我机子昨天中了名叫Backdoor.Gpigeon.shg 的木马病毒
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe

这一项是什么意思啊?

哦,我系统是XP的..

这是我整个日志扫描的结果,请高手帮忙看看啊..
Logfile of HijackThis v1.99.1
Scan saved at 12:48:57, on 2005-8-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Chinanet\VnetClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\Rar$EX06.967\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_beck7_44186 (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\游戏\浩方对战平台\GameClient.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C606C4-348D-4D5A-97B5-6206749B619F}: NameServer = 61.147.37.1 61.177.7.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{834B6060-19A2-4588-AB29-D22F22AC84D2}: NameServer = 69.50.176.196,195.225.176.37
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe

灰鸽子.

那下一步怎么办啊..
老兄教教我啊~!~

删除:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer
删除:
%System%\G_Server.exe G_Server.dll G_Server_hook.dll
G_ServerKey.dll

谢了,呵呵,我已经成功删除注册表中的那一项和%System%\G_Server.exe
可就是没发现G_Server.dll G_Server_hook.dll G_ServerKey.dll
这剩余的三项啊.我是用的搜索的.是不是他们早已经删掉了啊?
这是不是就算好了呀?

你中这个病毒是什么特征啊？我也扫到和你一样的G_sever，但是我在system里没有找到那四个文件啊。只在注册表里面删掉了。感觉问题仍然没有解决。

【回复“粉红318”的帖子】
那4种文件要是有的话就删除.

最后把注册表展开到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer
删除＂文件名.EXE＂,重启.

引用:

【绝对N度的贴子】我机子昨天中了名叫Backdoor.Gpigeon.shg 的木马病毒 O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe 这一项是什么意思啊? ...........................

这就是灰鸽子注册的系统服务。要删除的注册表键——GrayPigeonServer；要删除的病毒文件C:\WINDOWS\G_Server.exe，还有文件名中包含G_Server的.DLL文件也要删除。