å¨å®å
¨æ¨¡å¼ä¸çè¿ç¨ä¸è¬é½åªæåäºä¸ªç,è¿äºè¿ç¨é½æ¯å±äºæ£å¸¸çè¿ç¨.
1.svchost.exe
è¿ç¨æ件:svchostæè
svchost.exe
è¿ç¨å称:microsoft service host process
æè¿°:svchost.exeæ¯ä¸ä¸ªå±äºå¾®è½¯windowsæä½ç³»ç»çç³»ç»ç¨åºï¼ç¨äºæ§è¡dllæ件ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã注æï¼svchost.exeä¹æå¯è½æ¯w32.welchia.wormç
æ¯ï¼å®å©ç¨windowslsassæ¼æ´ï¼å¶é ç¼å²åºæº¢åºï¼å¯¼è´ä½ 计ç®æºå
³æºã请注ææ¤è¿ç¨çååï¼è¿æä¸ä¸ªç
æ¯æ¯svch0st.exeï¼ååä¸é´çæ¯æ°å0ï¼èä¸æ¯è±æåæ¯oã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32åservicepackfiles\i386ä¸é¢
2.IEXPLORE.EXE
è¿ç¨æ件:iexploreæè
iexplore.exe
è¿ç¨å称:microsoft internet explorer
æè¿°:iexplore.exeæ¯microsoft internet explorerç主ç¨åºãè¿ä¸ªå¾®è½¯windowsåºç¨ç¨åºè®©ä½ å¨ç½ä¸å²æµªï¼å访é®æ¬å°interanetç½ç»ãè¿ä¸æ¯çº¯ç²¹çç³»ç»ç¨åºï¼ä½æ¯å¦æç»æ¢å®ï¼å¯è½ä¼å¯¼è´ä¸å¯ç¥çé®é¢ãiexplore.exeåæ¶ä¹æ¯avantç½ç»æµè§å¨çä¸é¨åï¼è¿æ¯ä¸ä¸ªå
è´¹çåºäºinternet explorerçæµè§å¨ã注æiexplore.exeä¹æå¯è½æ¯æ¨é©¬.killav.bç
æ¯ï¼è¯¥ç
æ¯ä¼ç»æ¢ä½ çåç
æ¯è½¯ä»¶ï¼åä¸äºwindowsç³»ç»å·¥å
·ãæ£å¸¸çè¿ç¨åºè¯¥æ¯å¨\programfiles\internetexploreråsystem32\dllcacheä¸é¢
3.rundll32.exe
è¿ç¨æ件:rundll32æè
rundll32.exe
è¿ç¨å称:microsoftrundll32
æè¿°:rundll32.exeç¨äºå¨å
åä¸è¿è¡dllæ件ï¼å®ä»¬ä¼å¨åºç¨ç¨åºä¸è¢«ä½¿ç¨ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã注æï¼rundll32.exeä¹å¯è½æ¯w32.miroot.wormç
æ¯ã该ç
æ¯å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåå¯ç å个人æ°æ®ã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32åsystem32\dllcacheä¸é¢
4.ctfmon.exe
å称: alternative user input services
æè¿°: ctfmon.exeæ¯microsoft office产åå¥è£
çä¸é¨åãå®å¯ä»¥éæ©ç¨æ·æåè¾å
¥ç¨åºï¼å微软office xpè¯è¨æ¡ãè¿ä¸æ¯çº¯ç²¹çç³»ç»ç¨åºï¼ä½æ¯å¦æç»æ¢å®ï¼å¯è½ä¼å¯¼è´ä¸å¯ç¥çé®é¢ã
5.WINLOGON.EXE
è¿ç¨æ件:winlogon or winlogon.exe
è¿ç¨å称:microsoft windows logon process
æè¿°:winlogon.exeæ¯windowsåç»é管çå¨ãå®ç¨äºå¤çä½ ç»éåéåºç³»ç»è¿ç¨ã该è¿ç¨å¨ä½ ç³»ç»çä½ç¨æ¯é常éè¦çã注æï¼winlogon.exeä¹å¯è½æ¯w32.netsky.d@mmè è«ç
æ¯ã该ç
æ¯éè¿emailé®ä»¶ä¼ æï¼å½ä½ æå¼ç
æ¯åéçé件æ¶ï¼å³ä¼è¢«ææã该ç
æ¯ä¼å建smtpå¼æå¨å害è
ç计ç®æºä¸ï¼ç¾¤åé®ä»¶è¿è¡ä¼ æã该ç
æ¯å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåå¯ç å个人æ°æ®ã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32ä¸é¢
6.wdfmgr.exe
è¿ç¨æ件:wdfmgræè
wdfmgr.exe
è¿ç¨å称:windows driver foundation manager
æè¿°:wdfmgr.exeæ¯å¾®è½¯microsoftwindowsmediaplayer10ææ¾å¨çç¸å
³ç¨åºã该è¿ç¨ç¨äºåå°å
¼å®¹æ§é®é¢ãè¿ä¸æ¯çº¯ç²¹çç³»ç»ç¨åºï¼ä½æ¯å¦æç»æ¢å®ï¼å¯è½ä¼å¯¼è´ä¸å¯ç¥çé®é¢ã
7.alg.exe
è¿ç¨æ件:alg æè
