病毒的名字是: Downloader、W32.Allim和W32.IRCBot,诺顿查出来的名字,没有更详细的名字,
发现病毒的文件名:
C:\Documents and Setting\Administrator\dotrm.dll
C:\Documents and Setting\Administrator\aoh1.exe
C:\Documents and Setting\Administrator\qghumeay.dll等
现象是不能连接网络,一连网就频频报错,疯狂在我的C盘根目录下产生.exe文件
具体日志如下:
HijackThis_815汉化版扫描日志 V1.99.1
保存于 17:37:32, 日期 2006-7-24
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ESRI\License\arcgis9x\Lmgrd.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\TpShocks.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
D:\Program Files\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe
C:\WINNT\system32\NOTEPAD.EXE
E:\software\Hijackthis1991zww\HijackThis1991zww.exe
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll
O3 - IE工具栏增项: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - 启动项HKLM\\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - 启动项HKLM\\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 启动项HKLM\\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - 启动项HKLM\\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - 启动项HKLM\\Run: [implib] rundll32.exe C:\WINNT\system32\implib.dll,start
O4 - 启动项HKLM\\Run: [defender] C:\\dfndrdd_6.exe
O4 - 启动项HKLM\\Run: [keyboard] C:\\kybrddd_6.exe
O4 - 启动项HKLM\\Run: [newname] c:\\nwnmed_7.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\system32\nytapi.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\dn0q01d5e.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINNT\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: RunOnce - C:\WINNT\system32\nytapi.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\demrtp.dll (file missing)
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - NT 服务: ArcGIS License Manager - Unknown owner - C:\Program Files\ESRI\License\arcgis9x\Lmgrd.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - NT 服务: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: ArcSde Service(esri_sde) (esri_sde) - Environmental Systems Research Institute, Inc. - D:\Program Files\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - NT 服务: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - NT 服务: ArcSde Service(shsde) (shsde) - Environmental Systems Research Institute, Inc. - D:\Program Files\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe
O23 - NT 服务: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINNT\System32\TPHDEXLG.EXE
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - NT 服务: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
一点办法都没有,对病毒真是没办法,请大家帮忙!
