dz̸ϵͳStop 0x00000050(Í£Ö¹ 0x00000050)´íÎó

´ó ÖРС  ÎÄÕÂÀ´Ô´£ºÍòÏó»¥Áª ¸üÐÂʱ¼ä£º2012-9-12 14:23:46
·ÖÏí£º

Ö¢×´
ÔÚÀ¶ÆÁÉÏÊÕµ½ÏÂÃæµÄ¡°Stop¡±´íÎóÐÅÏ¢£º
*** STOP:0x00000050 (0xeb7ff002, 0x00000000, 0x8054af32, 0x00000001) PAGE_FAULT_IN_NONPAGED_AREA nt!ExFreePoolWithTag+237
µ±ÄúÔÚʼþ²é¿´Æ÷Öв鿴ϵͳÈÕ־ʱ£¬¿ÉÄܻῴµ½Ê¼þ ID 1003 ÌõÄ¿£¬¸ÃÌõÄ¿µÄÐÅÏ¢ÓëÒÔÏÂÐÅÏ¢ÀàËÆ£º
ÈÕÆÚ:ÈÕÆÚ
À´Ô´:ϵͳ
´íÎóʱ¼ä:ʱ¼ä
Àà±ð: (102)
ÀàÐÍ:´íÎó
ʼþ ID: 1003
Óû§:N/A
¼ÆËã»ú:¼ÆËã»ú
ÃèÊö:´íÎó´úÂë 00000050£¬parameter1 eb7ff002£¬parameter2 00000000£¬parameter3 8054af32£¬parameter4 00000001¡£Óйظü¶àÐÅÏ¢£¬Çë²ÎÔÄ°ïÖúºÍÖ§³ÖÖÐÐÄ£ºasp">http://go.microsoft.com/fwlink/events.asp (http://go.microsoft.com/fwlink/events.asp)¡£
Ô­Òò
¸Ã´íÎóÐÅÏ¢ÊÇÓÉÒÔÏÂÒÑÖªµÄ¼äµýÈí¼þ°²×°µÄºËÐÄÇý¶¯³ÌÐòÒýÆðµÄ£ºRootkit/Spyware£ºmsupd5.exe Reloadmedude.exe¡£

Ä¿Ç°ÏÂÁа²È«²úÆ·¿É¼ì²âµ½´Ë¼äµýÈí¼þ£º ²úÆ· ±¨¸æµÄÃû³Æ
Microsoft AntiSpyware  Spyware.Service.MiscrosoftUpdate (Trojan)
Computer Associates Win32/Benuti!Downloader!Trojan 
Doctor Web DrWebCL  Trojan.Medude
F-Secure  :Trojan.Win32.Agent.aw
Kaspersky Lab AVPDOS32 Trojan.Win32.Agent.aw 
McAfee Downloader-va
Panda  Trj/Agent.FO ºÍ Adware/Apropos
Trend Micro VScan TROJ_LODMEDUD.A

ÒªÑéÖ¤ÄúµÄ¼ÆËã»úÊÇ·ñ¸ÐȾÁ˴˼äµýÈí¼þ£¬Çë°´ÕÕÏÂÁв½Öè²Ù×÷£º

1. Æô¶¯ Internet Explorer¡£
2. ÔÚ Internet Explorer µÄ¡°µØÖ·À¸¡±ÖУ¬¼üÈë %windir%system32drivers£¬È»ºó°´ Enter ¼ü¡£
3. ÆôÓò鿴Òþ²ØÎļþ¡£Îª´Ë£¬Çë°´ÕÕÏÂÁв½Öè²Ù×÷£º a.  ÔÚ¡°¹¤¾ß¡±²Ëµ¥ÉÏ£¬µ¥»÷¡°Îļþ¼ÐÑ¡Ï¡£
b.  µ¥»÷¡°²é¿´¡±£¬µ¥»÷ÒÔÇå³ý¡°Òþ²ØÊܱ£»¤µÄ²Ù×÷ϵͳÎļþ(ÍƼö)¡±¸´Ñ¡¿ò£¬Èç¹ûÊÕµ½ËµÃ÷ÄúÒÑÑ¡ÔñÒªÏÔʾÒþ²ØµÄ²Ù×÷ϵͳÎļþµÄ¾¯¸æÏûÏ¢£¬Çëµ¥»÷¡°ÊÇ¡±¡£
c.  µ¥»÷ÒÔÑ¡ÖС°ÏÔʾËùÓÐÎļþºÍÎļþ¼Ð¡±¸´Ñ¡¿ò£¬È»ºóµ¥»÷ÒÔÇå³ý¡°Òþ²ØÒÑÖªÎļþÀàÐ͵ÄÀ©Õ¹Ãû¡±¸´Ñ¡¿ò¡£
d.  µ¥»÷ÒÔÇå³ý¡°Ó¦Óõ½ËùÓÐÎļþ¼Ð¡±¸´Ñ¡¿ò£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£ 
 
4. °´ F5 ¸üÐÂÆÁÄ»£¬È»ºó²éÕÒÒÑËæ»úÉú³ÉÓÉ°ËλСд×Öĸ×é³ÉµÄÎļþÃûµÄÈκΠ.sys Îļþ¡£ÒÔÏÂÁбí°üº¬ÕâЩÎļþÃûµÄʾÀý£º • gbqxmhia.sys 
• upzvlbvv.sys
• jsbmefvk.sys
 
5. ÕÒµ½¿ÉÒÉÎļþºó£¬ÑéÖ¤¿ÉÒÉÎļþµÄÊôÐÔ¡£ÓÒ¼üµ¥»÷¸ÃÎļþ£¬µ¥»÷¡°ÊôÐÔ¡±£¬²éÕÒÏÂÁÐÄÚÈÝ£º • ÎļþÈÕÆÚΪ 2005 Äê 1 Ô 11 ÈÕ
• Îļþ´óСΪ 14 KB£¨13,824 ×Ö½Ú£© 
• ÒÑÉèÖà hidden ÊôÐÔ£¨¡°Òþ²Ø¡±¸´Ñ¡¿òÖÐÓи´Ñ¡±ê¼Ç£©
• ÎļþûÓа汾¡¢²úÆ·Ãû³Æ»òÖÆÔìÉÌÐÅÏ¢
µ¥»÷¡°È·¶¨¡±ÒԹرա°ÊôÐÔ¡±¶Ô»°¿ò¡£
 
6. ÔÚ Internet Explorer µÄ¡°µØÖ·À¸¡±ÖУ¬¼üÈë %windir%system32£¬È»ºó°´ Enter ¼ü¡£
7. ËÑË÷ÓëÒÔÏÂÎļþÀàËƵĿÉÖ´ÐÐÎļþ (.exe)£º • msupd*.exe£¬ÆäÖÐ * ¿ÉÄÜΪ²»Í¬µÄÊý×Ö
• Reloadmedude.exe
ÕâЩÎļþµÄ´óСΪ 60 KB£¨61,440 ×Ö½Ú£©£¬ÈÕÆÚËæ»ú¡£
ÒÑÖªµÄ´ËÀàÎļþµÄʾÀýÓУº • msupd.exe 
• msupd4.exe 
• msupd5.exe 
• Reloadmedude.exe 
 
Èç¹û´æÔÚËæ»úÃüÃûµÄ .sys ÎļþºÍ msupd*.exe »ò Reloadmedude.exe Îļþ£¬ÔòÄúµÄ¼ÆËã»úÒѸÐȾ´Ë¼äµýÈí¼þ¡£
½â¾ö·½°¸
Òª½â¾ö´ËÎÊÌ⣬ÇëʹÓÃÏÂÁз½·¨Ö®Ò»¡£
·½·¨ 1£ºÍ¨¹ýʹÓà Internet Explorer ÖØÃüÃû¶ñÒâÇý¶¯³ÌÐò
1. ÔÚ Internet Explorer µÄ¡°µØÖ·À¸¡±ÖУ¬¼üÈë %windir%system32drivers£¬²¢²éÕÒËæ»úÃüÃûµÄ .sys Îļþ¡£ 
2. ÓÒ¼üµ¥»÷¸ÃÎļþ£¬È»ºóÑ¡Ôñ¡°ÖØÃüÃû¡±¡£½«¸ÃÎļþÖØÃüÃûΪ malware.old£¬È»ºó°´ Enter ¼ü¡£
3. ÔÚµØÖ·À¸ÖУ¬¼üÈë WINDOWSsystem32£¬È»ºó°´ Enter ¼ü¡£
4. ²éÕÒ²¢ÖØÃüÃûÏÂÁÐÎļþ£¨Èç¹ûËüÃÇ´æÔÚ£©£º • msupd5.exe £¨ÖØÃüÃûΪ msupd5.old£© 
• msupd4.exe £¨ÖØÃüÃûΪ msupd4.old£© 
• msupd.exe £¨ÖØÃüÃûΪ msupd.old£© 
• Reloadmedude.exe £¨ÖØÃüÃûΪ Reloadmedude.old£©
 
5. ¹Ø±Õ Internet Explorer¡£
6. ÖØÐÂÆô¶¯¼ÆËã»ú¡£
7. È·±£ÒÑÓÃ×îÐÂÇ©Ãû¸üÐÂÁËÓÃÓÚ·À²¡¶¾/·À¼äµýÈí¼þ (antivirus/antispyware) µÄÈí¼þ£¬È»ºóÖ´ÐÐÒ»´ÎÍêÕûµÄϵͳɨÃè¡£

·½·¨ 2£º°²È«Ä£Ê½£ºÍ¨¹ýʹÓá°ÎҵĵçÄÔ¡±ÖØÃüÃû¶ñÒâÇý¶¯³ÌÐò
1. ÔÚ°²È«Ä£Ê½ÏÂÆô¶¯¼ÆËã»ú¡£Îª´Ë£¬Çë°´ÕÕÏÂÁв½Öè²Ù×÷£º a.  ÖØÐÂÆô¶¯¼ÆËã»ú¡£
b.  ÔÚ¼ÆËã»úÆô¶¯Ê±£¬·´¸´°´ F8 ¼ü£¨Ã¿ÃëÒ»´Î£©¡£ Õâ»áÏÔʾ Microsoft Windows ¸ß¼¶Æô¶¯²Ëµ¥Ñ¡Ïî¡£
c.  ʹÓÃÉϼýÍ·¼üºÍϼýÍ·¼üÍ»³öÏÔʾ¡°°²È«Ä£Ê½¡±£¬È»ºó°´ Enter ¼ü¡£
 
2. ´ò¿ª Internet Explorer ²¢ÔÚ¡°µØÖ·À¸¡±ÖмüÈë C:WINDOWSsystem32drivers¡£ 
3. ÆôÓò鿴Òþ²ØÎļþ¡£Îª´Ë£¬Çë°´ÕÕÏÂÁв½Öè²Ù×÷£º a.  ÒÀ´Îµ¥»÷¡°¿ªÊ¼¡±¡¢¡°ÎҵĵçÄÔ¡±¡¢¡°¹¤¾ß¡±£¬È»ºóµ¥»÷¡°Îļþ¼ÐÑ¡Ï¡£
b.  µ¥»÷¡°²é¿´¡±¡£
c.  µ¥»÷ÒÔÇå³ý¡°Òþ²ØÊܱ£»¤µÄ²Ù×÷ϵͳÎļþ(ÍƼö)¡±¸´Ñ¡¿ò¡£
d.  µ¥»÷ÒÔÑ¡Ôñ¡°ÏÔʾËùÓÐÎļþºÍÎļþ¼Ð¡±£¬È»ºóµ¥»÷ÒÔÇå³ý¡°Òþ²ØÒÑÖªÎļþÀàÐ͵ÄÀ©Õ¹Ãû¡±¡£
e.  µ¥»÷ÒÔÑ¡Ôñ¡°Ó¦Óõ½ËùÓÐÎļþ¼Ð¡±£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£ 
 
4. ²éÕÒÃüÃûΪ C:WINDOWSsystem32drivers µÄÎļþ¼Ð¡£
5. ²éÕÒ¾ßÓÐÒÔÏÂÌØÕ÷µÄÈκΠ.sys Îļþ£º a.  Ëæ»úÉú³ÉÓÉ°ËλСд×Öĸ×é³ÉµÄÎļþÃû£¬ÀýÈç gbqxmhia.sys¡¢upzvlbvv.sys »ò jsbmefvk.sys
b.  ÎļþÈÕÆÚΪ 2005 Äê 1 Ô 11 ÈÕ 
c.  Îļþ´óСΪ 14 KB£¨13,824 ×Ö½Ú£©
d.  ÒÑÉèÖÃ Hidden ÊôÐÔ 
e.  ÎļþûÓа汾¡¢²úÆ·Ãû³Æ»òÖÆÔìÉÌÐÅÏ¢ 
 
6. ÓÒ¼üµ¥»÷¸ÃÎļþ£¬È»ºóÑ¡Ôñ¡°ÖØÃüÃû¡±¡£½«¸ÃÎļþÖØÃüÃûΪ malware.old£¬È»ºó°´ Enter ¼ü¡£
7. ²éÕÒ WINDOWSsystem32¡£
8. ÖØÃüÃûÏÂÁÐÎļþ£¨Èç¹ûËüÃÇ´æÔÚ£©£º • msupd5.exe £¨ÖØÃüÃûΪ msupd5.old£© 
• msupd4.exe £¨ÖØÃüÃûΪ msupd4.old£©
• msupd.exe £¨ÖØÃüÃûΪ msupd.old£©
• Reloadmedude.exe £¨ÖØÃüÃûΪ Reloadmedude.old£©
 
9. ÖØÐÂÆô¶¯¼ÆËã»ú¡£
10. È·±£ÒÑÓÃ×îÐÂÇ©Ãû¸üÐÂÁËÓÃÓÚ·À²¡¶¾/·À¼äµýÈí¼þ (antivirus/antispyware) µÄÈí¼þ£¬È»ºóÖ´ÐÐÒ»´ÎÍêÕûµÄϵͳɨÃè¡£

·½·¨ 3£º°²È«Ä£Ê½£ºÍ¨¹ýʹÓÃÃüÁîÌáʾ·ûÖØÃüÃû¶ñÒâÇý¶¯³ÌÐò
1. ÔÚÃüÁîÌáʾ·û´¦£¬ÒÔ°²È«Ä£Ê½Æô¶¯¼ÆËã»ú¡£Îª´Ë£¬Çë°´ÕÕÏÂÁв½Öè²Ù×÷£º a.  ÖØÐÂÆô¶¯¼ÆËã»ú¡£
b.  ÔÚ¼ÆËã»úÆô¶¯Ê±£¬·´¸´°´ F8 ¼ü£¨Ã¿ÃëÒ»´Î£©¡£
c.  Õâ»áÏÔʾ Microsoft Windows ¸ß¼¶Æô¶¯²Ëµ¥Ñ¡Ïî¡£ 
d.  ʹÓÃÉϼýÍ·¼üºÍϼýÍ·¼üÑ¡Ôñ¡°´øÃüÁîÐÐÌáʾµÄ°²È«Ä£Ê½¡±£¬È»ºó°´ Enter ¼ü¡£
 
2. µ¥»÷¡°¿ªÊ¼¡±£¬µ¥»÷¡°ÔËÐС±£¬¼üÈë cmd£¬È»ºóµ¥»÷¡°È·¶¨¡±¡£
3. ÔÚÃüÁîÌáʾ·û´¦£¬¼üÈë CD %windir%system32drivers£¬È»ºó°´ Enter ¼ü¡£ 
4. ¼üÈë Dir /ah£¬È»ºó°´ Enter ¼ü¡£
5. Äú½«¿´µ½ÓëÒÔÏÂÎı¾ÀàËƵÄÎı¾£¨.sys ÎļþÃû½«Ëæ»úÉú³É£©£º

Directory of C:WINDOWSsystem32drivers

01/11/2005  09:18 AM               13,824 gbqxmhia.sys
               1 File(s)            13,824 bytes
               0 Dir(s)     961,425,408 bytes free


6. ¼üÈë Attrib ¨Cs ¨Ch £¬ÆäÖÐ ÊÇÇ°ÃæÏÔʾµÄ .sys ÎļþµÄÃû³Æ£¬È»ºó°´ Enter ¼ü¡£ÀýÈ磬ÓÃÓÚÇ°ÃæÏÔʾµÄÎļþÃûµÄÃüÁîÈçÏÂËùʾ£ºAttrib ¨Cs ¨Ch gbqxmhia.sys¡£Õâ»á´ÓÎļþÖÐɾ³ý system ÊôÐÔºÍ hidden ÊôÐÔ¡£
7. ¼üÈë Ren malware.old£¬ÆäÖÐ ÊÇÇ°ÃæÌáµ½µÄÎļþÃû£¬È»ºó°´ Enter ¼ü¡£Õ⽫ÖØÃüÃûËæ»úÃüÃûµÄÎļþ¡£
8. ¼üÈë CD£¬È»ºó°´ Enter ¼ü¡£Õâ»á½«ÃüÁîÐиÄΪ WindowsSystem32 Ŀ¼¡£
9. ÖðÐмüÈëÏÂÁÐÃüÁһÐÐÒ»´Î£©£¬È»ºóÔÚÍê³É¼üÈëÿÐÐºó°´ Enter ¼ü£º
Ren msupd5.exe msupd5.old
Ren msupd4.exe msupd4.old
Ren msupd.exe msupd.old
Ren Reloadmedude.exe Reloadmedude.old
×¢Ò⣺Èç¹ûÊÕµ½ÒÔÏ´íÎóÐÅÏ¢£¬¿É½«ÆäºöÂÔ£¬ÒòΪËüָʾ¸ÃÎļþ²»´æÔÚ£º
The system cannot find the file specified.
10. ¼üÈë Exit£¬È»ºó°´ Enter

ÎÄÕÂÀ´Ô´£ºhttp://www.hulian.top£¬×ªÔØÇë×¢Ã÷£¡

°æȨ˵Ã÷:±¾Õ¾Ô­´´ÎÄÕÂ,ÓÉÍòÏó»¥ÁªSEOÓÅ»¯·¢±í.
±¾ÎĵØÖ·:https://www.hulian.top/zixun/post/5178.html
ÔÚÏß×Éѯ
  • ÔÚÏßʱ¼ä
  • 8:00-21:00