sys06003.dll，srpcss.dll，avicapwm.dll等病毒分析

　　产生如下文件：

　　C:WINDOWSsystem32sys06003.dll

　　C:WINDOWSsystem32sys07003.dll

　　c:windowssystem32srpcss.dll

　　C:WINDOWSsystem32cliconfgzx.dll

　　C:WINDOWSsystem32avicapwm.dll

　　C:WINDOWSsystem32ootvidgj.dll

　　C:WINDOWSsystem32certmgrkd.dll

　　C:WINDOWSsystem32lweurqhx.dll

　　C:WINDOWSsystem32imgutilhx2.dll

　　C:WINDOWSsystem32adsntzt.dll

　　C:WINDOWSsystem32 ekrgiqq.dll

　　C:WINDOWSsystemzyndld32080813jt.dll

　　C:WINDOWSsystem32mywcc080802.dll

　　C:WINDOWSsystem32offscrl.dll

　　C:WINDOWSsystem32squalle.dll

　　C:WINDOWSsystem32ckicps.dll

　　C:WINDOWSsystem32cmonos.dll

　　C:WINDOWSsystem32lenowos.dll

　　C:WINDOWSsystem32wdhotem.dll

　　C:WINDOWSsystem32aliens.dll

　　C:WINDOWSsystem32　　herbrek.dll

　　C:WINDOWSsystem32esceps.dll

　　C:WINDOWSsystem32mssetd.dll

　　C:WINDOWSsystem32 vidons.dll

　　C:WINDOWSsystem32manleu.dll

　　C:WINDOWSsystem32 mbsony.dll

　　C:WINDOWSsystem32jolinos.dll

　　C:WINDOWSsystem32dearnts.dll

　　C:WINDOWSsystem32fackwir.dll

　　C:WINDOWSsystem32joause.dll

　　C:WINDOWSsystemzyndle080813.exe

　　添加如下注册表启动项目

　　[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]

　　<load><> [N/A]

　　<run><> [N/A]

　　[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]

　　<ACF8B3B1F4AB45A><.vbe> []

　　<nzy_df><C:WINDOWSsystemzyndle080813.exe> []

　　<ccnhh><rundll32.exe C:WINDOWSsystem32mywcc080802.dll bgdll> [File is missing]

　　[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]

　　<{00050005-0005-0005-0005-00050005BB15}><C:WINDOWSsystem32cliconfgzx.dll> []

　　<{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:WINDOWSsystem32avicapwm.dll> []

　　<{D3112B69-A745-4805-874E-ABD480EA1299}><C:WINDOWSsystem32ootvidgj.dll> []

　　<{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:WINDOWSsystem32certmgrkd.dll> []

　　<{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:WINDOWSsystem32lweurqhx.dll> []

　　<{00300030-0030-0030-0030-00300030BB15}><C:WINDOWSsystem32imgutilhx2.dll> []

　　<{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:WINDOWSsystem32adsntzt.dll> []

　　<{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:WINDOWSsystem32 ekrgiqq.dll> []

　　[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]

　　<cliconfgzx.dll><C:WINDOWSsystem32cliconfgzx.dll> []

　　<ahicuvyi.dll><> [N/A]

　　<kbdswjr.dll><> [N/A]

　　<dispexcb.dll><> [N/A]

　　<bootvidgj.dll><> [N/A]

　　<adsntzt.dll><> [N/A]

　　<imgutilhx2.dll><C:WINDOWSsystem32imgutilhx2.dll> []

　　<slbiopfs2.dll><> [N/A]

　　<lweurqhx.dll><C:WINDOWSsystem32lweurqhx.dll> []

　　<spbyhpmh.dll><C:WINDOWSsystem32 ekrgiqq.dll> []

　　<certmgrkd.dll><C:WINDOWSsystem32certmgrkd.dll> []

　　<avicapwm.dll><C:WINDOWSsystem32avicapwm.dll> []

　　<sxxmpycs.dll><C:WINDOWSsystem32 ekrgiqq.dll> []

　　<nekrgiqq.dll><C:WINDOWSsystem32 ekrgiqq.dll> []

　　<AppInit_DLLs><offscrl.dll squalle.dll ckicps.dll cmonos.dll lenowos.dll wdhotem.dll aliens.dll therbrek.dll esceps.dll mssetd.dll nvidons.dll manleu.dll rmbsony.dll jolinos.dll dearnts.dll fackwir.dll joause.dll> [N/A]

　　修改如下服务：

　　[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]

　　<C:WINDOWSsystem32svchost -k rpcss-->C:WINDOWSsystem32srpcss.dll><N/A>