大漠冰山 - 2006-3-20 22:26:00
最近本本总用两个病毒,svchost.exe 和 iexplorer.exe 每次杀完下次再杀是还是那两个!有时直接导致自动重启!请教怎么回事?
玖玖在线 - 2006-3-20 22:34:00
iexplorer.exe 和 svchost.exe 都属于正常的系统进程啊(被病毒感染另当别论)
你怎么判断他们是病毒的?
大漠冰山 - 2006-3-20 22:52:00
瑞星查出来的后门病毒!我也纳闷着呢!
80888qq - 2006-3-20 22:52:00
楼主,住手啊,那可不是病毒,是应用程序,比较重要,不懂不要乱删,小心机子瘫痪!!!!!!!!!!
80888qq - 2006-3-20 22:54:00
???????????????
还是发个日志上来吧,分析一下
大漠冰山 - 2006-3-21 13:40:00
病毒名都是Backdoor.PcClient.kc
BlackStone - 2006-3-21 14:02:00
用
Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)工具的下载、使用参考
http://forum.ikaka.com/topic.asp?board=28&artid=7318038
轩辕小聪 - 2006-3-21 14:07:00
另外注意,那两个进程不是病毒,只是被病毒注入了,真正的源头不在那里
大漠冰山 - 2006-3-21 18:16:00
那源头在哪呀?
大漠冰山 - 2006-3-21 18:21:00
这是用Autoruns保存一个日志:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
C:\Documents and Settings\WMY\「开始」菜单\程序\启动
+ Dr.COM 宽带客户端.lnkc:\program files\北京城市热点资讯有限公司\dr.com 宽带客户端\ishare_user.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ msshlapi.dllc:\windows\msshlapi.dll
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ Portable Media DevicesFile not found: C:\WINDOWS\system32\Audiodev.dll
+ Portable Media Devices MenuFile not found: C:\WINDOWS\system32\Audiodev.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ Synaptics Control PanelTouchPad Control Panel ExtensionsSynaptics, Inc.c:\program files\synaptics\syntp\syntpcpl.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 6.0 for ActivieXAdobe Systems Incorporatedc:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ CAutoLinkBHO ObjectEncyclopediaSohu.com Inc.e:\程序\p4p\autolink.dll
+ CPub ObjectIE MonitorSohu.com Inc.e:\程序\p4p\sodaie.dll
+ ThunderIEHelper ClassXunLei BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v14.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ socul.dllSogou Expressc:\windows\system32\socul.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5
HKLM\System\CurrentControlSet\Services
+ P4P ServiceSogou P4P ServiceSohu.com Inc.e:\程序\p4p\p2psvr.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ BCM43XXBroadcom 802.11 Network Adapter wireless driverBroadcom Corporationc:\windows\system32\drivers\bcmwl5.sys
+ bxyvubonFile not found: C:\WINDOWS\system32\drivers\bxyvubon.sys
+ CAMCAUDConexant WDM AC97 Audio DriverConexant Systems Inc.c:\windows\system32\drivers\camc6aud.sys
+ CAMCHALAConexant AmcHal DriverConexant Systems Inc.c:\windows\system32\drivers\camc6hal.sys
+ eabfiltrQLB PS/2 Keyboard filter driverHewlett-Packard Companyc:\windows\system32\drivers\eabfiltr.sys
+ EagleNTFile not found: C:\WINDOWS\system32\drivers\EagleNT.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ GEARAspiWDMCDRom Class Filter DriverGEAR Software Inc.c:\windows\system32\drivers\gearaspiwdm.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ HSF_DPHSF_DP driverConexant Systems, Inc.c:\windows\system32\drivers\hsf_dp.sys
+ HSFHWICHHSFHWICH WDM driverConexant Systems, Inc.c:\windows\system32\drivers\hsfhwich.sys
+ ialmIntel Graphics Miniport DriverIntel Corporationc:\windows\system32\drivers\ialmnt5.sys
+ mdmxsdkDiagnostic Interface DRIVERConexantc:\windows\system32\drivers\mdmxsdk.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ RTL8023xpRealtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnicxp.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ SynTPSynaptics Touchpad DriverSynaptics, Inc.c:\windows\system32\drivers\syntp.sys
+ tifm21tifm21.sysTexas Instrumentsc:\windows\system32\drivers\tifm21.sys
+ winachsfHSF_CNXT driverConexant Systems, Inc.c:\windows\system32\drivers\hsf_cnxt.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\WINDOWS\system32\SoDAHK.DLLSodaHKSohu.com Inc.c:\windows\system32\sodahk.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ igfxcuiigfxsrvc ModuleIntel Corporationc:\windows\system32\igfxsrvc.dll
轩辕小聪 - 2006-3-21 18:23:00
第6楼叫你做的就是为了找到病毒的根源,照做,把日志发上来
大漠冰山 - 2006-3-21 20:37:00
大家找的怎么样了?
大漠冰山 - 2006-3-22 10:54:00
不言放弃 - 2006-3-22 10:58:00
【回复“大漠冰山”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载icesword
用icesword查看svchost.exe和iexplorer.exe进程的进程模块
查看是否被插入了可疑文件
dodu - 2006-3-22 12:33:00
用Hithisjack扫一个日志上来,就能看的一清二楚了
那个autoruns看的我眼花.
大漠冰山 - 2006-3-22 13:10:00
哪有Hithisjack?
不言放弃 - 2006-3-22 13:15:00
| 引用: |
【大漠冰山的贴子】哪有Hithisjack?
........................... |
HIJAKCTHIS或许也扫描不到
ii我就是我ii - 2006-3-22 13:28:00
worm.vb.av
这个有专杀的软件么?我老中啊!!!!
求助!!!!
大漠冰山 - 2006-3-22 20:53:00
那我该怎么办?
胜在不懂 - 2006-3-22 22:11:00
最笨的方法
重装
大漠冰山 - 2006-3-23 11:06:00
服了!谢谢提醒!
© 2000 - 2026 Rising Corp. Ltd.