¼ÐÃD: XP¤¤CPU¦û¥Î²v100%­ì¦]¤Î¸Ñ¨M¤èªk
µLÀY¹³
winner
ºÞ²z­û
Rank: 9Rank: 9Rank: 9

¿n¤À 210
©«¤l 430
µù¥U 2007-1-14
¥Î¤áµù¥U¤Ñ¼Æ 6284
µoªí©ó 2011-6-15 15:16 
114.44.4.57
¤À¨É  ¨p¤H°T®§  ³»³¡
§Ú­Ì¦b¨Ï¥ÎWindows XP§@·~¨t²Îªº®É­Ô¡A¥ÎµÛ¥ÎµÛ¨t²Î´NÅܺC¤F¡A¤@¬Ý¡§¥ô°ÈºÞ²z¾¹¡¨¤~µo²{CPU¦û¥Î¹F¨ì100%¡C³o¬O«ç»ò¦^¨Æ±¡©O?¹J¨ì¯f¬r¤F¡AµwÅ馳°ÝÃD¡AÁÙ¬O¨t²Î³]¸m¦³°ÝÃD¡A¦b¥»¤å¤¤µ§ªÌ±N±qµwÅé¡A³nÅé©M¯f¬r¤T­Ó¤è­±¨ÓÁ¿¸Ñ¨t²Î¸ê·½¦û¥Î²v¬°¤°»ò·|¹F¨ì100%¡C
¸g±`¥X²{CPU¦û¥Î100%ªº±¡ªp¡A¥D­n°ÝÃD¥i¯àµo¥Í¦b¤U­±ªº¬Y¨Ç¤è­±:
CPU¦û¥Î²v°ªªº¤EºØ¥i¯à
1¡B¨¾±þ¬r³nÅé³y¦¨¬G»Ù
¥Ñ©ó·sª©ªºKV¡Bª÷¤s¡B·ç¬P³£¥[¤J¤F¹ïºô­¶¡B´¡¥ó¡B¶l¥óªºÀH¾÷ºÊ±±¡AµLºÃ¼W¤j¤F¨t²Î­t¾á¡C³B²z¤è¦¡:°ò¥»¤W¨S¦³¦X²zªº³B²z¤è¦¡¡A¾¨¶q¨Ï¥Î³Ì¤ÖªººÊ±±ªA°È§a¡A©ÎªÌ¡A¤É¯Å§AªºµwÅé°t³Æ¡C
2¡BÅX°Ê¨S¦³¸g¹L»{ÃÒ¡A³y¦¨CPU¸ê·½¦û¥Î100%
¤j¶qªº´ú¸Õª©ªºÅX°Ê¦bºô¤W¥ÆÀÝ¡A³y¦¨¤FÃø¥Hµo²{ªº¬G»Ù­ì¦]¡C ³B²z¤è¦¡:¤×¨ä¬OÅã¥dÅX°Ê¯S§O­nª`·N¡A«Øij¨Ï¥Î·L³n»{ÃÒªº©Î¥Ñ©x¤èµo§GªºÅX°Ê¡A¨Ã¥BÄY®æ®Ö¹ï«¬¸¹¡Bª©¥»¡C

3¡B¯f¬r¡B¤ì°¨³y¦¨
¤j¶qªºÄ¯Âίf¬r¦b¨t²Î¤º³¡¨³³t½Æ»s¡A³y¦¨CPU¦û¥Î¸ê·½²v¾Ú°ª¤£¤U¡C¸Ñ¨M¿ìªk:¥Î¥i¾aªº±þ¬r³nÅé¹ý©³²M²z¨t²Î°O¾ÐÅé©M¥»¦aµwºÐ¡A¨Ã¥B¥´¶}¨t²Î³]¸m³nÅé¡A¹î¬Ý¦³µL²§±`±Ò°Êªºµ{¦¡¡C¸g±`©Ê§ó·s¤É¯Å±þ¬r³nÅé©M¨¾¤õÀð¡A¥[±j¨¾¬r·NÃÑ¡A´x´¤¥¿½Tªº¨¾±þ¬rª¾ÃÑ¡C
4¡B±±¨î­±ªO¡XºÞ²z¤u¨ã¡XªA°È¡XRISING REALTIME MONITOR SERVICEÂI·Æ¹«¥kÁä¡A§ï¬°¤â°Ê¡C
5¡B¶}©l->¡F¹B¦æ->¡Fmsconfig->¡F±Ò°Ê¡AÃö³¬¤£¥²­nªº±Ò°Ê¶µ¡A­«±Ò¡C
6¡B¬d¬Ý¡§svchost¡¨¶iµ{¡C
svchost.exe¬OWindows XP¨t²Îªº¤@­Ó®Ö¤ß¶iµ{¡Csvchost.exe¤£³æ³æ¥u¥X²{¦bWindows XP¤¤¡A¦b¨Ï¥ÎNT¤º®ÖªºWindows¨t²Î¤¤³£·|¦³svchost.exeªº¦s¦b¡C¤@¯ë¦bWindows 2000¤¤svchost.exe¶iµ{ªº¼Æ¥Ø¬°2­Ó¡A¦Ó¦bWindows XP¤¤svchost.exe¶iµ{ªº¼Æ¥Ø´N¤W¤É¨ì¤F4­Ó¤Î4­Ó¥H¤W¡C
7¡B¬d¬Ýºô¸ô³s±µ¡C¥D­n¬Oºô¥d¡C
8¡B¬d¬Ýºô¸ô³s±µ
·í¦w¸Ë¤FWindows XPªº¹q¸£°µ¦øªA¾¹ªº®É­Ô¡A¦¬¨ì°ð 445 ¤Wªº³s±µ½Ð¨D®É¡A¥¦±N¤À°t°O¾ÐÅé©M¤Ö¶q¦a½Õ°t CPU¸ê·½¨Ó¬°³o¨Ç³s±µ´£¨ÑªA°È¡C·í­t²ü¹L­«ªº®É­Ô¡ACPU¦û¥Î²v¥i¯à¹L°ª¡A³o¬O¦]¬°¦b¤u§@¶µªº¼Æ¥Ø©M¦^À³¯à¤O¤§¶¡¦s¦b©T¦³ªºÅv¿ÅÃö«Y¡C§A­n½T©w¦X¾Aªº MaxWorkItems ³]¸m¥H´£°ª¨t²Î¦^À³¯à¤O¡C¦pªG³]¸mªº­È¤£¥¿½T¡A¦øªA¾¹ªºÅTÀ³¯à¤O¥i¯à·|¨ü¨ì¼vÅT¡A©ÎªÌ¬Y­Ó¥Î¤á¿W¦û¤Ó¦h¨t²Î¸ê·½¡C
­n¸Ñ¨M¦¹°ÝÃD¡A§Ú­Ì¥i¥H³q¹L­×§ïµù¥Uªí¨Ó¸Ñ¨M:¦bµù¥Uªí½s¿è¾¹¤¤¨Ì¦¸®i¶}[HKEY_LOCAL_MACHINESYSTEM CurrentControlSetServiceslanmanserver ]¤À¤ä¡A¦b¥k°¼µøµ¡¤¤·s«Ø¤@­Ó¦W¬°¡§maxworkitems¡¨ªºDWORD­È¡CµM«áÂùÀ»¸Ó­È¡A¦b¥´¶}ªºµøµ¡¤¤Áä¤J¤U¦C¼Æ­È¨Ã«O¦s°h¥X:
¦pªG¹q¸£¦³512MB¥H¤Wªº°O¾ÐÅé¡AÁä¤J¡§1024¡¨¡F¦pªG¹q¸£°O¾ÐÅé¤p©ó512 MB¡AÁä¤J¡§256¡¨¡C
9¡B¬Ý¬Ý¬O¤£¬OWindows XP¨Ï¥Î·Æ¹«¥kÁä¤Þ°_CPU¦û¥Î100%
