瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 大侠救命啊!!Backdoor.Win32.Hupigon.bvm 怎么杀???

1   1  /  1  页   跳转

大侠救命啊!!Backdoor.Win32.Hupigon.bvm 怎么杀???

收藏
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 22:09 | 只看楼主 短消息 资料
字号: 1楼

大侠救命啊!!Backdoor.Win32.Hupigon.bvm 怎么杀???

各位大侠高手!!!
木马程序 Backdoor.Win32.Hupigon.bvm     感染文件: d:\windows\internet.exe

这个灰鸽子病毒怎么杀?????求救!!!
最后编辑2007-03-15 22:59:49
分享到:
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2007-03-15 22:12 | 短消息 资料
字号: 2楼

【回复“肆虐的温柔”的帖子】扫日志贴上来。
根据日志,找到鸽子的服务项——删除。
重启。
显示隐藏文件。删除鸽子的文件。搞掂!
快贴日志。
gototop
 
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 22:20 | 只看楼主 短消息 资料
字号: 3楼

谢谢baohe版主大大
我是个菜鸟 不知道用什么工具扫描???
gototop
 
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 22:26 | 只看楼主 短消息 资料
字号: 4楼

HijackThis V1.99.1
是用上面的这个工具吗?
gototop
 
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 22:29 | 只看楼主 短消息 资料
字号: 5楼

Logfile of HijackThis v1.99.1
Scan saved at 22:16:47, on 2007-3-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\QClient8.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\eMule\emule.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\jarodwang\桌面\temp\eMule0.47-Installer\ha_hijackthis_1991\HijackThis.exe

O1 - Hosts: 222.138.109.110 www.world3.cn
O1 - Hosts: 222.138.109.110 www.sf901.com
O1 - Hosts: 61.157.96.63 mu2006.com
O1 - Hosts: 222.138.109.110 www.mu2006.com
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - D:\Program Files\Yayad\AdCore.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: ui Class - {B3022CE1-2ABD-43eb-9DC7-A15F52CBBF5A} - D:\WINDOWS\system32\Cool05.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - f:\FASTAI~1\IEBand.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: AutoCAD 启动加速器.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq2006快乐无极限版\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\浩方对战平台\GameClient.exe
gototop
 
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 22:33 | 只看楼主 短消息 资料
字号: 6楼

O9 - Extra 'Tools' menuitem: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: Web反病 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - F:\POWERW~1\IEPlugin.dll
O9 - Extra 'Tools' menuitem: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - F:\POWERW~1\IEPlugin.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - F:\POWERW~1\XDictExB.dll
O9 - Extra 'Tools' menuitem: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - F:\POWERW~1\XDictExB.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - F:\POWERW~1\IEPlugin.dll
O9 - Extra 'Tools' menuitem: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - F:\POWERW~1\IEPlugin.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9949319D-A839-4F83-9F84-D7D1FE1D6A9F}: NameServer = 202.103.224.68,202.103.225.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{F26FD4B6-710F-4239-AFFD-9AB3D9467E84}: NameServer = 202.103.225.68 202.103.224.68
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - F:\POWERW~1\XDictExB.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: internet - Unknown owner - D:\WINDOWS\internet.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - (no file)
O23 - Service: MSWindowsUpdate008 - Unknown owner - D:\WINDOWS\system32\QClient8.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: XDownloadService - Unknown owner - (no file)
O23 - Service: 自动 LiveUpdate 调度程序 - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2007-03-15 22:40 | 短消息 资料
字号: 7楼

【回复“肆虐的温柔”的帖子】
断网。关闭IE浏览器。
用HIJACKTHIS修复下列各项:
O1 - Hosts: 222.138.109.110 www.world3.cn
O1 - Hosts: 222.138.109.110 www.sf901.com
O1 - Hosts: 61.157.96.63 mu2006.com
O1 - Hosts: 222.138.109.110 www.mu2006.com
O2 - BHO: ui Class - {B3022CE1-2ABD-43eb-9DC7-A15F52CBBF5A} - D:\WINDOWS\system32\Cool05.dllO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: internet - Unknown owner - D:\WINDOWS\internet.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - (no file)
O23 - Service: MSWindowsUpdate008 - Unknown owner - D:\WINDOWS\system32\QClient8.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: XDownloadService - Unknown owner - (no file)
O23 - Service: 自动 LiveUpdate 调度程序 - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
重启。
显示隐藏文件
删除相应文件
gototop
 
桃子CiCi
头像
飘泊而立狮
  • 帖子:547
  • 注册: 2007-01-30
  • 来自:
发表于: 2007-03-15 22:44 | 短消息 资料
字号: 8楼

用SRENG扫描
不过用HIJACK也行
我帮你看看哈
有问题的:D:\WINDOWS\Explorer.EXE
:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
D:\WINDOWS\internet.exe
不知道有没有认错的,或是露掉的
按宝盒的方法搞吧
先声明,我是菜鸟啊
gototop
 
肆虐的温柔
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-03-15
  • 来自:
发表于: 2007-03-15 23:09 | 只看楼主 短消息 资料
字号: 9楼

谢谢baohe版主大大!
也谢谢桃子兄!

我已经修复版主指出的要修复的项目
并删除 d:\windows\internet.exe
弱弱的问一句:
  我这样操作是不是已经删除了 Backdoor.Win32.Hupigon.bvm

请问能用什么方法验证是不是成功了呢??
再次表示 非常感谢!!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT