祥瑞星空 - 2006-2-21 23:07:00
瑞星杀不掉这个木马Trojan.Rootkit.Vanti.bw
从新启动后还是有,怎么办啊?
紧急求助!!!谢谢了!
情以相忘 - 2006-2-22 0:00:00
累啊 用HijackThis扫日志啊 发上来 今天晚上我都喊了n遍了
祥瑞星空 - 2006-2-22 0:25:00
谢谢阿!!!这是扫描的日志
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 0:23:00, on 2006-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
e:\Program Files\P4P\p2psvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.exe
E:\Program Files\Maxthon\maxthon.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\rising\Rav\Rav.exe
E:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\HijackThis.exe
R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - e:\Program Files\P4P\ToolBar.dll
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - e:\Program Files\P4P\sodaie.dll
O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - e:\Program Files\P4P\ToolBar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - e:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - Toolbar: ????? - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - E:\PROGRA~1\SINA\UC\UCddt\DDTONG~1.DLL
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai\ThunderMini\geturl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用搜狗直通车下载 - e:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用新浪下载助手下载 - E:\PROGRA~1\SINA\UC\UCddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用超级解霸播放 - e:\Program Files\Herosoft\Hero 9\MPURLGET.HTM
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 发送图片到手机 - e:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\system32\fmrsslink.dll/201
O8 - Extra context menu item: 添加到广告猎手 - E:\Program Files\mxie\config/blacklist.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: SoQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://tomatolei.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAEF8136-820B-46F5-9EB3-D5B85ABF3A65}: NameServer = 202.99.96.68 202.99.64.69
情以相忘 - 2006-2-22 0:34:00
C:\WINDOWS\system32\RUNDLL32.exe
E:\Program Files\Maxthon\maxthon.exe
C:\WINDOWS\system32\RUNDLL32.exe
这其中的rundll32.exe好象有问题
还有啊 你的日志就这些??不全吧.你把剩下的也贴出来啊
祥瑞星空 - 2006-2-22 0:35:00
谢谢!!全阿!!
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 0:34:57, on 2006-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
e:\Program Files\P4P\p2psvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.exe
E:\Program Files\Maxthon\maxthon.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\rising\Rav\Rav.exe
E:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\HijackThis.exe
R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - e:\Program Files\P4P\ToolBar.dll
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - e:\Program Files\P4P\sodaie.dll
O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - e:\Program Files\P4P\ToolBar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - e:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - Toolbar: ????? - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - E:\PROGRA~1\SINA\UC\UCddt\DDTONG~1.DLL
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到广告猎手 - E:\Program Files\mxie\config/blacklist.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: SoQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://tomatolei.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAEF8136-820B-46F5-9EB3-D5B85ABF3A65}: NameServer = 202.99.96.68 202.99.64.69
祥瑞星空 - 2006-2-22 0:37:00
我刚才自己清理了一些了 比刚才的日志还少 我用的是精简版的xp
情以相忘 - 2006-2-22 0:38:00
没有nt服务
如下:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
情以相忘 - 2006-2-22 0:42:00
正常系统启动以后不需要运行rundll32.exe这个程序 不开窗口的情况下(不包括精简的)系统进程在25左右
祥瑞星空 - 2006-2-22 0:44:00
以前都运行rundll32.exe这个程序,就是昨天才中毒的
情以相忘 - 2006-2-22 0:46:00
你以前rundll32.exe用来作什么 怎么启动的 你看一下服务里边 找找rundll32.exe 后边加载什么了?
祥瑞星空 - 2006-2-22 0:55:00
已启动服务:
服务名:6to4 显示名:IPv6 Helper Service
服务名:AudioSrv 显示名:Windows Audio
服务名:BITS 显示名:Background Intelligent Transfer Service
服务名:Browser 显示名:Computer Browser
服务名:CryptSvc 显示名:Cryptographic Services
服务名:DcomLaunch 显示名:DCOM Server Process Launcher
服务名:Dhcp 显示名:DHCP Client
服务名:dmserver 显示名:Logical Disk Manager
服务名:Dnscache 显示名:DNS Client
服务名:EventSystem 显示名:COM+ Event System
服务名:lanmanserver 显示名:Server
服务名:lanmanworkstation 显示名:Workstation
服务名:Netman 显示名:Network Connections
服务名:Nla 显示名:Network Location Awareness (NLA)
服务名:P4P Service 显示名:P4P Service
服务名:PlugPlay 显示名:Plug and Play
服务名:ProtectedStorage 显示名:Protected Storage
服务名:RasMan 显示名:Remote Access Connection Manager
服务名:RfwService 显示名:Rising Personal Firewall Service
服务名:RpcSs 显示名:Remote Procedure Call (RPC)
服务名:RsCCenter 显示名:Rising Process Communication Center
服务名:RsRavMon 显示名:RsRavMon Service
服务名:SamSs 显示名:Security Accounts Manager
服务名:SENS 显示名:System Event Notification
服务名:SharedAccess 显示名:Windows Firewall/Internet Connection Sharing (ICS)
服务名:ShellHWDetection 显示名:Shell Hardware Detection
服务名:SSDPSRV 显示名:SSDP Discovery Service
服务名:stisvc 显示名:Windows Image Acquisition (WIA)
服务名:TapiSrv 显示名:Telephony
服务名:TermService 显示名:Terminal Services
服务名:Themes 显示名:Themes
服务名:UMWdf 显示名:Windows User Mode Driver Framework
服务名:W32Time 显示名:Windows Time
服务名:winmgmt 显示名:Windows Management Instrumentation
服务名:wuauserv 显示名:Automatic Updates
情以相忘 - 2006-2-22 0:59:00
不要着急 没有什么可以信手拈来的 一步一步来 左边有服务 点击就会看到 然后看最右边有服务模块路径 就是加载的项 还有一项 服务进程id,跟windows任务管理器下的pid一样的 是同一项 看看列出来
情以相忘 - 2006-2-22 1:23:00
看了一下 列出来的除了服务名:P4P Service 显示名:P4P Service都应该是正常的,除非你确定有用,不然的话停掉.把那两个rundll32.exe结束掉,不让瑞星杀掉木马,看看文件大小,找一下xp系统里有多少个大小相同的文件 要字节一模一样的,重点在根目录下、windows下,windows\system、windows\system32、系统根目录\Program Files\Common Files\
情以相忘 - 2006-2-22 1:27:00
别忘了先去掉系统的隐藏属性,工具->文件夹选项-》查看-》(1、显示所有文件。2、去掉受保护的操作系统文件。)这两项。
2116bromgamed2m - 2006-2-22 1:42:00
重新下载HijackThisV1.99.1
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
祥瑞星空 - 2006-2-22 9:46:00
还是杀不干净啊,重起以后还是有,好顽固的木马!!!
不言放弃 - 2006-2-22 10:00:00
【回复“祥瑞星空”的帖子】
看系统服务是看不出来的
应该查看进程模块
病毒文件名称与路径?
墨生人 - 2006-2-22 11:21:00
我的也中了这个
感染的文件是:c:\winnt\temp\fzqfil.dll
© 2000 - 2026 Rising Corp. Ltd.