Ⅰ 鎴戠殑鐢佃剳涓涓猄vchost.exe榪涚▼錛屽湪浠誨姟綆$悊鍣ㄤ腑鎬繪槸鍗燙PU90%浠ヤ笂,鎴戠粰瀹冪粨鏉熶簡,灝辨病浜嬩簡,浣嗛噸鍚鍚庤繕鏈.
1.鍒╃敤鍋囧啋Svchost.exe鍚嶇О鐨勭棶姣掔▼搴 榪欑嶆柟寮忚繍琛岀殑鐥呮瘨騫舵病鏈夌洿鎺ュ埄鐢ㄧ湡姝g殑Svchost.exe榪涚▼錛岃屾槸鍚鍔ㄤ簡鍙﹀栦竴涓鍚嶇О鍚屾牱鏄瘲vchost.exe鐨勭棶姣掕繘紼嬶紝鐢變簬榪欎釜鍋囧啋鐨勭棶姣掕繘紼嬪苟娌℃湁鍔犺澆緋葷粺鏈嶅姟錛屽畠鍜岀湡姝g殑Svchost.exe榪涚▼鏄涓嶅悓鐨勶紝鍙闇鍦ㄥ懡浠よ岀獥鍙d腑榪愯屼竴涓嬧淭asklist /svc鈥濓紝濡傛灉鐪嬪埌鍝涓猄vchost.exe榪涚▼鍚庨潰鎻愮ず鐨勬湇鍔′俊鎮鏄鈥滄殏緙衡濓紝鑰屼笉鏄涓涓鍏蜂綋鐨勬湇鍔″悕錛岄偅涔堝畠灝辨槸鐥呮瘨榪涚▼浜嗭紝璁頒笅榪欎釜鐥呮瘨榪涚▼瀵瑰簲鐨凱ID鏁板(榪涚▼鏍囪瘑絎)錛屽嵆鍙鍦ㄤ換鍔$$悊鍣ㄧ殑榪涚▼鍒楄〃涓鎵懼埌瀹冿紝緇撴潫榪涚▼鍚庯紝鍦–鐩樻悳緔Svchost.exe鏂囦歡錛屼篃鍙浠ョ敤絎涓夋柟榪涚▼宸ュ叿鐩存帴鏌ョ湅璇ヨ繘紼嬬殑璺寰勶紝姝e父鐨凷vchost.exe鏂囦歡鏄浣嶄簬%systemroot%\System32鐩褰曚腑鐨勶紝鑰屽亣鍐掔殑Svchost.exe鐥呮瘨鎴栨湪椹鏂囦歡鍒欎細鍦ㄥ叾浠栫洰褰曪紝渚嬪傗渨32.welchina.worm鈥濈棶姣掑亣鍐掔殑Svchost.exe灝遍殣鈃忓湪Windows\System32\Wins鐩褰曚腑錛屽皢鍏跺垹闄わ紝騫跺交搴曟竻闄ょ棶姣掔殑鍏朵粬鏁版嵁鍗沖彲銆 2:涓浜涢珮綰х棶姣掑垯閲囩敤綾諱技緋葷粺鏈嶅姟鍚鍔ㄧ殑鏂瑰紡錛岄氳繃鐪熸g殑Svchost.exe榪涚▼鍔犺澆鐥呮瘨紼嬪簭錛岃孲vchost.exe鏄閫氳繃娉ㄥ唽琛ㄦ暟鎹鏉ュ喅瀹氳佽呰澆鐨勬湇鍔″垪琛ㄧ殑錛屾墍浠ョ棶姣掗氬父浼氬湪娉ㄥ唽琛ㄤ腑閲囩敤浠ヤ笅鏂規硶榪涜屽姞杞斤細 娣誨姞涓涓鏂扮殑鏈嶅姟緇勶紝鍦ㄧ粍閲屾坊鍔犵棶姣掓湇鍔″悕鍦ㄧ幇鏈夌殑鏈嶅姟緇勯噷鐩存帴娣誨姞鐥呮瘨鏈嶅姟鍚 淇鏀圭幇鏈夋湇鍔$粍閲岀殑鐜版湁鏈嶅姟灞炴э紝淇鏀瑰叾鈥淪erviceDll鈥濋敭鍊兼寚鍚戠棶姣掔▼搴忓垽鏂鏂規硶:鐥呮瘨紼嬪簭瑕侀氳繃鐪熸g殑Svchost.exe榪涚▼鍔犺澆錛屽氨蹇呴』瑕佷慨鏀圭浉鍏崇殑娉ㄥ唽琛ㄦ暟鎹錛屽彲浠ユ墦寮[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\
CurrentVersion\Svchost]錛岃傚療鏈夋病鏈夊炲姞鏂扮殑鏈嶅姟緇勶紝鍚屾椂瑕佺暀鎰忔湇鍔$粍涓鐨勬湇鍔″垪琛錛岃傚療鏈夋病鏈夊彲鐤戠殑鏈嶅姟鍚嶇О錛岄氬父鏉ヨ達紝鐥呮瘨涓嶄細鍦ㄥ彧鏈変竴涓鏈嶅姟鍚嶇О鐨勭粍涓娣誨姞錛屽線寰浼氶夋嫨LocalService鍜宯etsvcs榪欎袱涓鍔犺澆鏈嶅姟杈冨氱殑緇勶紝浠ュ共鎵板垎鏋愶紝榪樻湁閫氳繃淇鏀規湇鍔″睘鎬ф寚鍚戠棶姣掔▼搴忕殑錛岄氳繃娉ㄥ唽琛ㄥ垽鏂璧鋒潵閮芥瘮杈冨洶闅撅紝榪欐椂鍙浠ュ埄鐢ㄥ墠闈浠嬬粛鐨勬湇鍔$$悊涓撳訛紝鍒嗗埆鎵撳紑LocalService鍜宯etsvcs鍒嗘敮錛岄愪釜媯鏌ュ彸杈規湇鍔″垪琛ㄤ腑鐨勬湇鍔″睘鎬э紝灝ゅ叾瑕佹敞鎰忔湇鍔℃弿榪頒俊鎮鍏ㄩ儴涓鴻嫳鏂囩殑錛屽緢鍙鑳芥槸絎涓夋柟瀹夎呯殑鏈嶅姟錛屽悓鏃惰佺粨鍚堝畠鐨勬枃浠舵弿榪般佺増鏈銆佸叕鍙哥瓑鐩稿叧淇℃伅錛岃繘琛岀患鍚堝垽鏂銆備緥濡傝繖涓鍚嶄負PortLess BackDoor鐨勬湪椹紼嬪簭錛屽湪鏈嶅姟鍒楄〃涓鍙浠ョ湅鍒板畠鐨勬湇鍔℃弿榪頒負鈥淚ntranet Services鈥濓紝鑰屽畠鐨勬枃浠剁増鏈銆佸叕鍙搞佹弿榪頒俊鎮鏇村叏閮ㄤ負絀猴紝濡傛灉鏄寰杞鐨勭郴緇熸湇鍔$▼搴忔槸緇濆逛笉鍙鑳藉嚭鐜拌繖縐嶇幇璞$殑銆備粠鍚鍔ㄤ俊鎮鈥淐:\WINDOWS\System32\svchost.exe -k netsvcs鈥濅腑鍙浠ョ湅鍑鴻繖鏄涓嬈懼吀鍨嬬殑鍒╃敤Svchost.exe榪涚▼鍔犺澆榪愯岀殑鏈ㄩ┈錛岀煡閬撲簡鍏跺師鐞嗭紝娓呴櫎鏂規硶涔熷緢綆鍗曚簡錛氬厛鐢ㄦ湇鍔$$悊涓撳跺仠姝㈣ユ湇鍔$殑榪愯岋紝鐒跺悗榪愯宺egedit.exe鎵撳紑鈥滄敞鍐岃〃緙栬緫鍣ㄢ濓紝鍒犻櫎[HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\IPRIP]涓婚敭錛岄噸鏂板惎鍔ㄨ$畻鏈猴紝鍐嶅垹闄%systemroot%\System32鐩褰曚腑鐨勬湪椹婧愮▼搴忊渟vchostdll.dll鈥濓紝閫氳繃鎸夋椂闂存帓搴忥紝鍙堝彂鐜頒簡鏃墮棿瀹屽叏鐩稿悓鐨勬湪椹瀹夎呯▼搴忊淧ortlessInst.exe鈥濓紝涓騫跺垹闄ゅ嵆鍙銆 svchost.exe鏄痭t鏍稿績緋葷粺鐨勯潪甯擱噸瑕佺殑榪涚▼錛屽逛簬2000銆亁p鏉ヨ達紝涓嶅彲鎴栫己銆傚緢澶氱棶姣掋佹湪椹涔熶細璋冪敤瀹冦傛墍浠ワ紝娣卞叆浜嗚В榪欎釜紼嬪簭錛屾槸鐜╃數鑴戠殑蹇呬慨璇句箣涓銆 澶у跺箇indows鎿嶄綔緋葷粺涓瀹氫笉闄岀敓錛屼絾浣犳槸鍚︽敞鎰忓埌緋葷粺涓鈥渟vchost.exe鈥濊繖涓鏂囦歡鍛錛熺粏蹇冪殑鏈嬪弸浼氬彂鐜皐indows涓瀛樺湪澶氫釜 鈥渟vchost鈥濊繘紼嬶紙閫氳繃鈥渃trl+alt+del鈥濋敭鎵撳紑浠誨姟綆$悊鍣錛岃繖閲岀殑鈥滆繘紼嬧濇爣絳句腑灝卞彲鐪嬪埌浜嗭級錛屼負浠涔堜細榪欐牱鍛錛熶笅闈㈠氨鏉ユ彮寮瀹冪炵樼殑闈㈢罕銆傚彂鐜 鍦ㄥ熀浜巒t鍐呮牳鐨剋indows鎿嶄綔緋葷粺瀹舵棌涓錛屼笉鍚岀増鏈鐨剋indows緋葷粺錛屽瓨鍦ㄤ笉鍚屾暟閲忕殑鈥渟vchost鈥濊繘紼嬶紝鐢ㄦ埛浣跨敤鈥滀換鍔$$悊鍣ㄢ濆彲鏌ョ湅鍏惰繘紼嬫暟鐩銆備竴鑸鏉ヨ達紝win2000鏈変袱涓猻vchost榪涚▼錛寃inxp涓鍒欐湁鍥涗釜鎴栧洓涓浠ヤ笂鐨剆vchost榪涚▼錛堜互鍚庣湅鍒扮郴緇熶腑鏈夊氫釜榪欑嶈繘紼嬶紝鍗冧竾鍒絝嬪嵆鍒ゅ畾緋葷粺鏈夌棶姣掍簡鍝燂級錛岃寃in2003 server涓鍒欐洿澶氥傝繖浜泂vchost榪涚▼鎻愪緵寰堝氱郴緇熸湇鍔★紝濡傦細rpcss鏈嶅姟錛坮emote procere call錛夈乨mserver鏈嶅姟錛坙ogical disk manager錛夈乨hcp鏈嶅姟錛坉hcp client錛夌瓑銆 濡傛灉瑕佷簡瑙f瘡涓猻vchost榪涚▼鍒板簳鎻愪緵浜嗗氬皯緋葷粺鏈嶅姟錛屽彲浠ュ湪win2000鐨勫懡浠ゆ彁紺虹︾獥鍙d腑杈撳叆鈥渢list -s鈥濆懡浠ゆ潵鏌ョ湅錛岃ュ懡浠ゆ槸win2000 support tools鎻愪緵鐨勩傚湪winxp鍒欎嬌鐢ㄢ渢asklist /svc鈥濆懡浠ゃ svchost涓鍙浠ュ寘鍚澶氫釜鏈嶅姟娣卞叆 windows緋葷粺榪涚▼鍒嗕負鐙絝嬭繘紼嬪拰鍏變韓榪涚▼涓ょ嶏紝鈥渟vchost.exe鈥濇枃浠跺瓨鍦ㄤ簬鈥%systemroot% system32鈥濈洰褰曚笅錛屽畠灞炰簬鍏變韓榪涚▼銆傞殢鐫windows緋葷粺鏈嶅姟涓嶆柇澧炲氾紝涓轟簡鑺傜渷緋葷粺璧勬簮錛屽井杞鎶婂緢澶氭湇鍔″仛鎴愬叡浜鏂瑰紡錛屼氦鐢 svchost.exe榪涚▼鏉ュ惎鍔ㄣ備絾svchost榪涚▼鍙浣滀負鏈嶅姟瀹誇富錛屽苟涓嶈兘瀹炵幇浠諱綍鏈嶅姟鍔熻兘錛屽嵆瀹冨彧鑳芥彁渚涙潯浠惰╁叾浠栨湇鍔″湪榪欓噷琚鍚鍔錛岃屽畠鑷宸卞嵈涓嶈兘緇欑敤鎴鋒彁渚涗換浣曟湇鍔°傞偅榪欎簺鏈嶅姟鏄濡備綍瀹炵幇鐨勫憿錛 鍘熸潵榪欎簺緋葷粺鏈嶅姟鏄浠ュ姩鎬侀摼鎺ュ簱錛坉ll錛夊艦寮忓疄鐜扮殑錛屽畠浠鎶婂彲鎵ц岀▼搴忔寚鍚 svchost錛岀敱svchost璋冪敤鐩稿簲鏈嶅姟鐨勫姩鎬侀摼鎺ュ簱鏉ュ惎鍔ㄦ湇鍔°傞偅svchost鍙堟庝箞鐭ラ亾鏌愪釜緋葷粺鏈嶅姟璇ヨ皟鐢ㄥ摢涓鍔ㄦ侀摼鎺ュ簱鍛錛熻繖鏄閫氳繃緋葷粺鏈嶅姟鍦ㄦ敞鍐岃〃涓璁劇疆鐨勫弬鏁版潵瀹炵幇銆備笅闈㈠氨浠rpcss錛坮emote procere call錛夋湇鍔′負渚嬶紝榪涜岃茶В銆 浠庡惎鍔ㄥ弬鏁頒腑鍙瑙佹湇鍔℃槸闈爏vchost鏉ュ惎鍔ㄧ殑銆傚疄渚 浠windows xp涓轟緥錛岀偣鍑燴滃紑濮嬧/鈥滆繍琛屸濓紝杈撳叆鈥渟ervices.msc鈥濆懡浠わ紝寮瑰嚭鏈嶅姟瀵硅瘽妗嗭紝鐒跺悗鎵撳紑鈥渞emote procere call鈥濆睘鎬у硅瘽妗嗭紝鍙浠ョ湅鍒皉pcss鏈嶅姟鐨勫彲鎵ц屾枃浠剁殑璺寰勪負鈥渃:\windows\system32\svchost -k rpcss鈥濓紝榪欒存槑rpcss鏈嶅姟鏄渚濋潬svchost璋冪敤鈥渞pcss鈥濆弬鏁版潵瀹炵幇鐨勶紝鑰屽弬鏁扮殑鍐呭瑰垯鏄瀛樻斁鍦ㄧ郴緇熸敞鍐岃〃涓鐨勩 鍦ㄨ繍琛屽硅瘽妗嗕腑杈撳叆鈥渞egedit.exe鈥濆悗鍥炶濺錛屾墦寮娉ㄥ唽琛ㄧ紪杈戝櫒錛屾壘鍒癧hkey_local_machine ]欏癸紝鎵懼埌綾誨瀷涓衡渞eg_expand_sz鈥濈殑閿鈥渕agepath鈥濓紝鍏墮敭鍊間負鈥%systemroot%system32svchost -k rpcss鈥濓紙榪欏氨鏄鍦ㄦ湇鍔$獥鍙d腑鐪嬪埌鐨勬湇鍔″惎鍔ㄥ懡浠わ級錛屽彟澶栧湪鈥減arameters鈥濆瓙欏逛腑鏈変釜鍚嶄負鈥渟ervicedll鈥濈殑閿錛屽叾鍊間負鈥% systemroot%system32rpcss.dll鈥濓紝鍏朵腑鈥渞pcss.dll鈥濆氨鏄痳pcss鏈嶅姟瑕佷嬌鐢ㄧ殑鍔ㄦ侀摼鎺ュ簱鏂囦歡銆傝繖鏍 svchost榪涚▼閫氳繃璇誨彇鈥渞pcss鈥濇湇鍔℃敞鍐岃〃淇℃伅錛屽氨鑳藉惎鍔ㄨユ湇鍔′簡銆傝В鎯 鍥犱負svchost榪涚▼鍚鍔ㄥ悇縐嶆湇鍔★紝鎵浠ョ棶姣掋佹湪椹涔熸兂灝藉姙娉曟潵鍒╃敤瀹冿紝浼佸浘鍒╃敤瀹冪殑鐗規ф潵榪鋒儜鐢ㄦ埛錛岃揪鍒版劅鏌撱佸叆渚點佺牬鍧忕殑鐩鐨勶紙濡傚啿鍑繪嘗鍙樼嶇棶姣掆渨32.welchia.worm鈥濓級銆備絾windows緋葷粺瀛樺湪澶氫釜svchost榪涚▼鏄寰堟e父鐨勶紝鍦ㄥ彈鎰熸煋鐨勬満鍣ㄤ腑鍒板簳鍝涓鏄鐥呮瘨榪涚▼鍛錛熻繖閲屼粎涓句竴渚嬫潵璇存槑銆 鍋囪緒indows xp緋葷粺琚鈥渨32.welchia.worm鈥濇劅鏌撲簡銆傛e父鐨剆vchost鏂囦歡瀛樺湪浜庘渃:\windows\system32鈥濈洰褰曚笅錛屽傛灉鍙戠幇璇ユ枃浠跺嚭鐜板湪鍏朵粬鐩褰曚笅灝辮佸皬蹇冧簡銆傗渨32.welchia.worm鈥濈棶姣掑瓨鍦ㄤ簬鈥渃:\windows\system32wins鈥濈洰褰曚腑錛屽洜姝や嬌鐢ㄨ繘紼嬬$悊鍣ㄦ煡鐪媠vchost榪涚▼鐨勬墽琛屾枃浠惰礬寰勫氨寰堝規槗鍙戠幇緋葷粺鏄鍚︽劅鏌撲簡鐥呮瘨銆倃indows緋葷粺鑷甯︾殑浠誨姟綆$悊鍣ㄤ笉鑳藉熸煡鐪嬭繘紼嬬殑璺寰勶紝鍙浠ヤ嬌鐢ㄧ涓夋柟榪涚▼綆$悊杞浠訛紝濡傗渨indows浼樺寲澶у笀鈥濊繘紼嬬$悊鍣錛岄氳繃榪欎簺宸ュ叿灝卞彲寰堝規槗鍦版煡鐪嬪埌鎵鏈夌殑svchost榪涚▼鐨勬墽琛屾枃浠惰礬寰勶紝涓鏃﹀彂鐜板叾鎵ц岃礬寰勪負涓嶅鉤甯哥殑浣嶇疆灝卞簲璇ラ┈涓婅繘琛屾嫻嬪拰澶勭悊銆 鐢變簬綃囧箙鐨勫叧緋伙紝涓嶈兘瀵箂vchost鍏ㄩ儴鍔熻兘榪涜岃︾粏浠嬬粛錛岃繖鏄涓涓獁indows涓鐨勪竴涓鐗規畩榪涚▼錛屾湁鍏磋叮鐨勫彲鍙傝冩湁鍏蟲妧鏈璧勬枡榪涗竴姝ュ幓浜嗚В瀹冦傚ぇ瀹墮兘瑕佺煡閬揝vchost.exe,鏄緋葷粺蹇呬笉鍙灝戠殑涓涓榪涚▼,寰堝氭湇鍔¢兘浼氬氬氬皯灝戠敤鍒板畠, 浣嗘槸鎴戞兂澶у朵篃鐭ラ亾,鐢變簬瀹冩湰韜鐗規畩鎬,楂樻槑鐨"榛戝浠"鑲瀹氭槸涓嶄細鏀捐繃鐨,鍓嶆墊椂闂寸殑Svchost.exe鏈ㄩ┈椋庢嘗,澶у跺簲璇ユ槸璁板繂鐘規柊鍚,鑰屼笖鐜板湪榪樻槸鏈夊緢澶氭満鍣ㄩ噷閮借棌鏈夋ゆ湪椹,鍥犱負瀹冧吉瑁呭拰緋葷粺榪涚▼Svchost.exe涓鏍,鎵浠ュ緢澶氫漢鍒嗕笉娓,閭d釜鏄榪涚▼,閭d釜鏄鏈ㄩ┈.... 濂界殑,榪樻槸璁╂垜浠璇﹀敖浜嗚В涓涓婼vchost.exe榪涚▼鍚 1.