«e¤£¤[ªº³ø¨ì»¡¦b¸ê·½ºÞ²z¾¹ùØ­±¨Ï¥Î·Æ¹«¥kÁä·|¾É­PCPU¸ê·½100%¦û¥Î¡A§Ú­Ì¨Ó¬Ý¬Ý¬O«ç»ò¦^¨Æ¡H
¼x¥ü:
¦b¸ê·½ºÞ²z¾¹ùØ­±¡A·í§A¥kÁäÂIÀ»¤@­Ó¥Ø¿ý©Î¤@­ÓÀÉ¡A§A±N¦³¥i¯à¥X²{¤U­±©Ò¦C°ÝÃD:
¥ô¦óÀɪº«þ¨©¾Þ§@¦b¨º­Ó®É¶¡±N¦³¥i¯à°±¤î¬ÛÀ³
ºô¸ô³s±µ³t«×±NÅãµÛ©Êªº­°§C
©Ò¦³ªº¬y¿é¤J/¿é¥X¾Þ§@¨Ò¦p¨Ï¥ÎWindows Media PlayerÅ¥­µ¼Ö±N¦³¥i¯à¬O­µ¼Ö¥¢¯u¦¨¦]:
·í§A¦b¸ê·½ºÞ²z¾¹ùØ­±¥kÁäÂIÀ»¤@­ÓÀɩΥؿýªº®É­Ô¡A·í§ÖÅã¥\¯àªíÅã¥Üªº®É­Ô¡ACPU¦û¥Î²v±N¼W¥[¨ì100%¡A·í§AÃö³¬§ÖÅã¥\¯àªíªº®É­Ô¤~ªð¦^¥¿±`¤ô¥­¡C
¸Ñ¨M¤èªk:
¤èªk¤@:Ãö³¬¡§¬°¥\¯àªí©M¤u¨ã´£¥Ü¨Ï¥Î¹L´ç®ÄªG¡¨
1¡BÂIÀ»¡§¶}©l¡¨¡V¡§±±¨î­±ªO¡¨
2¡B¦b¡§±±¨î­±ªO¡¨ùØ­±ÂùÀ»¡§Åã¥Ü¡¨
3¡B¦b¡§Åã¥Ü¡¨ÄÝ©ÊùØÄÑÂIÀ»¡§¥~Æ[¡¨¼ÐÅÒ­¶
4¡B¦b¡§¥~Æ[¡¨¼ÐÅÒ­¶ùØÄÑÂIÀ»¡§®ÄªG¡¨
5¡B¦b¡§®ÄªG¡¨¹ï¸Ü¤è¶ôùØ­±¡A²M°£¡§¬°¥\¯àªí©M¤u¨ã´£¥Ü¨Ï¥Î¹L´ç®ÄªG¡¨«e­±ªº®Ö¨ú¤è¶ô±µµÛÂIÀ»¨â¦¸¡§½T©w¡¨«ö¶s¡C
¤èªk¤G:¦b¨Ï¥Î·Æ¹«¥kÁäÂIÀ»ÀɩΥؿýªº®É­Ô¥ý¨Ï¥Î·Æ¹«¥ªÁä¿ï¾Ü§Aªº¥Ø¼ÐÀɩΥؿý¡CµM«á¦A¨Ï¥Î·Æ¹«¥kÁä¼u¥X§ÖÅã¥\¯àªí¡C
CPU¦û¥Î100%¸Ñ¨M¿ìªk
¤@¯ë±¡ªp¤UCPU¥e¤F100%ªº¸Ü§Ú­Ìªº¹q¸£Á`·|ºC¤U¨Ó¡A¦Ó«Ü¦h®É­Ô§Ú­Ì¬O¥i¥H³q¹L°µ¤@ÂIÂIªº§ï°Ê´N¥i¥H¸Ñ¨M¡A¦Ó¤£¥²°Ý¨º¨Ç¤j½¼¤F¡C
