急救! trojan.nilage.ara如何删除

显示全部楼层 · 发表于 2007-4-15 09:21:21

trojan.nilage.ara用卡巴和AVG都删除不了。怎么办？？？？？？

显示全部楼层 · 发表于 2007-4-15 09:46:01

去安全模式用冰刃试一下
或者重启到dos下用del命令按路径删除

显示全部楼层 · 发表于 2007-4-15 18:33:09

Logfile of HijackThis v1.99.1
Scan saved at 18:31:37, on 2007-4-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
E:\卡巴\avp.exe
C:\WINDOWS\system32\upnpsvc.exe
C:\WINDOWS\soundman.exe
E:\卡巴\avp.exe
F:\新建文件夹\新建文件夹\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\港湾网络\宽带接入客户端\HammerSupplicant.exe
F:\新建文件夹\AVG Anti-Spyware 7.5\avgas.exe
E:\卡巴\avp.exe
E:\浏览器\55\Maxthon\Maxthon.exe
E:\新建文件夹\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "E:\卡巴\avp.exe"
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [wdnd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdnd.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\新建文件夹\新建文件夹\Unlocker\UnlockerAssistant.exe" -H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [64ji10is2ri8] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe
O4 - Startup: 8021x客户端软件.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web反病毒统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\卡巴\scieplugin.dll
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BD0D93-8A0B-4C74-BFE5-40E1A60EFFEE}: NameServer = 202.115.176.200
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Kaspersky Lab - E:\卡巴\avp.exe

显示全部楼层 · 发表于 2007-4-15 20:46:00

[wdnd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdnd.exe
[mppds] C:\WINDOWS\mppds.exe
[64ji10is2ri8] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe
启动项删除，并按路径删除病毒文件
用这个清理