瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 瑞星无法识别,木马克星怀疑为传奇木马,请高手指教!!!(病毒文件无法上传)

1   1  /  1  页   跳转

瑞星无法识别,木马克星怀疑为传奇木马,请高手指教!!!(病毒文件无法上传)

收藏
雪山飞云
头像
快乐黄口狮
  • 帖子:196
  • 注册: 2005-04-11
  • 来自:
发表于: 2006-05-07 17:11 | 显示全部 短消息 资料
字号: 1楼

瑞星无法识别,木马克星怀疑为传奇木马,请高手指教!!!(病毒文件无法上传)

瑞星无法识别,木马克星怀疑为传奇木马,请高手指教!!!(病毒文件无法删除上传)

今天下个外挂,开着瑞星和木马克星装,木马克星提示有几个文件产生(KB399952M.TXT,11,399952.DLL),都为隐藏文件,无法复制和删除,使用HijackThis v1.99.1扫描发现KB399952M.TXT被自动加载。
如下为扫描文件,请高手指教如何删除&上传病毒文件.

Logfile of HijackThis v1.99.1
Scan saved at 16:00:19, on 2006-5-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Lenovo\联想键盘驱动\LCC.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Rav\RavTask.exe
D:\Program Files\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
F:\Tool\病毒查杀工具\IParmor\IParmor_5.51\木马克星\iparmor.exe
E:\Game\Legend of Mir\usertool\经典\经典脱机\tj3005\084putong.exe
D:\Program Files\Rav\Rav.exe
D:\Program Files\Rav\CopyRun\RavCopy.exe
C:\WINDOWS\system32\cmd.exe
D:\PROGRAM FILES\RAV\Update\Setup.exe
C:\WINDOWS\system32\more.com
F:\Tool\病毒查杀工具\HijackThis\248783200522382732\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Lcc] C:\Program Files\Lenovo\联想键盘驱动\LCC.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LENOVO USB PC Camera
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\zh-cn\msnappau.exe"
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113147070109
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown2.cab
O16 - DPF: {EC309509-9C51-44DC-9AB8-F2322C80D7F2} (ComputerInfo Class) - http://rst.lenovo.com/ibis/client/mail/download/InfoCollect.cab
O20 - AppInit_DLLs: KB399952M.TXT
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rav\Ravmond.exe
最后编辑2006-05-16 02:19:59
分享到:
gototop
 
雪山飞云
头像
快乐黄口狮
  • 帖子:196
  • 注册: 2005-04-11
  • 来自:
发表于: 2006-05-07 17:30 | 显示全部 短消息 资料
字号: 2楼

不好意思,我重启下
gototop
 
雪山飞云
头像
快乐黄口狮
  • 帖子:196
  • 注册: 2005-04-11
  • 来自:
发表于: 2006-05-07 17:45 | 显示全部 短消息 资料
字号: 3楼

引用:
【艾玛的贴子】O20 - AppInit_DLLs: KB399952M.TXT注册表中删除

重启动删除KB399952M.TXT,11,399952.DLL

把下载的这个文件发给我killvir@gmail.com
...........................

文件已删除,下载的文件已经发给你,请帮忙确认是什么东东,谢谢
gototop
 
雪山飞云
头像
快乐黄口狮
  • 帖子:196
  • 注册: 2005-04-11
  • 来自:
发表于: 2006-05-16 02:19 | 显示全部 短消息 资料
字号: 4楼

【回复“雪山飞云”的帖子】
大大.结果怎么样啊?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT