成功查杀掉A.exe,A.dll和A_Hook.dll三个灰鸽子后，每次开机查杀仍然有一个病毒不能彻底杀除，重启后就有。瑞星提示：Backdoor.GPigeon.up(IEXPLORE.EXE 文件感染)

请问各位大虾，我该怎么做才能彻底清除灰鸽子？

用HijackThis扫描系统，然后把日志贴上来

HijackThis下载地址:
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

我的也是这个病毒,我把文件发上来看,是不是跟一楼的一样
Logfile of HijackThis v1.99.1
Scan saved at 10:48:39, on 2005-10-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRAM FILES\RISING\RAV\Ravmond.exe
G:\PROGRAM FILES\RISING\RAV\RavStub.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
G:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
G:\Program Files\Logitech\MouseWare\system\em_exec.exe
G:\PROGRA~1\RISING\RAV\RAVMON.EXE
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\System32\ctfmon.exe
G:\WINDOWS\System32\devldr32.exe
G:\Program Files\Internet Explorer\iexplore.exe
H:\155847200541134207\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\JETCAR\jccatch.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\JETCAR\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RavTimer] G:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] G:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [PigUpdate] G:\DOCUME~1\ZWZBOY~1\LOCALS~1\Temp\RarSFX0\DownLoadPig.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 使用网际快车下载 - C:\jetcar\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\jetcar\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\JETCAR\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\JETCAR\FLASHGET.EXE
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {8652BC38-8602-4A44-A179-DE47515CB399} (PicUpload Control) - http://www.0577.net.cn/pic/PicUpload.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://www4.cmbchina.com/download/pb45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE75C32F-B918-423F-87DB-07D7F8DA314E}: NameServer = 61.153.177.199 61.153.177.198
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - G:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - G:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: tectedStorage (tected Storage) - Unknown owner - G:\WINDOWS\explorer.bat

O23 - Service: tectedStorage (tected Storage) - Unknown owner - G:\WINDOWS\explorer.bat
是不是EXPLORER.BAT是病毒文件啊

【回复“黄龙大侠”的帖子】

O23 - Service: tectedStorage (tected Storage) - Unknown owner - G:\WINDOWS\explorer.bat肯定是病毒了。关闭它的服务然后再进安全模式杀毒。
控制面板→管理工具→服务→找到“***”服务(“***”代表灰鸽子病毒文件名)→右键点击选“属性”→点击“停止”→启动类型中选“已禁止”→应用→确定。

【回复“黄龙大侠”的帖子】
O23 - Service: tectedStorage (tected Storage) - Unknown owner - G:\WINDOWS\explorer.bat是鸽子

***注意:G:\WINDOWS\Explorer.EXE是正常文件.

1、打开注册表编辑器，依次点击：HKEY_LOCAOL_MACHINE、SYSTEM、CURRENTCONTROLSET、SERVICES，删除左栏中的tected Storage。
2、重启系统。
3、开始—设置-控制面板,在“文件夹选项”中勾选“显示所有文件和文件夹”、“显示系统文件夹”。
4、在G:\WINDOWS\文件夹中找explorer.bat以及文件名中包含explorer的.dll文件: G:\WINDOWS\explorer.dll,G:\WINDOWS\explorer_Hook.dll,G:\WINDOWS\explorerkey.dll，如果有的话,找到后，统统删除。

有劳大家帮我看看该如何杀毒
HijackThis_815汉化版扫描日志 V1.99.1
保存于      17:30:23 上午, 日期 2005-10-30
操作系统：  Windows XP  (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：         
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRAM FILES\RISING\RAV\Ravmond.exe
g:\program files\rising\rfw\rfwsrv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\WINDOWS\System32\igfxtray.exe
G:\WINDOWS\System32\hkcmd.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
G:\PROGRA~1\RISING\RAV\RAVMON.EXE
G:\Program Files\rising\Rfw\rfwmain.exe
G:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
G:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
G:\WINDOWS\system32\rundll32.exe
G:\WINDOWS\System32\Rundll32.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rainlendar\Rainlendar.exe
G:\WINDOWS\VM_STI.EXE
G:\WINDOWS\System32\alg.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\RISING\RAV\Rav.exe
G:\PROGRA~1\RISING\RAV\RsAgent.exe
G:\WINDOWS\msagent\AgentSvr.exe
G:\WINDOWS\System32\macromed\flash\GetFlash.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\WinRAR\WinRAR.exe
G:\DOCUME~1\123\LOCALS~1\Temp\Rar$EX00.406\HijackThis1991zww.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - G:\Program Files\TENCENT\AddrPlus\IEHelp2.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - G:\Program Files\TENCENT\AddrPlus\IEHelp2.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - G:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - G:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] G:\WINDOWS\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] G:\WINDOWS\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTimer] G:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] G:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "G:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [YLive.exe] G:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "G:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [helper.dll] G:\WINDOWS\system32\rundll32.exe G:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [AddrPlus2] RUNDLL32.EXE G:\PROGRA~1\TENCENT\AddrPlus\QAHook2.dll,Rundll32
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe G:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rainlendar精美日历.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\yht\新建文件夹\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - G:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - G:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\yht\新建文件夹\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\yht\新建文件夹\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\yht\新建文件夹\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://g:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\yht\新建文件夹\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\yht\新建文件夹\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [TBH]  QQ地址栏搜索插件
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B624E9-FDCB-48A7-8705-AB20FF5D050F}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9EDEF78-0647-4134-8FB2-7FCF48C6AABB}: NameServer = 218.85.157.99 202.101.114.55
O20 - Winlogon Notify: igfxcui - G:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - G:\WINDOWS\G_Server.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - g:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - G:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - G:\PROGRAM FILES\RISING\RAV\Ravmond.exe

【回复“wysd8527”的帖子】
O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - G:\WINDOWS\G_Server.exe是灰鸽子
查杀灰鸽子（Backdoor.Gpigeon）请参考Baohe斑竹
http://forum.ikaka.com/topic.asp?board=28&artid=6202404

我的也是啊