Appcrash 和可能的恶意软件

tag-icon tag-icon windows-7 malware-removal
Appcrash 和可能的恶意软件

首先,我正在运行 MS Intune Endpoint Protection。它是完全最新的。

10 月 25 日晚上 11:53,我遇到了一个导致 Intune 崩溃的网站:

Microsoft Antimalware has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.B&threatid=2147646729
    Name: Trojan:Win64/Sirefef.B
    ID: 2147646729
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Windows\System32\consrv.dll
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    User: NT AUTHORITY\SYSTEM
    Process Name: C:\Windows\explorer.exe
    Signature Version: AV: 1.115.526.0, AS: 1.115.526.0, NIS: 10.7.0.0
    Engine Version: AM: 1.1.7801.0, NIS: 2.0.7707.0

当然,我选择直接删除该文件。

从那时起,我的机器就随机给出“Windows 服务的主机进程”停止工作的错误。通常有两条不同的信息:

Description
Faulting Application Path:  C:\Windows\System32\svchost.exe

Problem signature
Problem Event Name: BEX64
Application Name:   svchost.exe
Application Version:    6.1.7600.16385
Application Timestamp:  4a5bc3c1
Fault Module Name:  StackHash_52d4
Fault Module Version:   0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset:   000062bdabe00000
Exception Code: c0000005
Exception Data: 0000000000000008
OS Version: 6.1.7601.2.1.0.256.27
Locale ID:  1033
Additional Information 1:   52d4
Additional Information 2:   52d47b8b925663f9d6437d7892cdf21b
Additional Information 3:   ed24
Additional Information 4:   ed24528f3b69e8539b5c5c2158896d3e


Description
Faulting Application Path:  C:\Windows\System32\svchost.exe

Problem signature
Problem Event Name: APPCRASH
Application Name:   svchost.exe
Application Version:    6.1.7600.16385
Application Timestamp:  4a5bc3c1
Fault Module Name:  mshtml.dll
Fault Module Version:   9.0.8112.16437
Fault Module Timestamp: 4e5f1784
Exception Code: c0000005
Exception Offset:   00000000002ed3c2
OS Version: 6.1.7601.2.1.0.256.27
Locale ID:  1033
Additional Information 1:   3e9e
Additional Information 2:   3e9e8b83f6a5f2a25451516023078a83
Additional Information 3:   432a
Additional Information 4:   432a0284c502cce3bbb92a3bd555fe65

Intune 声称机器是干净的。我还尝试了一些在线扫描仪,例如趋势科技,它们都声称系统是干净的。

最后,我尝试了“sfc /scannow”,它说一切正常。

昨晚我离开后,我的机器还开着,里面有大约 50 条这样的消息。

关于如何进行的想法?

答案1

这个问题已经困扰了我一段时间:这是一个病毒;我最终使用了很多方法来修复它。MalwareBytes 帮了我大忙。

相关内容