无法删除的文件

显示全部楼层 · 发表于 2008-5-13 23:36:08

帮朋友远程时发现的，路径是：

c:\windows\svchost.exe
c:\windows\system32\explorer.exe

可以改名，却无法删除，手边又没有工具，机子又卡，实在是头疼，密码：virus

显示全部楼层 · 发表于 2008-5-13 23:40:08

Begin scan in 'D:\Downloads\Sample\svchost'
D:\Downloads\Sample\svchost\svchost.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The file was deleted!

explorer.exe红伞不报

显示全部楼层 · 发表于 2008-5-13 23:40:16

explorer貌似是真的，版本号6.00.2900.3156
svchost有问题，版本号是6, 0, 2900, 2180，注意逗号！版本号应该是用点分隔。
svchost扫描结果见
http://www.virustotal.com/analisis/248442d18e7ea9d8323864f2c4e91bac
http://virscan.org/report/60181ee812c5ab100d1ade5abce21884.html

explorer扫描结果见
http://www.virustotal.com/analisis/44fd3b8481dfef709ca2294e6cf7f732

[ 本帖最后由 yk1234 于 2008-5-13 23:51 编辑 ]

显示全部楼层 · 发表于 2008-5-13 23:50:23

无法删除的文件，可以先关闭程序运行进程，再运行任务管理器，结束explorer.exe，再在命令提示符下DEL文件，再回任务管理器重新加载explorer.exe，回到桌面就OK了。

Start of the scan: 2008年5月13日星期二  23:55
Starting the file scan:
Begin scan in 'C:\Documents and Settings\Administrator\桌面\svchost[1].part1'
C:\Documents and Settings\Administrator\桌面\svchost[1].part1\svchost.exe
   [DETECTION] Contains suspicious code HEUR/Crypted
   [NOTE]    The file was deleted!

End of the scan: 2008年5月13日星期二  23:55
Used time: 00:09 min
The scan has been done completely.
   1 Scanning directories
   1 Files were scanned
   0 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   0 Warnings
   1 Notes

[ 本帖最后由曲中求于 2008-5-13 23:55 编辑 ]

显示全部楼层 · 发表于 2008-5-14 00:05:53

谢谢楼上各位！
只是CMD无法使用，进程无法中止，还有一堆来历不明的dll,哪位帮报给卡巴，只有听天由命了

显示全部楼层 · 发表于 2008-5-14 00:11:28

我给卡巴

显示全部楼层 · 发表于 2008-5-14 00:14:20

Suspicious Files and Miscellaneous Uploads

Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:
File ID    Filename Size (Byte) Result
25018107    svchost.zip 1021.1 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID    Filename Size (Byte) Result
25018082    svchost.exe    955 KB    UNDER ANALYSIS
2244619    Explorer.EXE    955 KB    KNOWN CLEAN

Please find a detailed report concerning each individual sample below:
Filename Result
svchost.exe    UNDER ANALYSIS

The file 'svchost.exe' has been determined to be 'UNDER ANALYSIS'.
Filename Result
Explorer.EXE    KNOWN CLEAN

The file 'Explorer.EXE' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows XP (KB938828)'.
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

Print this pagePrint this page

显示全部楼层 · 发表于 2008-5-14 12:35:49

金山

病毒 2008-05-14 12:34:46 病毒在文件D:\Desktop\sdfs\svchost.exe中 Win32.Troj.GuiseExpT.ea.65536 处理成功（操作：删除）

显示全部楼层 · 发表于 2008-5-14 12:41:15

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SVCHOST\SVCHOST.EXE Heuri.Suspicious.ERNM 启发式扫描还未处理

显示全部楼层 · 发表于 2008-5-14 13:47:31

avg found Downloader.Generic7.MAI

[病毒样本] 无法删除的文件

本帖子中包含更多资源

回复 5楼 ggmj 的帖子