瑞星卡卡安全论坛

用户系统信息：Mozilla/4

screenshot.jpg (93.50 K)

2009-5-2 11:27:25

.0 (compatible; MSIE 7.0; Windows NT 5.1; CIBA)

附件: SREngLOG.log

删除注册表劫持项后观察是否还会重复出现。

今天是第二次出现了，第一次我直接删了。
劫持项也一模一样

扫SRENG日志后，将扫描结果以附件形式发这论坛来
下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

注册表如下删除
好像是免疫的:default3:
auto.exe是AUTORUN病毒的常用名
pagefile.pif磁碟机的
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSDOS.bat]
    <IFEO[MSDOS.bat]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
    <IFEO[ntldr.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
    <IFEO[sxs.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\test.exe]
    <IFEO[test.exe]><AUTOGUARDER GUARDED.>  [N/A]

那我还删不删？

删不删无所谓
反正免疫
http://baike.baidu.com/view/1335469.htm
http://baike.baidu.com/view/610302.htm

免疫的
不处理

好像是autorun病毒防御者搞的免疫？

谢谢

该用户帖子内容已被屏蔽