帮帮我啊,杀不掉的AUTO

blackdrug

我的机器中毒了
安全模式下杀掉
正常模式下又自动生成
帮帮我吧
[:16:] [:16:] [:16:] [:16:]
竟然还弄成微软出品

高手门看看吧
自动修改系统时间,屏蔽卡吧,接着就是AUTORU

Graybird

Starting the file scan:

Begin scan in 'E:\auto.rar'
E:\auto.rar
  [0] Archive type: RAR
  --> auto.exe
      [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
      [INFO]      The file was deleted!

promised

到处都是这东西
SYSTEM32下生成随即8位数的exe和dll，并添加服务
自己找删除
因为下载的东西的缘故
最好还是发sre日志

promised

[update]
ver=2007112514
url=http://33.xingaide8.cn/soft/soft/f2b4657b5568d072.exe
updatetimer=120
[startpage]
startpage=0
url=ssssssssssssssssssss
[desktop]
desktop=0
count=1
title1=免费网络电话
url1=http://skype.tom.com/download/archive/01400974/SkypeClient.exe
[file]
file=1
file1=http://222.73.247.201/mh0618.exe
filename1=ffsea1.exe
ftime1=3
file2=http://222.73.247.201/my0616.exe
filename2=ffsea2.exe
ftime2=3
file3=http://222.73.247.201/qj0617.exe
filename3=ffsea3.exe
ftime3=3
file4=http://222.73.26.9/tl0619.exe
filename4=ffsea4.exe
ftime4=3
file5=http://220.189.255.29/wow0617.exe
filename5=ffsea5.exe
ftime5=3
file6=http://222.73.254.67/dh3.exe
filename6=ffsea6.exe
ftime6=3
file7=http://220.189.255.29/dh0616.exe
filename7=ffsea7.exe
ftime7=3
file8=http://220.189.255.29/qqsg.exe
filename8=ffsea8.exe
ftime8=3
file9=http://222.73.247.202/jh0619.exe
filename9=ffsea9.exe
ftime9=3
file10=http://222.73.254.67/zt0616.exe
filename10=ffsea10.exe
ftime10=3
file11=http://222.73.247.202/wl0618.exe
filename11=ffsea11.exe
ftime11=3
file12=http://123.wwwwool.cn/cq0619.exe
filename12=ffsea12.exe
ftime12=3
file13=http://123.wwwwool.cn/qqhx.exe
filename13=ffsea13.exe
ftime13=3
file14=http://222.73.247.202/wd0618.exe
filename14=ffsea14.exe
ftime14=3
count=14
[count]
count=0
mecount=0
url=http://nx.51ylb.cn/soft/count/count.asp
要下一堆盗号

blackdrug

楼上的能具体告知如何操作吗

sam.to

Kis7没有发现,已上报

qigang

RX20.19.62漏杀。

9998053

kv2008不报

blackdrug

斑竹
能说具体点吗
我很菜啊

sam.to

你是用什麼杀軟？