瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 中了灰鸽子2005,求助!【求助】【在线等】
891023 - 2005-8-2 9:00:00
原先查出来只有3个,现在装了瑞星防火墙之后有64个,已清除,不知道影不影响察看
以下是日志:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      8:57:37, 日期 2005-8-2
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)
O23 - NT 服务:  - Unknown owner - C:\WINDOWS\SVCHOST.EXE
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - NT 服务: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

命运里の金色 - 2005-8-2 9:09:00
O23 - NT 服务: - Unknown owner - C:\WINDOWS\SVCHOST.EXE
请参考http://forum.ikaka.com/topic.asp?board=28&artid=6202404
晚秋红枫 - 2005-8-2 9:11:00
这是什么啊  ???
看不懂!
891023 - 2005-8-2 9:13:00
有这么多,10个啊。就1个就可以了?
baohe - 2005-8-2 9:17:00
【回复“891023”的帖子】
修复所有O1项。
O23 - NT 服务: - Unknown owner - C:\WINDOWS\SVCHOST.EXE
灰鸽子。
891023 - 2005-8-2 9:17:00
开始-运行里输入regedit,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名
这个?老大?

附件: 55061520058291716.jpg
891023 - 2005-8-2 9:20:00
是这个吗,感谢老大帮助

附件: 55061520058292024.jpg
baohe - 2005-8-2 9:20:00
引用:
【891023的贴子】开始-运行里输入regedit,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名
这个?老大?
...........................

你变通一下。
在注册表中搜索包含C:\WINDOWS\SVCHOST.EXE的注册表项,找到后删除(删左栏中的整个注册表项)
Mestoration - 2005-8-2 9:20:00
就是那个什么都没有的主键:
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ ]
891023 - 2005-8-2 9:21:00
HELP~
baohe - 2005-8-2 9:22:00
引用:
【891023的贴子】是这个吗,感谢老大帮助
...........................

对!把对应于此的左栏中的那个注册表项整个删掉。
891023 - 2005-8-2 9:24:00
(删左栏中的整个注册表项)????
services整个?

附件: 55061520058292450.jpg
891023 - 2005-8-2 9:26:00
引用:
【Mestoration的贴子】就是那个什么都没有的主键:
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ ]
...........................

不是那里啊。是HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001里面
Mestoration - 2005-8-2 9:30:00
别把SERVICES整个都删了。
删那个空的项:

附件: 47835320058293013.GIF
891023 - 2005-8-2 9:32:00
病毒在HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services里,而不是像你们所说的HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet里面,怎么回事

附件: 55061520058293243.BMP
891023 - 2005-8-2 9:34:00
删除了,接下来呢
891023 - 2005-8-2 9:37:00
接下来重启系统,在“文件夹选项”的“查看”面板中勾选“显示系统文件”、“显示所有的文件和文件夹”两项,点击“确定”按钮。然后在WINNT下寻找病毒文件windows.exe,windows.dll,windows_Hook.dll,windowskey.dll能找到的都删除
这是转来的,那我该查找什么名字?SVCHOST.EXE?就一个?有好多啊
Mestoration - 2005-8-2 9:40:00
O1 - Hosts: 210.51.170.58 www.tangent.com.cn #0
O1 - Hosts: 61.152.251.186 sh.001sm.com #0
O1 - Hosts: 202.108.43.71 555.biz178.com #0
O1 - Hosts: 216.122.59.178 www.array.com #0
O1 - Hosts: 218.5.72.126 search.btchina.net #0
O1 - Hosts: 221.224.25.138 www.asus.com.cn #0
O1 - Hosts: 211.133.251.27 ciel.oheya.to #0
O1 - Hosts: 220.181.29.17 reg4.163.com #0
O1 - Hosts: 219.153.7.54 www.qq888.net #0
O1 - Hosts: 216.221.188.182 wao.gotdns.com #0
O1 - Hosts: 218.17.224.169 www.51nb.com #0
O1 - Hosts: 61.152.104.157 www.jifenglu.com #0
O1 - Hosts: 202.123.169.206 www.jnc-digital.com #0
O1 - Hosts: 218.201.44.170 www1.myst.cn #0
O1 - Hosts: 61.55.138.187 pop.pcpop.com #0
O1 - Hosts: 210.22.12.50 www.plc.com.cn #0
O1 - Hosts: 195.225.148.100 www.spymac.com #0
O1 - Hosts: 218.30.103.84 www.0xing.com #0
O1 - Hosts: 211.151.228.14 www.114.com.cn #0
O1 - Hosts: 192.67.198.6 181.cauhei.com #0
O1 - Hosts: 210.51.12.51 www.ttjj.com #0
O1 - Hosts: 202.43.217.94 music.yisou.com #0
O1 - Hosts: 202.197.75.219 www.download.qgzxol.com #0
O1 - Hosts: 61.153.3.109 www.cnhaha.com #0
O1 - Hosts: 218.108.248.102 home.sunbo.com #0
O1 - Hosts: 218.5.76.60 www.chinabt.cn #0
O1 - Hosts: 211.144.133.3 888.aaawww.cn #0
O1 - Hosts: 61.184.240.118 www.yes9999.com #0
O1 - Hosts: 210.73.195.60 www.vchinese.com #0
O1 - Hosts: 211.147.5.71 www.ccppg.com.cn #0
O1 - Hosts: 61.155.107.13 www.blogcn.com #0
O1 - Hosts: 61.159.46.66 www.0-100.com.cn #0
O1 - Hosts: 61.172.201.228 tech.sina.com.cn #0
O1 - Hosts: 220.181.24.200 www.phoenixtv.com #0
O1 - Hosts: 218.1.64.151 218.1.64.151 #0
O1 - Hosts: 61.139.8.39 m2.yhsbsc.com #0
O1 - Hosts: 218.92.243.175 vod.ntdoor.com #0
O1 - Hosts: 61.175.198.70 www.bigsun.com.cn #0
O1 - Hosts: 61.152.104.107 www.cnlineage2.com #0
O1 - Hosts: 219.136.244.114 dlc.pconline.com.cn #0
O1 - Hosts: 211.147.7.182 club.beareyes.com.cn #0
O1 - Hosts: 61.172.201.231 astro.sina.com.cn #0
O1 - Hosts: 61.135.152.12 forum.tech.sina.com.cn #0
O1 - Hosts: 202.27.17.241 www.zaobao.com #0
O1 - Hosts: 216.168.224.63 www.ewnc.net #0
O1 - Hosts: 202.101.42.63 www.zjhzzq.com #0
O1 - Hosts: 61.151.248.18 www.rongshuxia.com #0
O1 - Hosts: 216.168.224.63 www.pshappy.com #0
O1 - Hosts: 202.101.43.174 www.youde.com #0
===============================================
先把这几项修复再说。
891023 - 2005-8-2 9:56:00
怎么修复?
891023 - 2005-8-2 9:59:00
我用WINDOWS搜索找到这些。是吗?总觉得好少啊

附件: 55061520058295902.jpg
Mestoration - 2005-8-2 9:59:00
选上后点“修复”,
——?是不是连那个023项都没修复?
891023 - 2005-8-2 10:00:00
倒~要修复啊
891023 - 2005-8-2 10:02:00
怎么没全选的啊,累人啊
Mestoration - 2005-8-2 10:02:00
C:\WINDOWS\的svchost.exe删了就行
891023 - 2005-8-2 10:09:00
023修复不了,修了没用
我被弄糊涂了,怎样才算杀掉啊……
891023 - 2005-8-2 10:12:00
C:\WINDOWS\sys....32\svchost.exe
删不掉,磁盘未满写保护

附件: 550615200582101208.jpg
891023 - 2005-8-2 10:20:00
删除不了,我再用杀毒软件查杀出2个
随便问下,怎么进安全模式

附件: 550615200582102057.jpg
891023 - 2005-8-2 10:25:00
现在用HijackThis查有
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O12 - IE插件,支持文件类型.UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
没有显示灰鸽子的那G什么的
1
查看完整版本: 中了灰鸽子2005,求助!【求助】【在线等】
© 2000 - 2026 Rising Corp. Ltd.