我用瑞星最新版杀到一个病毒，提示要重新启动后才能清除，我重启后还是提示杀不了要重启，于是我就进去到安全模式把文件删了，查了一遍毒也没提示有病毒了，可是启动到正常模式又看到那病毒了，删也删不了。查毒也删不掉。请问现在该怎么办？我用的是2000系统。
病毒名叫Rootkit.Vanti.gen

Rootkit.....你可以去问问不言放弃或者找斑竹咯....

【回复“圣剑风云”的帖子】
先给楼主提供两个小工具

F-Secure BlackLight
下载地址：
http://sq.onlinedown.net/soft/46175.htm

RootkitRevealer
下载地址：
http://www.xfocus.net/tools/200502/996.html

谢谢了，现在要去睡觉了。明天早上试试看。。

下载后运行发现全都是英文的，偶看不懂啊。。我一直点回车键就出现了几个文件，大建帮忙看看。
04/03/06 06:49:29 [Info]: BlackLight Engine 1.0.33 initialized
04/03/06 06:49:29 [Info]: OS: 5.0 build 2195 (Service Pack 4)
04/03/06 06:49:29 [Note]: 7019 4
04/03/06 06:49:29 [Note]: 7005 0
04/03/06 06:49:48 [Error]: 6024 1
04/03/06 06:49:48 [Error]: 6024 1
04/03/06 06:49:48 [Note]: 7006 0
04/03/06 06:49:48 [Note]: 7011 1204
04/03/06 06:49:48 [Note]: 7024 3
04/03/06 06:49:48 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
04/03/06 06:49:49 [Error]: 6024 1
04/03/06 06:49:49 [Note]: FSRAW library version 1.7.1015
04/03/06 06:49:54 [Error]: 6024 1
04/03/06 06:49:54 [Error]: 6024 1
04/03/06 06:49:54 [Note]: 7006 0
04/03/06 06:49:54 [Note]: 7011 1204
04/03/06 06:49:55 [Note]: 7024 3
04/03/06 06:49:55 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
04/03/06 06:49:55 [Error]: 6024 1
04/03/06 06:49:55 [Note]: FSRAW library version 1.7.1015
04/03/06 06:50:05 [Error]: 6024 1
04/03/06 06:50:05 [Error]: 6024 1
04/03/06 06:50:05 [Note]: 7006 0
04/03/06 06:50:05 [Note]: 7011 1204
04/03/06 06:50:06 [Note]: 7024 3
04/03/06 06:50:06 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
04/03/06 06:50:06 [Error]: 6024 1
04/03/06 06:50:06 [Note]: FSRAW library version 1.7.1015
04/03/06 06:50:11 [Note]: 7007 0
还有这个
04/03/06 06:50:19 [Info]: BlackLight Engine 1.0.33 initialized
04/03/06 06:50:19 [Info]: OS: 5.0 build 2195 (Service Pack 4)
04/03/06 06:50:19 [Note]: 7019 4
04/03/06 06:50:19 [Note]: 7005 0
04/03/06 06:50:20 [Note]: 7007 0
还有
04/03/06 06:50:24 [Info]: BlackLight Engine 1.0.33 initialized
04/03/06 06:50:24 [Info]: OS: 5.0 build 2195 (Service Pack 4)
04/03/06 06:50:24 [Note]: 7019 4
04/03/06 06:50:24 [Note]: 7005 0
04/03/06 06:50:25 [Error]: 6024 1
04/03/06 06:50:25 [Error]: 6024 1
04/03/06 06:50:25 [Note]: 7006 0
04/03/06 06:50:25 [Note]: 7011 1204
04/03/06 06:50:26 [Note]: 7024 3
04/03/06 06:50:26 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
04/03/06 06:50:26 [Error]: 6024 1
04/03/06 06:50:26 [Note]: FSRAW library version 1.7.1015
04/03/06 06:50:42 [Note]: 7007 0
就这三个。接下来该怎么办？

再用HijackThis1.99.1查出来的日志
Logfile of HijackThis v1.99.1
Scan saved at 7:04:49, on 2006-4-3
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\VNETCL~1.6\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINNT\system32\Rundll32.exe  "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6278112-EC6C-44AD-AA39-9C4659F593C7}: NameServer = 202.96.144.47 202.96.128.166
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Universal Plug - Unknown owner - C:\WINNT\tocwns.exe

怎么没人知道吗？

O23 - Service: Universal Plug - Unknown owner - C:\WINNT\tocwns.exe

修复
重启
删除C:\WINNT\tocwns.exe试试

Rootkit好象说HijackThis扫不到...

请问7楼要怎么修复？用瑞星还是？

8楼的请问有什么办法没？