瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 █▉█▉ 求助 高手看看这是什么(附扫描日志) █▉█▉

123   1  /  3  页   跳转

█▉█▉ 求助 高手看看这是什么(附扫描日志) █▉█▉

收藏
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 07:12 | 只看楼主 短消息 资料
字号: 1楼

█▉█▉ 求助 高手看看这是什么(附扫描日志) █▉█▉

我电脑硬盘跟目录里都有autorun.inf和PegeFile的dos运行快捷方式,只要一运行他瑞星的间控马上就关闭了,这是什么啊!!!我该如何清除,已经很长时间了,最新瑞星为什么发现不了?
autorun.inf里是这么写的:
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
最后编辑2007-07-02 08:14:59
分享到:
gototop
 
FCOME
头像
快乐黄口狮
  • 帖子:207
  • 注册: 2006-09-09
  • 来自:
发表于: 2007-06-30 07:26 | 短消息 资料
字号: 2楼

【回复“jk369”的帖子】
下载 System Repair Engineer

http://www.kztechs.com/sreng/download.html

1 解压缩sreng2.zip
2 将SREng.exe运行.(若不能运行,把它改名了再运行!)
3 智能扫描--->扫描--->保存报告
4 把日志中的报告完整拷贝分段贴上来,不要修改
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 08:47 | 只看楼主 短消息 资料
字号: 3楼

因为C盘我用还原卡保护了,先不让可疑的PegeFile自运行,结果如下:


[复制到剪贴板]
CODE:


2007-06-30,08:30:07

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <FlashPlayerUpdate><C:\WINNT\system32\Macromed\Flash\GetFlash.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><soundman.exe>  [Avance Logic, Inc.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <thunder_mini><C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe>  [深圳市三代科技开发有限公司]
    <TotalRecorderScheduler><C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe>  [High Criteria inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v4.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[&使用迷你迅雷下载]
  <C:\Program Files\Sandai Technologies Inc\ThunderMini\geturl.htm, N/A>

==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 916][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
[PID: 988][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
[PID: 996][C:\WINNT\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1012][C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Sandai Technologies Inc\ThunderMini\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
[PID: 1020][C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe]  [High Criteria inc., 4, 0, 0, 1]
    [C:\Program Files\HighCriteria\TotalRecorder\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\Program Files\HighCriteria\TotalRecorder\DrvTrNTl.dll]  [N/A, ]
[PID: 1028][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1168][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
[PID: 576][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
    [C:\WINNT\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\WINNT\system32\DrvTrNTl.dll]  [N/A, ]
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 872][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\WINNT\system32\DrvTrNTl.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 08:51 | 只看楼主 短消息 资料
字号: 4楼

现在让可疑的PegeFile自运行,结果如下:


[复制到剪贴板]
CODE:


2007-06-30,08:36:42

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <FlashPlayerUpdate><C:\WINNT\system32\Macromed\Flash\GetFlash.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><soundman.exe>  [Avance Logic, Inc.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <thunder_mini><C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe>  [深圳市三代科技开发有限公司]
    <TotalRecorderScheduler><C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe>  [High Criteria inc.]
    <WinForm><C:\WINNT\WinForm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v4.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[&使用迷你迅雷下载]
  <C:\Program Files\Sandai Technologies Inc\ThunderMini\geturl.htm, N/A>

==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
[PID: 916][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
    [C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\WINNT\system32\ztinetzt.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\WINNT\system32\nwizAsktao.dll]  [N/A, ]
    [C:\WINNT\system32\dh2104.dll]  [N/A, ]
    [C:\WINNT\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\TIMHost.dll]  [N/A, ]
[PID: 988][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
[PID: 996][C:\WINNT\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1012][C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Sandai Technologies Inc\ThunderMini\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
[PID: 1020][C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe]  [High Criteria inc., 4, 0, 0, 1]
    [C:\Program Files\HighCriteria\TotalRecorder\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\Program Files\HighCriteria\TotalRecorder\DrvTrNTl.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 1028][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 1168][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 576][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
    [C:\WINNT\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\WINNT\system32\DrvTrNTl.dll]  [N/A, ]
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINNT\system32\ztinetzt.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\WINNT\system32\TIMHost.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 1264][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 1, 0, 1]
    [C:\WINNT\system32\DrvTrNTl.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WinForm.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\WINNT\system32\ztinetzt.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[D:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[E:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[F:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[G:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 09:02 | 只看楼主 短消息 资料
字号: 5楼

两分钟以后,我电脑上出现一行字,提示IP地址冲突,同时局域网有两台电脑无法上网,但线路正常,没断网!
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 09:11 | 只看楼主 短消息 资料
字号: 6楼

但瑞星始终查不到病毒,而且当他发作时还会修改系统时间,让一些程序无法运行,不知道病毒到底在那,就是查不到,我电脑没连到局域网时就已经这样了!
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 10:30 | 只看楼主 短消息 资料
字号: 7楼

在线急等!
gototop
 
ADL
头像
社区嘉宾
  • 帖子:21666
  • 注册: 2001-06-22
  • 来自:江湖
发表于: 2007-06-30 10:34 | 短消息 资料
字号: 8楼

参考下,处理的方法差不多:

http://forum.ikaka.com/topic.asp?board=28&artid=8329874
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 11:30 | 只看楼主 短消息 资料
字号: 9楼

以前这些我都试了,autorun.inf也删了,可没多长时间他有出现,不知道他藏到哪,全盘杀毒后暂时是好了(幸好C盘有还原卡),如果运行备份的autorun.inf和PegeFile的dos运行快捷方式就发作,莫非哪个PegeFile是EXE文件,但看属性是指向MS-DOS的快捷方式,大小是22K,不知我说的对吗?如果我说的对,那.exe文件是怎么作成
指向MS-DOS的快捷方式的,那autorun.inf里的又是什么意思,请高手解答一下,谢谢!
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
gototop
 
jk369
头像
初生襁褓狮
  • 帖子:45
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-06-30 14:22 | 只看楼主 短消息 资料
字号: 10楼

以前这些我都试了,autorun.inf也删了,可没多长时间他有出现,不知道他藏到哪,全盘杀毒后暂时是好了(幸好C盘有还原卡),如果运行备份的autorun.inf和PegeFile的dos运行快捷方式就发作,莫非哪个PegeFile是EXE文件,但看属性是指向MS-DOS的快捷方式,大小是22K,不知我说的对吗?如果我说的对,那.exe文件是怎么作成
指向MS-DOS的快捷方式的,那autorun.inf里的又是什么意思,请高手解答一下,谢谢!
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
gototop
 
<<上一主题|下一主题>>
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT