瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 各位我的电脑上的病毒一直去不掉怎么办
budinger - 2008-7-27 12:13:00
我天天杀毒,可是天天有病毒,要怎么样做才能完整的杀光病毒啊,已上传日志,请见附件

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; TencentTraveler )

附件: SREngLOG.log
QQ凌帆 - 2008-7-27 12:31:00
删除注册表启动项:
<SmCtrlDrv><D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]jnqps/emm!Tubsu>  [N/A]
删除服务:
[IDCEvent / IDCEvent][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><(File is missing)>
[OSEvent / OSEvent][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><(File is missing)>
删除驱动和文件
[705qy / 705qy4][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\705qy4.sys><>
在网站扫描一下文件:
c:\windows\system32\config\msci001.exe
system32\DRIVERS\secdrv.sys
QQ凌帆 - 2008-7-27 12:33:00
接着楼上扫描网站是:http://www.virustotal.com/zh-cn/
C:\windows\system32\drivers\ilkc.sys
C:\windows\system32\DRIVERS\secdrv.sys
c:\windows\system32\config\msci001.exe
秦人J - 2008-7-27 12:33:00
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\windows\system32\msplugplay3000.sys
system32\drivers\ilkc.sys
都有可疑,还有我想知道<SmCtrlDrv><D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]jnqps/emm!Tubsu>这个是什么东西
天云一剑 - 2008-7-27 12:34:00
反复清理不掉,参考下面的步骤

0.更新杀软,将工具或专杀下载完

1. 断网 ( 非常重要)

2.清理助手(点击下载)
  清理,如果正常模式无效,可以尝试到安全模式下清理,然后杀毒软件扫描;

3. 当没有进展(如没有新发现,或者某些总是清理不掉)时,再用sRENG扫描个报告(注意要钩选“检查进程数字签名”);
   

4.将新的SRENG报告和助手目录中的 log.ini 一起发到论坛上来,并在帖子中将中毒现象描述的详细一些;
budinger - 2008-7-27 12:40:00
请问操作网站扫描
budinger - 2008-7-27 12:47:00
文件扫苗结果如下:
c:\windows\system32\config\msci001.exe
结果:反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 - - -
AntiVir - - TR/Spy.Gen
Authentium - - W32/Threat-SysVenFak-based!Maximus
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.Click.origin
eSafe - - -
eTrust-Vet - - Win32/Sadbiz!generic
Ewido - - -
F-Prot - - W32/Threat-SysVenFak-based!Maximus
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - TrojanDownloader:Win32/Bizdup.gen
NOD32v2 - - a variant of Win32/TrojanDownloader.QQHelper.NEZ
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - Mal/Emogen-E
Sunbelt - - -
Symantec - - Downloader
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Spy.Gen
附加信息
MD5: 76b9057b96ac8c02a4fcd7ccc2606b04
SHA1: cdfe3b8bc01c7bca2f0987dac05132083616a487
SHA256: 75eb08be0640d4757c24a17f4ef3e9960ce34e17d14dc7ad80c3be9589172ff7
SHA512: b80658531e84c97ad1fae5978fe82220bfd00f9d41ac9163b6b1ffa02c597d1910189f268c55580ee7d96c60f5257
budinger - 2008-7-27 12:49:00
system32\DRIVERS\secdrv.sys
结果:反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.7.25.0 2008.07.24 -
AntiVir 7.8.1.12 2008.07.24 -
Authentium 5.1.0.4 2008.07.24 -
Avast 4.8.1195.0 2008.07.24 -
AVG 8.0.0.130 2008.07.24 -
BitDefender 7.2 2008.07.24 -
CAT-QuickHeal 9.50 2008.07.24 -
ClamAV 0.93.1 2008.07.24 -
DrWeb 4.44.0.09170 2008.07.24 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5980 2008.07.24 -
Ewido 4.0 2008.07.24 -
F-Prot 4.4.4.56 2008.07.24 -
F-Secure 7.60.13501.0 2008.07.24 -
Fortinet 3.14.0.0 2008.07.24 -
GData 2.0.7306.1023 2008.07.24 -
Ikarus T3.1.1.34.0 2008.07.25 -
Kaspersky 7.0.0.125 2008.07.25 -
McAfee 5346 2008.07.24 -
Microsoft 1.3704 2008.07.24 -
NOD32v2 3296 2008.07.24 -
Norman 5.80.02 2008.07.24 -
Panda 9.0.0.4 2008.07.24 -
PCTools 4.4.2.0 2008.07.24 -
Prevx1 V2 2008.07.25 -
Rising 20.54.32.00 2008.07.24 -
Sophos 4.31.0 2008.07.24 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.25 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.24 -
VBA32 3.12.8.1 2008.07.24 -
ViRobot 2008.7.24.1309 2008.07.24 -
VirusBuster 4.5.11.0 2008.07.24 -
Webwasher-Gateway 6.6.2 2008.07.24 -
附加信息
File size: 27440 bytes
MD5...: d26e26ea516450af9d072635c60387f4
SHA1..: 2a48c3601e07d223fe79f178e310c276e2a62027
SHA256: c78d26b2e6343176ea9e09dd96cdae108f832b7973fabf756d05e24392fef388
SHA512: c137c99d82512b3a5b849cd547eaea23ce6c70327a1508d591deab86a005f7f8
b85cf6ed999cd09c6fdf43a8e403e15da58f5785b6d0e5da62be8c2d3796429a
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x16240
timedatestamp.....: 0x3a842012 (Fri Feb 09 16:51:30 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0x5d62 0x5d80 4.33 ab9d6b9c54af28f84f359bc997965807
.data 0x5fe0 0x244 0x260 0.08 f9d4ada50a656387194015bcf59c8c68
INIT 0x6240 0x29a 0x2a0 5.11 0b95423adc7b6a5327b3756466f313fd
.reloc 0x64e0 0x1de 0x1e0 5.33 0577ec28fe8df0f169c659b51409fa27

( 1 imports )
> ntoskrnl.exe: IoDeleteSymbolicLink, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, RtlEqualUnicodeString, NtBuildNumber, RtlQueryRegistryValues, PsGetVersion, KeTickCount, MmIsAddressValid, RtlUnwind, ExAllocatePoolWithTag, ExFreePool, IofCompleteRequest

( 0 exports )

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=d26e26ea516450af9d072635c60387f4
budinger - 2008-7-27 12:51:00
C:\windows\system32\drivers\ilkc.sys
结果:反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 - - -
AntiVir - - TR/Rootkit.Gen
Authentium - - W32/Agent.BN.gen!Eldorado
Avast - - -
AVG - - -
BitDefender - - Backdoor.Farfli.AB
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Agent.BN.gen!Eldorado
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan-Downloader.Win32.Agent.bbb
Kaspersky - - -
McAfee - - -
Microsoft - - VirTool:WinNT/Livuto.gen!A
NOD32v2 - - probably a variant of Win32/Rootkit.Agent.NBQ
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Rootkit.Gen
附加信息
MD5: b5b02d71fed4a0a6a88af17aa9c38a78
SHA1: 59298571a9758451225202d6e84501c139f51f11
SHA256: 4d6c2994dc3fcf09aae0b3113ed35971705298beefc578dd459bf7ba9fe18454
SHA512: 395557467ad013401147b542607f9f2da98b586fdd89b1dee53e5ed18db96c2c4cda017d0b132f973c33e0b18e9b60bbe04d2ff840208eb114dd49a8609fe753
budinger - 2008-7-27 12:52:00
请问上面三个文件有病毒吗?
1/2理想 - 2008-7-30 2:42:00
可以用XDELBOX删除它
复制他,从剪贴板导入,【点上抑制再生】,右键点击要删除的文件列表,选择立即重起删除
下载地址: http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0 XDELBOX1.7支持奥运版
天月来了 - 2008-7-30 8:47:00
以下项目不明:

启动项目
注册表
    <SmCtrlDrv><D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]jnqps/emm!Tubsu>  [N/A]

==================================
服务
[Windows Plug and Play / MSPlugPlay][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k MSPlugPlay-->c:\windows\system32\msplugplay3000.sys><N/A>

[Nwsapagent / Nwsapagent][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\iasxin.dll><Microsoft Corporation>

[Protected Storage Manager / ProtectedStorager10][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\system32\config\sam10.log><Microsoft  Corporation>

==================================
驱动程序
[705qy / 705qy4][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\705qy4.sys><>

[ilkc / ilkc][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ilkc.sys><N/A>

==================================
浏览器加载项
[Invoke Class]
  {001CF5E9-4000-4287-8E58-1770E7FB0B07} <C:\WINDOWS\system32\e7da.dll, >

[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>

[BHO Class]
  {1307E689-5CA1-4a15-9583-F2350790290D} <C:\WINDOWS\system32\zih23r5l.dll, Microsoft Distributed Transaction Coordinator>

[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>

[Invoke Class]
  {001CF5E9-4000-4287-8E58-1770E7FB0B07} <C:\WINDOWS\system32\e7da.dll, >

[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>

[BHO Class]
  {1307E689-5CA1-4A15-9583-F2350790290D} <C:\WINDOWS\system32\zih23r5l.dll, Microsoft Distributed Transaction Coordinator>

[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
天月来了 - 2008-7-30 8:48:00
以下正在运行的正常系统进程中插入的文件不明:

[PID: 1348 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\iasxin.dll]  [Microsoft Corporation, 1, 0, 0, 2]

[PID: 692 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\config\sam10.log]  [Microsoft  Corporation, 5.1.2601.1]

[PID: 1236 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\config\sam10.log]  [Microsoft  Corporation, 5.1.2601.1]
    [c:\windows\system32\config\msci001.exe]  [N/A, ]

[PID: 2708 / Administrator][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Downlo~1\01bdc.dll]  [  , 1, 0, 0, 3]
fmn1314 - 2008-7-30 9:12:00
www.arswp.com 下载windows清理助手扫扫.
happysunday2003 - 2008-8-3 13:25:00
顶天月
1
查看完整版本: 各位我的电脑上的病毒一直去不掉怎么办
© 2000 - 2026 Rising Corp. Ltd.