·í¾÷¾¹ºC¤U¨Óªº®É­Ô¡A­º¥ý§Ú­Ì·Q¨ìªº·íµM¬O¥ô°ÈºÞ²z¾¹¤F¡A¬Ý¬Ý¨ì©³¬O­þ­Óµ{¦¡¥e¤F¸û·dªº¤ñ¨Ò¡A¦pªG¬O¬Y­Ó¤jµ{¦¡¨ºÁÙ¥i¥H­ì½Ì¡A¦bÃö³¬¸Óµ{¦¡«á¥u­n CPU¥¿±`¤F¨º´N¨S°ÝÃD¡F¦pªG¤£¬O¡A¨º§A´N­n¬Ý¬Ý¬O¤°¤\µ{¦¡¤F¡A·í§A¬d¤£¥X³o­Ó¶iµ{¬O¤°¤\ªº®É­Ô´N¥hgoogle©ÎªÌbaidu·j¡C¦³®É¥uµ²§ô¬O¨S¥Îªº¡A¦bxp¤U§Ú­Ì¥i¥Hµ²¦Xmsconfigùتº±Ò°Ê¶µ¡A§â¤@¨Ç¤£¥Îªº¶µµ¹Ãö±¼¡C¦b2000¤U¥i¥H¥h¤U­Ówinpatrol¨Ó¥Î¡C
¤@¨Ç±`¥Îªº³nÅé¡A¤ñ¦p¬yÄý¾¹¦û¥Î¤F«Ü·dªºCPU¡A¨º¤\´N­n¤É¯Å¸Ó³nÅé©ÎªÌ°®¯Ü¥Î§Oªº¦PÃþ³nÅé¥N´À¡A¦³®É³nÅé©M¨t²Î·|¦³ÂI¤£¬Û®e¡A·íµM§Ú­Ì¥i¥H¸Õ¤Uxp¨t²Î¤Uµ¹§Ú­Ìªº¨º­Ó¬Û®e¶µ¡A¥kÁäÂI¸Ó.exeÀÉ¿ï¬Û®e©Ê¡C
svchost.exe¦³®É¬O¤ñ¸ûÀYµhªº¡A·í§A¬Ý¨ì§Aªº¬Y­Ósvchost.exe¦û¥Î«Ü¤jCPU®É§A¥i¥H¥h¤U­Óaports©ÎªÌfport¨ÓÀˬd¨ä¹ïÀ³ªºµ{¦¡¸ô®|¡A¤]´N¬O¤°¤\ªF¦è¦b±¼¥Î³o­Ósvchost.exe¡A¦pªG¤£¬Oc:Windowssystem32(xp)©Îc:winnt system32(2000)¤Uªº¡A¨º´N¥iºÃ¡C¤É¯Å±þ¬r³nÅé±þ¬r§a¡C
¥kÀ»ÀɾɭP100%ªºCPU¦û¥Î§Ú­Ì¤]·|¹J¨ì¡A¦³®ÉÂI¥kÁä°±¹y¥i¯à´N¬O³o­Ó°ÝÃD¤F¡C©x¤èªº¸ÑÄÀ:¥ýÂI¥ªÁä¿ï¤¤¡A¦A¥kÁä(¤£¬O«Ü²z¸Ñ)¡C«D©x¤è:³q¹L¦b®à­±ÂI¥kÁä-ÄÝ©Ê-¥~Æ[-®ÄªG¡A¨ú®ø¡¨¬°¥\¯àªí©M¤u¨ã´£¥Ü¨Ï¥Î¤U¦C¹L«×®ÄªG(U)¡§¨Ó¸Ñ¨M¡CÁÙ¦³¬Y¨Ç±þ¬r³nÅé¹ïÀɪººÊ±±¤]·|¦³©Ò¼vÅT¡A¥i¥HÃö³¬±þ¬r³nÅ骺Àɺʱ±¡FÁÙ¦³´N¬O¹ïºô­¶¡A´¡¥ó¡A¶l¥óªººÊ±±¤]¬O¦P¼Ëªº¹D²z¡C
¤@¨ÇÅX°Êµ{¦¡¦³®É¤]¥i¯à¥X²{³o¼Ëªº²{¶H¡A³Ì¦n¬O¿ï¾Ü·L³n»{ÃÒªº©ÎªÌ¬O©x¤èµo§GªºÅX°Ê¨Ó¸Ë¡A¦³®É¥i¥H¾A·íªº¤É¯ÅÅX°Ê¡A¤£¹L°O±o³Ì·sªº¤£¬O³Ì¦nªº¡C
CPU­°·Å³nÅé¡A¥Ñ©ó³nÅé¦b¹B¦æ®É·|§Q¥Î©Ò¥HªºCPUªÅ¶¢®É¶¡¨Ó¶i¦æ­°·Å¡A¦ýWindows¤£¯à¤À¿ë´¶³qªºCPU¦û¥Î©M­°·Å³nÅ骺­°·Å«ü¥O¤§¶¡ªº°Ï§O¡A¦]¦¹CPU©l²×Åã¥Ü100%¡A³o­Ó´N¤£¥²¾á¤ß¤F¡A¤£¼vÅT¥¿±`ªº¨t²Î¹B¦æ¡C
¦b³B²z¸û¤jªºwordÀɮɥѩówordªº«÷¼g©M»yªkÀˬd·|¨Ï±oCPU²Ö¡A¥u­n¥´¶}wordªº¤u¨ã-¿ï¶µ-«÷¼g©M»yªk§â¡¨Àˬd«÷¼g©MÀˬd»yªk¡§¤Ä¥h±¼¡C
³æÀ»aviµøÀWÀÉ«áCPU¦û¥Î²v°ª¬O¦]¬°¨t²Î­n¥ý±½´y¸ÓÀÉ¡A¨ÃÀˬdÀÉ©Ò¦³³¡¤À¡A¨Ã«Ø¥ß¯Á¤Þ¡F¸Ñ¨M¿ìªk:¥kÀ»«O¦sµøÀWÀɪºÀɧ¨-ÄÝ©Ê-±`³W-°ª¯Å¡A¥h±¼¬°¤F§Ö³t·j¯Á¡A¤¹³\¯Á¤ÞªA°È½s¨î¸ÓÀɧ¨ªº¯Á¤Þªº¤Ä¡C
CPU¦û¥Î100%®×¨Ò¤ÀªR
1¡Bdllhost¶iµ{³y¦¨CPU¨Ï¥Î²v¦û¥Î100%
¯S¼x:¦øªA¾¹¥¿±`CPU®ø¯ÓÀ³¸Ó¦b75%¥H¤U¡A¦Ó¥BCPU®ø¯ÓÀ³¸Ó¬O¤W¤U°_¥ñªº¡A¥X²{³oºØ°ÝÃDªº¦øªA¾¹¡ACPU·|¬ðµM¤@ª½³B100%ªº¤ô¥­¡A¦Ó¥B¤£·|¤U­°¡C¬d¬Ý¥ô°ÈºÞ²z¾¹¡A¥i¥Hµo²{¬ODLLHOST.EXE®ø¯Ó¤F©Ò¦³ªºCPUªÅ¶¢®É¶¡¡AºÞ²z­û¦b³oºØ±¡ªp¤U¡A¥u¦n­«·s±Ò°ÊIISªA°È¡A©_©Çªº¬O¡A­«·s±Ò°Ê IISªA°È«á¤@¤Á¥¿±`¡A¦ý¥i¯à¹L¤F¤@¬q®É¶¡«á¡A°ÝÃD¤S¦A¦¸¥X²{¤F¡C
ª½±µ­ì¦]:
¦³¤@­Ó©Î¦h­ÓACCESS¸ê®Æ®w¦b¦h¦¸Åª¼g¹Lµ{¤¤·lÃa¡A·L³nªºMDAC¨t²Î¦b¼g¤J³o­Ó·lÃaªºACCESSÀɮɡAASP½uµ{³B©óBLOCKª¬ºA¡Aµ²ªG¨ä¥L½uµ{¥u¯àµ¥«Ý¡AIIS³QÂꦺ¤F¡A¥þ³¡ªºCPU®É¶¡³£®ø¯Ó¦bDLLHOST¤¤¡C
¸Ñ¨M¿ìªk:
¦w¸Ë¡§¤@¬y¸ê°TºÊ±±ÄdºI¨t²Î¡¨¡A¨Ï¥Î¨ä¤¤ªº¡§­º®uÀÉÀˬd©xIIS°·±dÀˬd©x¡¨³nÅé¡A
±Ò¥Î¡¨¬d§äÂꦺ¼Ò²Õ¡¨¡A³]¸m:
¡Vwblock=yes
ºÊ±±ªº¥Ø¿ý¡A½Ð«ü©w±zªº¥D¾÷ªºÀÉ©Ò¦b¥Ø¿ý:
¡Vwblockdir=d:test
ºÊ±±¥Í¦¨ªº¤é»xªºÀÉ«O¦s¦ì¸m¦b¦w¸Ë¥Ø¿ýªºlog¥Ø¿ý¤¤¡AÀɮצW¬°:logblock.htm
