Ñ¡ÔñÓïÑÔ
EN CN
ÔÚÏß¿Í·þ
ÁªÏµµç»°
+86 400-887-6000


Incaseformat²¡¶¾À´Ï®£¿EMCÒ×±¶Æ½Ì¨supCERT½ÌÄãÈçºÎÓ¦¶Ô£¡

2021Äê1ÔÂ13ÈÕ£¬Ò»ÖÖÃûΪincaseformatµÄÈä³æ²¡¶¾ÔÚÈ«¹ú¸÷µØ±¬·¢£¬Õã½­EMCÒ×±¶¡¤(Öйú)¹Ù·½Íøվƽ̨¹¤¿ØÍøÂ簲ȫӦ¼±ÏìÓ¦ÖÐÐÄsupCERTÒ²½Óµ½¿Í»§·´Ó³´ÅÅÌÎļþ±»Çå¿Õ£¬ÒÉËÆÖÐÁ˸ò¡¶¾£¬²¢Óжà¸ö¿Í»§×ÉѯEMCÒ×±¶Æ½Ì¨°²È«·À»¤²úÆ·ÄÜ·ñ·ÀÓù´Ë´Î±¬·¢µÄ²¡¶¾£¬supCERT°²È«¹¤³ÌʦµÃµ½Ñù±¾ºóµÚһʱ¼ä¶Ô²¡¶¾½øÐзÖÎö¡£

Incaseformat²¡¶¾À´Ï®£¿EMCÒ×±¶Æ½Ì¨supCERT½ÌÄãÓ¦¶Ô

²¡¶¾»úÀí·ÖÎö

Ñù±¾ÎļþÃû: tsay.exe/ttry.exe

Îļþ´óС: 496640 ×Ö½Ú

MD5: 4E242BBE2FFB1DB45442FA6037C9FD6E

SHA1: 43D41D5EFF896A4042E56A7A2B46DD8D073752EA

CRC32: AFE5FF81

210114jswx1.png

ͼ1 ²¡¶¾ÏêÇé

210114jswx2.png

ͼ2 ²¡¶¾Îļþ

¸Ã²¡¶¾Ê¹ÓÃdelphi±àд£¬²¡¶¾»áαװΪÎļþ¼Ðͼ±ê£¬¸ÐȾ²¡¶¾ºó£¬²¡¶¾»á½«×ÔÉí¸´ÖƵ½C:\WindowsĿ¼Ï£¬²¢´´½¨×¢²á±í×ÔÆô¶¯Ïî

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msfsa

210114jswx3.png

ͼ3 ×ÔÉí¸´ÖÆ

210114jswx4.png

ͼ4 дע²á±í×ÔÆô¶¯

µ±²¡¶¾ÔÚC:\WindowsĿ¼ÏÂÔËÐÐʱ£¬»áÐÞ¸Ä×¢²á±í½ûÓÃÏÔʾÒþ²ØÎļþ£¬²¢ÅжÏϵͳʱ¼ä£¬Âú×ãÌõ¼þʱ±éÀú´ÅÅÌ£¬É¾³ý³ýCÅÌÍâµÄËùÓÐÎļþ£¬²¢ÔÚ¸ùĿ¼ÁôÏÂincaseformat.logÎļþ¡£

210114jswx5.png

ͼ5 ÐÞ¸Ä×¢²á±í

210114jswx6.png

ͼ6 ɾ³ýÎļþÉú³Éincaseformat.log

ÖµµÃ×¢ÒâµÄÊÇ×÷Ϊһ¸öÀϲ¡¶¾£¬ÒòΪʹÓÃÁËdelphi¿âÖÐµÄ DateTimeToTimeStamp º¯ÊýÖÐ IMSecsPerDay ±äÁ¿µÄÖµ´íÎó£¬×îÖÕµ¼Ö DecodeDate ¼ÆËãת»»³öµÄϵͳµ±Ç°Ê±¼ä´íÎó£¬Ö±µ½2021Äê1ÔÂ13ÈղŴ¥·¢ÁËɾ³ýÎļþµÄ´úÂëÂß¼­£¬µ¼Ö´ó¹æÄ£±¬·¢¡£¸Ã²¡¶¾É趨µÄɾ³ýÈÕÆÚ²»Ö¹1ÔÂ13ÈÕ£¬¾àÀë×î½üµÄÏÂÒ»´Îɾ³ýʱ¼äΪ1ÔÂ23ÈÕ¡£Èç¹ûÓû§µçÄÔÖл¹ÓвÐÁôµÄ²¡¶¾£¬½«ÃæÁÙÔٴα»É¾³ýµÄ·çÏÕ¡£


