瑞星卡卡安全论坛

最近瑞星监控查出了名为worm.mytob.js的病毒,但总是杀毒失败,请教如何解决?

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

以下为日志,麻烦大哥帮我看一下!

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll

+ MiniPcastStart&Update Podcast Bar Mini1000 Oaks Inc.c:\program files\pcast\podcastbarmini\start.exe

+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RealTrayRealPlayer PlusRealNetworks, Inc.c:\program files\real\realplayer\realplay.exe

+ WINRUNc:\windows\system32\taskgmr32.exe

+ YDTMain.exeFile not found: C:\PROGRA~1\YDT\YDTMain.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ DrvMon.exeDrive MonitorAlcor Micro, Corp.c:\windows\system32\drvmon.exe

+ WINRUNc:\windows\system32\taskgmr32.exe

HKLM\System\CurrentControlSet\Services

+ DM1ServiceDM1Servis ModuleOLYMPUS Corporationc:\program files\olympus\devicedetector\dm1service.exe

+ P4P ServiceSogou P4P ServiceSohu.com Inc.c:\program files\p4p\p2psvr.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ CPub ObjectIE MonitorSohu.com Inc.c:\program files\p4p\sodaie.dll

+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll

+ IeCatch2 Classjccatch ModuleAmaze Softc:\program files\flashget\jccatch.dll

+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbar.dll捜狗直通车Sohu.com Inc.c:\program files\p4p\toolbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softc:\program files\flashget\fgiebar.dll

+ toolbar.dll捜狗直通车Sohu.com Inc.c:\program files\p4p\toolbar.dll

+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll

+ 一搜YiSou ToolBar 3721c:\program files\yisou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ @shdoclc.dll,-864c:\windows\web\related.htm

+ SoQFile not found: http://www.soq.com

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 播霸电视File not found: http://itv.mop.com

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 上网助手File not found: http://assistant.3721.com/index.htm?fb=Cns

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=U_3721_assist

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://hot.3721.com/rd/shop_btn.htm

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ C:\WINDOWS\System32\SoDAHK.DLLSODA Libraryc:\windows\system32\sodahk.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ MiniPcastStart&Update Podcast Bar Mini1000 Oaks Inc.c:\program files\pcast\podcastbarmini\start.exe

+ WINRUNc:\windows\system32\taskgmr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ WINRUNc:\windows\system32\taskgmr32.exe

删除启动项
重启
删除相应的文件

这几个文件删除后重启又出现了,瑞星监控也再次报有病毒,老兄,我应该怎么办?

先autoruns删除启动项
重启
再删除文件

注意操作步骤

我也遇到同样的问题。

不行啊,删除后一重启又出现了!

关闭XP系统还原，杀毒完后
先autoruns删除启动项
重启
再删除文件试试