瑞星卡卡安全论坛

请问怎么解决！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件: SREngLOG.log

1、建议发帖前请先看版规。这个区需要的是病毒样本，不是扫描日志附件；

2、请按照http://bbs.ikaka.com/showtopic-8560216.aspx中我提供的线索，上传病毒压缩包……

用sreng
删除启动项目=>注册表
    <><C:\WINDOWS\system32\dllcache\Default.exe>  []
    <><C:\WINDOWS\system\KEYBOARD.exe>  []
    <><C:\WINDOWS\system32\dllcache\Default.exe>  []
    <sys><C:\WINDOWS\Fonts\Fonts.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><C:\WINDOWS\system32\drivers\drivers.cab.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe]
    <IFEO[autorun.exe]><C:\WINDOWS\system32\drivers\drivers.cab.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\WINDOWS\system32\drivers\drivers.cab.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe]
    <IFEO[boot.exe]><C:\WINDOWS\Fonts\fonts.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
    <IFEO[ctfmon.exe]><C:\WINDOWS\Fonts\Fonts.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe]
    <IFEO[msconfig.exe]><C:\WINDOWS\Media\rndll32.pif>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe]
    <IFEO[ProcessManager.exe]><C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
    <IFEO[procexp.exe]><C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe]
    <IFEO[rundll32.exe]><C:\WINDOWS\Fonts\Fonts.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <IFEO[taskmgr.exe]><C:\WINDOWS\Fonts\tskmgr.exe>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com>  []

重启,删除
C:\WINDOWS\system32\drivers\drivers.cab.exe
C:\WINDOWS\Media\rndll32.pif
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
C:\WINDOWS\system32\dllcache\Default.exe
C:\WINDOWS\system\KEYBOARD.exe
C:\WINDOWS\system32\dllcache\Default.exe
C:\WINDOWS\Fonts\Fonts.exe

用winrar 删除 每个盘符下的
Autorun.inf 和 MS-DOS.com 文件..