以后互不打扰各自安好:可疑进程wgareg.exe，谁知道？？

8月13号15：42分，防火墙提示说wgareg.exe要访问网络。

路径在c:\winnnt\system32,必须显示受保护的操作系统文件，才能看到它！

google了一下，只能找到一个网址www.wgareg.org。但找不到任何关于它的进程信息。拿瑞星分析了一下，却说不是病毒。请大虾帮忙，我该怎么办，该怎么分析这个进程？
我找到了，总算明白为什么所有人都是在今天中了wgareg：

http://www.f-secure.com/weblog/

Sunday, August 13, 2006
IRC bot exploits the 5-day old MS-06040 vulnerability Posted by Mikko @ 08:23 GMT

wgareg.exe
Hopefully everybody followed the advice we gave five days ago.
http://www.f-secure.com/weblog/archives/archive-082006.html#00000944
We've just located the first bot exploiting one the remote code execution vulnerabilities patched in last Tuesday's patch set by Microsoft.

The bot, known as Mocbot aka Backdoor.Win32.IRCBot.st is apparently only able to spread to Windows 2000 and perhaps to Windows XP SP1 computers.

Our update 2006-08-13_01 detects this bot.

The bot connects to IRC servers at:

bbjj.househot.com:18067
ypgw.wallloan.com:18067

Network admins might want to monitor connection attempts to those hosts from within their network.

More info on the MS06-040 vulnerability.
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx