Skip to main content

ViKing查杀

又中招了,不过好久没有中感染exe文件的病毒了,这种病毒是我承认“有技术含量”的几种之一,至少我不能手工杀光。
表现是桌面很多图标消失(即变成dos程序图标),用exescope看那些exe文件,都多了些ml2**的section头。另外多了几个可疑文件:c:\windows\uninstall\rundl132.exe, c:\windows\logo1_.exe,c:\windows\richdll.dll,
刚发现这些文件时我的对策是:(呵呵,有手工软件就是好)1。杀进程2。用IceSword阻止它再运行3。用FileMon看调用者4。删文件和注册表
后来发现运行一些普通程序也会生成这些文件,再用exescope。。。明白了
http://hi.baidu.com/gaodi2002/blog/item/8135d6f97800ab59252df202.html查到了这是维金病毒,正好2006电脑报合订本光盘里有金山的专杀,用起来还不错,只是一开始还得运行病毒,这个工具似乎先扫描内存,如果没毒就不扫描硬盘了。我晕。但是后来我又杀了一次,报告内存无病毒,可是这次就扫描硬盘了,我也不知道怎么回事。唉。
然后用exescope随便查看几个exe,嗯,好了。
附上金山维金专杀的链接:http://db.kingsoft.com/download/3/246.shtml

Comments

Popular posts from this blog

Determine Perspective Lines With Off-page Vanishing Point

In perspective drawing, a vanishing point represents a group of parallel lines, in other words, a direction. For any point on the paper, if we want a line towards the same direction (in the 3d space), we simply draw a line through it and the vanishing point. But sometimes the vanishing point is too far away, such that it is outside the paper/canvas. In this example, we have a point P and two perspective lines L1 and L2. The vanishing point VP is naturally the intersection of L1 and L2. The task is to draw a line through P and VP, without having VP on the paper. I am aware of a few traditional solutions: 1. Use extra pieces of paper such that we can extend L1 and L2 until we see VP. 2. Draw everything in a smaller scale, such that we can see both P and VP on the paper. Draw the line and scale everything back. 3. Draw a perspective grid using the Brewer Method. #1 and #2 might be quite practical. #3 may not guarantee a solution, unless we can measure distances/p...

Qubes OS: First Impressions

A few days ago, while browsing security topics online, Qubes OS surfaced—whether via YouTube recommendations or search results, I can't recall precisely. Intrigued by its unique approach to security through compartmentalization, I delved into the documentation and watched some demos. My interest was piqued enough that I felt compelled to install it and give it a try firsthand. My overall first impression of Qubes OS is highly positive. Had I discovered it earlier, I might have reconsidered starting my hardware password manager project. Conceptually, Qubes OS is not much different from running a bunch of virtual machines simultaneously. However, its brilliance lies in the seamless desktop integration and the well-designed template system, making it far more user-friendly than a manual VM setup. I was particularly impressed by the concept of disposable VMs for temporary tasks and the clear separation of critical functions like networking (sys-net) and USB handling (sys-usb) into the...

ESP32S3: Flash Encryption and Secure Boot

Flash encryption and secure boot are useful security features for ESP32S3 chip. While not perfect, they definitely make it harder to extract the secrets in the chip. However, it is tricky to enable both features at the same time. The topic is actually discussed in the official documentation: ESP32S3 Security Features Security Features Enablement Workflows Especially, the second one mentioned it is recommended to enable flash encryption before secure boot. But I still find the documentation confusing. In the end I was able to successfully enable both, here's my findings. My Understanding After my adventure, here's what I think could have worked. WARNING, this is untested. Follow  Security Features Enablement Workflows : Burn all the keys, as long as their purpose eFuses and read/write protections Burn other security eFuses, but DO NOT burn ENABLE_SECURITY_DOWNLOAD in the middle, which is mentined at the end of the instruction for both flash encryption and secure boot. Burn...