Rootkitrevealer扫描后的处理请大侠指教

显示全部楼层 · 发表于 2007-3-16 17:40:50

今天第一次尝试这个软件，据说能扫出来后门什么的
结果......
79 discrepancies found

其中大部分被描述为Hidden form Windows API

请问该如何处理？问题是否严重？

贴出其中一部分

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 2007-2-19 16:18 0 bytes Access is denied.
C:\Documents and Settings\Baboon\Cookies\baboon@163[1].txt 2007-3-5 8:35 793 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Cookies\baboon@163[2].txt 2007-3-16 17:24 661 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Cookies\baboon@microsoft[1].txt 2007-3-16 17:24 268 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Cookies\baboon@microsoft[2].txt 2007-3-9 13:03 268 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Cookies\baboon@rad.microsoft[2].txt 2007-3-16 17:24 750 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Cookies\baboon@www.xdowns[3].txt 2007-3-16 17:23 171 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temp\111.dat 2007-3-16 17:21 6.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temp\222.dat 2007-3-16 17:21 1.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temp\333.dat 2007-3-16 17:21 1.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temp\IH14E4.tmp 2007-3-16 17:22 4.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temp\IH1505.tmp 2007-3-16 17:22 12.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temp\Perflib_Perfdata_d08.dat 2007-3-16 17:21 16.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\2AW2GMPK\55x55_security[1].gif 2007-3-16 17:24 1.59 KB Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\2AW2GMPK\default[4].htm 2007-3-16 17:24 36.89 KB Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\2AW2GMPK\info[1].htm 2007-3-16 17:22 1 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\2AW2GMPK\stm31[1].js 2007-3-16 17:22 33.21 KB Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\2AW2GMPK\TEAM[1].gif 2007-3-16 17:22 115 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\5S2FKULQ\ql[1].css 2007-3-16 17:24 1.97 KB Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\5S2FKULQ\ui[1].js 2007-3-16 17:23 8.14 KB Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\6RIJ5CHX\l_corner[1].gif 2007-3-16 17:24 44 bytes Hidden from Windows API.
C:\Documents and Settings\Baboon\Local Settings\Temporary Internet Files\Content.IE5\6RIJ5CHX\main_title_760[1].gif 2007-3-16 17:22 536 bytes Hidden from Windows API.

显示全部楼层 · 发表于 2007-3-16 19:52:46

都是临时文件，用兔子或优化大师清理一下就行了，清不干净就手动删除

显示全部楼层 · 发表于 2007-3-17 10:02:57

谢谢清理过了！

Rootkitrevealer扫描后的处理 请大侠指教

Rootkitrevealer扫描后的处理请大侠指教