瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】小弟一个病毒只要一打开IE它就复活了删了又来

1234   4  /  4  页   跳转

【求助】小弟一个病毒只要一打开IE它就复活了删了又来

收藏
NAODO
头像
拙长孩提狮
  • 帖子:115
  • 注册: 2005-09-01
  • 来自:
发表于: 2006-09-02 19:16 | 显示全部 短消息 资料
字号: 31楼

[G:\WINDOWS\webwork\webwork.nls]  <MSWebwork Cop.><1, 0, 0, 1>
    [G:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.9131>
    [G:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.9131>
    [G:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [G:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [G:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [H:\PROGRA~1\Kingsoft\KnightV\Tools\KVD\kscdrush.dll]  <金山软件股份有限公司><5, 0, 0, 0>
    [G:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [G:\WINDOWS\system32\dpvvox32.dll]  <Macromedia, Inc.><6.8.29.1>
[PID: 648][G:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][G:\Program Files\DAEMON Tools\daemon.exe]  <DT Soft Ltd.><4.03.0.0>
    [G:\Program Files\DAEMON Tools\daemon.dll]  <DT Soft Ltd.><4.03.0.0>
    [G:\Program Files\DAEMON Tools\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [G:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  <N/A><1.0.6.0>
    [G:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  <GENERIC><1.10.0.0>
    [G:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  <GENERIC><1.12.0.0>
    [G:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  <GENERIC><1.11.0.0>
    [G:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  <GENERIC><1.01.0.0>
[PID: 1504][G:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [G:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1584][G:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 56>
[PID: 1648][G:\WINDOWS\system32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [G:\WINDOWS\system32\NvMcTray.dll]  <NVIDIA Corporation><6.14.10.9131>
    [G:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.9131>
[PID: 1732][G:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [G:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [G:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [G:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [G:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1712][G:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [g:\windows\system32\eventquery.dll]  <><6.8.29.1>
[PID: 2044][G:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.9131>
[PID: 432][G:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [g:\windows\system32\winime.dll]  <><6.8.29.1>
[PID: 620][G:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 2732][G:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3760][G:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  <Xiang Feng Technology><2, 2, 0, 1612>
    [G:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
gototop
 
NAODO
头像
拙长孩提狮
  • 帖子:115
  • 注册: 2005-09-01
  • 来自:
发表于: 2006-09-02 19:16 | 显示全部 短消息 资料
字号: 32楼

[G:\WINDOWS\system32\dpvvox32.dll]  <Macromedia, Inc.><6.8.29.1>
    [h:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [H:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  <N/A><N/A>
    [G:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 772][G:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1212][G:\Program Files\Thunder Network\Thunder\Thunder.exe]  <Thunder Networking Technologies,LTD><5.1.5.189>
    [G:\Program Files\Thunder Network\Thunder\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [G:\Program Files\Thunder Network\Thunder\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 2, 74>
    [G:\Program Files\Thunder Network\Thunder\log4cplus.dll]  <><1, 0, 2, 1>
    [G:\Program Files\Thunder Network\Thunder\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [G:\Program Files\Thunder Network\Thunder\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [G:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [G:\Program Files\Thunder Network\Thunder\iEmbed.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 22>
    [G:\Program Files\Thunder Network\Thunder\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [G:\Program Files\Thunder Network\Thunder\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [G:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Program Files\Thunder Network\Thunder\iTargetAd.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 59>
    [G:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2380][G:\WINDOWS\System32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 628][G:\DOCUME~1\SERAPH~1\LOCALS~1\Temp\Rar$EX00.298\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
gototop
 
NAODO
头像
拙长孩提狮
  • 帖子:115
  • 注册: 2005-09-01
  • 来自:
发表于: 2006-09-02 19:17 | 显示全部 短消息 资料
字号: 33楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["G:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
gototop
 
NAODO
头像
拙长孩提狮
  • 帖子:115
  • 注册: 2005-09-01
  • 来自:
发表于: 2006-09-02 19:29 | 显示全部 短消息 资料
字号: 34楼

还发现了几个HOOK文件

附件附件:

下载次数:155
文件类型:image/pjpeg
文件大小:
上传时间:2006-9-2 19:29:34
描述:
gototop
 
NAODO
头像
拙长孩提狮
  • 帖子:115
  • 注册: 2005-09-01
  • 来自:
发表于: 2006-09-02 20:08 | 显示全部 短消息 资料
字号: 35楼

重启后没有那个删除的选择
gototop
 
<<上一主题|下一主题>>
1234   4  /  4  页   跳转
页面顶部
Powered by Discuz!NT