20070405 WINXP UPDATE PROXY PWS-LegMir

20070405 WINXP UPDATE PROXY PWS-LegMir
http://www.yippeesoft.com

昨天发现中木马，MCAFEE报告
2007-1-24 15:38:44 1027 SF\\shengfang D:\\Program Files\\Internet Explorer\\iexplore.exe D:\\Documents and Settings\\shengfang\\Cookies\\shengfang@atdmt[2].txt\\00000000.ie Cookie-Atdmt ()
2007-1-24 15:40:01 1027 SF\\shengfang N:\\Green\\internet\\GreenBrowserGB\\GreenBrowser.exe M:\\TEMP\\TEMPORARY INTERNET FILES\\CONTENT.IE5\\9XBQRJ6L\\CS[1].EXE PWS-Legmir.dll ()
2007-1-24 15:40:02 1027 SF\\shengfang N:\\Green\\internet\\GreenBrowserGB\\GreenBrowser.exe M:\\TEMP\\Temporary Internet Files\\Content.IE5\\9XBQRJ6L\\cs[1].exe\\cs[1].exe\\0000f660.EXE PWS-Legmir.dll ()
2007-1-24 15:40:02 1027 SF\\shengfang N:\\Green\\internet\\GreenBrowserGB\\GreenBrowser.exe M:\\TEMP\\CS.EXE PWS-Legmir.dll ()
2007-1-24 15:40:02 1027 SF\\shengfang N:\\Green\\internet\\GreenBrowserGB\\GreenBrowser.exe M:\\TEMP\\cs.exe\\cs.exe\\0000f660.EXE PWS-Legmir.dll ()
2007-1-24 15:40:03 1027 SF\\shengfang M:\\TEMP\\csj.exe D:\\WINDOWS\\SYSTEM32\\DRIVERS\\NPF.SYS PWS-WoW.sys ()
2007-1-24 15:40:03 1027 SF\\shengfang M:\\TEMP\\csj.exe D:\\WINDOWS\\system32\\drivers\\npf.sys PWS-WoW.sys ()
2007-1-24 15:40:03 1278 SF\\shengfang M:\\TEMP\\csj.exe D:\\WINDOWS\\system32\\win32smd.exe New Malware.j ()
2007-1-24 15:40:07 1027 SF\\shengfang M:\\TEMP\\av.exe D:\\PROGRAM FILES\\KAV\\KAV.DLL PWS-WoW ()
2007-1-24 15:40:07 1027 SF\\shengfang M:\\TEMP\\av.exe D:\\Program Files\\Kav\\Kav.dll PWS-WoW ()
2007-1-24 15:40:07 1027 SF\\shengfang M:\\TEMP\\csj.exe D:\\WINDOWS\\SYSTEM32\\KB494006.LOG PWS-WoW.dll ()
2007-1-24 15:40:07 1027 SF\\shengfang M:\\TEMP\\csj.exe D:\\WINDOWS\\system32\\KB494006.LOG PWS-WoW.dll ()

还是手工删除一个注册表项目

想UPDATE一下WINXP，结果，因为以前的走PROXY，现在直接，结果WINXP的UPDATE居然还是认为有PROXY，晕倒

2007-01-25 09:13:24  760 3cc Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <192.168.1.1:80> Bypass List used : <192.168.*.*;<local>> Auth Schemes used : <>
2007-01-25 09:13:24  760 3cc Report WARNING: Failed to upload events to the server with hr = 80072efd.
2007-01-25 09:13:24  760 3cc PT   + Last proxy send request failed with hr = 0×80072EFD, HTTP status code = 0
2007-01-25 09:13:24  760 3cc PT   + Caller provided proxy = No
2007-01-25 09:13:24  760 3cc PT   + Proxy list used = 192.168.1.1:80
2007-01-25 09:13:24  760 3cc PT   + Bypass list used = 192.168.*.*;<local>
2007-01-25 09:13:24  760 3cc PT   + Caller provided credentials = No
2007-01-25 09:13:24  760 3cc PT   + Impersonate flags = 0
2007-01-25 09:13:24  760 3cc PT   + Possible authorization schemes used =
2007-01-25 09:13:24  760 3cc PT WARNING: ReportEventBatch failure, error = 0×80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
2007-01-25 09:13:24  760 3cc Report WARNING: Reporter failed to upload events with hr = 80072efd.
2007-01-25 09:13:37  308 314 Misc ===========  Logging initialized (build: 5.8.0.2469, tz: +0800)  ===========
2007-01-25 09:13:37  308 314 Misc   = Process: D:\\Program Files\\Internet Explorer\\iexplore.exe
2007-01-25 09:13:37  308 314 Misc   = Module: D:\\WINDOWS\\system32\\wuapi.dll
2007-01-25 09:13:37  308 314 COMAPI ———–  COMAPI: IUpdateServiceManager::AddService  ———–
2007-01-25 09:13:37  308 314 COMAPI   – ServiceId = &leftsign;7971f918-a847-4430-9279-4a52d1efe18d&rightsign;
2007-01-25 09:13:37  308 314 COMAPI   – AuthorizationCabPath = D:\\WINDOWS\\SoftwareDistribution\\AuthCabs\\muauth.cab
2007-01-25 09:13:38 3880 f2c Misc ===========  Logging initialized (build: 5.8.0.2469, tz: +0800)  ===========
2007-01-25 09:13:38 3880 f2c Misc   = Process: D:\\WINDOWS\\system32\\wuauclt.exe
2007-01-25 09:13:38 3880 f2c Misc   = Module: D:\\WINDOWS\\system32\\wuaueng.dll
2007-01-25 09:13:38 3880 f2c DtaStor Update service properties: service registered with AU is &leftsign;7971F918-A847-4430-9279-4A52D1EFE18D&rightsign;
2007-01-25 09:13:38  308 314 COMAPI   – Added service, URL = http://update.microsoft.com/microsoftupdate/
2007-01-25 09:13:38  308 314 COMAPI ———–  COMAPI: IUpdateServiceManager::RegisterServiceWithAU  ———–
2007-01-25 09:13:38  308 314 COMAPI   – ServiceId = &leftsign;7971f918-a847-4430-9279-4a52d1efe18d&rightsign;
2007-01-25 09:13:43  308 314 Misc ===========  Logging initialized (build: 5.8.0.2469, tz: +0800)  ===========
2007-01-25 09:13:43  308 314 Misc   = Process: D:\\Program Files\\Internet Explorer\\iexplore.exe
2007-01-25 09:13:43  308 314 Misc   = Module: D:\\WINDOWS\\system32\\muweb.dll
2007-01-25 09:13:43  308 314 Setup ***********  Setup: Checking whether self-update is required  ***********
2007-01-25 09:13:43  308 314 Setup   * Inf file: D:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wusetup.inf
2007-01-25 09:13:43  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuweb.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:43  308 314 Setup   * IsUpdateRequired = No
2007-01-25 09:13:44  308 314 Misc ===========  Logging initialized (build: 5.8.0.2469, tz: +0800)  ===========
2007-01-25 09:13:44  308 314 Misc   = Process: D:\\Program Files\\Internet Explorer\\iexplore.exe
2007-01-25 09:13:44  308 314 Misc   = Module: D:\\WINDOWS\\system32\\wuweb.dll
2007-01-25 09:13:44  308 314 Setup ***********  Setup: Checking whether self-update is required  ***********
2007-01-25 09:13:44  308 314 Setup   * Inf file: D:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wusetup.inf
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\cdm.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\iuengine.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuapi.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuauclt.exe: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuauclt1.exe: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuaucpl.cpl: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuaueng.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wuaueng1.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wucltui.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wups.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup Update NOT required for D:\\WINDOWS\\system32\\wups2.dll: target version = 5.8.0.2469, required version = 5.8.0.2469
2007-01-25 09:13:44  308 314 Setup   * IsUpdateRequired = No

历史博文

• wpf内嵌资源 - 2009
• 20071122 grub linux - 2008
• 0410 疯了 搜索引擎疯狂TRACKBACK - 2006
• 般若波羅密多心經 - 2005