老大:这么多木马怎么办啊.查出来了请看 bbs.ikaka.com

黑皮 - 2005-10-18 11:26:00

Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 42883
Number of viruses found: 8
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 2313 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\ntdll32.dll Infected: Trojan-Spy.Win32.Agent.gd
C:\WINDOWS\system32\SVCH0ST.EXE.malicious Infected: Trojan-Spy.Win32.Agent.ei
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E080000.VBN Infected: Virus.Win32.FunLove.4070
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E080002.VBN Infected: Trojan.VBS.Starter.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B080000.VBN Infected: Virus.Win32.FunLove.4070
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B080001.VBN Infected: Virus.Win32.FunLove.4070
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B080002.VBN Infected: Trojan.VBS.Starter.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B080003.VBN Infected: Trojan.VBS.Starter.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: Trojan-PSW.Win32.Lineage.nd
C:\Documents and Settings\cr\Local Settings\Temporary Internet Files\Content.IE5\CDE305QJ\young[1].css Infected: Trojan-Downloader.Win32.Delf.ho
C:\Documents and Settings\cr\Local Settings\Temporary Internet Files\Content.IE5\IDK3Q9WP\young[1].gif Infected: Exploit.VBS.Phel.bc
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0010495.exe Infected: Trojan-Downloader.Win32.Delf.ho
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0010522.exe Infected: Trojan-PSW.Win32.Lmir.ana
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0010523.exe/EXE-file Infected: Trojan-PSW.Win32.Lineage.nd
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0010523.exe/EXE-file Infected: Trojan-Spy.Win32.Agent.ei
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0010523.exe Infected: Trojan-Spy.Win32.Agent.ei
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0015546.EXE Infected: Trojan-Spy.Win32.Agent.ei
C:\System Volume Information\_restore{7945157A-429D-4F24-B74B-0EDEA251AC42}\RP45\A0015547.exe Infected: Trojan-Spy.Win32.Agent.ei

Scan process completed.

怎么搞死它们啊,请给建议

baohe - 2005-10-18 11:31:00

【回复“黑皮”的帖子】
C:\WINDOWS\system32\SVCH0ST.EXE——这个是活的。请将此文件打包，发到：baohelin@yahoo.com.cn

其它的，有的被诺顿隔离了；有的是在系统还原文件夹中（关闭系统还原，清空系统还原文件夹即可）。

黑皮 - 2005-10-18 11:33:00

哦 ,好的，吗的还是活的
晕死

老大我下午发给你,现在在查病毒,系统慢

吃饭去了~~

祝老大青春长驻~~

武装 - 2005-10-18 12:30:00

引用:

【baohe的贴子】【回复“黑皮”的帖子】
C:\WINDOWS\system32\SVCH0ST.EXE——这个是活的。请将此文件打包，发到：baohelin@yahoo.com.cn

其它的，有的被诺顿隔离了；有的是在系统还原文件夹中（关闭系统还原，清空系统还原文件夹即可）。
...........................

请问，怎么清空系统还原文件夹？能教我下吗？

武装 - 2005-10-18 12:51:00

大家倒是回个话~~

瑞星卡卡安全论坛