此病毒通常会伴随其他木马一起下载到电脑中,但那个下载器还没找到...只能说说这一个病毒
卡巴报Trojan-PSW.Win32.Agent.dt
Size: 60416 bytes
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
MD5: 9F824AC6579F83A1645F4FE9EA21BCE5
SHA1: AA2EF274179E773FC42020E20575F3F65A078FCD
CRC32: 26F8C997
添加服务Asynchronous UPnP Support Services
服务涉及到的注册表项目如下 HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Type: 0x00000010
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ErrorControl: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ImagePath: "C:\Documents and Settings\Administrator\桌面\12.06\upnpsvc.exe"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\DisplayName: "Asynchronous UPnP Support Services"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ObjectName: "LocalSystem"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Description: "使用您的 UPnP 设备为P2P数据传输提供支持。如果此服务被终止,此计算机BitTorrent等传输将受到影响。"
释放C:\WINDOWS\system32\UPnPSvc.dll
sreng日志表现如下
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Running/Auto Start]
<C:\WINDOWS\system32\upnpsvc.exe><Microsoft Corporatio>
清除办法
打开sreng (就是你扫日志的软件)
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
Asynchronous UPnP Support Services / Asynchronous UPnP Support Services
重启计算机
删除C:\WINDOWS\system32\upnpsvc.exe
C:\WINDOWS\system32\UPnPSvc.dll
| 