alg.exe è¿ç¨å称: application layer gateway service æè¿°: alg.exeæ¯å¾®è½¯windowsæä½ç³»ç»èªå¸¦çç¨åºãå®ç¨äºå¤ç微软windowsç½ç»è¿æ¥å
±äº«åç½ç»è¿æ¥é²ç«å¢ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã
8.smss.exe
è¿ç¨æ件:smssæè
smss.exe
è¿ç¨å称:session manager subsystem
æè¿°:smss.exeæ¯å¾®è½¯windowsæä½ç³»ç»çä¸é¨åã该è¿ç¨è°ç¨å¯¹è¯ç®¡çåç³»ç»åè´è´£æä½ä½ ç³»ç»ç对è¯ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã注æï¼smss.exeä¹å¯è½æ¯win32.ladex.aæ¨é©¬ã该æ¨é©¬å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåå¯ç å个人æ°æ®ã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32åservicepackfiles\i386ä¸é¢
9.explorer.exe
è¿ç¨æ件:exploreræè
explorer.exe
è¿ç¨å称:microsoft windows explorer
æè¿°:explorer.exeæ¯windowsç¨åºç®¡çå¨æè
windowsèµæºç®¡çå¨ï¼å®ç¨äºç®¡çwindowså¾å½¢å£³ï¼å
æ¬å¼å§èåãä»»å¡æ ãæ¡é¢åæ件管çãå é¤è¯¥ç¨åºä¼å¯¼è´windowså¾å½¢çé¢æ æ³éç¨ã注æï¼explorer.exeä¹æå¯è½æ¯w32.coderedåw32.mydoom.b@mmç
æ¯ã该ç
æ¯éè¿emailé®ä»¶ä¼ æï¼å½ä½ æå¼é件æ¶ï¼å°±ä¼è¢«ææã该è è«ä¼å¨å害è
æºå¨ä¸å»ºç«smtpæå¡ï¼ç¨äºæ´å¤§èå´çä¼ æã该è è«å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåå¯ç å个人æ°æ®ã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsåservicepackfiles\i386ä¸é¢
10.csrss.exe
è¿ç¨æ件:csrssæè
csrss.exe
è¿ç¨å称:microsoft client/server runtime server subsystem
æè¿°:csrss.exeæ¯å¾®è½¯å®¢æ·ç«¯/æå¡ç«¯è¿è¡æ¶åç³»ç»ã该è¿ç¨ç®¡çwindowså¾å½¢ç¸å
³ä»»å¡ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã注æï¼csrss.exeä¹æå¯è½æ¯[email=w32.netsky.ab@mm]w32.netsky.ab@mm[/email]ãw32.webusæ¨é©¬ãwin32.ladex.açç
æ¯å建çã该ç
æ¯éè¿emailé®ä»¶è¿è¡ä¼ æï¼å½ä½ æå¼é件æ¶ï¼å³è¢«ææã该è è«ä¼å¨å害è
æºå¨ä¸å»ºç«smtpæå¡ï¼ç¨ä»¥èªèº«ä¼ æã该ç
æ¯å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåæ¨é©¬å个人æ°æ®ã请注ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32åservicepackfiles\i386ä¸é¢
11.lsass.exe
è¿ç¨æ件:lsassæè
lsass.exe è¿ç¨å称:localå®å
¨ç级ä½è
ityservice æè¿°:lsass.exeæ¯ä¸ä¸ªå
³äºå¾®è½¯å®å
¨æºå¶çç³»ç»è¿ç¨ï¼ä¸»è¦å¤çä¸äºç¹æ®çå®å
¨æºå¶åç»å½çç¥ã
12.CONIME.EXE
è¿ä¸ªæ件åæ¯è¾å
¥æ³è¿ç¨ï¼è¯·æ³¨ææ¤è¿ç¨æå¨çæ件夹ï¼æ£å¸¸çè¿ç¨åºè¯¥æ¯å¨windowsçsystem32åsystem32\dllcacheä¸é¢ã注æï¼å¨éäºæ´²è¯è¨çwindowséï¼conime.exeæ¯ä¸ä¸ªbfghost1.0è¿ç¨æ§å¶åé¨ç¨åºï¼å
许æ»å»è
访é®ä½ ç计ç®æºï¼çªåå¯ç å个人æ°æ®ã
13.wmiprvse.exe
è¿ç¨æ件:wmiprvseæè
wmiprvse.exe è¿ç¨å称: microsoft windows management instrumentation æè¿°: wmiprvse.exeæ¯å¾®è½¯windowsæä½ç³»ç»çä¸é¨åãç¨äºéè¿winmgmt.exeç¨åºå¤çwmiæä½ãè¿ä¸ªç¨åºå¯¹ä½ ç³»ç»çæ£å¸¸è¿è¡æ¯é常éè¦çã
åèèµæï¼ä¸ªäººç»éª