vml.exe

王朝百科·作者佚名 2010-03-05

宽屏版字体: 小 | 中 | 大 | 超大

vml.exe是继机器狗IGM又一新病毒，中vml.exe后，打开任何网站会自动加截类似kkcncn.com或xx.exiao01.com/2.html下面的某些控件，穿透冰点，自动弹出窗口，掉线等症状。打下vml免疫补丁及微软的IGM补丁基本上可以解决加载kkcncn，vml.exe IGM机器狗等病毒。

病毒。微软IGM补丁:http://download.microsoft.com/download/5/8/3/58324bce-00c5-42b7-bd05-1353c0604dab/WindowsXP-KB925902-x86-CHS.exe 穿透DEEP IGM病毒免疫补丁专杀最新合集http://down.wglm.net/safety/aqbd/20071024/2788.html

临时解决方法：

* 解除vgx.dll的注册

点击“开始”菜单，选择“运行”，在其中输入下面的命令：

regsvr32 -u "%ProgramFiles%Common FilesMicrosoft SharedVGXvgx.dll"

然后点击“确定”，在随后出现的弹出窗口中点击“确定”按钮。

在微软发布补丁后，如果想恢复注册，只需再用上述方法运行下面的命令即可：

regsvr32 "%ProgramFiles%Common FilesMicrosoft SharedVGXvgx.dll"

* 修改访问控制列表，限制用户对vgx.dll访问

* 配置Microsoft Windows XP SP2上的IE6在Internet和本地Intranet安全区中禁用“二进制和脚本行为”

* 以纯文本方式读取邮件消息

vML免疫：

@echo off

title KillIgm

MODE con: COLS=14 LINES=1

md c:WINDOWSKvsc3.exe >nul 2>nul

md c:WINDOWSGenProtect.exe >nul 2>nul

md c:WINDOWS235780WL.DLL >nul 2>nul

md c:WINDOWSswchost.exe >nul 2>nul

md c:WINDOWSMsIMMs32.exe >nul 2>nul

md c:WINDOWSAVPSrv.exe >nul 2>nul

md c:WINDOWSWinForm.exe >nul 2>nul

md c:WINDOWSupxdnd.exe >nul 2>nul

md c:WINDOWScmdbcs.exe >nul 2>nul

md c:WINDOWSNVDispDrv.exe >nul 2>nul

md c:WINDOWSsystem32Vml.exe >nul 2>nul

md c:WINDOWSsystem32kvdxsfis.exe >nul 2>nul

md c:WINDOWSsystem32LYLOADER.EXE >nul 2>nul

md c:WINDOWSsystem32zxatl.dll >nul 2>nul

md c:WINDOWSsystem32gjatl.dll >nul 2>nul

md c:WINDOWSsystem32wlatl.dll >nul 2>nul

md c:WINDOWSsystem32djatl.dll >nul 2>nul

md c:WINDOWSsystem32wf.dll >nul 2>nul

md c:WINDOWSsystem32mcfer.dat >nul 2>nul

md c:WINDOWSsystem32NBMediaInfo_Adv.ini >nul 2>nul

md c:WINDOWSsystem32Kvsc3.dll >nul 2>nul

md c:WINDOWSsystem32GenProtect.dll >nul 2>nul

md c:WINDOWSsystem32AVPSrv.dll >nul 2>nul

md c:WINDOWSsystem32oxelvchnty.dll >nul 2>nul

md c:WINDOWSsystem32MsIMMs32.dll >nul 2>nul

md c:WINDOWSsystem32MSDEG32.DLL >nul 2>nul

md c:WINDOWSsystem32LYMANGR.DLL >nul 2>nul

md c:WINDOWSsystem32WinForm.dll >nul 2>nul

md c:WINDOWSsystem32sqmapi32.dll >nul 2>nul

md c:WINDOWSsystem32msplay32.dll >nul 2>nul

md c:WINDOWSsystem32kvdxsfcf.dll >nul 2>nul

md c:WINDOWSsystem32cmdbcs.dll >nul 2>nul

md c:WINDOWSsystem32upxdnd.dll >nul 2>nul

md c:WINDOWSsystem32NVDispDrv.dll >nul 2>nul

cacls %systemroot%system32driverspcihdd.sys /e /p everyone:n

cacls %systemroot%system32userinit.exe /e /p everyone:r

exit

VML封路由：

除此之外最好在路由器禁止如下IP及域名

203.174.87.210

64.233.167.99

4 58.211.79.107

219.153.42.98

221.130.191.207

60.190.218.101

122.224.11.2

122.224.11.3

122.224.11.4

xx.exiao01.com

kkcncn.com

t.11se.com

www.94ak.com

www.99mmm.com

ask.35832.com

www.35832.com

附加：目前大多数网页病毒如IGM.EXE vml.exe 和fjOs0r.dll等病毒都通过此0day漏洞进入你的电脑

请在开机预留通道中加入如下命令行

\ip或者主机名menuWindows2000-KB925902-x86-CHS.EXE /q /n

自动安装不需要重启，即时生效，然后再去访问下刚刚中毒的网站，发现已经不能自动下载病毒了。

穿透DEEP IGM病毒免疫补丁专杀合集10.24更新

http://down.wglm.net/safety/aqbd/20071024/2788.html