现在每次电脑启动时,都会报告发现病毒TROJAN.DL.AGENT.DYM并把文件SORTCNLS.NLS删除,不过下次启动时还是如此,说明该病毒没被彻底杀掉,请问该如何处理?

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.f:\program\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.f:\program\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitede:\program files\rising\rfw\rfwmain.exe

+ SiSPowerDynamic link library for setting Power SchemeSilicon Integrated Systems Corporatione:\windows\system32\sispower.dll

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.E:\WINDOWS\soundman.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.f:\program\rising\rav\ravstub.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.e:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.e:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.e:\program files\real\realone player\rpshell.dll

+ vrve:\windows\system32\bxymenu.dll

+ WinRAR shell extensione:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹e:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.e:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatede:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.e:\program files\baidu\bar\baidubar.dll

+ IeCatch2 Classjccatch ModuleAmaze Softe:\program files\flashget\jccatch.dll

+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll

+ NaviHelperObj ClassTODO: <文件说明>TODO: <公司名>e:\windows\system32\navihelper.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softe:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softe:\program files\flashget\flashget.exe

Task Scheduler

+ FreshDiagnose Report.jobComplete and comprehensive diagnosing tool for WindowsFreshDevices, Corp.e:\program files\freshdevices\freshdiagnose\fdiag.exe

HKLM\System\CurrentControlSet\Services

+ C-DillaSrvC-Dilla RTS ServiceC-Dilla Ltde:\windows\system32\drivers\cdantsrv.exe

+ CPUCooLServere:\program files\cpucool\coolsrv.exe

+ EnvSece:\windows\system32\envsec.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitede:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingf:\program\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.f:\program\rising\rav\ravmond.exe

+ RSVPE为计算机提供磁盘维护，备份扇区碎片文件，还原设置。File not found: E:\WINDOWS\RSVPE.exe

HKLM\System\CurrentControlSet\Services

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.e:\windows\system32\drivers\alcxwdm.sys

+ BaseTDIbasetdiRisinge:\windows\system32\drivers\basetdi.sys

+ C-DillaC-Dilla Windows NT RTSMacrovisione:\windows\system32\drivers\cdant.sys

+ ExpScanerExpScan.sysf:\program\rising\rav\expscan.sys

+ FreshIOe:\program files\freshdevices\freshdiagnose\freshio.sys

+ giveioe:\windows\system32\giveio.sys

+ HookContTDI HOOK DriverRising tech Co. ltdf:\program\rising\rav\hookcont.sys

+ HookRegf:\program\rising\rav\hookreg.sys

+ HookSys瑞星f:\program\rising\rav\hooksys.sys

+ HWiNFO32HWiNFO32 Kernel DriverREALiX(tm)e:\program files\hwinfo32\hwinfo32.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.e:\program files\tencent\qq\npkcrypt.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.e:\windows\system32\drivers\ptilink.sys

+ ROCKEYNTRockey Device DriverFeiTian Tech Co.,Ltde:\windows\system32\drivers\rockeynt.sys

+ RsFwDrvnt_fwdrvRisinge:\program files\rising\rfw\rsfwdrv.sys

+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporatione:\windows\system32\drivers\rtl8139.sys

顶,等回复

再顶

建议在安全模式下,打开瑞星杀毒软件,关闭explorer进程,在用alt+tab键切换到杀毒软件界面,进行全面杀毒

vrve:\windows\system32\bxymenu.dll
此项可疑

删除\windows\system32\bxymenu.dll

6\7楼,那是我装的另一个杀毒软件,北信源的

问题已经解决,从金山毒霸的论坛里找到了方法:到WINDOWS/SYTEM32里删除ENVSEC.EXE就可以了
有一点很不爽:RISING2005时一开机还能发现病毒,升成2006后反而发现不了了(手工扫描SYSTEM32文件夹可以发现该病毒)