老石头 - 2005-9-16 16:20:00
工具软件俱已下了,但在安全模式下用dllcompare并未扫出多余.exe文件,日志如下:
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\Total of file sizes: 282,330,047 bytes 269.25 M
________________________________________________
1,430 items found: 1,430 files, 0 directories.
Administrator Account = True
--------------------End log---------------------
但用ravsdbot专杀工具,查出在c:\WINDOWS\SYSTEM32\RDRIV.SYS及.......\a0100855.sys中发现该病毒。
老石头 - 2005-9-16 16:42:00
补充:欲用icesword.exe杀.sys文件,提示“程序初始化失败”,而该在别的电脑中能正常运行。
baohe - 2005-9-16 16:47:00
| 引用: |
【老石头的贴子】工具软件俱已下了,但在安全模式下用dllcompare并未扫出多余.exe文件,日志如下:
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\Total of file sizes: 282,330,047 bytes 269.25 M
________________________________________________
1,430 items found: 1,430 files, 0 directories.
Administrator Account = True
--------------------End log---------------------
但用ravsdbot专杀工具,查出在c:\WINDOWS\SYSTEM32\RDRIV.SYS及.......\a0100855.sys中发现该病毒。
........................... |
提醒你考虑一个问题:
RDRIV.SYS及a0100855.sys在c:\WINDOWS\SYSTEM32\下,其同伙.exe未必一定在c:\WINDOWS\SYSTEM32\下。干吗放到一起,让人“一锅端”呢?你说是不是。请改变DLLCOMPARE的扫描路径(从C:\扫起,包括次级文件夹)。
© 2000 - 2026 Rising Corp. Ltd.