查看: 11997|回复: 10
收起左侧

[讨论] [求助]小红伞不能开机自己启动怎么办?

[复制链接]
lynncjlqb
发表于 2007-7-10 19:35:09 | 显示全部楼层 |阅读模式
今天装了小红伞,开机不能自己启动,手动启动主程序后也没有avguard.exe、 avgnt.exe +Kuwkysched.exe三个进程,只有avcenter.exe进程,并且关闭窗口进程就终止了也就是小红伞就完全关闭,这是什么情况应该怎么解决,求助高人啊

还有还有,总有两个病毒杀不掉(C:\WINDOWS\rdrive\urlx.exe    和bku.exe)
安全模式下杀第二遍已经什么都检查不出来了,但是重启回正常模式就又出来了,还总能看到黑色dos窗口跳出来,开着小红伞能防似乎,但杀不掉,怎么解决啊?高手指教下,谢谢了

下面是杀毒的报告,我也不知道哪些有用,都贴上吧
AntiVir PersonalEdition Classic
Report file date: 2007年7月10日  18:05
Scanning for 875539 virus strains and unwanted programs.
Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Username:         Guo
Computer name:    FLORA
Version information:
BUILD.DAT    : 247           14437 Bytes   2007-5-10 11:55:00
AVSCAN.EXE   : 7.0.4.15     282664 Bytes   2007-4-20 05:37:16
AVSCAN.DLL   : 7.0.4.4       33832 Bytes   2007-3-27 05:31:56
LUKE.DLL     : 7.0.4.11     143400 Bytes   2007-3-27 05:26:06
LUKERES.DLL  : 7.0.4.0       10280 Bytes   2007-3-19 05:19:00
ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes   2006-5-31 07:08:58
ANTIVIR1.VDF : 6.38.1.170  5569024 Bytes   2007-5-21 14:23:44
ANTIVIR2.VDF : 6.39.0.115  1186304 Bytes    2007-7-8 14:23:44
ANTIVIR3.VDF : 6.39.0.122    78336 Bytes    2007-7-9 01:09:48
AVEWIN32.DLL : 7.4.0.39    2482688 Bytes    2007-7-9 14:23:44
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2007-2-26 03:36:28
AVPREF.DLL   : 7.0.2.1       24616 Bytes   2007-3-27 05:31:52
AVREP.DLL    : 7.0.0.1      155688 Bytes   2007-4-16 06:16:24
AVPACK32.DLL : 7.3.0.13     360488 Bytes    2007-7-9 14:23:44
AVREG.DLL    : 7.0.1.2       31784 Bytes   2007-3-15 02:05:10
AVEVTLOG.DLL : 7.0.0.18      86056 Bytes   2007-3-27 05:16:06
AVARKT.DLL   : 1.0.0.17     278568 Bytes    2007-5-2 04:32:28
NETNT.DLL    : 7.0.0.0        7720 Bytes    2007-3-8 04:09:44
RCIMAGE.DLL  : 7.0.1.15    2228264 Bytes   2007-3-13 03:46:20
RCTEXT.DLL   : 7.0.45.0      86056 Bytes   2007-3-19 05:42:44
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2007年7月10日  18:05
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
Starting to scan the registry.
The registry was scanned ( '3' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\dmgr.exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\WINDOWS\rdrive\urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
      [INFO]      The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT08EM0G\torr[2].exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0007983.exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0007995.exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0008185.exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0008189.exe
  [0] Archive type: RAR SFX (self extracting)
  --> urlx.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
  --> bku.exe
      [DETECTION] Contains signature of the Windows virus W32/Henky.Tanzen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0008190.exe
      [DETECTION] Is the Trojan horse TR/KillApp.V.2
      [INFO]      The file was deleted!
Begin scan in 'D:\'
D:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP17\A0007974.exe
  [0] Archive type: RAR SFX (self extracting)
  --> SocketMon.dll
      [DETECTION] Contains suspicious code HEUR/Crypted
  --> SocketMonVista.dll
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was deleted!

End of the scan: 2007年7月10日  18:30
Used time: 25:31 min
The scan has been done completely.
   2410 Scanning directories
137716 Files were scanned
     16 viruses and/or unwanted programs were found
      2 classified as suspicious:
      9 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
137698 Files not concerned
   6014 Archives were scanned
      1 Warnings
      0 Notes
      0 Hidden objects were found
ashe_vaan
发表于 2007-7-10 23:51:53 | 显示全部楼层
把系统还原关了吧,好多毒在系统还原文件夹里。
用360再扫一下试试,这几个杀不掉的毒好像很牛。
目前就知道这些了,看其他人有什么方法。
zea10t
发表于 2007-7-11 01:15:27 | 显示全部楼层
红伞被病毒干掉了吧,关掉系统还原,清空临时文件夹然后用SREng扫个报告贴上来。
周杰伦
发表于 2007-7-11 07:00:32 | 显示全部楼层
建议关闭系统还原,清空所有临时文件,再全盘扫描一下,应该就可以解决了
lynncjlqb
 楼主| 发表于 2007-7-11 09:04:14 | 显示全部楼层
谢谢版主!
刚关了系统还原,用兔子清了缓存,全盘扫描了,重启发现小红伞还是不能启动,重装了一遍伞,现在可以开机启动了,但是当我双击右下角的图标启动主程序的时候还是瞬间跳出dos黑窗口,然后瞬间就没了,这是不是表示病毒还是没杀干净呢?
周杰伦
发表于 2007-7-11 09:06:55 | 显示全部楼层

回复 #5 lynncjlqb 的帖子

再到安全模式全盘扫描一下,如果没有发现病毒,那应该就没事了
tracydk
发表于 2007-7-11 09:23:57 | 显示全部楼层
小红伞还是要先防再说啊....
lynncjlqb
 楼主| 发表于 2007-7-11 09:49:06 | 显示全部楼层
谢谢版主啊,刚在安全模式下杀了一遍,没了,虽然回到正常模式还是有看见小黑窗瞬间跳出,但貌似没什么影响,哈哈哈,终于解决了

版主太可爱了,来抱住MUA一个,哇哈哈
周杰伦
发表于 2007-7-11 10:04:36 | 显示全部楼层

回复 #8 lynncjlqb 的帖子

那个小黑框应该是红伞的启动画面
不是病毒的,请楼主放心使用吧
lynncjlqb
 楼主| 发表于 2007-7-11 10:30:42 | 显示全部楼层

回复 #9 周杰伦 的帖子

不是的,肯定是dos那种黑框,而且这次不是启小红伞的时候跳的,而是开机了过了一会自己跳的,我什么也没干的时候,不过目前一切正常,等有异常再来请教啊

看见版主再MUA一个,哈哈
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-25 08:55 , Processed in 0.120476 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表