最近点闹里出现这个归东西Trojan.Win32.Mnless.zlr,每次都备份失败，删除感染文件，怎么都弄不掉，其路径为c:\WINNT\system32\drivers\6ggsgrp.sys,每次感染的文件都是
6ggsgrp.sys上网站上查了下都没这归东西的影，希望大家帮帮忙

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; WBP/20070724)

首先下载Xdelbox这个软件 下载地址http://www.dodudou.com/down/里面的原创软件文件夹下
下载后
解压所有文件到一个文件夹
在 添加旁边的框中 分别输入
c:\WINNT\system32\drivers\6ggsgrp.sys
输入完一个以后 点击旁边的添加 按钮 被添加的文件 将出现在下面的大框中
然后一次性选中 （按住ctrl)下面大框中所有的文件
右键 单击 点击 重启立即删除
重启计算机以后 会有两个系统进入的选择的倒计时界面
第一个是你原来的windows系统
第二个是这个软件给你设定的dos系统
系统会自动选择进入第二个系统
类似dos的界面滚动完毕以后 病毒就被删除了
之后他会自动重启进入正常模式

【回复“newcenturymoon”的帖子版主把文件解压到C:\WINNT\system32\drivers\6ggsgrp.sys显示的是c:\WINNT\system32\drivers\6ggsgrp.sys无法被创建，这是怎么回是5啊

拜托知道的赶快帮我一下，在菜鸟我此先谢谢各位了

打开XDelBox==>在 文件路径 填上C:\WINNT\system32\drivers\6ggsgrp.sys==>点 添加==>勾选上 抑制再生==>选中 列表中的文件 点 右键==>选择 立刻重启执行删除

还是不怎么滴啊，最好给我个操作图片，我是菜鸟啊，不怎么会，拜托啦，谢谢各位

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

请配合

    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <CU2007><"F:\Program Files\CU2007\9158.exe" -u>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [Intel Corporation]
    <FTSafeNetRockeyService4.0><D:\tigerock\nrSvr.exe -systray>  [Feitian Technologies Co.,Ltd.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [TENCENT]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <IdnSvr><C:\Program Files\OCINS\idnsvr.exe>  [(Verified)China Internet Network Information Center]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDCG32    ><LYLeador.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><rsmyfpm.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[FTSafe Net Rockey Service / FTSafeNetRockeyService4.0][Running/Auto Start]
  <d:\tigerock\nrSvr.exe -dispatch><Feitian Technologies Co.,Ltd.>
[Windows fxyq RunThem / fxyq][Others/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\astl\kcdv.dll><N/A>
[Gdi Server / Gdi Server][Stopped/Auto Start]
  <c:\program files\common files\system\gdiServer.exe><N/A>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINNT\system32\ineters.exe><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]

C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[41jzqxgd / 41jzqxgd][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\41jzqxgd.sys><N/A>
[6ggsgr / 6ggsgrp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\6ggsgrp.sys><N/A>
[9158cap, WDM Video Capture / 9158CAP][Running/Auto Start]
  <system32\DRIVERS\9158cap.sys><www.9158.com>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[aididcid / aididcid][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\aididcid.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dbeffccb / dbeffccb][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dbeffccb.sys><中国互联网络信息中心(CNNIC)>
[digahchi / digahchi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\digahchi.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
  <system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ihkfkk09 / ihkfkk09][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\ihkfkk09.sys><N/A>
[jpsdrv33 / jpsdrv33][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\jpsdrv33.sys><N/A>
[jtjika18 / jtjika18][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\jtjika18.sys><N/A>
[klrqvz23 / klrqvz23][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\klrqvz23.sys><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[rockusb / rockusb][Running/Manual Start]
  <system32\DRIVERS\rockusb.sys><FeiTian New Tech Inc>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[szvcjx46 / szvcjx46][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\szvcjx46.sys><N/A>
[tngglv61 / tngglv61][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\tngglv61.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[wzpiqy89 / wzpiqy89][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\wzpiqy89.sys><N/A>
[zshoyi12 / zshoyi12][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\zshoyi12.sys><N/A>
[ANC USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>