| [Question] [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
27/07/2008 02:49:10 (+0700) | #1 | 143504 |
![[Avatar]](/hvaonline/images/avatar/0cc8f7bf8a8d56980414a6e4bc69cdc6.png "[Avatar]")
|
kamikazeq
Member
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]") |
0 |
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
|
|
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
|
|
Với lệnh TaskList /M , sẽ cho ra 1 list Dll như "Code" bên dưới.
Đây là suy nghĩ của mình:
_Một số Virus thì có mặt trong TaskList, nó dùng những Dll của Win và của cả nó nữa. Và mình có thể thấy được Dll của nó thông qua lệnh này.
_Một số loại Virus khác thì ẩn cả trong TaskList. Nhưng nó lại nhờ 1 process nào đó trong Task để Load dùm Dll cho nó. Và mình có thể dò ra Dll lạ trong 1 Process, để có thể lần được chút manh mối tới Virus.
Suy nghĩ của mình ở trên, đúng sai chỗ nào, mong các bác tận tình hướng dẫn.
Và cùng bàn luận tiếp vấn đề này 
Code:
Image Name PID Modules
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 404 ntdll.dll
csrss.exe 452 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, USER32.dll, KERNEL32.dll,
GDI32.dll, sxs.dll, ADVAPI32.dll,
RPCRT4.dll, Apphelp.dll, VERSION.dll
winlogon.exe 476 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, AUTHZ.dll, msvcrt.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, Secur32.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
MSGINA.dll, SHELL32.dll, SHLWAPI.dll,
COMCTL32.dll, ODBC32.dll, comdlg32.dll,
comctl32.dll, odbcint.dll, SHSVCS.dll,
sfc.dll, sfc_os.dll, ole32.dll, Apphelp.dll,
WINSCARD.DLL, WTSAPI32.dll, sxs.dll,
uxtheme.dll, WINMM.dll, cscdll.dll,
WlNotify.dll, WINSPOOL.DRV, MPR.dll,
rsaenh.dll, msv1_0.dll, iphlpapi.dll,
SAMLIB.dll, cscui.dll, wdmaud.drv,
xpsp2res.dll, NTMARTA.DLL, WLDAP32.dll,
msacm32.drv, MSACM32.dll, midimap.dll,
COMRes.dll, OLEAUT32.dll, CLBCATQ.DLL,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, MSVCP60.dll, NTDSAPI.dll,
DNSAPI.dll
services.exe 520 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, USERENV.dll, SCESRV.dll,
AUTHZ.dll, umpnpmgr.dll, WINSTA.dll,
NETAPI32.dll, NCObjAPI.DLL, MSVCP60.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
UxTheme.dll, comctl32.dll, comctl32.dll,
secur32.dll, Apphelp.dll, eventlog.dll,
WS2_32.dll, WS2HELP.dll, PSAPI.DLL,
wtsapi32.dll
lsass.exe 532 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, LSASRV.dll, msvcrt.dll,
Secur32.dll, USER32.dll, GDI32.dll,
SAMSRV.dll, cryptdll.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, MSASN1.dll,
NETAPI32.dll, SAMLIB.dll, MPR.dll,
NTDSAPI.dll, WLDAP32.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, comctl32.dll, comctl32.dll,
msprivs.dll, kerberos.dll, msv1_0.dll,
iphlpapi.dll, netlogon.dll, w32time.dll,
MSVCP60.dll, schannel.dll, CRYPT32.dll,
wdigest.dll, rsaenh.dll, setupapi.dll,
scecli.dll, ipsecsvc.dll, AUTHZ.dll,
oakley.DLL, WINIPSEC.DLL, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, pstorsvc.dll,
psbase.dll, dssenh.dll
svchost.exe 700 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, Secur32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, termsrv.dll,
ICAAPI.dll, CRYPT32.dll, MSASN1.dll,
AUTHZ.dll, mstlsapi.dll, ACTIVEDS.dll,
adsldpc.dll, NETAPI32.dll, ATL.DLL,
REGAPI.dll, rsaenh.dll, Apphelp.dll,
WTSAPI32.dll, WINSTA.dll, msv1_0.dll,
iphlpapi.dll
svchost.exe 764 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, Secur32.dll, xpsp2res.dll,
rsaenh.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, DNSAPI.dll, iphlpapi.dll,
winrnr.dll, WLDAP32.dll, rasadhlp.dll,
CLBCATQ.DLL, COMRes.dll, msi.dll
svchost.exe 804 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, xpsp2res.dll, shsvcs.dll,
WINSTA.dll, NETAPI32.dll, dhcpcsvc.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, Secur32.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, wzcsvc.dll,
rtutils.dll, WMI.dll, CRYPT32.dll,
MSASN1.dll, WTSAPI32.dll, ESENT.dll,
ATL.DLL, rsaenh.dll, rastls.dll,
CRYPTUI.dll, WINTRUST.dll, IMAGEHLP.dll,
WININET.dll, MPRAPI.dll, ACTIVEDS.dll,
adsldpc.dll, SETUPAPI.dll, RASAPI32.dll,
rasman.dll, TAPI32.dll, SCHANNEL.dll,
WinSCard.dll, raschap.dll, msv1_0.dll,
CLBCATQ.DLL, COMRes.dll, schedsvc.dll,
NTDSAPI.dll, MSIDLE.DLL, audiosrv.dll,
wkssvc.dll, cryptsvc.dll, certcli.dll,
dmserver.dll, ersvc.dll, es.dll, pchsvc.dll,
hidserv.dll, HID.DLL, srvsvc.dll,
netman.dll, netshell.dll, credui.dll,
WZCSAPI.DLL, seclogon.dll, sens.dll,
srsvc.dll, POWRPROF.dll, trkwks.dll,
w32time.dll, MSVCP60.dll, wmisvc.dll,
VSSAPI.DLL, browser.dll, SXS.DLL,
comsvcs.dll, MTXCLU.DLL, WSOCK32.dll,
colbact.DLL, CLUSAPI.DLL, RESUTILS.DLL,
ipnathlp.dll, AUTHZ.dll, rasadhlp.dll,
wbemcomn.dll, upnp.dll, WINHTTP.dll,
SSDPAPI.dll, wbemcore.dll, esscli.dll,
FastProx.dll, wmiutils.dll, repdrvfs.dll,
wmiprvsd.dll, NCObjAPI.DLL, wbemess.dll,
RASDLG.dll, ncprov.dll, Apphelp.dll,
wbemsvc.dll, netcfgx.dll
svchost.exe 860 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, dnsrslvr.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll
svchost.exe 900 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, xpsp2res.dll, lmhsvc.dll,
iphlpapi.dll, WS2_32.dll, WS2HELP.dll,
webclnt.dll, WININET.dll, CRYPT32.dll,
MSASN1.dll, Secur32.dll, urlmon.dll,
wsock32.dll, regsvc.dll, ssdpsrv.dll,
hnetcfg.dll, CLBCATQ.DLL, COMRes.dll,
mswsock.dll, wshtcpip.dll
spoolsv.exe 1076 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, SPOOLSS.DLL,
WS2_32.dll, WS2HELP.dll, DNSAPI.dll,
iphlpapi.dll, rasadhlp.dll, localspl.dll,
Secur32.dll, sfc_os.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
winspool.drv, netapi32.dll, cnbjmon.dll,
mdimon.dll, msi.dll, pjlmon.dll, tcpmon.dll,
usbmon.dll, mdippr.dll, mswsock.dll,
winrnr.dll, WLDAP32.dll, win32spl.dll,
NETRAP.dll, NTDSAPI.dll, CLBCATQ.DLL,
COMRes.dll, xpsp2res.dll, inetpp.dll,
rsaenh.dll
explorer.exe 1268 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, SHELL32.dll,
ole32.dll, OLEAUT32.dll, BROWSEUI.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, WINTRUST.dll, IMAGEHLP.dll,
NETAPI32.dll, WININET.dll, WLDAP32.dll,
VERSION.dll, UxTheme.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
USERENV.dll, comctl32.dll, comctl32.dll,
appHelp.dll, CLBCATQ.DLL, COMRes.dll,
cscui.dll, CSCDLL.dll, themeui.dll,
Secur32.dll, MSIMG32.dll, urlmon.dll,
xpsp2res.dll, LINKINFO.dll, ntshrui.dll,
ATL.DLL, msi.dll, UKHook40.dll, rsaenh.dll,
WINSTA.dll, SETUPAPI.dll, webcheck.dll,
WSOCK32.dll, WS2_32.dll, WS2HELP.dll,
stobject.dll, BatMeter.dll, POWRPROF.dll,
WTSAPI32.dll, wdmaud.drv, msacm32.drv,
midimap.dll, NETSHELL.dll, rtutils.dll,
credui.dll, iphlpapi.dll, mswsock.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll,
MPR.dll, drprov.dll, ntlanman.dll,
NETUI0.dll, NETUI1.dll, NETRAP.dll,
SAMLIB.dll, davclnt.dll, WZCSAPI.DLL,
browselc.dll, IDMIECC.dll, MSVCP60.dll,