澶氫釜鏈嶅姟鍏變韓涓涓 Svchost.exe榪涚▼鍒╀笌寮 windows 緋葷粺鏈嶅姟鍒嗕負鐙絝嬭繘紼嬪拰鍏變韓榪涚▼涓ょ嶏紝鍦╳indows NT鏃跺彧鏈夋湇鍔″櫒綆$悊鍣⊿CM錛圫ervices.exe錛夋湁澶氫釜鍏變韓鏈嶅姟錛岄殢鐫緋葷粺鍐呯疆鏈嶅姟鐨勫炲姞錛屽湪windows 2000涓璵s鍙堟妸寰堝氭湇鍔″仛鎴愬叡浜鏂瑰紡錛岀敱svchost.exe鍚鍔ㄣ倃indows 2000涓鑸鏈2涓猻vchost榪涚▼錛屼竴涓鏄疪PCSS錛圧emote Procere Call錛夋湇鍔¤繘紼嬶紝鍙﹀栦竴涓鍒欐槸鐢卞緢澶氭湇鍔″叡浜鐨勪竴涓猻vchost.exe銆傝屽湪windows XP涓錛屽垯涓鑸鏈4涓浠ヤ笂鐨剆vchost.exe鏈嶅姟榪涚▼錛寃indows 2003 server涓鍒欐洿澶氾紝鍙浠ョ湅鍑烘妸鏇村氱殑緋葷粺鍐呯疆鏈嶅姟浠ュ叡浜榪涚▼鏂瑰紡鐢眘vchost鍚鍔ㄦ槸ms鐨勪竴涓瓚嬪娍銆傝繖鏍峰仛鍦ㄤ竴瀹氱▼搴︿笂鍑忓皯浜嗙郴緇熻祫婧愮殑娑堣楋紝涓嶈繃涔熷甫鏉ヤ竴瀹氱殑涓嶇ǔ瀹氬洜緔狅紝鍥犱負浠諱綍涓涓鍏變韓榪涚▼鐨勬湇鍔″洜涓洪敊璇閫鍑鴻繘紼嬪氨浼氬艱嚧鏁翠釜榪涚▼涓鐨勬墍鏈夋湇鍔¢兘閫鍑恆傚彟澶栧氨鏄鏈変竴鐐瑰畨鍏ㄩ殣鎮o紝棣栧厛瑕佷粙緇嶄竴涓媠vchost.exe鐨勫疄鐜版満鍒躲 2. Svchost鍘熺悊 Svchost鏈韜鍙鏄浣滀負鏈嶅姟瀹誇富錛屽苟涓嶅疄鐜頒換浣曟湇鍔″姛鑳斤紝闇瑕丼vchost鍚鍔ㄧ殑鏈嶅姟浠ュ姩鎬侀摼鎺ュ簱褰㈠紡瀹炵幇錛屽湪瀹夎呰繖浜涙湇鍔℃椂錛屾妸鏈嶅姟鐨勫彲鎵ц岀▼搴忔寚鍚憇vchost錛屽惎鍔ㄨ繖浜涙湇鍔℃椂鐢眘vchost璋冪敤鐩稿簲鏈嶅姟鐨勫姩鎬侀摼鎺ュ簱鏉ュ惎鍔ㄦ湇鍔° 閭d箞svchost濡備綍鐭ラ亾鏌愪竴鏈嶅姟鏄鐢卞摢涓鍔ㄦ侀摼鎺ュ簱璐熻矗鍛錛熻繖涓嶆槸鐢辨湇鍔$殑鍙鎵ц岀▼搴忚礬寰勪腑鐨勫弬鏁伴儴鍒嗘彁渚涚殑錛岃屾槸鏈嶅姟鍦ㄦ敞鍐岃〃涓鐨勫弬鏁拌劇疆鐨勶紝娉ㄥ唽琛ㄤ腑鏈嶅姟涓嬭竟鏈変竴涓狿arameters瀛愰敭鍏朵腑鐨凷erviceDll琛ㄦ槑璇ユ湇鍔$敱鍝涓鍔ㄦ侀摼鎺ュ簱璐熻矗銆傚苟涓旀墍鏈夎繖浜涙湇鍔″姩鎬侀摼鎺ュ簱閮藉繀欏昏佸煎嚭涓涓猄erviceMain()鍑芥暟錛岀敤鏉ュ勭悊鏈嶅姟浠誨姟銆 渚嬪俽pcss錛圧emote Procere Call錛夊湪娉ㄥ唽琛ㄤ腑鐨勪綅緗鏄 HKEY_LOCAL_錛屽畠鐨勫弬鏁板瓙閿甈arameters閲屾湁榪欐牱涓欏癸細 "ServiceDll"=REG_EXPAND_SZ:"%SystemRoot%system32 pcss.dll" 褰撳惎鍔╮pcss鏈嶅姟鏃訛紝svchost灝變細璋冪敤rpcss.dll錛屽苟涓旀墽琛屽叾ServiceMain()鍑芥暟鎵ц屽叿浣撴湇鍔° 鏃㈢劧榪欎簺鏈嶅姟鏄浣跨敤鍏變韓榪涚▼鏂瑰紡鐢眘vchost鍚鍔ㄧ殑錛屼負浠涔堢郴緇熶腑浼氭湁澶氫釜svchost榪涚▼鍛錛焟s鎶婅繖浜涙湇鍔″垎涓哄嚑緇勶紝鍚岀粍鏈嶅姟鍏變韓涓涓猻vchost榪涚▼錛屼笉鍚岀粍鏈嶅姟浣跨敤澶氫釜svchost榪涚▼錛岀粍鐨勫尯鍒鏄鐢辨湇鍔$殑鍙鎵ц岀▼搴忓悗杈圭殑鍙傛暟鍐沖畾鐨勩 渚嬪俽pcss鍦ㄦ敞鍐岃〃涓 HKEY_LOCAL_ 鏈夎繖鏍蜂竴欏癸細 "ImagePath"=REG_EXPAND_SZ:"%SystemRoot%system32svchost -k rpcss" 鍥犳rpcss灝卞睘浜巖pcss緇勶紝榪欏湪鏈嶅姟綆$悊鎺у埗鍙頒篃鍙浠ョ湅鍒般 svchost鐨勬墍鏈夌粍鍜岀粍鍐呯殑鎵鏈夋湇鍔¢兘鍦ㄦ敞鍐岃〃鐨勫備笅浣嶇疆錛 HKEY_LOCAL_ NTCurrentVersionSvchost錛屼緥濡倃indows 2000鍏辨湁4緇剅pcss銆乶etsvcs銆亀ugroup銆丅ITSgroup錛屽叾涓鏈澶氱殑灝辨槸netsvcs=REG_MULTI_SZ:EventSystem.Ias.Iprip.Irmon.Netman. Nwsapagent.Rasauto.Rasman.Remoteaccess.SENS.
