服务器上发现可疑进程hdms.exe,pid5864,用户名为system,以前从未发现,怀疑是病毒。不过不论我在百度还是google搜索,相关的介绍都不多,其中瑞星卡卡文件诊所http://file.ikaka.com/Info/FileInfo.aspx?FileID=5542837&FileMD5=099F171B77ADB9BA77A4776A079E66C3对其做了简单的说明,不过可靠性仍然得不到证实。
英文网站http://www.prevx.com/filenames/X2121403764506362129-X1/HDMS%2EEXE.html也有相关介绍:
The Process is packed and/or encrypted using a software packing processHDMS.EXE has been the subject of the following behavior:Added as a Registry auto start to load Program on Boot up
;
标签: