在我所有的共享資料夾下都有一個以此資料夾為名稱的exe.檔.用kv2006檢測為worm brontok.b  可用瑞星有時卻檢測不到.而用 kv2006除了以后,重啟后又有.

【回复“不言放弃”的帖子】
對不上號啊.這是我日志
Logfile of HijackThis v1.99.1
Scan saved at 愛情進行時 08:23:43, on 2006/7/26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\KV2006\KVMonXP.kxp
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\KV2006\FrogAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\KV2006\KVSrvXP.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\KV2006\TrojDie.kxp
C:\KV2006\KRegEx_1.exe
C:\KV2006\UIHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\KV2006\kvwsc_1.exe
C:\Program Files\WinZIP\QQ.EXE
C:\Program Files\WinZIP\TIMPlatform.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
G:\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: FiltrateWebObj Class - {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} - C:\KV2006\kvbho.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\WinZIP\QQIEHelper.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KV2006\KvShell.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\LASHGE~1.71\JCCATCH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - (no file)
O3 - Toolbar: 江民防毒工具列 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KV2006\KvShell.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\LASHGE~1.71\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KvMonXP] "C:\KV2006\KVMonXP.kxp" /auto
O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] ; Logi_MwX.Exe
O4 - HKLM\..\Run: [FinePrint 特派器 v5] ; "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LGODDFU] ; "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KvXP] "C:\KV2006\KvXP_3.kxp" /ScanBoot /ScanSys
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\WinZIP\AddToNetDisk.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\WinZIP\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\WinZIP\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\WinZIP\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\WinZIP\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\WinZIP\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\WinZIP\SendMMS.htm
O9 - Extra button: 相關站點 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: 相關站點 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\WinZIP\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\WinZIP\QQ.EXE
O9 - Extra button: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\WinZIP\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\WinZIP\QQIEHelper.dll
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://imgcache.qq.com/qzone/photo/QzoneMediaTools.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FinePrint 特派器 v5 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /service (file missing)
O23 - Service: KVSrvXP - Jiangmin Co. Ltd - C:\KV2006\KVSrvXP.exe
O23 - Service: KVWSC - Jiangmin Co.Ltd - C:\KV2006\kvwsc_1.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ELSA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Rising\Rav\Ravmond.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

殺了之后,重啟又有

能說具體一點嗎,多謝

那個帶EXE文件沒法壓啊

都不行.我已將原檔EMAIL給你了.請幫忙看看.謝謝.

情況基本上是這樣的.我所有有分享的資料夾下都有一個以此資料夾為名稱的EXE檔.用KV2006檢測到為worm brontok.b.而瑞星為worm.brontok.mail.可有時兩個都檢測不到.而且除了之外.重啟電腦又會出現.

引用:

【baohe的贴子】 汗！ 估计邮箱的诺顿会发现那是病毒文件而不让我下载。 ...........................

那如何是好啊

版主能告訴我qq號嗎

引用:

【独孤豪侠的贴子】用QQ传.绝对不会拦........ ...........................

你的兩個qq群,咋都不能加入啊