今天是杀了两个.
trojan.DL.Delf.czj.
文件名:
A0052117.exe>>iexplore.exe>>Unpack
AOO54556.exe>>iexplore.exe>>Unpack
路径:
C:\System Volume Information\_restore{8D9222BA-CD66-4A58-AC78-9376101CD690}\RP35
C:\System Volume Information\_restore{8D9222BA-CD66-4A58-AC78-9376101CD690}\RP40

感觉问题比较严重,前阵子每次都能杀出十几个来.杀了又来.
窗口经常会说遇到故障要自动关闭.打开浏览器后,输入法经常是定在拼音这一项,不能变成其他的输入法.

新的日志在8楼.不知道对这个问题的解决有没有帮助.

bang bang mang a!

刚刚又是那样,下面的输入法显示是拼音输入,但是只能打出字母来.无论关哪个窗口,都会有对话框说进程遇到故障需要关闭.然后整个窗口就关了.我又重新登陆进来的.

究竟要怎么办啊?那个木马会破坏什么啊?

mei you ren hui a ??

有人回答一下吗?

又查了一下,中的是Trojan.Delf.cxj.大家帮忙看看怎么解决?

引用:

【besthcr的贴子】又查了一下,中的是Trojan.Delf.cxj.大家帮忙看看怎么解决? ………………

病毒文件名及其路径？

文件名:
A0052117.exe>>iexplore.exe>>Unpack
AOO54556.exe>>iexplore.exe>>Unpack

路径:
C:\System Volume Information\_restore{8D9222BA-CD66-4A58-AC78-9376101CD690}\RP35
C:\System Volume Information\_restore{8D9222BA-CD66-4A58-AC78-9376101CD690}\RP40

把系统还原关闭,重启后,再打开系统还原

新的日志:
2006-11-12,16:53:44

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Mysee Alert><"C:\Program Files\GAOV\Mysee Alert\Mysee Alert.exe" -notray>  [N/A]
    <ISUSPM Startup><"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup>  [N/A]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [Macrovision Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [YAHOO Corporation Limited]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows User Mode Driver Framework / UMWdf]
  <><N/A>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[avast! Standard Shield Support / aswMon2]
  <C:\WINDOWS\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
  <C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
  <C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
  <\??\C:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================