°±¤îIIS¡A¦A±Ò°Ê¡§­º®uÀÉÀˬd©xIIS°·±dÀˬd©x¡¨¡A¦A±Ò°ÊIIS¡A¡§­º®uÀÉÀˬd©xIIS°·±dÀˬd©x¡¨·|¦blogblock.htm¤¤°O¿ý¤U³Ì«á¼g¤JªºACCESSÀɪº¡C
¹L¤F¤@¬q®É¶¡«á¡A·í°ÝÃD¥X¨Ó®É¡A¨Ò¦pCPU·|¦A¦¸¤@ª½³B100%ªº¤ô¥­¡A¥i¥H°±¤îIIS¡AÀˬdlogblock.htm©Ò°O¿ýªº³Ì«áªº¤Q­ÓÀÉ¡Aª`·N¡A³Ì¦³°ÝÃDªº©¹©¹¬O­p¼Æ¾¹ÃþªºACCESS¤å¥ó¡A¨Ò¦p:¡¨**COUNT.MDB¡¨¡A¡¨**COUNT.ASP¡¨¡A¥i¥H¥ý§â³Ì«á¤Q­ÓÀɩΦ³©ÒÃhºÃªºÀɧR°£¨ì¦^¦¬¯¸¤¤¡A¦A±Ò°ÊIIS¡A¬Ý¬Ý°ÝÃD¬O§_¦A¦¸¥X²{¡C§Ú­Ì¬Û«H¡A¸g¹L¥J²Óªº¬d§ä«á¡A±zªÖ©w¥i¥H§ä¨ì³o­ÓÅý±z¾Þ¤ß¤F¤@¬q®É¶¡ªºÀɪº¡C
§ä¨ì³o­ÓÀÉ«á¡A¥i¥H§R°£¥¦¡A©Î¤U¸ü¤U¨Ó¡A¥ÎACCESS2000­×´_¥¦¡A°ÝÃD´N¸Ñ¨M¤F¡C
2¡Bsvchost.exe³y¦¨CPU¨Ï¥Î²v¦û¥Î100%
¦bwin.iniÀɤ¤¡A¦b[Windows]¤U­±¡A¡§run=¡¨©M¡§load=¡¨¬O¥i¯à¸ü¤J¡§¤ì°¨¡¨µ{¦¡ªº³~®|¡A¥²¶·¥J²Ó¯d¤ß¥¦­Ì¡C¤@¯ë±¡ªp¤U¡A¥¦­Ìªºµ¥¸¹«á­±¤°¤\³£¨S¦³¡A¦pªGµo²{«á­±¸ò¦³¸ô®|»PÀɮצW¤£¬O§A¼ô±xªº±Ò°ÊÀÉ¡A§Aªº¹q¸£´N¥i¯à¤¤¤W¡§¤ì°¨¡¨¤F¡C·íµM§A¤]±o¬Ý²M·¡¡A¦]¬°¦n¦h¡§¤ì°¨¡¨¡A¦p ¡§AOL Trojan¤ì°¨¡¨¡A¥¦§â¦Û¨­°°¸Ë¦¨command.exeÀÉ¡A¦pªG¤£ª`·N¥i¯à¤£·|µo²{¥¦¤£¬O¯u¥¿ªº¨t²Î±Ò°ÊÀÉ¡C
¦bsystem.ini¤å¥ó¤¤¡A¦b[BOOT]¤UÄѦ³­Ó¡§shell=ÀɮצW¡¨¡C¥¿½TªºÀɮצWÀ³¸Ó¬O¡§explorer.exe¡¨¡A¦pªG¤£¬O ¡§explorer.exe¡¨¡A¦Ó¬O¡§shell= explorer.exe µ{¦¡¦W¡¨¡A¨º¤\«á­±¸òµÛªº¨º­Óµ{¦¡´N¬O¡§¤ì°¨¡¨µ{¦¡¡A´N¬O»¡§A¤w¸g¤¤¡§¤ì°¨¡¨¤F¡C
¦bµù¥Uªí¤¤ªº±¡ªp³Ì½ÆÂø¡A³q¹Lregedit©R¥O¥´¶}µù¥Uªí½s¿è¾¹¡A¦bÂIÀ»¦Ü:¡§HKEY-LOCAL-MACHINESoftware MicrosoftWindowsCurrentVersionRun¡¨¥Ø¿ý¤U¡A¬d¬ÝÁä­È¤¤¦³¨S¦³¦Û¤v¤£¼ô±xªº¦Û°Ê±Ò°ÊÀÉ¡A°ÆÀɦW¬°EXE¡A³oùؤÁ°O:¦³ªº¡§¤ì°¨¡¨µ{¦¡¥Í¦¨ªºÀɫܹ³¨t²Î¦Û¨­ÀÉ¡A·Q³q¹L°°¸Ë»X²V¹LÃö¡A¦p¡§Acid Battery v1.0¤ì°¨¡¨¡A¥¦±Nµù¥Uªí¡§HKEY-LOCAL-MACHINESOFTWAREMicrosoftWindows CurrentVersionRun¡¨¤UªºExplorer Áä­È§ï¬°Explorer=¡§C:Windowsexpiorer.exe¡¨¡A¡§¤ì°¨¡¨µ{¦¡»P¯u¥¿ªºExplorer¤§¶¡¥u¦³¡§i¡¨»P¡§l¡¨ªº®t§O¡C·íµM¦bµù¥Uªí¤¤ÁÙ¦³«Ü¦h¦a¤è³£¥i¥HÁôÂ᧤차¡¨µ{¦¡¡A¦p:¡§HKEY-CURRENT-USERSoftwareMicrosoftWindows CurrentVersionRun¡¨¡B¡§HKEY-USERS****SoftwareMicrosoftWindows CurrentVersionRun¡¨ªº¥Ø¿ý¤U³£¦³¥i¯à¡A³Ì¦nªº¿ìªk´N¬O¦b¡§HKEY-LOCAL-MACHINESoftware MicrosoftWindowsCurrentVersionRun¡¨¤U§ä¨ì¡§¤ì°¨¸Ó¯f¬r¤]ºÙ¬°¡§Code Red II(¬õ¦â¥N½X2)¡¨¯f¬r¡A»P¦­¥ý¦b¦è¤è­^¤å¨t²Î¤U¬y¦æ¡§¬õ¦â¥N½X¡¨¯f¬r¦³ÂI¬Û¤Ï¡A¦b°ê»Ú¤W³QºÙ¬°VirtualRoot(µêÀÀ¥Ø¿ý)¯f¬r¡C¸ÓįÂίf¬r§Q¥ÎMicrosoft¤wª¾ªº·¸¥Xº|¬}¡A³q¹L80°ð¨Ó¶Ç¼½¨ì¨ä¥LªºWeb­¶¦øªA¾¹¤W¡C¨ü·P¬Vªº¾÷¾¹¥i¥Ñ¶Â«È­Ì³q¹LHttp Getªº½Ð¨D¹B¦æscripts/root.exe¨ÓÀò±o¹ï¨ü·P¬V¾÷¾¹ªº§¹¥þ±±¨îÅv¡C
·í·P¬V¤@¥x¦øªA¾¹¦¨¥\¤F¥H«á¡A¦pªG¨ü·P¬Vªº¾÷¾¹¬O¤¤¤åªº¨t²Î«á¡A¸Óµ{¦¡·|¥ð¯v2¤Ñ¡A§Oªº¾÷¾¹¥ð¯v1¤Ñ¡C·í¥ð¯vªº®É¶¡¨ì¤F¥H«á¡A¸ÓįÂε{¦¡·|¨Ï±o¾÷¾¹­«·s±Ò°Ê¡C¸ÓįÂΤ]·|Àˬd¾÷¾¹ªº¤ë¥÷¬O§_¬O10¤ë©ÎªÌ¦~¥÷¬O§_¬O2002¦~¡A¦pªG¬O¡A¨ü·P¬Vªº¦øªA¾¹¤]·|­«·s±Ò°Ê¡C·íWindows NT¨t²Î±Ò°Ê®É¡ANT¨t²Î·|¦Û°Ê·j¯ÁC½L®Ú¥Ø¿ý¤UªºÀÉexplorer.exe¡A¨ü¸Óºô¸ôįÂε{¦¡·P¬Vªº¦øªA¾¹¤WªºÀÉexplorer.exe¤]´N¬O¸Óºô¸ôįÂε{¦¡¥»¨­¡C¸ÓÀɪº¤j¤p¬O8192¦ì¤¸²Õ¡AVirtualRootºô¸ôįÂε{¦¡´N¬O³q¹L¸Óµ{¦¡¨Ó°õ¦æªº¡C¦P®É¡AVirtualRootºô¸ôįÂε{¦¡ÁÙ±Ncmd.exeªºÀɱqWindows NTªºsystem¥Ø¿ý«þ¨©¨ì§Oªº¥Ø¿ý¡Aµ¹¶Â«Èªº¤J«I´¯¶}¤F¤jªù¡C¥¦ÁÙ·|­×§ï¨t²Îªºµù¥Uªí±M®×¡A³q¹L¸Óµù¥Uªí±M®×ªº­×§ï¡A¸ÓįÂε{¦¡¥i¥H«Ø¥ßµêÀÀªº¥Ø¿ýC ©ÎªÌD¡A¯f¬r¦W¥Ñ¦¹¦Ó¨Ó¡C­È±o¤@´£ªº¬O¡A¸Óºô¸ôįÂε{¦¡°£¤FÀÉexplorer.exe¥~¡A¨ä¾lªº¾Þ§@¤£¬O°ò©óÀɪº¡A¦Ó¬Oª½±µ¦b°O¾ÐÅ餤¨Ó¶i¦æ·P¬V¡B¶Ç¼½ªº¡A³o´Nµ¹®·®»±a¨Ó¤F¸û¤jÃø«×¡C
¡¨µ{¦¡ªºÀɮצW¡A¦A¦b¾ã­Óµù¥Uªí¤¤·j¯Á§Y¥i¡C
§Ú­Ì¥ý¬Ý¬Ý·L³n¬O«ç¼Ë´y­zsvchost.exeªº¡C¦b·L³nª¾ÃÑ®w314056¤¤¹ïsvchost.exe¦³¦p¤U´y­z:svchost.exe ¬O±q°ÊºA³sµ²µ{¦¡®w (DLL) ¤¤¹B¦æªºªA°Èªº³q¥Î¥D¾÷¶iµ{¦WºÙ¡C
¨ä¹êsvchost.exe¬OWindows XP¨t²Îªº¤@­Ó®Ö¤ß¶iµ{¡Csvchost.exe¤£³æ³æ¥u¥X²{¦bWindows XP¤¤¡A¦b¨Ï¥ÎNT¤º®ÖªºWindows¨t²Î¤¤³£·|¦³svchost.exeªº¦s¦b¡C¤@¯ë¦bWindows 2000¤¤svchost.exe¶iµ{ªº¼Æ¥Ø¬°2­Ó¡A¦Ó¦bWindows XP¤¤svchost.exe¶iµ{ªº¼Æ¥Ø´N¤W¤É¨ì¤F4­Ó¤Î4­Ó¥H¤W¡C©Ò¥H¬Ý¨ì¨t²Îªº¶iµ{¦Cªí¤¤¦³´X­Ósvchost.exe¤£¥Î¨º»ò¾á¤ß¡C