½â¾ö·½°¸

Incaseformat²¡¶¾À´Ï®£¿EMCÒ×±¶Æ½Ì¨supCERT½ÌÄãÓ¦¶Ô

¾­supCERTÑéÖ¤£¬¸Ã²¡¶¾²»¾ß±¸ÍøÂç´«²¥µÄ¹¦ÄÜ£¬Ö÷ÒªÊÇͨ¹ýUSBµÈÉ豸´«²¥ÇÒÖ»ÓÐÔÚC:\WindowsĿ¼ÏÂÔËÐÐʱ²Å»áÖ´ÐÐɾ³ýÎļþµÈ¶ñÒâ²Ù×÷£¬¶øÖØÆôµçÄÔÔòÊǵ¼ÖÂÆäÖ´ÐжñÒâ²Ù×÷µÄÖ÷Ҫ;¾¶¡£

Èô·¢ÏÖ C:\WindowsĿ¼Ï´æÔÚÃûΪtsay.exe/ttry.exeµÄ²¡¶¾Îļþ£¬¿ÉÒÔÖ±½Óɾ³ý²¡¶¾Îļþ£¬ÔÚɾ³ý֮ǰÇë²»ÒªÖØÆôµçÄÔ¡£È»ºóÅŲé×¢²á±íHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceÊÇ·ñ´æÔÚ²¡¶¾µÄ×ÔÆô¶¯Ïî¡£

¾­ÑéÖ¤£¬ÔÚ°²×°ÁËEMCÒ×±¶Æ½Ì¨Ö÷»ú°²È«ÎÀÊ¿VxDefenderµÄµçÄÔÉÏ¿ªÆô°×Ãûµ¥·À»¤¹¦ÄÜ£¬²¢È·ÈÏ°×Ãûµ¥ÁбíÖÐδ°üº¬tsay.exeºÍttry.exeÎļþ£¬ÔòÎÞÂÛÖØÆô»òÊÇÖ±½ÓË«»÷ÔËÐÐC:\WindowsĿ¼ÏµIJ¡¶¾Îļþ£¬¶¼¿ÉÒԳɹ¦À¹½Øincaseformat²¡¶¾¡£

210114jswx7.png

ͼ7 Ö÷»ú°²È«ÎÀÊ¿Ö÷½çÃæ

210114jswx8.png

ͼ8 ³ÌÐò°×Ãûµ¥À¹½ØÌáʾ

210114jswx9.png

ͼ9 ³ÌÐò°×Ãûµ¥À¹½ØÌáʾ

210114jswx10.png

ͼ10 ³ÌÐò°×Ãûµ¥À¹½ØÈÕÖ¾

EMCÒ×±¶Æ½Ì¨Ö÷»ú°²È«ÎÀʿרҵ°æVxDefender ProÒÑÄÚÖúÚÃûµ¥É±¶¾ÒýÇ棬¿ÉʹÓò¡¶¾²éɱ¹¦Äܳɹ¦²éɱ¸ôÀë¸Ã²¡¶¾£¬ÓÐЧµØ±£Ö¤¹¤ÒµÖ÷»úµÄ°²È«Îȶ¨ÔËÐС£

210114jswx11.png

ͼ11 Ö÷»ú°²È«ÎÀʿרҵ°æ²¡¶¾²éɱ¹¦ÄÜ

Incaseformat²¡¶¾À´Ï®£¿EMCÒ×±¶Æ½Ì¨supCERT½ÌÄãÓ¦¶Ô

°²È«½¨Òé

Incaseformat²¡¶¾À´Ï®£¿EMCÒ×±¶Æ½Ì¨supCERT½ÌÄãÓ¦¶Ô

1. ²»ÒªÏÂÔØ»òµã»÷δ֪À´Ô´µÄÎļþ

2. Ñϸñ¹æ·¶UÅ̵ÈÒƶ¯´æ´¢É豸µÄʹÓÃ

3. °²×°É±¶¾Èí¼þ£¬¶¨ÆÚ½øÐÐɨÃèɱ¶¾

4. °²×°Ö÷»ú°²È«·À»¤²úÆ·


¸ü¶àÐÅÏ¢