瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】有朋友成功地杀除过“WORM_SOBER.AG”吗?

1   1  /  1  页   跳转

【求助】有朋友成功地杀除过“WORM_SOBER.AG”吗?

收藏
Dopod575
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2005-11-25
  • 来自:
发表于: 2005-12-01 09:16 | 显示全部 短消息 资料
字号: 1楼

【求助】有朋友成功地杀除过“WORM_SOBER.AG”吗?

公司的邮件服务器不小心中了这个蠕虫,不停地往员工邮箱里发LJ邮件,每天都有个上百封。今天把公司所有的计算机断网后进行了杀毒,郁闷的是联网后服务器又中毒了。服务器端是2000Server Sp4+Imail+Macfee 8.0+Sygate Personal Firewall
已经在不少的论坛上发贴求助过,也看到不少朋友遇到这个病毒,但好像还没有人成功解决过,借这里的人气再发个贴,如果有同样问题的朋友就帮忙顶个贴吧
附张图,是用Macfee在服务器上杀到的








用HijackThis扫描的LOG


Logfile of HijackThis v1.99.0
Scan saved at 16:29:01, on 2005-11-30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
E:\IMail\iwebmsg.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
E:\IMail\POP3D32.exe
E:\IMail\queuemgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\Program Files\Serv-U\ServUDaemon.exe
E:\IMail\smtpd32.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\WINNT\System32\mdm.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
E:\Soft\HijackThis\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123058030328
O17 - HKLM\System\CCS\Services\Tcpip\..\{239E2C3A-7771-4F4E-92E5-3AE26C8EC875}: NameServer = 202.101.172.48,202.101.172.47
O17 - HKLM\System\CS1\Services\Tcpip\..\{239E2C3A-7771-4F4E-92E5-3AE26C8EC875}: NameServer = 202.101.172.48,202.101.172.47
O17 - HKLM\System\CS2\Services\Tcpip\..\{239E2C3A-7771-4F4E-92E5-3AE26C8EC875}: NameServer = 202.101.172.48,202.101.172.47
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IMail FINGER Server - Ipswitch, Inc. - E:\IMail\FINGRD32.exe
O23 - Service: IMail LDAP Server - Ipswitch, Inc. - E:\IMail\ILDAP.exe
O23 - Service: IMail IMAP4 Server - Ipswitch, Inc. - E:\IMail\IMAP4D32.exe
O23 - Service: IMail Monitor Service - Ipswitch, Inc. - E:\IMail\IMonitor.exe
O23 - Service: IMail Web Calendar Service - Ipswitch, Inc. - E:\IMail\IWebCal.exe
O23 - Service: IMail Web Service - Ipswitch, Inc. - E:\IMail\iwebmsg.exe
O23 - Service: McAfee Framework 服务 - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: IMail POP3 Server - Ipswitch, Inc. - E:\IMail\POP3D32.exe
O23 - Service: IMail PWD Server - Ipswitch, Inc. - E:\IMail\PSERVE.exe
O23 - Service: IMail Queue Manager Service - Ipswitch, Inc. - E:\IMail\queuemgr.exe
O23 - Service: Serv-U FTP 服务器 - Cat Soft - D:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: IMail SMTP Server - Ipswitch, Inc. - E:\IMail\smtpd32.exe
O23 - Service: IMail Sys Logger Service - Ipswitch, Inc. - E:\IMail\SYSLOGD.exe
O23 - Service: IMail WHOIS Server - Ipswitch, Inc. - E:\IMail\WHOISD32.exe
最后编辑2005-12-01 14:48:27
分享到:
gototop
 
Dopod575
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2005-11-25
  • 来自:
发表于: 2005-12-01 14:48 | 显示全部 短消息 资料
字号: 2楼

晕,难得没人碰上这可恶的病毒?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT