请问本机的ARP欺骗如何查杀（内附详细检测）

显示全部楼层 · 发表于 2007-3-29 22:39:34

我的安全配置已经是：LNS2.05+KAV6.0+AVGAntiSpyware+360Safe+Anti ARP Sniffer4.0.2版，监控全开。但是arp防火墙还是显示我在攻击其它计算机

=-=-=-=-=-= Capture By ARP防火墙单机版 v4.0.2 http://www.AntiARP.com -=-=-=-=-=-=
【对外攻击数据】
开始时间结束时间伪装成IP 伪造的MAC 被攻击目标累计
03-29 17:47:46 03-29 17:47:51 172.16.17.246 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.17.246 3
03-29 17:52:41 03-29 17:52:41 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.239.141 3
03-29 17:52:51 03-29 17:52:56 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.238.1 4
03-29 17:52:51 03-29 17:52:51 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.239.189 1
03-29 17:52:51 03-29 17:52:51 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.238.1 1
03-29 17:52:51 03-29 17:52:51 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.238.114 1
03-29 17:52:51 03-29 17:52:51 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.239.164 1
03-29 17:52:51 03-29 17:52:51 222.28.239.141 00-0F-1F-B1-AF-A7/00-0F-1F-B1-AF-A7 222.28.238.186 1
03-29 22:09:25 03-29 22:09:25 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.245 3
03-29 22:09:25 03-29 22:09:25 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.1 1

我尝试了用卡巴、AVG、趋势的arp专杀都没找到病毒，按照其他论坛提示的手动杀毒也一无所获。冰刃检查未发现隐藏进程，请问我的电脑上真的有病毒还是误报呢？谢谢

附冰刃检查：

进程：

System Idle Process
System
C:\WINDOWS\system32\svchost.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Anti Arp Sniffer\AntiARP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\IceSword\IceSword.exe

附：hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:36:55, on 2007-3-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Anti Arp Sniffer\AntiArp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [AntiARPStandalone] D:\Program Files\Anti Arp Sniffer\AntiArp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用快车(FlashGet)下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175079809064
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe

注：sogouPXP是我装的沸点播放器，虽然明知道有问题，但在校园网没别的选择

希望高手解答不胜感激

[ 本帖最后由 baboon 于 2007-3-29 22:41 编辑 ]

显示全部楼层 · 发表于 2007-3-30 10:52:24

没人回答啊......

显示全部楼层 · 发表于 2007-3-30 12:10:22

帮你定下~

显示全部楼层 · 发表于 2007-3-30 16:17:04

今天更夸张了
-=-=-=-=-=-= Capture By ARP防火墙单机版 v4.0.2  http://www.AntiARP.com -=-=-=-=-=-=

【外部攻击数据】
开始时间       结束时间       伪装成IP       攻击者MAC(可能是伪造的)             攻击者IP可能为  累计

【IP冲突数据】
开始时间       结束时间       伪装成IP       攻击者MAC(可能是伪造的)             攻击者IP可能为  累计

【对外攻击数据】
开始时间       结束时间       伪装成IP       伪造的MAC                            被攻击目标    累计
03-30 13:47:18 03-30 14:05:23 172.16.18.229 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.18.229 6
03-30 13:47:18 03-30 14:05:43 172.16.18.229 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.18.1    10
03-30 13:47:28 03-30 14:19:19 172.16.17.246 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.17.1    3557
03-30 13:47:28 03-30 14:19:19 172.16.17.246 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.17.1    3558
03-30 13:48:08 03-30 14:16:59 172.16.17.246 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.17.246 6
03-30 13:48:28 03-30 14:07:13 172.16.18.229 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.18.1    2309
03-30 13:48:28 03-30 14:07:13 172.16.18.229 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.18.1    2309
03-30 14:06:38 03-30 14:06:38 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.245 3
03-30 14:07:08 03-30 14:07:08 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.1    1
03-30 14:17:04 03-30 14:17:14 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.1    664
03-30 14:17:04 03-30 14:17:14 172.16.16.245 00-12-F0-03-A9-82/00-12-F0-03-A9-82 172.16.16.1    664

显示全部楼层 · 发表于 2007-3-30 16:19:58

看看，也许有帮助http://hi.baidu.com/killvir/blog ... 22ed1248540359.html

显示全部楼层 · 发表于 2007-3-30 16:30:23

需要说明的是
部分校园网客户端软件内置防MAC克隆的报文，
对网关，和对自己的攻击，你可以不理会。
比如神州数码客户端软件

显示全部楼层 · 发表于 2007-3-31 09:17:21

回5楼，那个我看过，所以才下载了趋势的专杀，结果一无所获。
回6楼，这个我倒真不清楚，希望如此吧

谢谢各位

显示全部楼层 · 发表于 2007-3-31 09:23:10

楼主试试Anti ARP Sniffer

给你一个连接地址http://www.antiarp.com/about.asp?ArticleID=8

显示全部楼层 · 发表于 2007-4-4 08:48:57

ls的这位老兄......

[已解决] 请问本机的ARP欺骗如何查杀（内附详细检测）