瑞星卡卡安全论坛

首页 » 企业产品讨论区 » 瑞星杀毒软件网络版(含Linux) » 无法解析www.rising.com.cn
kenule - 2009-3-27 14:21:00
单位使用瑞星网络版杀毒,因为以前一直工作正常,所以也没怎么注意,前几天有人提醒说她的电脑瑞星多天没有更新。初以为是超许可,故上网络控制台查看,许可还有,但是发现,已经有多天没有更新,版本还是20.88.40(单位今年新签了3年升级服务,所以应该不存在软件过期问题)点“通知系统中心立即升级”报错,说无法联结www.rising.com.cn 。故又打开ie,输入www.rising.com.cn,没有打开网站,却跳出来msn的搜索引擎,点搜索页面上的瑞星链接,说无法找到该网站。
尝试打开其他网站,都可以,就是瑞星不行
尝试ping,返回could not found host www.rising.com.cn

换一台电脑上www.rising.com.cn 成功,说明单位的网络应该是好的。

服务器上卡卡反映一切正常,杀毒也没有病毒。就是无法解析出rising,导致系统中心无法升级。想问问这是怎么回事儿,该如何解决

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727)
sinoer - 2009-3-27 14:26:00
http://zhidao.ikaka.com/Aspx/Html/StaticHtml/302/302655.html
  参照上贴的方法处理
kenule - 2009-3-27 14:31:00
网络版的升级,和个人版的是不一样的

而且我这里现在的问题是,瑞星的网站都打不开
我们单位用的是瑞星的硬件防火墙,别的电脑是可以打开瑞星网站的,就是服务器不能打开该网站也ping不通,服务器的网络访问权限是没有的问题的,都检查过,服务器本身也没有设置防火墙
piao2008 - 2009-3-27 14:43:00
检查硬件防火墙是否开通80端口
kenule - 2009-3-27 14:58:00
当然开啦,不然怎么开其它网站呢=。= 该开的都开着
太原市工商局 - 2009-3-30 10:10:00
和我一样的情况,希望官方能给个解决的办法
安全初级工程师 - 2009-3-30 11:52:00
该用户帖子内容已被屏蔽
太原市工商局 - 2009-3-31 8:47:00
host 文件没有被改,昨天用二楼那个方法弄了一下可以了,但今天来了单位又不行了
piao2008 - 2009-3-31 9:57:00
应该是病毒导致的。
扫SRENG日志发这论坛来

下载最新版本的SRENG工具:http://www.kztechs.com/sreng/download.html
操作方法可以看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
太原市工商局 - 2009-4-1 8:52:00


2009-04-01,08:56:54

System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <SysTray><stobject.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 5><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Kaspersky Anti-Virus / avp][Stopped/Manual Start]
  <"><(File is missing)>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[RavAgent / RavAgent][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavAgent.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Net Alert / RavAlert][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavAlert.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising Multi-Center Communication Sender / RavSender][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\RavSender.exe"><Beijing Rising Information Technology Co., Ltd.>
[RavUpdate / RavUpdate][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavUpdate.exe"><Beijing Rising Information Technology Co., Ltd.>
[RNReport / RNReport][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RNReport.exe"><Beijing Rising Information Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>

==================================
驱动程序
[360procmon / 360procmon][Running/Manual Start]
  <\??\C:\Program Files\360safe\safemon\360procmon.sys><>
[atirage3 / atirage3][Running/Manual Start]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[DwMirror / DwMirror][Running/Manual Start]
  <system32\DRIVERS\DamewareMini.sys><DameWare Development, Inc.>
[DameWare Virtual Keyboard 32 bit Driver / dwvkbd][Running/System Start]
  <system32\DRIVERS\dwvkbd.sys><DameWare>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100bnt5.sys><Intel Corporation>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINNT\System32\drivers\SafeBoxKrnl.sys><360安全中心>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>

==================================
正在运行的进程
[PID: 180 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 204 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 228 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6714]
[PID: 256 / SYSTEM][C:\WINNT\system32\services.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 268 / SYSTEM][C:\WINNT\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6695]
[PID: 380 / SYSTEM][C:\WINNT\System32\termsrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6696]
[PID: 524 / SYSTEM][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 564 / SYSTEM][C:\WINNT\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6659]
[PID: 592 / SYSTEM][C:\WINNT\System32\msdtc.exe]  [(Verified) Microsoft Corporation, 1999.9.3421.3]
[PID: 800 / SYSTEM][C:\WINNT\System32\llssrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6697]
[PID: 876 / SYSTEM][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0311.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1060 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1272 / SYSTEM][C:\WINNT\system32\regsvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6701]
[PID: 1428 / SYSTEM][C:\WINNT\system32\MSTask.exe]  [(Verified) Microsoft Corporation, 4.71.2195.6704]
[PID: 1568 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe]  [(Verified) Microsoft Corporation, 1.50.1085.0100]
[PID: 1604 / SYSTEM][C:\WINNT\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6664]
[PID: 1664 / SYSTEM][C:\WINNT\System32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 5.00.0984]
[PID: 1744 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.5512.0]
[PID: 1176 / SYSTEM][C:\WINNT\system32\logon.scr]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2872 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 2892 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6714]
[PID: 2988 / Administrator][C:\WINNT\system32\rdpclip.exe]  [(Verified) Microsoft Corporation, 5.00.2174.1]
[PID: 3016 / Administrator][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3700.6690]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\WINNT\SYSTEM32\DWRCShell.DLL]  [DameWare Development LLC, 6, 5, 0, 0]
[PID: 3084 / SYSTEM][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 3164 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 3172 / Administrator][C:\WINNT\system32\internat.exe]  [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 3188 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 156 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3348 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SRE9b1ac9af.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 876, C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1744, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3188, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 156, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


帅哥阿福 - 2009-4-2 9:13:00
日志查看无异常,楼主将360卸载后,删除系统中心瑞星安装目录下的download以及dlcenter两个文件夹后,重新升级试试吧。
或者下载个升级包手动升级系统中心,手动升级可以起到修复瑞星的作用。
太原市工商局 - 2009-4-3 8:59:00
好的,我试试,谢谢阿福
安全初级工程师 - 2009-4-3 9:03:00
该用户帖子内容已被屏蔽
太原市工商局 - 2009-4-7 10:47:00
我也以为是IE的问题,结果换其他浏览器还是不行
piao2008 - 2009-4-7 15:01:00
1.更改网络设置DNS。试一下
2.检查是否能打开瑞星官方网站里面的产品升级页面。如果打不开,检查你的网络。
3.如果能打开瑞星官方网站里面的产品升级页面,请您在C:\WINDOWS\system32\drivers\etc文件夹里找到hosts文件,以记事本的形式打开这个文件,并拉到最下面,写上
219.238.233.203    www.rising.com.cn
maxjack - 2009-4-8 10:09:00
刘姐姐和大胖阿福 我家里的电脑也出现无法登录瑞星网站的情况,已经近一个月无法访问瑞星反病毒资讯网了,但可以上卡卡网。
家里没装杀软,裸奔,简单检查没病毒,没任何其他异常,ping瑞星网站也解析不出IP 但DNS应该没什么问题 ADSL上网
咋弄啊?
piao2008 - 2009-4-8 16:08:00


引用:
原帖由 maxjack 于 2009-4-8 10:09:00 发表
刘姐姐和大胖阿福 我家里的电脑也出现无法登录瑞星网站的情况,已经近一个月无法访问瑞星反病毒资讯网了,但可以上卡卡网。
家里没装杀软,裸奔,简单检查没病毒,没任何其他异常,ping瑞星网站也解析不出IP 但DNS应该没什么问题 ADSL上网
咋弄啊?



下载及使用方法,请参见下面地址链接:
http://zhidao.ikaka.com/Aspx/Html/StaticHtml/296/296551.html
小生畅谈 - 2009-4-8 21:44:00
可以选择下面的其它专杀,一定要在安全模式下使用
Avert Stinger Standalone tool                                    http://vil.nai.com/vil/stinger/
F-Secure Worm:W32/Downadup.AL Removal Tool      http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Symantec W32.Downadup Removal Tool      http://www.symantec.com/business ... 2009-011316-0247-99   
Enigma Conficker Worm Removal tool  http://www.enigmasoftware.com/tools/conficker/cfremover.exe
卡巴斯基的专杀  试试http://www.viruslist.com/en/alerts?alertid=203996089
CPU_ring0 - 2009-4-8 23:13:00
该用户帖子内容已被屏蔽
CPU_ring0 - 2009-4-8 23:14:00
该用户帖子内容已被屏蔽
piao2008 - 2009-4-9 9:28:00


引用:
原帖由 CPU_ring0 于 2009-4-8 23:14:00 发表
我是指关闭监控后,中了几个木马。
杀毒后一切正常,只是乱出站点。


用System Repair Engineer扫描日志,将日志作为附件上传上来。
下载页面:http://www.kztechs.com/sreng/download.html
操作方法:
1、下载后解压缩,运行SREngPS.EXE;
2、如果无法打开尝试把SREngPS.EXE改名为123.com,并复制到c:\windows目录下运行;
3、依次点击【智能扫描】-【扫描】,耐心等待,扫描结束后点击【保存报告】;
4、选择保存路径,文件名保持默认,直接点击【保存】;
5、打开保存的日志文件SREngLOG.log,完整复制全部内容,新建一个文本文档,将日志中的全部内容粘贴到“新建文本文档.txt”中;
6、将“新建文本文档.txt”作为附件上传,同时务必详细描述问题现象,如果有查杀不净的病毒务必提供病毒名和路径。
注意:扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。


7.将SREngLOG.log日志上传到论坛的反病毒/ 反流氓软件专区,链接地址:http://bbs.ikaka.com/showforum-28.aspx
安全初级工程师 - 2009-6-15 22:44:00
该用户帖子内容已被屏蔽
悔无痕 - 2009-6-19 17:23:00
开始-运行-cmd, ipconfig/flushdns,
石坝拉姑 - 2009-6-21 11:34:00
LZ 告诉你 你去用2楼的方法 可以解决的。我也遇到过 用那个工具就OK了 具体什么原因,应该是中毒后没修复完全。
1
查看完整版本: 无法解析www.rising.com.cn