idmmkb.dll, DUSER.dll, MLANG.dll,
rarext.dll, isoshell.dll, JetFlExt.dll,
mydocs.dll, zipfldr.dll, ACTXPRXY.DLL,
sendmail.dll, shgina.dll, MSGINA.dll,
ODBC32.dll, comdlg32.dll, odbcint.dll,
usbui.dll, gdiplus.dll, mscms.dll,
WINSPOOL.DRV, icm32.dll, MSVFW32.dll,
wmvcore.dll, wmidx.dll, WMASF.DLL,
msdmo.dll, DRMClien.DLL, shmedia.dll,
AVIFIL32.dll, SXS.DLL, dsquery.dll,
dsuiext.dll, NTDSAPI.dll, ACTIVEDS.dll,
adsldpc.dll, DSOUND.dll, PRINTUI.dll,
CFGMGR32.dll
UniKeyNT.exe 1352 ntdll.dll, kernel32.dll, comdlg32.dll,
SHLWAPI.dll, msvcrt.dll, GDI32.dll,
USER32.dll, ADVAPI32.dll, RPCRT4.dll,
COMCTL32.dll, SHELL32.dll, UKHook40.dll,
UxTheme.dll
alg.exe 272 ntdll.dll, kernel32.dll, msvcrt.dll,
ATL.DLL, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, ole32.dll,
OLEAUT32.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, MSWSOCK.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, CLBCATQ.DLL, COMRes.dll,
xpsp2res.dll, hnetcfg.dll, wshtcpip.dll
cmd.exe 692 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, ShimEng.dll,
AcGenral.DLL, ADVAPI32.dll, RPCRT4.dll,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, Apphelp.dll
tasklist.exe 1452 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, MPR.dll, ole32.dll, OLEAUT32.dll,
Secur32.dll, WS2_32.dll, WS2HELP.dll,
framedyn.dll, NETAPI32.dll, DBGHELP.dll,
VERSION.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, MSACM32.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, wbemprox.dll,
wbemcomn.dll, Winsta.dll, wbemsvc.dll,
fastprox.dll, MSVCP60.dll, NTDSAPI.dll,
DNSAPI.dll, WLDAP32.dll
wmiprvse.exe 1200 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, wbemcomn.dll, OLEAUT32.dll,
ole32.dll, FastProx.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, WLDAP32.dll, NETAPI32.dll,
Secur32.dll, NCObjAPI.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, wbemprox.dll, wbemsvc.dll,
wmiutils.dll, cimwin32.dll, framedyn.dll,
SETUPAPI.dll, WTSAPI32.dll, WINSTA.dll,
CFGMGR32.DLL, WMI.DLL
|
|
| IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g |
|
 |
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
27/07/2008 04:11:29 (+0700) | #2 | 143513 |
![[Avatar]](/hvaonline/images/avatar/7464daee9d49796baa345f68e4e845ba.jpg "[Avatar]")
|
MQ-001
Member
|
|
0 |
|
|
Joined: 23/06/2008 16:58:50
Messages: 88
Offline
|
|
Cái này cũng hay đấy, nhưng với một đống như thế kia thì cũng như kiểu mò kim đáy bể vậy, mà hơn nữa có phải ai cũng hiểu rõ những cái file kia đâu, tên còn chẳng biết chứ chưa nói tới tác dụng của chúng  , và giả sử virus nó lây vào file hệ thống ( chúng đè file hệ thống của chúng đã bị nhiễm virus vào file có săn trên máy ta)
Cũng nhọc đấy nhỉ  scan virus vẫn hơn :d
Cái này hợp với những người làm Portable hơn  |
|
|
|
|
| [Question] ~ |
27/07/2008 05:09:34 (+0700) | #3 | 143525 |
|
kamikazeq
Member
|
|
0 |
|
|
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
|
|
Cái này hợp với những người làm Portable hơn
Ý bạn là gì ?
Cái này cũng hay đấy
Hay thế nào vậy bạn? Nói rõ xíu nào.
nhưng với một đống như thế kia thì cũng như kiểu mò kim đáy bể vậy, mà hơn nữa có phải ai cũng hiểu rõ những cái file kia đâu, tên còn chẳng biết chứ chưa nói tới tác dụng của chúng
Phương thức của mình thế này:
Ta có sẵn 1 List Dll "hiền" (cài WIN là đã có, hoặc được xác định là hiền) (hay còn gọi là WhiteList).
So sánh cái đống đó với WhiteList => lọc ra những Dll lạ => Típ tục ngâm cứu đám Dll lạ đó.
Có thể xảy ra 2 trường hợp sau:
_Virus chạy ẩn, lây vào 1 trong những dll có trong đống đó, và có Load thêm vài dll nào đó lạ (được kê ra trong đống đó luôn). => cái này thì có khả quan.
_Virus chạy ẩn, lây vào 1 trong những dll có trong đống đó, KO load thêm dll nào nữa => khó nhận biết.
Nói chung, theo mình nghĩ, việc lọc trong List ra thế này, ít nhìu cũng mò được 1 số dll của Virus.
Mong các bác tiếp tục cho ý kiến. |
|
| IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g |
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
31/07/2008 20:39:01 (+0700) | #4 | 144436 |
nhatthienton
Member
|
|
0 |
|
|
Joined: 13/10/2005 14:56:19
Messages: 16
Offline
|
|
| Cho mình hỏi khi biết DLL của virus rùi thì ta dùng lệnh j để Kill nó và lệnh j để biết đường dẫn của DLL đó. |
|
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
01/08/2008 00:46:48 (+0700) | #5 | 144463 |
|
kamikazeq
Member
|
|
0 |
|
|
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
|
|
Thì search nó trong Win or trong Dos, rồi Del nó thôi.
|
|
| IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g |
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
02/08/2008 03:09:22 (+0700) | #6 | 144688 |
![[Avatar]](/hvaonline/images/avatar/7038ed39db8398fa87cad3b34076e611.jpg "[Avatar]")
|
crazyboy_alias
Member
|
|
0 |
|
|
Joined: 03/07/2008 01:47:32
Messages: 60
Offline
|
|
| nhưng mà search kiểu j` mới đc chứ....anh cho cái cách cụ thể đi ạ.Anh cũng cho luôn cái mà anh gọi là white list để mọi ng` còn bít đường so sánh xem có cái dll nào lạ ko nha.Thanks |
|
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
02/08/2008 03:10:40 (+0700) | #7 | 144689 |
|
crazyboy_alias
Member
|
|
0 |
|
|
Joined: 03/07/2008 01:47:32
Messages: 60
Offline
|
|
| nhưng mà search kiểu j` mới đc chứ....anh cho cái cách cụ thể đi ạ.Anh cũng cho luôn cái mà anh gọi là white list để mọi ng` còn bít đường so sánh xem có cái dll nào lạ ko nha.Thanks |
|
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
03/08/2008 01:57:37 (+0700) | #8 | 144810 |
|
kamikazeq
Member
|
|
0 |
|
|
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
|
|
Thực ra mình chưa cài lại win để có thể thu thập cái gọi là WhiteList. (bạn nào có rồi 1 danh sách WhiteList thì vui lòng Up lên đây luôn được không thanks)
Còn chuyện Search thì chức năng trong win ấy mà, search nó ra.
Còn sợ nó núp ghê ghê thì ra Dos vào NC mà Search.
(2 cái này chắc ai cũng biết mà !?). |
|
| IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g |
|
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
03/08/2008 05:00:30 (+0700) | #9 | 144827 |
|
crazyboy_alias
Member
|
|
0 |
|
|
Joined: 03/07/2008 01:47:32
Messages: 60
Offline
|
|
Thực ra mình chưa cài lại win để có thể thu thập cái gọi là WhiteList. (bạn nào có rồi 1 danh sách WhiteList thì vui lòng Up lên đây luôn được không [Image] thanks)
Còn chuyện Search thì chức năng trong win ấy mà, search nó ra.
Còn sợ nó núp ghê ghê thì ra Dos vào NC mà Search.
(2 cái này chắc ai cũng biết mà !?).
thanks anh nha.bạn nào có thj` gửi danh sách lên cho mọi ng` tham khảo nha |
|
|
| [Question] Re: [Hỏi] Lệnh: "Tasklist /M" trong Cmd. (truy lùng Dll của Virus !?) |
03/08/2008 20:40:48 (+0700) | #10 | 144892 |
thosan91
Member
|
|
0 |
|
|
Joined: 07/04/2008 19:47:49
Messages: 6
Offline
|
|
| Kiếm thử đi cái bro, em ủng hộ hai tay |
|
|
| Users currently in here |
|
1 Anonymous
|
|
Powered by JForum - Extended by HVAOnline
hvaonline.net | hvaforum.net | hvazone.net | hvanews.net | vnhacker.org
1999 - 2013 ©
v2012|0504|218|
|
|
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thảo luận virus, trojan, spyware, worm...
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Yahoo!]](/hvaonline/templates/viet/images/icon_yim.gif "[YIM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")