收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 木马程序 trojan-downloader.js.istbar.ai怎么办呀~~~
12
返回列表 发新帖
楼主: sinry
 收起左侧

木马程序 trojan-downloader.js.istbar.ai怎么办呀~~~

[复制链接]
sinry
 楼主| 发表于 2007-4-6 16:54:32 | 显示全部楼层
[PID: 2732][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
[PID: 1596][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax]  [Gabest, 1, 0, 1, 1]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCTIP.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMELM.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMECFM.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 2600][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2900][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[PID: 172][C:\Documents and Settings\Administrator\桌面\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEF795B25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEF795D67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEF795F0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEF795C49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xEF795E8F)

==================================
隐藏进程
N/A
回复

举报

wangjay1980
发表于 2007-4-6 17:27:26 | 显示全部楼层
卡巴具体怎么提示的,报告看不出问题,你先用这个清理一下

arswp.rar

590.29 KB, 下载次数: 13
回复

举报

sinry
 楼主| 发表于 2007-4-6 17:49:16 | 显示全部楼层
谢谢楼主了~~~~~
清出来一些东西 
回复

举报

sinry
 楼主| 发表于 2007-4-6 20:02:48 | 显示全部楼层
斑竹呀~~~~
现在电脑还是不行呀~~~
顺便问一下  那种已检测到后面是具体位置的算不算中毒呀~~~~~
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.z        文件: C:\WINDOWS\system32\drivers\0000411f.sys
已检测到: 木马程序 Trojan-Downloader.Win32.Delf.bau        URL: http://ad2.mayiad.com/soft/csrss.exe/NSPack
已删除: 广告程序 not-a-virus:AdWare.Win32.VB.ae        文件: C:\WINDOWS\system32\KKPRDIY.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.VB.ae        文件: C:\Documents and Settings\Administrator\Local Settings\Temp\ch100.exe/data0007
已删除: 广告程序 not-a-virus:AdWare.Win32.VB.ae        文件: C:\Documents and Settings\Administrator\Local Settings\Temp\ch100.exe/data0011
已删除: 广告程序 not-a-virus:AdWare.Win32.VB.ae        文件: C:\Documents and Settings\Administrator\Local Settings\Temp\ch100.exe/data0012
已删除: 木马程序 Trojan-Clicker.Win32.Flyst.d        文件: C:\Program Files\木马杀客\internet.fne
已检测到: 木马程序 Trojan-Downloader.Win32.QQHelper.rg        URL: http://0.82211.net/webtmp/bind_50302.exe
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.awi        URL: http://0.82211.net/12y/csrss.exe/NSPack
已删除: 木马程序 Trojan-Downloader.Win32.Agent.awi        文件: C:\Program Files\csrss.exe/PE_Patch/NSPack
已删除: 木马程序 Trojan-Downloader.Win32.Agent.awi        文件: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MRIX6P4T\csrss[1].exe/PE_Patch/NSPack
已检测到: 恶意程序 Exploit.Win32.IMG-ANI.k        URL:
已检测到: 木马程序 Trojan-Downloader.VBS.Psyme.fm        URL: http://w.qbbd.com/0.htm
已检测到: 恶意程序 Exploit.Win32.IMG-ANI.k        URL:
已检测到: 恶意程序 Exploit.Win32.IMG-ANI.k        URL:
已检测到: 木马程序 Trojan-Downloader.JS.IstBar.ai        URL: http://bbs.51vip.net/mm.asp?get=113291
已检测到: 木马程序 Trojan-Downloader.JS.IstBar.ai        URL: http://www.vzcx.com/js/index.htm
已删除: 木马程序 Trojan-Downloader.JS.IstBar.ai        文件: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPIDAT8D\index[4].htm
已隔离: 恶意程序 Exploit.Win32.IMG-ANI.gen (修改)        文件: D:\图片\鼠标\多彩指针(全套)\03后台运行-04忙\C_08.ani
已检测到: 木马程序 Trojan-Downloader.VBS.Small.dm        URL:
回复

举报

wangjay1980
发表于 2007-4-6 21:30:04 | 显示全部楼层
你重新扫个报告
回复

举报

wangsanduo
发表于 2007-6-9 14:22:43 | 显示全部楼层
学习中..
回复

举报

smallzxc
发表于 2007-6-9 15:30:05 | 显示全部楼层
奇怪,我在看第二页时,卡巴跳出“网络反病毒”警告,显示:
探测到: 恶意软件 Exploit.Win32.IMG-ANI.ac        网址:
探测到: 恶意软件 Exploit.Win32.IMG-ANI.ac        网址:
刷新一遍,确实是浏览这页造成,又跳出这个:
2007-6-9 15:28:35        网址:         探测到 木马程序 'Trojan-Downloader.VBS.Small.dm'
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-18 19:20 , Processed in 0.098374 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表