Sharedaccess.Tapisrv.Ntmssvc.wzcsvc..
鍦ㄥ惎鍔ㄤ竴涓猻vchost.exe璐熻矗鐨勬湇鍔℃椂錛屾湇鍔$$悊鍣ㄥ傛灉閬囧埌鍙鎵ц岀▼搴忓唴瀹笽magePath宸茬粡瀛樺湪浜庢湇鍔$$悊鍣ㄧ殑鏄犺薄搴撲腑錛屽氨涓嶅湪鍚鍔ㄧ2涓榪涚▼svchost錛岃屾槸鐩存帴鍚鍔ㄦ湇鍔°傝繖鏍峰氨瀹炵幇浜嗗氫釜鏈嶅姟鍏變韓涓涓猻vchost榪涚▼銆 3. Svchost浠g爜 鐜板湪鎴戜滑鍩烘湰娓呮歴vchost鐨勫師鐞嗕簡錛屼絾鏄瑕佽嚜宸卞啓涓涓狣LL褰㈠紡鐨勬湇鍔★紝鐢眘vchost鏉ュ惎鍔錛屼粎鏈変笂杈圭殑淇℃伅榪樻湁浜涢棶棰樹笉鏄寰堟竻妤氥傛瘮濡傛垜浠鍦ㄥ煎嚭鐨凷erviceMain()鍑芥暟涓鎺ユ敹鐨勫弬鏁版槸ANSI榪樻槸Unicode錛熸垜浠鏄鍚﹂渶瑕佽皟鐢≧egisterServiceCtrlHandler鍜孲tartServiceCtrlDispatcher鏉ユ敞鍐屾湇鍔℃帶鍒跺強璋冨害鍑芥暟錛 榪欎簺闂棰樿侀氳繃鏌ョ湅svchost浠g爜鑾峰緱銆備笅杈圭殑浠g爜鏄痺indows 2000+ service pack 4 鐨剆vchost鍙嶆眹緙栫墖孌碉紝鍙浠ョ湅鍑簊vchost紼嬪簭榪樻槸寰堢畝鍗曠殑銆 涓誨嚱鏁伴栧厛璋冪敤ProcCommandLine()瀵瑰懡浠よ岃繘琛屽垎鏋愶紝鑾峰緱瑕佸惎鍔ㄧ殑鏈嶅姟緇勶紝鐒跺悗璋冪敤SvcHostOptions()鏌ヨ㈣ユ湇鍔$粍鐨勯夐」鍜屾湇鍔$粍鐨勬墍鏈夋湇鍔★紝騫朵嬌鐢ㄤ竴涓鏁版嵁緇撴瀯 svcTable 鏉ヤ繚瀛樿繖浜涙湇鍔″強鍏舵湇鍔$殑DLL錛岀劧鍚庤皟鐢≒repareSvcTable() 鍑芥暟鍒涘緩 SERVICE_TABLE_ENTRY 緇撴瀯錛屾妸鎵鏈夊勭悊鍑芥暟SERVICE_MAIN_FUNCTION 鎸囧悜鑷宸辯殑涓涓鍑芥暟FuncServiceMain()錛屾渶鍚庤皟鐢ˋPI StartServiceCtrlDispatcher() 娉ㄥ唽榪欎簺鏈嶅姟鐨勮皟搴﹀嚱鏁般 ; =============================== Main Funcion =======================================
.text:010010B8 public start .text:010010B8 start proc near .text:010010B8 push esi .text:010010B9 push edi .text:010010BA push offset sub_1001EBA ; lpTopLevelExceptionFilter .text:010010BF xor edi, edi .text:010010C1 call ds:SetUnhandledExceptionFilter .text:010010C7 push 1 ; uMode .text:010010C9 call ds:SetErrorMode .text:010010CF call ds:GetProcessHeap .text:010010D5 push eax .text:010010D6 call sub_1001142 .text:010010DB mov eax, offset dword_1003018 .text:010010E0 push offset unk_1003000 ; lpCriticalSection .text:010010E5 mov dword_100301C, eax .text:010010EA mov dword_1003018, eax .text:010010EF call ds:InitializeCriticalSection .text:010010F5 call ds:GetCommandLineW .text:010010FB push eax ; lpString .text:010010FC call ProcCommandLine .text:01001101 mov esi, eax .text:01001103 test esi, esi .text:01001105 jz short lab_doservice .text:01001107 push esi .text:01001108 call SvcHostOptions .text:0100110D call PrepareSvcTable .text:01001112 mov edi, eax ; SERVICE_TABLE_ENTRY returned .text:01001114 test edi, edi .text:01001116 jz short loc_1001128 .text:01001118 mov eax, [esi+10h] .text:0100111B test eax, eax .text:0100111D jz short loc_1001128 .text:0100111F push dword ptr [esi+14h] ; dwCapabilities .text:01001122 push eax ; int .text:01001123 call InitializeSecurity .text:01001128 .text:01001128 loc_1001128: ; CODE XREF: start+5Ej .text:01001128 ; start+65j .text:01001128 push esi ; lpMem .text:01001129 call HeapFreeMem .text:0100112E .text:0100112E lab_doservice: ; CODE XREF: start+4Dj .text:0100112E test edi, edi .text:01001130 jz ExitProgram .text:01001136 push edi ; lpServiceStartTable .text:01001137 call ds:StartServiceCtrlDispatcherW .text:0100113D jmp ExitProgram .text:0100113D start endp ; =============================== Main Funcion end =========================================== 鐢變簬svchost涓鴻ョ粍鐨勬墍鏈夋湇鍔¢兘娉ㄥ唽浜唖vchost涓鐨勪竴涓澶勭悊鍑芥暟錛屽洜姝ゆ瘡嬈″惎鍔ㄤ換浣曚竴涓鏈嶅姟鏃訛紝鏈嶅姟綆$悊鍣⊿CM閮戒細璋冪敤FuncServiceMain() 榪欎釜鍑芥暟銆傝繖涓鍑芥暟浣跨敤 svcTable 鏌ヨ㈣佸惎鍔ㄧ殑鏈嶅姟浣跨敤鐨凞LL錛岃皟鐢―LL瀵煎嚭鐨凷erviceMain()鍑芥暟鏉ュ惎鍔ㄦ湇鍔★紝鐒跺悗榪斿洖銆 ; ============================== FuncServiceMain() ===========================================
.text:01001504 FuncServiceMain proc near ; DATA XREF: PrepareSvcTable+44o .text:01001504 .text:01001504 arg_0 = dword ptr 8 .text:01001504 arg_4 = dword ptr 0Ch .text:01001504 .text:01001504 push ecx .text:01001505 mov eax, [esp+arg_4] .text:01001509 push ebx .text:0100150A push ebp .text:0100150B push esi .text:0100150C mov ebx, offset unk_1003000 .text:01001511 push edi .text:01001512 mov edi, [eax] .text:01001514 push ebx .text:01001515 xor ebp, ebp .text:01001517 call ds:EnterCriticalSection .text:0100151D xor esi, esi .text:0100151F cmp dwGroupSize, esi .text:01001525 jbe short loc_1001566 .text:01001527 and [esp+10h], esi .text:0100152B .text:0100152B loc_100152B: ; CODE XREF: FuncServiceMain+4Aj .text:0100152B mov eax, svcTable .text:01001530 mov ecx, [esp+10h] .text:01001534 push dword ptr [eax+ecx] .text:01001537 push edi .text:01001538 call ds:lstrcmpiW .text:0100153E test eax, eax .text:01001540 jz short StartThis .text:01001542 add dword ptr [esp+10h], 0Ch .text:01001547 inc esi .text:01001548 cmp esi, dwGroupSize .text:0100154E jb short loc_100152B .text:01001550 jmp short loc_1001566 .text:01001552 ; =================================================
.text:01001552 .text:01001552 StartThis: ; CODE XREF: FuncServiceMain+3Cj .text:01001552 mov ecx, svcTable .text:01001558 lea eax, [esi+esi*2] .text:0100155B lea eax, [ecx+eax*4] .text:0100155E push eax .text:0100155F call GetDLLServiceMain .text:01001564 mov ebp, eax ; dll ServiceMain Function address .text:01001566 .text:01001566 loc_1001566: ; CODE XREF: FuncServiceMain+21j .text:01001566 ; FuncServiceMain+4Cj .text:01001566 push ebx .text:01001567 call ds:LeaveCriticalSection .text:0100156D test ebp, ebp .text:0100156F jz short loc_100157B .text:01001571 push [esp+10h+arg_4] .text:01001575 push [esp+14h+arg_0] .text:01001579 call