求助，如何删除trojan.adclient及变种(试了一些方法，还不行） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助，如何删除trojan.adclient及变种(试了一些方法，还不行）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

求助，如何删除trojan.adclient及变种(试了一些方法，还不行）

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-02 23:08 \| 显示全部短消息资料字号：小中大 1楼求助，如何删除trojan.adclient及变种(试了一些方法，还不行）求助各位大虾，染上了这个trojan.adclient和e型的变种，用端星可以查出来，也显示清除成功，但是一会又会生成出来，是不是没杀干净呀？怎么可以手动清除呢？谢谢各位了。 2005-09-12 16:18:43
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	分享到：

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-02 23:22 \| 显示全部短消息资料字号：小中大 2楼 UP
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 00:03 \| 显示全部短消息资料字号：小中大 3楼谢谢楼上两位了。我试一下。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 00:48 \| 显示全部短消息资料字号：小中大 4楼还是不行呀，在安全模式下可以给删除了，但是一到普通模式下就又来了。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 02:44 \| 显示全部短消息资料字号：小中大 5楼 UP up
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 09:06 \| 显示全部短消息资料字号：小中大 6楼再顶一下，谢谢各位大侠了。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 09:45 \| 显示全部短消息资料字号：小中大 7楼用端星查出来一个是在c:\windows\system32\下随机生成无规律名称的.exe文件。另一个e型变种主要c;\Explorer.exe中感染。有时也交换生成。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:06 \| 显示全部短消息资料字号：小中大 8楼用端星听诊器扫了一下，出了份报告，在附件。最后的程序就是病毒进程，如果停止以后，会随机生成新的不定名的。exe程序出来下面的就是截获病毒进程里的内容 Process PID CPU Description Company Name System Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a 5 Deferred Procedure Calls System 4 2 smss.exe 532 Windows NT Session Manager Microsoft Corporation csrss.exe 592 Client Server Runtime Process Microsoft Corporation winlogon.exe 768 Windows NT Logon Application Microsoft Corporation services.exe 812 Services and Controller app Microsoft Corporation svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1224 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1644 Generic Host Process for Win32 Services Microsoft Corporation rfwsrv.exe 1712 Rising Personal FireWall Service Beijing Rising Technology Corporation Limited RfwMain.exe 1240 Rising Personal FireWall Main Program Beijing Rising Technology Corporation Limited snmp.exe 1764 SNMP Service Microsoft Corporation svchost.exe 1796 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 824 LSA Shell (Export Version) Microsoft Corporation Explorer.EXE 1184 2 Windows Explorer Microsoft Corporation mocqgnj.exe 1472 89 wdnmgr.exe 1884 Services and Controller app Microsoft Corporation Hcontrol.exe 2024 HControl ASUSTeK COMPUTER INC. ATKOSD.exe 236 ATKOSD ASUSTeK COMPUTER INC. AGRSMMSG.EXE 2040 SoftModem Messaging Applet Agere Systems KHOOKER.EXE 212 SiS Compatible Super VGA Keyboard Daemon Silicon Integrated Systems Corporation CTFMON.EXE 356 CTF Loader Microsoft Corporation dslmon.exe 588 ADIMON MFC Application Rav.exe 1284 Rising Antivirus Main exe Beijing Rising Technology Co., Ltd. TTraveler.exe 888 2 Tencent Traveler 腾讯公司 Explorer.EXE 880 Windows Explorer Microsoft Corporation 872 Autostart program viewer Sysinternals - www.sysinternals.com 1836 2 Sysinternals Process Explorer Sysinternals Process: mocqgnj.exe Pid: 1472 Name Description Company Name Version advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.1106 clbcatq.dll Microsoft Corporation 2001.12.4414.0042 comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2800.1106 comctl32.dll Common Controls Library Microsoft Corporation 5.82.2800.1106 comres.dll Microsoft Corporation 2001.12.4414.0042 crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.1106 ctype.nls fastprox.dll WMI Microsoft Corporation 5.01.2600.1106 gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.1346 imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.1106 index.dat index.dat index.dat kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.1106 locale.nls lpk.dll Language Pack Microsoft Corporation 5.01.2600.0000 mocqgnj.exe 1.01.0000.0008 msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.1362 MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.1106 msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.1106 msxml3.dll MSXML 3.0 SP 3 Microsoft Corporation 8.30.9926.0000 msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001 netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.1343 ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.1106 ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.1106 oleaut32.dll Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems Microsoft Corporation 3.50.5016.0000 R000000000007.clb rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.1106 rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.1106 rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.1106 rsaenh.dll Microsoft Base Cryptographic Provider Microsoft Corporation 5.01.2600.1029 rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.0000 secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.1106 shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2800.1106 SHLWAPI.DLL Shell Light-weight Utility Library Microsoft Corporation 6.00.2800.1584 sortkey.nls sorttbls.nls tapi32.dll Microsoft(R) Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.1106 unicode.nls user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.1106 userenv.dll Userenv Microsoft Corporation 5.01.2600.1106 usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.409.2600.1106 uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2800.1106 version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.0000 wbemcomn.dll WMI Microsoft Corporation 5.01.2600.1106 wbemprox.dll WMI Microsoft Corporation 5.01.2600.1106 wbemsvc.dll WMI Microsoft Corporation 5.01.2600.0000 WININET.DLL Internet Extensions for Win32 Microsoft Corporation 6.00.2800.1468 winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.1106 winspool.drv Windows Spooler Driver Microsoft Corporation 5.01.2600.1106 ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.0000 ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.0000
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:14 \| 显示全部短消息资料字号：小中大 9楼明白了，我再去做。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:24 \| 显示全部短消息资料字号：小中大 10楼传上来了附件: 文件名:404063200593102431.rar 下载次数:0 文件类型:application/octet-stream 文件大小: 上传时间:2005-9-3 10:24:31 描述:
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT