无法进入电脑；E_4病毒文件夹；u88潜伏在boot.inf

显示全部楼层 · 发表于 2007-2-11 15:54:25

这是虚拟光驱的驱动

显示全部楼层 · 发表于 2007-2-11 17:43:45

[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
这个不明白！怎么弄？

  boot.Inf
c:\program files\internet explorer\lib\u88.exe

c:\program files\internet explorer\2052\iehelper.dll
c:\program files\internet explorer\2052\aupdate.exe
c:\program files\internet explorer\2052\toolbaru88.dll
c:\winnt\system32\winiogon.exe
c:\winnt\system32\spooisv.exe
c:\winnt\system32\flash8.dll
c:\program files\internet explorer\ie uninstall\w2kexcp.exe
c:\documents and settings\administrator\local settings\temp\e_4\powerdll.dll
c:\winnt\smss.exe
c:\documents and settings\administrator\local settings\temp\e_4\hook.dll
c:\program files\common files\ati\atiev.exe
c:\program files\common files\atiev.exe
c:\documents and settings\administrator\local settings\temp\e_4\powerdll.dll
c:\winnt\smss.exe
c:\documents and settings\administrator\local settings\temp\e_4\hook.dll
c:\program files\common files\ati\atiev.exe
c:\program files\common files\atiev.exe
记得这个吧！病毒u88,E_4都在boot.inf里面，俺把它们给删了。在c:\program files\internet explorer下真的有2052和lib文件夹么？为什么我怎么都找不到？各种软件我都试了注册表也改了都看不到。也不知道在电脑里还有没有这些病毒了。  stat[1].htm -> Downloader.AQM，yok工具条还是出现，另外多了一个soso潜伏的家伙，还有net share的时候，说系统发生1058错误，不明白怎么回事！

显示全部楼层 · 发表于 2007-2-11 18:04:15

麦咖啡最近的入侵跟踪

NetBIOS 用户:
MAC 地址:
00:19:BB:2A:F5:D0(原来没有，不知什么意思）
Telnet 服务器标题:
(无响应)
HTTP 服务器版本:
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0(原来没有，不知什么意思）
FTP 服务器标题:
220 tasgajwjzd Microsoft FTP Service (Version 5.0).(原来没有，不知什么意思）

SMTP 服务器标题:
220 tasgajwjzd Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Sun, 11 Feb 2007 17:59:26 +0800 (原来没有，不知什么意思）

相邻地址的 DNS 名称:
(无响应)
传送到 218.56.146.151:
218.56.78.1
124.129.249.165
60.215.131.189
61.179.255.121
60.215.131.194
221.1.188.189
221.1.188.106
221.1.180.150
218.56.146.151
WHOIS 查询 218.56.146.151: (原来没有，不知什么意思）
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum:    218.56.0.0 - 218.59.255.255
netname:    CNCGROUP-SD
descr:       CNCGROUP Shandong province network
country:    CN
admin-c:    CH455-AP
tech-c:    XZ14-AP
mnt-by:    APNIC-HM
mnt-lower: MAINT-CNCGROUP-SD
mnt-routes: MAINT-CNCGROUP-RR
status:    ALLOCATED PORTABLE
changed:    hm-changed@apnic.net 20031229
changed:    hm-changed@apnic.net 20040927
changed:    hm-changed@apnic.net 20041203
changed:    hm-changed@apnic.net 20060124
source:    APNIC
route:       218.56.0.0/14
descr:       CNC Group CHINA169 Shandong Province Network
country:    CN
origin:    AS4837
mnt-by:    MAINT-CNCGROUP-RR
changed:    abuse@cnc-noc.net 20060118
source:    APNIC
role:       CNCGroup Hostmaster
e-mail:    abuse@cnc-noc.net
address:    No.156,Fu-Xing-Men-Nei Street,
address:    Beijing,100031,P.R.China
nic-hdl:    CH455-AP
phone:       +86-10-82993155
fax-no:    +86-10-82993102
country:    CN
admin-c:    CH444-AP
tech-c:    CH444-AP
changed:    abuse@cnc-noc.net 20041119
mnt-by:    MAINT-CNCGROUP
source:    APNIC
person:    XIAOFENG ZHANG
nic-hdl:    XZ14-AP
e-mail:    ip@pub.sd.cninfo.net
address:    Jinan,Shandong P.R China
phone:       +86-531-6666666
fax-no:    +86-531-6666666
country:    CN
changed:    ip@sdinfo.net 20050330
mnt-by:    MAINT-ZXF
source:    APNIC

显示全部楼层 · 发表于 2007-2-11 18:43:09

Telnet 服务器标题:
(无响应)
HTTP 服务器版本:
(无响应)
FTP 服务器标题:
(无响应)
SMTP 服务器标题:
(无响应)
相邻地址的 DNS 名称:
(无响应)
传送到 60.209.225.228:
218.56.78.1（和上面的地址一样）有黑客攻击我么？
WHOIS 查询 60.209.225.228:
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum:    60.208.0.0 - 60.217.255.255
netname:    CNCGROUP-SD
descr:       CNCGROUP Shandong province network
descr:       China Network Communications Group Corporation
descr:       No.156,Fu-Xing-Men-Nei Street,
descr:       Beijing 100031
country:    CN
admin-c:    CH455-AP
tech-c:    XZ14-AP
mnt-by:    APNIC-HM
mnt-lower: MAINT-CNCGROUP-SD
mnt-routes: MAINT-CNCGROUP-RR
status:    ALLOCATED PORTABLE
remarks:    -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:    This object can only be updated by APNIC hostmasters.
remarks:    To update this object, please contact APNIC
remarks:    hostmasters and include your organisation's account
remarks:    name in the subject line.
remarks:    -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:    hm-changed@apnic.net 20040705
changed:    hm-changed@apnic.net 20060125
source:    APNIC
route:       60.208.0.0/13
descr:       CNC Group CHINA169 Shandong Province Network
country:    CN
origin:    AS4837
mnt-by:    MAINT-CNCGROUP-RR
changed:    abuse@cnc-noc.net 20060118
source:    APNIC
role:       CNCGroup Hostmaster
e-mail:    abuse@cnc-noc.net
address:    No.156,Fu-Xing-Men-Nei Street,
address:    Beijing,100031,P.R.China
nic-hdl:    CH455-AP
phone:       +86-10-82993155
fax-no:    +86-10-82993102
country:    CN
admin-c:    CH444-AP
tech-c:    CH444-AP
changed:    abuse@cnc-noc.net 20041119
mnt-by:    MAINT-CNCGROUP
source:    APNIC
person:    XIAOFENG ZHANG
nic-hdl:    XZ14-AP
e-mail:    ip@pub.sd.cninfo.net
address:    Jinan,Shandong P.R China
phone:       +86-531-6666666
fax-no:    +86-531-6666666
country:    CN
changed:    ip@sdinfo.net 20050330
mnt-by:    MAINT-ZXF
source:    APNIC

显示全部楼层 · 发表于 2007-2-11 18:51:28

syn flood洪水攻击？太没天良了！俺谁也没得罪！有黑客阿！大家帮忙阿！

[ 本帖最后由 ha56u 于 2007-2-11 19:25 编辑 ]

显示全部楼层 · 发表于 2007-2-11 20:56:06

妈的！又两次！syn flood洪水攻击！！！！！！！！！！！有高人解决吗？

显示全部楼层 · 发表于 2007-2-11 20:57:13

NetBIOS 用户:

MAC 地址:
00:53:45:00:00:00

Telnet 服务器标题:
(无响应)

HTTP 服务器版本:
(无响应)

FTP 服务器标题:
(无响应)

SMTP 服务器标题:
(无响应)

相邻地址的 DNS 名称:
(无响应)

传送到 218.56.75.169:
218.56.78.1
124.129.249.165
124.129.250.146
218.56.75.169

WHOIS 查询 218.56.75.169:
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum:    218.56.0.0 - 218.59.255.255
netname:    CNCGROUP-SD
descr:       CNCGROUP Shandong province network
country:    CN
admin-c:    CH455-AP
tech-c:    XZ14-AP
mnt-by:    APNIC-HM
mnt-lower: MAINT-CNCGROUP-SD
mnt-routes: MAINT-CNCGROUP-RR
status:    ALLOCATED PORTABLE
changed:    hm-changed@apnic.net 20031229
changed:    hm-changed@apnic.net 20040927
changed:    hm-changed@apnic.net 20041203
changed:    hm-changed@apnic.net 20060124
source:    APNIC

route:       218.56.0.0/14
descr:       CNC Group CHINA169 Shandong Province Network
country:    CN
origin:    AS4837
mnt-by:    MAINT-CNCGROUP-RR
changed:    abuse@cnc-noc.net 20060118
source:    APNIC

role:       CNCGroup Hostmaster
e-mail:    abuse@cnc-noc.net
address:    No.156,Fu-Xing-Men-Nei Street,
address:    Beijing,100031,P.R.China
nic-hdl:    CH455-AP
phone:       +86-10-82993155
fax-no:    +86-10-82993102
country:    CN
admin-c:    CH444-AP
tech-c:    CH444-AP
changed:    abuse@cnc-noc.net 20041119
mnt-by:    MAINT-CNCGROUP
source:    APNIC

person:    XIAOFENG ZHANG
nic-hdl:    XZ14-AP
e-mail:    ip@pub.sd.cninfo.net
address:    Jinan,Shandong P.R China
phone:       +86-531-6666666
fax-no:    +86-531-6666666
country:    CN
changed:    ip@sdinfo.net 20050330
mnt-by:    MAINT-ZXF
source:    APNIC

无法进入电脑；E_4病毒文件夹；u88潜伏在boot.inf

回复 #30 DietCoke 的帖子

本帖子中包含更多资源