ebp .text:0100157B .text:0100157B loc_100157B: ; CODE XREF: FuncServiceMain+6Bj .text:0100157B pop edi .text:0100157C pop esi .text:0100157D pop ebp .text:0100157E pop ebx .text:0100157F pop ecx .text:01001580 retn 8 .text:01001580 FuncServiceMain endp ; sp = -8 ; ============================== FuncServiceMain() end ======================================== 鐢變簬svchost宸茬粡璋冪敤浜哠tartServiceCtrlDispatcher鏉ユ湇鍔¤皟搴﹀嚱鏁幫紝鍥犳ゆ垜浠鍦ㄥ疄鐜癉LL瀹炵幇鏃跺氨涓嶇敤浜嗭紝榪欎富瑕佹槸鍥犱負涓涓榪涚▼鍙鑳借皟鐢ㄤ竴嬈StartServiceCtrlDispatcher API銆備絾鏄闇瑕佺敤 RegisterServiceCtrlHandler 鏉ユ敞鍐屽搷搴旀帶鍒惰鋒眰鐨勫嚱鏁般傛渶鍚庢垜浠鐨凞LL鎺ユ敹鐨勯兘鏄痷nicode瀛楃︿覆銆 鐢變簬榪欑嶆湇鍔″惎鍔ㄥ悗鐢眘vchost鍔犺澆錛屼笉澧炲姞鏂扮殑榪涚▼錛屽彧鏄痵vchost鐨勪竴涓狣LL錛岃屼笖涓鑸榪涜屽¤℃椂閮戒笉浼氬幓HKEY_LOCAL_ NTCurrentVersionSvchost 媯鏌ユ湇鍔$粍鏄鍚﹀彉鍖栵紝灝辯畻鍘繪鏌ワ紝涔熶笉涓瀹氳兘鍙戠幇寮傚父錛屽洜姝ゅ傛灉娣誨姞涓涓榪欐牱鐨凞LL鍚庨棬錛屼吉瑁呯殑濂斤紝鏄姣旇緝闅愯斀鐨勩 4. 瀹夎呮湇鍔′笌璁劇疆 瑕侀氳繃svchost璋冪敤鏉ュ惎鍔ㄧ殑鏈嶅姟錛屽氨涓瀹氳佸湪HKEY_LOCAL_ NTCurrentVersionSvchost涓嬫湁璇ユ湇鍔″悕錛岃繖鍙浠ラ氳繃濡備笅鏂瑰紡鏉ュ疄鐜幫細 1錛 娣誨姞涓涓鏂扮殑鏈嶅姟緇勶紝鍦ㄧ粍閲屾坊鍔犳湇鍔″悕 2錛 鍦ㄧ幇鏈夌粍閲屾坊鍔犳湇鍔″悕 3錛 鐩存帴浣跨敤鐜版湁鏈嶅姟緇勯噷鐨勪竴涓鏈嶅姟鍚嶏紝浣嗘湰鏈烘病鏈夊畨瑁呯殑鏈嶅姟 4錛 淇鏀圭幇鏈夋湇鍔$粍閲岀殑鐜版湁鏈嶅姟錛屾妸瀹冪殑ServiceDll鎸囧悜鑷宸 鍏朵腑鍓嶄袱縐嶅彲浠ヨ姝e父鏈嶅姟浣跨敤錛屽備嬌鐢ㄧ1縐嶆柟寮忥紝鍚鍔ㄥ叾鏈嶅姟瑕佸壋寤烘柊鐨剆vchost榪涚▼錛涚2縐嶆柟寮忓傛灉璇ョ粍鏈嶅姟宸茬粡榪愯岋紝瀹夎呭悗涓嶈兘絝嬪埢鍚鍔ㄦ湇鍔★紝鍥犱負svchost鍚鍔ㄥ悗宸茬粡鎶婅ョ粍淇℃伅淇濆瓨鍦ㄥ唴瀛橀噷錛屽苟璋冪敤API StartServiceCtrlDispatcher() 涓鴻ョ粍鎵鏈夋湇鍔℃敞鍐屼簡璋冨害澶勭悊鍑芥暟錛屾柊澧炲姞鐨勬湇鍔′笉鑳藉啀娉ㄥ唽璋冨害澶勭悊鍑芥暟錛岄渶瑕侀噸璧瘋$畻鏈烘垨鑰呰ョ粍鐨剆vchost榪涚▼銆傝屽悗涓ょ嶅彲鑳借鍚庨棬浣跨敤錛屽挨鍏舵槸鏈鍚庝竴縐嶏紝娌℃湁娣誨姞鏈嶅姟錛屽彧鏄鏀逛簡娉ㄥ唽琛ㄩ噷涓欏硅劇疆錛屼粠鏈嶅姟綆$悊鎺у埗鍙板張鐪嬩笉鍑烘潵錛屽傛灉浣滀負鍚庨棬榪樻槸寰堥殣钄界殑銆傛瘮濡侲ventSystem鏈嶅姟錛岀己鐪佹槸鎸囧悜es.dll錛屽傛灉鎶奡erviceDll鏀逛負EventSystem.dll灝卞緢闅懼彂鐜般 鍥犳ゆ湇鍔$殑瀹夎呴櫎浜嗚皟鐢–reateService()鍒涘緩鏈嶅姟涔嬪栵紝榪橀渶瑕佽劇疆鏈嶅姟鐨凷erviceDll錛屽傛灉浣跨敤鍓2縐嶈繕瑕佽劇疆svchost鐨勬敞鍐岃〃閫夐」錛屽湪鍗歌澆鏃朵篃鏈濂藉垹闄ゅ炲姞鐨勯儴鍒嗐 娉錛 ImagePath 鍜孲erviceDll 鏄疎xpandString涓嶆槸鏅閫氬瓧絎︿覆銆傚洜姝ゅ傛灉浣跨敤.reg鏂囦歡瀹夎呮椂瑕佹敞鎰忋 5. DLL鏈嶅姟瀹炵幇 DLL紼嬪簭鐨勭紪鍐欐瘮杈冪畝鍗曪紝鍙瑕佸疄鐜頒竴涓猄erviceMain()鍑芥暟鍜屼竴涓鏈嶅姟鎺у埗紼嬪簭錛屽湪ServiceMain()鍑芥暟閲岀敤RegisterServiceCtrlHandler()娉ㄥ唽鏈嶅姟鎺у埗紼嬪簭錛屽苟璁劇疆鏈嶅姟鐨勮繍琛岀姸鎬佸氨鍙浠ヤ簡銆 鍙﹀栵紝鍥犱負姝ょ嶆湇鍔$殑瀹夎呴櫎浜嗘e父鐨凜reateService()涔嬪栵紝榪樿佽繘琛屽叾浠栬劇疆錛屽洜姝ゆ渶濂藉疄鐜板畨瑁呭拰鍗歌澆鍑芥暟銆 涓轟簡鏂逛究瀹夎咃紝瀹炵幇鐨勪唬鐮佹彁渚涗簡InstallService()鍑芥暟榪涜屽畨瑁咃紝榪欎釜鍑芥暟鍙浠ユ帴鏀舵湇鍔″悕浣滀負鍙傛暟錛堝傛灉涓嶆彁渚涘弬鏁幫紝灝變嬌鐢ㄧ己鐪佺殑iprip錛夛紝濡傛灉瑕佸畨瑁呯殑鏈嶅姟涓嶅湪svchost鐨刵etsvcs緇勯噷瀹夎呭氨浼氬け璐ワ紱濡傛灉瑕佸畨瑁呯殑鏈嶅姟宸茬粡瀛樺湪錛屽畨瑁呬篃浼氬け璐ワ紱瀹夎呮垚鍔熷悗紼嬪簭浼氶厤緗鏈嶅姟鐨凷erviceDll涓哄綋鍓岲ll銆傛彁渚涚殑UninstallService()鍑芥暟錛屽彲浠ュ垹闄や換浣曞嚱鏁拌屾病鏈夎繘琛屼換浣曟鏌ャ 涓轟簡鏂逛究浣跨敤rundll32.exe榪涜屽畨瑁咃紝榪樻彁渚涗簡RundllInstallA()鍜孯undllUninstallA()鍒嗗埆璋冪敤InstallService()鍙奤ninstallService()銆傚洜涓簉undll32.exe浣跨敤鐨勫嚱鏁板師鍨嬫槸錛 void CALLBACK FunctionName( HWND hwnd, // handle to owner window HINSTANCE hinst, // instance handle for the DLL LPTSTR lpCmdLine, // string the DLL will parse int nCmdShow // show state ); 瀵瑰簲鐨勫懡浠よ屾槸rundll32 DllName,FunctionName [Arguments] DLL鏈嶅姟鏈韜鍙鏄鍒涘緩涓涓榪涚▼錛岃ョ▼搴忓懡浠よ屽氨鏄鍚鍔ㄦ湇鍔℃椂鎻愪緵鐨勭涓涓鍙傛暟錛屽傛灉鏈鎸囧畾灝變嬌鐢ㄧ己鐪佺殑svchostdll.exe銆傚惎鍔ㄦ湇鍔℃椂濡傛灉鎻愪緵絎浜屼釜鍙傛暟錛屽壋寤虹殑榪涚▼灝辨槸鍜屾岄潰浜や簰鐨勩傚共鎺塖vchost.exe榪涚▼錛 1.閿欒鐨勮В鍐蟲柟娉曟弿榪 褰撴垜浠鎸変笅Alt+Ctrl+Del鎵撳紑浠誨姟綆$悊鍣錛屽彂鐜拌繘紼嬩腑鍑虹幇澶氫釜Svchost.exe錛屽垯琛ㄦ槑緋葷粺涓姣掞紝鎴戜滑棣栧厛灝嗘墍鏈夌殑Svchost緇撴潫鎺夛紝鐒跺悗浣跨敤鐩稿叧鐨勬潃姣掑伐鍏鋒煡鏉鐥呮瘨銆 娉: 2003騫寸殑澶忓ぉ,鈥滃啿鍑繪嘗鈥濈棶姣掓í琛岀殑鏃跺欐湁涓縐嶈存硶灝辨槸Svchost.exe閮芥槸鐥呮瘨錛屼竴鐪嬪埌灝辮佸垹闄ゃ傝繖縐嶈存硶璁╃數鑴戠敤鎴蜂漢蹇冩兌鎯訛紝鍥犱負姣忎釜浣跨敤 Windows XP緋葷粺鐨勭敤鎴峰湪鎸夌収鏂囩珷涓浠嬬粛鐨勬鏌ユ湁鏃燬vchost.exe鐨勬柟娉曢兘鍙浠ユ壘鍒板嚑涓猄vchost.exe榪涚▼銆 鏈夊叧Svchost.exe璇﹁侊細 http://forum.ikaka.com/topic.asp?board=3&artid=6087605 2.鏂規堢敱鏉ュ強鍚庢灉 鍦ㄥ緢澶氫漢鐨勫嵃璞′腑錛屾瘡涓搴旂敤紼嬪簭涓鑸鍙瀵瑰簲涓涓榪涚▼錛屽俀Q瀵瑰簲QQ.EXE榪涚▼銆佽頒簨鏈瀵瑰簲notepad.exe榪涚▼絳夈傛墍浠ュ綋鐪嬪埌緋葷粺鏈夊氫釜鍚屾牱鍚嶅瓧鐨勮繘紼嬫椂錛屾繪槸浼氬皢鍏惰仈鎯充負鐥呮瘨鎴栬呮湪椹紼嬪簭鍦ㄤ綔鎬銆傚傛灉涓嶅姞鎬濈儲錛岄噹錏鐨勫皢鍏朵腑鐨勬煇浜汼vchost.exe榪涚▼緇撴潫鎺夛紝浼氳╃郴緇熺殑榪愯屽彉寰椾笉紼沖畾銆 3.姝g『鐨勮В鍐沖姙娉 Windows 榪涚▼鍒嗕負鐙絝嬭繘紼嬪拰鍏變韓榪涚▼涓ょ嶏紝Svchost.exe灞炰簬鍚庤呫俉indows XP涓轟簡鑺傜害緋葷粺璧勬簮錛屽皢寰堝氫釜緋葷粺鏈嶅姟鍋氫負鍏變韓鏂瑰紡鐢盨vchost.exe鏉ュ惎鍔ㄣ係vchost鏈韜鍙鏄浣滀負鏈嶅姟瀹誇富錛屽苟涓嶈兘瀹炵幇浠諱綍鏈嶅姟鍔熻兘錛 svchost閫氳繃璋冪敤鐩稿簲鏈嶅姟鐨勫姩鎬侀摼鎺ュ簱錛圖LL錛夋潵鍚鍔ㄨユ湇鍔★紝鑰學indows灝嗚繖浜涙湇鍔″垎涓哄嚑涓緇勶紝鍚岀粍鐨勬湇鍔″叡浜涓涓猄vchost榪涚▼錛屼笉鍚岀殑緇勬墍鎸囧悜鐨凷vchost涓嶅悓銆傞氬父鎯呭喌涓嬶紝Windows XP鏈4涓鐢盨vchost鍚鍔ㄧ殑鏈嶅姟緇勶紝涔熷氨鏄璇碬indows XP緋葷粺涓鑸鏈4涓猄vchost.exe榪涚▼銆傚綋鐒舵煇浜涘簲鐢ㄧ▼搴忔垨鏈嶅姟涔熸湁鍙鑳戒細璋冪敤Svchost錛屾墍浠ュ綋浣犵湅鍒扮郴緇熶腑鏈夊氫綑4涓鐨 Svchost.exe榪涚▼錛屼篃涓嶈佺洸鐩鍒ゆ柇緋葷粺涓浜嗙棶姣掋傚疄闄呬笂Svchost.exe榪涚▼鐨勪釜鏁拌窡鏄鍚︿腑姣掓棤鐩存帴鍏崇郴銆 灝忔彁紺猴細 鈽 絎旇呭仛浜嗕笅闈涓涓闈炲父鏈夎叮鐨勬祴璇曪細鎵撳紑浠誨姟綆$悊鍣錛屽垏鎹㈠埌鈥滆繘紼嬧濋夐」鍗★紝棣栧厛鎵嬪姩緇撴潫鎺夌敱涓婂埌涓嬬殑絎涓変釜Svchost.exe榪涚▼錛岀粨鏉熷畬鍚庣郴緇熶細椹涓婇噸鏂板緩絝嬭ヨ繘紼嬶紝鎺ヤ笅鏉ユ垜浠鎵嬪姩緇撴潫鎺夌敱涓婂埌涓嬬殑鏈鍚庝竴涓猄vchost.exe榪涚▼錛岀郴緇熶細鍑虹幇涓涓綾諱技涓浜嗗啿鍑繪嘗鐥呮瘨鐨勫硅瘽紿楀彛錛屽苟鍊掕℃椂鍏蟲満錛岃繖鏄鐢變簬璇Svchost.exe榪涚▼寮曞糝PC鏈嶅姟錛岀粓姝㈣ヨ繘紼嬪垯瀵艱嚧RPC鏈嶅姟涓鏂錛岀郴緇熻嚜鐒朵細閲嶆柊鍚鍔ㄤ簡銆 鈽匴indows 2000涓涓鑸鏈変袱涓猄vchost.exe榪涚▼錛學indows Server 2003鍒欓潪甯稿氾紝涓鑸鏈6涓銆 鏃㈢劧緋葷粺涓璖vchost.exe榪涚▼鏁頒笌鏄鍚︿腑姣掓棤鍏籌紝鎴戜滑絀剁珶濡備綍鍖哄埆姝e父鐨勫拰鐥呮瘨浼閫犵殑Svchost榪涚▼鍛錛 鎴戜滑鍙浠ヤ嬌鐢ㄤ笅闈涓ょ嶆柟娉曟潵閴村埆錛 鏂規硶涓錛 鍦ㄧ郴緇熸墍鍦ㄥ垎鍖鴻繘琛屾悳緔錛屽傛灉鍙戠幇澶氫釜Svchost.exe鏂囦歡錛屽垯緋葷粺寰堟湁鍙鑳戒腑姣掋傛e父鐨凷vchost.exe浣嶄簬%windir%\\ system32鐩褰曚笅錛屽傛灉鍙戠幇鍏跺畠鐩褰曚腑鏈塖vchost.exe鏂囦歡錛屼綘灝辮佸皬蹇冧簡銆備緥濡傚啿鍑繪嘗鐨勫彉縐峎in32.Welchia.Worm浼氬湪% windir%\\system32\\wins鐩褰曠嶄笅Svchost.exe鏂囦歡銆 鏂規硶浜岋細 瀵熺湅Svchost.exe榪涚▼瀵瑰簲鏂囦歡鐨勮礬寰勩 Windows XP鑷甯︾殑浠誨姟綆$悊鍣ㄤ腑鏃犳硶瀵熺湅錛屾垜浠闇瑕佸熷姪絎涓夋柟宸ュ叿錛屼緥濡俉indows浼樺寲澶у笀鑷甯︾殑榪涚▼綆$悊宸ュ叿錛岃繍琛屽畠鍚庡畾浣嶅埌Svchost.exe榪涚▼錛屽彲浠ョ湅鍒板畠瀵瑰簲鐨勮繍琛屾枃浠剁殑鐪熷疄璺寰勩 灝忔彁紺猴細 鈽呬笉灝戞湪椹紼嬪簭浼氶噰鐢ㄥ皢鑷宸變吉瑁呮垚璺熷父瑙佽繘紼嬬浉浼肩殑鏂囦歡鍚嶆垨鑰呯浉鍚岀殑鏂囦歡鍚嶄絾鎵╁睍鍚嶄笉鐩稿悓錛屽傛灉浣犲湪浠誨姟綆$悊鍣ㄤ腑鐪嬪埌Scvhost.exe銆丼vch0st.exe絳夎繘紼嬶紝鑲瀹氭湁鏈ㄩ┈宸茬粡妞嶅叆浣犵殑緋葷粺銆 鈽 寰堝氭湅鍙嬪湪鏌ョ湅CPU鍗犵敤鐜囨椂錛屼竴涓鍙鍋氣淪ystem Idle Process鈥濈殑榪涚▼甯稿父浼氭樉紺轟負90-99%銆備笉蹇呮媴蹇冿紝瀹為檯涓婃伆鎮扮浉鍙嶇殑鏄榪欓噷鐨90-99%鏄疌PU璧勬簮絀洪棽浜嗗嚭鏉ョ殑璧勬簮銆傝繖閲岀殑鏁板瓧
Ⅱ oracle 存儲過程提示這是生成的提示ORA-00933: SQL 命令未正確結束 生成的在 在pL/sql下正常運行
正常,你的存儲過程中的sql語句不正確