瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Rootkit.Vanti.gen 这个毒怎么杀掉啊?

1   1  /  1  页   跳转

Rootkit.Vanti.gen 这个毒怎么杀掉啊?

收藏
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-18 23:54 | 显示全部 短消息 资料
字号: 1楼

Rootkit.Vanti.gen 这个毒怎么杀掉啊?

受它困扰好几天了,看了很多地方都杀不掉。瑞星杀不掉它。请帮忙看看。你们网站上有这个病毒的说明。
最后编辑2006-04-21 18:55:44
分享到:
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-18 23:57 | 显示全部 短消息 资料
字号: 2楼

正在运行的进程里taskmgr.exe
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-19 00:01 | 显示全部 短消息 资料
字号: 3楼

正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll]  <Stardock><1, 0, 0, 1>
[PID: 536][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 548][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 692][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 756][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 792][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 812][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 852][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 960][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 972][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1172][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1284][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-19 00:01 | 显示全部 短消息 资料
字号: 4楼

[PID: 1488][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.7184>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7184>
    [C:\WINDOWS\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.10035>
    [D:\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\Tencent\QQ\qdshm.dll]  <><1, 0, 1, 2>
    [d:\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1684][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1700][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  <InstallShield Software Corporation><3, 00, 100, 1161>
[PID: 1800][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1824][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1852][D:\SKYNET\FIREWALL\PFW.exe]  <crsky[BCG][FCG]><2.6.1.168>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1884][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 1928][D:\FinePixViewer\QuickDCF.exe]  <FUJI PHOTO FILM CO., LTD.><5, 0, 0, 2>
[PID: 176][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7184>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7184>
[PID: 1500][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1096][C:\Documents and Settings\王亮\My Documents\Huawei\PortalServer\218.2.135.36\PortalClient.exe]  <Huawei Co. Ltd.><1.0.1.9>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 464][E:\JxOnline2\SO2Game.exe]  <N/A><N/A>
    [E:\JxOnline2\Engine.dll]  <N/A><N/A>
    [E:\JxOnline2\LuaLibDll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [E:\JxOnline2\Dump.dll]  <金山软件公司><2005, 5, 16, 4>
    [E:\JxOnline2\Represent3.dll]  <N/A><N/A>
    [E:\JxOnline2\Sound.dll]  <N/A><N/A>
    [C:\Downloads\jxjl1227\jxjl1227\jxdata.DLL]  <><1.0.0.1>
[PID: 3740][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 2544][C:\Downloads\jxjl1227\jxjl1227\jxjl.exe]  <精灵工作组><1.0.1.3>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Downloads\jxjl1227\jxjl1227\jxdata.DLL]  <><1.0.0.1>
[PID: 2612][E:\JxOnline2\SO2Game.exe]  <N/A><N/A>
    [E:\JxOnline2\Engine.dll]  <N/A><N/A>
    [E:\JxOnline2\LuaLibDll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [E:\JxOnline2\Dump.dll]  <金山软件公司><2005, 5, 16, 4>
    [E:\JxOnline2\Represent3.dll]  <N/A><N/A>
    [E:\JxOnline2\Sound.dll]  <N/A><N/A>
    [C:\Downloads\jxjl1227\jxjl1227\jxdata.DLL]  <><1.0.0.1>
[PID: 3300][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\xunleibho_v4.dll]  <><4, 3, 2, 29>
    [C:\Program Files\CoolWebsite\QuickLink.dll]  <Fengcent><1, 0, 0, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 3, 1023>
    [D:\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [D:\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\system32\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 1320][C:\Downloads\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-19 00:03 | 显示全部 短消息 资料
字号: 5楼

帮忙看下啊 谢谢
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-19 22:00 | 显示全部 短消息 资料
字号: 6楼

那么我怎么办呢?
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-20 18:36 | 显示全部 短消息 资料
字号: 7楼

ProcessPIDCPUDescriptionCompany Name
System Idle Process093.85
Interruptsn/aHardware Interrupts
DPCsn/a1.54Deferred Procedure Calls
System4
  SMSS.EXE404Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE468Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE492Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE536Services and Controller appMicrosoft Corporation
    SVCHOST.EXE692Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE756Generic Host Process for Win32 ServicesMicrosoft Corporation
    CCenter.exe792CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE812Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE852Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE912Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe940RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1280Rising RavStubBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1172Spooler SubSystem AppMicrosoft Corporation
    alg.exe1412Application Layer Gateway ServiceMicrosoft Corporation
    LSASS.EXE548LSA Shell (Export Version)Microsoft Corporation
    taskmgr.exe1944Windows TaskManagerMicrosoft Corporation
EXPLORER.EXE1484Windows ExplorerMicrosoft Corporation
ISSCH.EXE1688InstallShield Update Service SchedulerInstallShield Software Corporation
PFW.exe1776天网防火墙个人版crsky[BCG][FCG]
CTFMON.EXE1808CTF LoaderMicrosoft Corporation
QuickDCF.exe1852Exif LauncherFUJI PHOTO FILM CO., LTD.
BitComet.exe16323.08BitComet - a BitTorrent Clientwww.BitComet.com
RavMon.exe732RavMonBeijing Rising Technology Co., Ltd.
IEXPLORE.EXE616Internet ExplorerMicrosoft Corporation
procexp.exe19601.54Sysinternals Process ExplorerSysinternals
IEXPLORE.EXE1684Internet ExplorerMicrosoft Corporation
PortalClient.exe1676iTellin AAA PortalClientHuawei Co. Ltd.
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-20 18:42 | 显示全部 短消息 资料
字号: 8楼

taskmgr.exe1944Windows TaskManagerMicrosoft Corporation 它最可疑 关不掉
gototop
 
你们网速真慢
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-04-18
  • 来自:
发表于: 2006-04-21 18:38 | 显示全部 短消息 资料
字号: 9楼

不懂才来问啊!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT