瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 发现BackDoor.GPigeon.tar病毒~特发日志!麻烦大虾给看看!

1234   1  /  4  页   跳转

发现BackDoor.GPigeon.tar病毒~特发日志!麻烦大虾给看看!

收藏
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 11:14 | 只看楼主 短消息 资料
字号: 1楼

发现BackDoor.GPigeon.tar病毒~特发日志!麻烦大虾给看看!

我是WIN2000系统~近来发现网速没以前快了~而且QQ之类的软件时常掉线。我家两台电脑上网~用路由器连接的~(路由器自动拨号~包月宽带~IP设置自动获取)系统内带正版瑞星杀毒软件~已更新!监控就没关过~(所有监空都开着了~也仔细设置过!我本身对计算机有一定了解)怎么还会中病毒呢~!迷茫啊~请指教哈~~
看了看大虾的几个帖子~下了个AutoRuns软件~(可惜全英文的~有中文的没?)不知道保存的对不对~全不全!虽然瑞星提示我BackDoor.GPigeon.tar已清除~不过看帖子说这样杀不掉~~~帮忙看一下吧!在此谢过~!
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ NvCplDaemon    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\winnt\system32\nvcpl.dll

+ RavMon    RavMon Rising realtime monitor     Beijing Rising Technology Co., Ltd.    f:\rising\rav\ravmon.exe

+ RavTimer    RavTimer    Beijing Rising Technology Co., Ltd.    f:\rising\rav\ravtimer.exe

+ SoundMan    Avance Sound Manager    Avance Logic, Inc.    c:\winnt\soundman.exe

HKLM\System\CurrentControlSet\Services           

+ NVSvc    Provides system and desktop level support to the NVIDIA display driver    NVIDIA Corporation    c:\winnt\system32\nvsvc32.exe

+ RsCCenter    CCenter    rising    f:\rising\rav\ccenter.exe

+ RsRavMon    RavMon    Beijing Rising Technology Co., Ltd.    f:\rising\rav\ravmond.exe

+ RSVPE    为计算机提供磁盘维护,备份扇区碎片文件,还原设置。        c:\winnt\rsvpe.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\winnt\system32\ravext.dll

最后编辑2005-11-18 21:57:16
分享到:
gototop
 
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 11:22 | 只看楼主 短消息 资料
字号: 2楼

有大虾在不?给看看哈!
gototop
 
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 12:06 | 只看楼主 短消息 资料
字号: 3楼

没有高手在么?
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2005-11-13 12:09 | 短消息 资料
字号: 4楼

你的报告没有什么问题

建议用HIJACKTHIS导出LOG
gototop
 
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 12:29 | 只看楼主 短消息 资料
字号: 5楼

重新启动了一下~又中这个病毒了~也提示清除了~晕了。。。
gototop
 
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 12:37 | 只看楼主 短消息 资料
字号: 6楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:45:55, 日期 2005-11-13
操作系统:  Windows 2000  (WinNT 5.00.2195)
浏览器:    Internet Explorer v6.00 (6.00.2462.0000)

当前运行的进程:         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
F:\RISING\RAV\Ravmond.exe
F:\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
F:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\soundman.exe
F:\RISING\RAV\RAVTIMER.EXE
F:\RISING\RAV\RAVMON.EXE
C:\WINNT\System32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\tool.zip\瑞星\HijackThis V1.99.1 完全汉化版\HijackThis1991zww.exe

O1 - Hosts: 222.89.109.112 www.99bb.com
O1 - Hosts: 222.89.109.112 99bb.com
O1 - Hosts: 222.89.109.112 www.zdao.com
O1 - Hosts: 222.89.109.112 zdao.com
O1 - Hosts: 222.89.109.112 www.aisex.com
O1 - Hosts: 222.89.109.112 aisex.com
O1 - Hosts: 222.89.109.112 www.qq190.com
O1 - Hosts: 222.89.109.112 qq190.com
O1 - Hosts: 222.89.109.112 www.wanmm.com
O1 - Hosts: 222.89.109.112 wanmm.com
O1 - Hosts: 222.89.109.112 www.qq163.com
O1 - Hosts: 222.89.109.112 qq163.com
O1 - Hosts: 222.89.109.112 www.sex141.com
O1 - Hosts: 222.89.109.112 sex141.com
O1 - Hosts: 222.89.109.112 www.my990.com
O1 - Hosts: 222.89.109.112 my990.com
O1 - Hosts: 222.89.109.112 ad.my990.com
O1 - Hosts: 222.89.109.112 www.ttjj.com
O1 - Hosts: 222.89.109.112 ttjj.com
O1 - Hosts: 222.89.109.112 www.7t7t.com
O1 - Hosts: 222.89.109.112 7t7t.com
O1 - Hosts: 222.89.109.112 www.123987.com
O1 - Hosts: 222.89.109.112 www.123987.com/7sese/
O1 - Hosts: 222.89.109.112 www.oursm.com
O1 - Hosts: 222.89.109.112 oursm.com
O1 - Hosts: 222.89.109.112 www.palacemoon.com
O1 - Hosts: 222.89.109.112 palacemoon.com
O1 - Hosts: 222.89.109.112 18dy.com
O1 - Hosts: 222.89.109.112 www.18dy.com
O1 - Hosts: 222.89.109.112 49m.cn
O1 - Hosts: 222.89.109.112 www.49m.cn
O1 - Hosts: 222.89.109.112 123.xuanji8.com
O1 - Hosts: 222.89.109.112 ohkk.xuanji8.com
O1 - Hosts: 222.89.109.112 123.52lhc.com
O1 - Hosts: 222.89.109.112 7sese.com222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao119.com
O1 - Hosts: 222.89.109.112 7sese.com
O1 - Hosts: 222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao358.com
O1 - Hosts: 222.89.109.112 www.ee456.com
O1 - Hosts: 222.89.109.112 video.12san.com
O1 - Hosts: 222.89.109.112 www.eachz.com
O1 - Hosts: 222.89.109.112 www.avl.cn
O1 - Hosts: 222.89.109.112 avl.cn
O1 - Hosts: 222.89.109.112 www.98756.net
O1 - Hosts: 222.89.109.112 7sese.org
O1 - Hosts: 222.89.109.112 www.7sese.org
O1 - Hosts: 222.89.109.112 kanvcd.com
O1 - Hosts: 222.89.109.112 www.kanvcd.com
O1 - Hosts: 222.89.109.112 cn.movies.yahoo
O1 - Hosts: 222.89.109.112 www.zfvod.com
O1 - Hosts: 222.89.109.112 zfvod.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 p2p.55660.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 www.sol.sohu.com
O1 - Hosts: 222.89.109.112 www.sexhu.cn
O1 - Hosts: 222.89.109.112 sexhu.cn
O1 - Hosts: 222.89.109.112 www.blogchina.com
O1 - Hosts: 222.89.109.112 5blogchina.com
O1 - Hosts: 222.89.109.112 www.5806.net
O1 - Hosts: 222.89.109.112 zhao999.com
O1 - Hosts: 222.89.109.112 www.zhao999.com
O1 - Hosts: 222.89.109.112 movie.xmfdc.net
O1 - Hosts: 222.89.109.112 www.movie110.com
O1 - Hosts: 222.89.109.112 movie110.com
O1 - Hosts: 222.89.109.112 www.yesky.com
O1 - Hosts: 222.89.109.112 yesky.com
O1 - Hosts: 222.89.109.112 www.178ya.com
O1 - Hosts: 222.89.109.112 178ya.com
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.hao45.com
O1 - Hosts: 222.89.109.112 hao45.com
O1 - Hosts: 222.89.109.112 www.5sese.com
O1 - Hosts: 222.89.109.112 5sese.com
O1 - Hosts: 222.89.109.112 woyy.51.net
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 tu68.com
O1 - Hosts: 222.89.109.112 www.tu68.com
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 18dy.net
O1 - Hosts: 222.89.109.112 www.18dy.net
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 hk.18dy.com
O1 - Hosts: 222.89.109.112 dianying.gghggh.com
O1 - Hosts: 222.89.109.112 lady3.****net
O1 - Hosts: 222.89.109.112 kan56.zj.com
O1 - Hosts: 222.89.109.112 88848.net
O1 - Hosts: 222.89.109.112 www.88848.net
O1 - Hosts: 222.89.109.112 xonline.org
O1 - Hosts: 222.89.109.112 www.xonline.org
O1 - Hosts: 222.89.109.112 dy.nuoy.com
O1 - Hosts: 222.89.109.112 www.korea-av.com
O1 - Hosts: 222.89.109.112 korea-av.com
O1 - Hosts: 222.89.109.112 movie.bucuo.org
O1 - Hosts: 222.89.109.112 mv888.com
O1 - Hosts: 222.89.109.112 www.mv888.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RavTimer] F:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] F:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &Download by NetAnts - F:\NETANTS\NAGet.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - F:\NETANTS\NAGetAll.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch(&A)
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820147288
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - F:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe
gototop
 
风华
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2004-12-05
  • 来自:
发表于: 2005-11-13 12:37 | 只看楼主 短消息 资料
字号: 7楼

日志发上来了~帮我看看~对了,我自己还使用了upiea软件,屏蔽了部分软件!不过我一般只用upiea清理一下垃圾文件~省事呵呵~偶尔查看一下启动项
gototop
 
希望快乐
头像
初生襁褓狮
  • 帖子:178
  • 注册: 2004-10-04
  • 来自:
发表于: 2005-11-13 12:42 | 短消息 资料
字号: 8楼

先帮你顶了..
gototop
 
爱已过时
头像
初生襁褓狮
  • 帖子:517
  • 注册: 2004-06-18
  • 来自:
发表于: 2005-11-13 12:45 | 短消息 资料
字号: 9楼

引用:
【风华的贴子】日志发上来了~帮我看看~对了,我自己还使用了upiea软件,屏蔽了部分软件!不过我一般只用upiea清理一下垃圾文件~省事呵呵~偶尔查看一下启动项
...........................
gototop
 
ppdog
头像
飘泊而立狮
  • 帖子:837
  • 注册: 2005-05-31
  • 来自:
发表于: 2005-11-13 13:45 | 短消息 资料
字号: 10楼

修复:
所有O1项
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 浏览器额外的按钮: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
鸽子应该是这一项
O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe
gototop
 
<<上一主题|下一主题>>
1234   1  /  4  页   跳转
页面顶部
Powered by Discuz!NT