瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 又是那个流氓网沾:http://www.wu365.com

1   1  /  1  页   跳转

又是那个流氓网沾:http://www.wu365.com

收藏
倚天寒
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-06-23
  • 来自:
发表于: 2005-07-09 11:00 | 只看楼主 短消息 资料
字号: 1楼

又是那个流氓网沾:http://www.wu365.com

请教诸位有没有碰到过这种情况:

我的天涯社区和搜刮音乐先后被这个流氓网站:http://www.wu365.com劫持了。只要我拉开收藏点击就进入这个网站。它还自动衍生出两个网页一个是http://www.7zhao.com.

通过狗狗重新搜索,结果还是一样。

咋办?
最后编辑2005-07-09 13:13:27
分享到:
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-07-09 11:03 | 短消息 资料
字号: 2楼

请参考;
关于---http://www.wu365.com/---的解决方法1
http://forum.ikaka.com/topic.asp?board=67&artid=6451110

问题仍在建议你下载并使用HijackThis1.99.1
HijackThis下载地址请参考:
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis的使用方法-----请参考--瑞星HijackThis专题
http://it.rising.com.cn/newSite/Channels/anti_virus/Antivirus_Faq/TopicExplorerPagePackage/hijackthis.htm
gototop
 
倚天寒
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-06-23
  • 来自:
发表于: 2005-07-09 11:11 | 只看楼主 短消息 资料
字号: 3楼

谢谢!待我一试……
gototop
 
倚天寒
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-06-23
  • 来自:
发表于: 2005-07-09 11:32 | 只看楼主 短消息 资料
字号: 4楼

运行HijackThis,日志如下,我还是不知道咋办,请“飞跃迷离”指点:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:53, on 2005-7-9
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\Program Files\rising\rfw\Rfw.exe
C:\Documents and Settings\p\My Documents\新建文件夹\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 218.5.76.116 www.zhao123.com
O1 - Hosts: 218.5.76.116 zhao123.com
O1 - Hosts: 218.5.76.116 www.4399.com
O1 - Hosts: 218.5.76.116 4399.com
O1 - Hosts: 218.5.76.116 www.chinagames.net
O1 - Hosts: 218.5.76.116 chinagames.net
O1 - Hosts: 218.5.76.116 www.tiexue.net
O1 - Hosts: 218.5.76.116 tiexue.net
O1 - Hosts: 218.5.76.116 www.qq163.com
O1 - Hosts: 218.5.76.116 qq163.com
O1 - Hosts: 218.5.76.116 www.tt67.com
O1 - Hosts: 218.5.76.116 tt67.com
O1 - Hosts: 218.5.76.116 www.chinamp3.com
O1 - Hosts: 218.5.76.116 chinamp3.com
O1 - Hosts: 218.5.76.116 www.pg168.com
O1 - Hosts: 218.5.76.116 pg168.com
O1 - Hosts: 218.5.76.116 www.yymp3.com
O1 - Hosts: 218.5.76.116 yymp3.com
O1 - Hosts: 218.5.76.116 www.yy138.com
O1 - Hosts: 218.5.76.116 yy138.com
O1 - Hosts: 218.5.76.116 www.dj99.com
O1 - Hosts: 218.5.76.116 dj99.com
O1 - Hosts: 218.5.76.116 www.sogua.com
O1 - Hosts: 218.5.76.116 sogua.com
O1 - Hosts: 218.5.76.116 www.snsn.net
O1 - Hosts: 218.5.76.116 snsn.net
O1 - Hosts: 218.5.76.116 www.flash8.net
O1 - Hosts: 218.5.76.116 flash8.net
O1 - Hosts: 218.5.76.116 www.mop.com
O1 - Hosts: 218.5.76.116 mop.com
O1 - Hosts: 218.5.76.116 www.tianyaclub.com
O1 - Hosts: 218.5.76.116 tianyaclub.com
O1 - Hosts: 218.5.76.116 www.xici.net
O1 - Hosts: 218.5.76.116 xici.net
O1 - Hosts: 218.5.76.116 www.ucanlove.com
O1 - Hosts: 218.5.76.116 ucanlove.com
O1 - Hosts: 218.5.76.116 www.cmfu.com
O1 - Hosts: 218.5.76.116 cmfu.com
O1 - Hosts: 218.5.76.116 www.21red.net
O1 - Hosts: 218.5.76.116 21red.net
O1 - Hosts: 218.5.76.116 www.pconline.com.cn
O1 - Hosts: 218.5.76.116 pconline.com.cn
O1 - Hosts: 218.5.76.116 www.donews.com
O1 - Hosts: 218.5.76.116 donews.com
O1 - Hosts: 218.5.76.116 www.pcauto.com.cn
O1 - Hosts: 218.5.76.116 pcauto.com.cn
O1 - Hosts: 218.5.76.116 www.265.com
O1 - Hosts: 218.5.76.116 265.com
O1 - Hosts: 218.5.76.116 www.wo99.com
O1 - Hosts: 218.5.76.116 wo99.com
O1 - Hosts: 218.5.76.116 www.familydoctor.com.cn
O1 - Hosts: 218.5.76.116 familydoctor.com.cn
O1 - Hosts: 218.5.76.116 www.flashempire.com
O1 - Hosts: 218.5.76.116 flashempire.com
O1 - Hosts: 218.5.76.116 www.showgood.tv
O1 - Hosts: 218.5.76.116 showgood.tv
O1 - Hosts: 218.5.76.116 www.flashfan.net
O1 - Hosts: 218.5.76.116 flashfan.net
O1 - Hosts: 218.5.76.116 www.long21.net
O1 - Hosts: 218.5.76.116 long21.net
O1 - Hosts: 218.5.76.116 www.sowww.com
O1 - Hosts: 218.5.76.116 sowww.com
O1 - Hosts: 218.5.76.116 www.flashhome.net
O1 - Hosts: 218.5.76.116 flashhome.net
O1 - Hosts: 218.5.76.116 www.cnflash.net
O1 - Hosts: 218.5.76.116 cnflash.net
O1 - Hosts: 218.5.76.116 www.flashsky.com
O1 - Hosts: 218.5.76.116 flashsky.com
O1 - Hosts: 218.5.76.116 www.hunansky.com
O1 - Hosts: 218.5.76.116 hunansky.com
O1 - Hosts: 218.5.76.116 www.52flash.net
O1 - Hosts: 218.5.76.116 52flash.net
O1 - Hosts: 218.5.76.116 www.flashh.com
O1 - Hosts: 218.5.76.116 flashh.com
O1 - Hosts: 218.5.76.116 www.flashsun.com
O1 - Hosts: 218.5.76.116 flashsun.com
O1 - Hosts: 218.5.76.116 www.7k7k.com
O1 - Hosts: 218.5.76.116 7k7k.com
O1 - Hosts: 218.5.76.116 www.xuanxuan.com
O1 - Hosts: 218.5.76.116 xuanxuan.com
O1 - Hosts: 218.5.76.116 www.flash88.net
O1 - Hosts: 218.5.76.116 flash88.net
O1 - Hosts: 218.5.76.116 www.91flash.com
O1 - Hosts: 218.5.76.116 91flash.com
O1 - Hosts: 218.5.76.116 www.doingflash.com
O1 - Hosts: 218.5.76.116 doingflash.com
O1 - Hosts: 218.5.76.116 www.5see.com
O1 - Hosts: 218.5.76.116 5see.com
O1 - Hosts: 218.5.76.116 www.skyhits.com
O1 - Hosts: 218.5.76.116 skyhits.com
O1 - Hosts: 218.5.76.116 www.ting78.com
O1 - Hosts: 218.5.76.116 ting78.com
O1 - Hosts: 218.5.76.116 www.91.com
O1 - Hosts: 218.5.76.116 91.com
O1 - Hosts: 218.5.76.116 www.flashchina.net
O1 - Hosts: 218.5.76.116 flashchina.net
O1 - Hosts: 218.5.76.116 www.flash8.com.cn
O1 - Hosts: 218.5.76.116 flash8.com.cn
O1 - Hosts: 218.5.76.116 www.f130.net
O1 - Hosts: 218.5.76.116 f130.net
O1 - Hosts: 218.5.76.116 www.chinanim.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EssSpkPhone] rem essspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [MS-4011 Memory Patch] C:\Documents and Settings\s\桌面\RavSasser.exe -Patch
O4 - HKLM\..\Run: [Windows media service] rem crsss.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] rem winxpinit.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [yahoo_mini] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] rem "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [win32 usb2 driver] rem winxpinit.exe
O4 - HKCU\..\Run: [AutoInsQyule] rem C:\Program Files\Qyule\QyuleInstall.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - HKCU\..\Run: [System Mechanic 启动卫士] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - HKCU\..\Run: [System Mechanic 广告封锁器] "C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - Startup: 腾讯TM.lnk = C:\Program Files\Tencent\qq\TMShell.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O16 - DPF: {53C9C3A9-C3CE-11D0-BAB1-00A024E1136D} (趋势科技在线扫毒程序) - http://www.china-yk.com/tsfw/online/xscan4.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) - http://popo.163.com/install/ppinstall.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{970925EA-7ED3-40C8-B8B8-AFF9940D7BA5}: NameServer = 192.168.1.1,202.96.134.133
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-07-09 11:51 | 短消息 资料
字号: 5楼

重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
R3 - Default URLSearchHook is missing
所有01项
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O4 - HKLM\..\Run: [Windows media service] rem crsss.exe
4 - HKCU\..\Run: [AutoInsQyule] rem C:\Program Files\Qyule\QyuleInstall.exe
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)

然后打开我的电脑。。再点工具。。打开文件夹选项。。。查看。。。把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉。再显示所有文件。
用WINDOWS的查找功能进行查找并删除:crsss.exe
删除文件夹C:\Program Files\Qyule
gototop
 
倚天寒
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-06-23
  • 来自:
发表于: 2005-07-09 12:35 | 只看楼主 短消息 资料
字号: 6楼

太谢谢了!

我要动手啦~
gototop
 
倚天寒
头像
初生襁褓狮
  • 帖子:64
  • 注册: 2005-06-23
  • 来自:
发表于: 2005-07-09 13:13 | 只看楼主 短消息 资料
字号: 7楼

我的浏览器终于被夺回来了!

——炉火纯青地感谢“飞跃迷离”!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT