每一次启动电脑就会有这个病毒Backdoor.Gpigeon.4.ai 清除后启动还有.下面是扫描的日志:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      17:21:36, 日期 2005-8-2
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\RAV\RAVTIMER.EXE
C:\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Rfw\RfwMain.exe
C:\RAV\CCENTER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\RAV\RavStub.exe
C:\MiniPopupKiller\mpk.exe
C:\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: ClosePopup Class - {2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} - C:\MiniPopupKiller\cpw.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] C:\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Thunder\getAllurl.htm
O9 - 浏览器额外的按钮: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的“工具”菜单项: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.153.48.61:1995/talk.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\svchosv.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\RAV\Ravmond.exe

【回复“baohe”的帖子】
首先感谢版主的及时回复,谢谢!
我当时也认为是:
O23 - NT 服务: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\svchosv.exe
只是不敢确认,毕竟我水平浅,懂的不多.我也参考了灰鸽子。查杀方法可参考：http://forum.ikaka.com/topic.asp?board=28&artid=6202404
里面没有这个svchosv.exe就确认不了啦^_^

【回复“baohe”的帖子】
你好版主,怎么删除不掉.重启电脑还是老样子,附扫描和杀毒日志:
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:10:50, 日期 2005-8-2
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\RAV\RAVTIMER.EXE
C:\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Rfw\RfwMain.exe
C:\RAV\CCENTER.EXE
C:\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\RAV\RavStub.exe
C:\MiniPopupKiller\mpk.exe
C:\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: ClosePopup Class - {2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} - C:\MiniPopupKiller\cpw.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] C:\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Thunder\getAllurl.htm
O9 - 浏览器额外的按钮: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的“工具”菜单项: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.153.48.61:1995/talk.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0A7347-8852-4D5F-AD87-1DE9A6F48458}: NameServer = 202.102.192.68 202.102.199.68
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\svchosv.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\RAV\Ravmond.exe


病毒名称                  处理结果        发现日期        扫描方式                   
Backdoor.Gpigeon.4.ai    清除成功        05-08-02 21:14  手动扫描
文件            病毒来源                                    路径
IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE\本机