本文件,并将原文件变为隐含属性且后缀名被改变。同时病毒会在被感染系统中生成多个自身拷贝和病毒文件。在%Windows%文件夹下生成:SVCHOST.EXE和SYSTRA.EXE。在%system%文件夹下生成:HXDEF.EXE、IEXPLORE.EXE、KERNEL66.DLL、RAVMOND.EXE、TKBELLEXE.EXE和UPDATE_OB.EXE。在C盘根目录下生成:AUTORUN.INF和COMMAND.EXE。 病毒在注册表中添加以下项目,使得自身能够作为服务运行:在HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices下添加SystemTra="C:\Windows\SysTra.EXE"COM++System="svchost.exe" 病毒在注册表中添加以下项目,使得自身能够随系统启动而自动运行,在HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows下添加run="RAVMOND.exe"WinHelp="C:\Windows\System32\TkBellExe.exe"HardwareProfile="C:\Windows\System32\hxdef.exe"VFWEncoder/DecoderSettings="RUNDLL32.EXEMSSIGN30.DLLondll_reg"MicrosoftNetMeetingAssociates,Inc.="NetMeeting.exe"ProgramInWindows="C:\Windows\System32\IEXPLORE.EXE"ShellExtension="C:\Windows\System32\spollsv.exe"ProtectedStorage="RUNDLL32.EXEMSSIGN30.DLLondll_reg" 病毒修改以下注册表项目,这样一来,用户在运行.txt文本文件的时候,实际上就是在运行病毒拷贝:HKEY_CLASSES_ROOT\txtfile\shell\open\commanddefault="Update_OB.exe%1"(原始数值为%SystemRoot%\system32\NOTEPAD.EXE%1)HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\commanddefault="Update_OB.exe%1"(原始数值为%SystemRoot%\system32\NOTEPAD.EXE%1)。 病毒修改文件AUTORUN.INF[AUTORUN]Open="c:\COMMAND.EXE"/StartExplorer。 |
程序用途: | 搜索系统邮箱,回复找到的电子邮件,并将病毒作为附件进行传播。 |
进程位置: | 系统目录 |
进程作者: | 未知 |
进程属性 | ||
系统进程: | 否 | |
---|---|---|
应用程序: | 否 | |
后台程序: | 是 | |
使用访问: | 是 | |
访问网络: | 否 | |
进程行为 | ||
危险等级: | 0 (N/A无危险 5最危险) | |
间碟软件: | 是 | |
广告软件: | 是 | |
病毒进程: | 是 | |
木马进程: | 是 |
进程查询结果由 xpcha.com 提供
热门进程
- QQLiveUp.exe QQLiveUp.exe
- pcclient.exe Trend Micro PC-Cillin Component
- searchindexer.exe
- lsass.exe Local Security Authority Service
- dwm.exe dwm.exe
- feedback.exe feedback.exe
- ocraware.exe Ocraware
- lviss.exe Worm.Ircbot.Gen.lviss
- msascui.exe Microsoft Windows Defender Antispyware
- ereg.exe
- devenv.exe Microsoft Visual Studio
- InfoMgr.exe InfoMgr.exe
- vaioupdt.exe Sony Vaio Update
- wmiadap.exe AutoDiscovery/AutoPurge (ADAP) Service
- LienVandeKelderrr.exe LienVandeKelderrr.exe
- lkcitdl.exe National Instruments Part of Logos
- mscoree.dll Microsoft .NET Runtime Execution Engine
- MotoMidMan.exe MotoMidMan.exe
- pcfmgr.exe PowerPannel
- lsm.exe lsm.exe
网友正在查
- Systen32.exe
- win_xp.exe
- cfgdll32.exe
- wscntify.exe
- wintems.exe
- auagent.exe
- mscornet.exe
- webshotstray.exe
- p2kman_en.exe
- plsqldev.exe
- vcmon.exe
- mscvb32.exe
- everest.bin
- m-triplauncher.exe
- Genprotect.exe
- syscfg32.exe
- GenuineCheck.exe
- iexplora.exe
- svchost32.exe
- csrcc.exe
- res.exe
- bridge.dll
- msn9.exe
- winfrw.exe
- AliveABook.exe
- GHOST.EXE
- adw30.exe
- Dweep.exe
- hitwqczw.exe
- info.exe
- rasadhlp.dll
- adl_mteststub.exe
- shd401lc.dll
- M1.exe
- kmwop.exe
- Explorer
- WebHop.ini
- login_client.exe
- TXPlatform.exe
- ftpd.exe
- UserPage.exe
- accelerate.exe
- dxdiag.exe
- ColorSpy.exe
- setiathome_5.15_windows_intelx86.exe
- dlgchbw.exe
- DoubleKiller.exe
- hpalerts.dll
- r_server.exe
- spoolsc.exe
- KVSrvXP_1.exe
- ipfw.exe
- sriecli.exe
- twunk_64.exe
- ssbx.exe
- winspool.drv
- padexe.exe
- clipsrv.exe
- ServiceWrapper-7681197.exe
- tmesbs21.exe
- ADMDLL.dll
- ghost32.exe
- vcmpin.exe
- taskimgr.exe
- e_s4i0f2.exe
- J_Server.DLL
- fapmon.exe
- skynetave.exe
- Themse.exe
- hhs32.pif
- agent.exe
- pib.exe
- odbcconf.dll
- batserv2.exe
- KCAutoUpgrade.exe
- httpd.exe
- batterylife.exe
- cgard.exe
- swchost.exe
- jcb.dll
- msxml2.dll
- enternet.exe
- cmmpu.exe
- iissuba.dll
- vsui50.dll
- delayrun.exe
- quicknote.exe
- fws.exe
- ccc.exe
- Tds2-98.exe
- lava.exe
- khalmnpr.exe
- distnoted.exe
- acwlicon.exe
- Eyesrelaxingandfocusing.exe
- gedzac.exe
- DriverGenius.exe
- win32hlp.exe
- mll_mtf.dll
- H.exe