查看: 4674|回复: 11
收起左侧

这个病毒是什么东东,老是删不了,已扫描了报告上来了,请看看

[复制链接]
烟水寒云
发表于 2007-5-20 09:34:58 | 显示全部楼层 |阅读模式
以下的问题还有没有更好的办法解决啊?昨天用了论坛老大的UNLOCK解锁删除,再清理注册表,再杀毒.今天一开机先是卡巴无法更新,重启动后.更新的同时就弹出附件里面的对话框.怎么办啊?
   另外,这两天为什么老是提示激活日期错误啊?

[ 本帖最后由 烟水寒云 于 2007-5-21 15:34 编辑 ]

就是这个东东,每次杀完后还会复活.昨天用了论坛老大的解锁删除,注册表清理,再杀完.今天一开机,先是卡巴 ...

就是这个东东,每次杀完后还会复活.昨天用了论坛老大的解锁删除,注册表清理,再杀完.今天一开机,先是卡巴 ...
未命名.JPG
未命名.JPG
独孤犬
发表于 2007-5-20 10:11:04 | 显示全部楼层
刚刚在360上面也看到这个病毒  同样杀不掉它  楼主试试在安全模式下手工杀除
zhaonimm
发表于 2007-5-20 12:01:51 | 显示全部楼层
用这个  选择抑制生成  看可以不  最好清理下注册表!还有临时文件!不行就用SRENG扫个报告来看看把!!

强力木马移除工具-费尔PowerRmv.rar

101.04 KB, 下载次数: 32

烟水寒云
 楼主| 发表于 2007-5-21 11:21:10 | 显示全部楼层
以上二楼三楼两位兄弟的办法都杀不死此毒.有时候看起来没有了,但是有时候有会重新生成,在桌面上还有一个方框里面像个S形的图标!!为什么会是这样??/难道真杀不死此UPXDND.DLL的病毒了????高手都进来看看啊?
hljbhs
头像被屏蔽
发表于 2007-5-21 11:28:33 | 显示全部楼层
我进厂经常是进入安全模式杀掉它
烟水寒云
 楼主| 发表于 2007-5-21 11:36:26 | 显示全部楼层
在安全模式下也杀不了/看着好像杀了.但是重启动后卡巴又报
烟水寒云
 楼主| 发表于 2007-5-21 11:57:58 | 显示全部楼层
SRENG扫描的报告怎么上传啊?能否发个邮箱传送呢?
观弈书童
发表于 2007-5-21 12:01:02 | 显示全部楼层
直接复制到论坛回复就行了
烟水寒云
 楼主| 发表于 2007-5-21 12:21:14 | 显示全部楼层

  1. 2007-05-21,11:51:46                     请帮忙看看
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17.     <1s658cy0fqzkte><C:\DOCUME~1\asus\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
  18. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  19.     <load><>  [N/A]
  20.     <run><>  [N/A]
  21. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  22.     <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  23.     <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  24.     <Persistence><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Publisher]
  25.     <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  26.     <High Definition Audio 属性页快捷方式><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
  27.     <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  28.     <Wireless Console 2><C:\Program Files\Wireless Console 2\wcourier.exe>  []
  29.     <IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe">  [Intel Corporation]
  30.     <IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless>  [Intel Corporation]
  31.     <ACMON><C:\Program Files\ASUS\Splendid\ACMON.exe>  [ATK]
  32.     <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
  33.     <WebThunder><; D:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
  34.     <upxdnd><C:\WINDOWS\upxdnd.exe>  []
  35. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  36.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  37.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  38. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  39.     <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
  40. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  41.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  43.     <{42A612A4-4334-4424-4234-42261A31A236}><>  [N/A]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
  45.     <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  47.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  49.     <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
  50. ==================================
  51. 启动文件夹
  52. [Adobe Reader Speed Launch]
  53.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\PROGRA~1\Adobe\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>
  54. [卸载阿里旺旺(淘宝版)]
  55.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\卸载阿里旺旺(淘宝版).lnk --> D:\PROGRA~1\Alisoft\WangWang\UNWISE.EXE [N/A]><H>
  56. [阿里旺旺(淘宝版)]
  57.   <C:\Documents and Settings\asus\「开始」菜单\程序\启动\阿里旺旺(淘宝版).lnk --> D:\PROGRA~1\Alisoft\WangWang\WangWang.exe [阿里软件(中国)有限公司]><H>
  58. ==================================
  59. 服务
  60. [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  61.   <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
  62. [Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  63.   <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
  64. [Human Interface Device Access / HidServ][Stopped/Disabled]
  65.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  66. [Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  67.   <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
  68. [Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
  69.   <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
  70. [WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
  71.   <><N/A>
  72. ==================================
  73. 驱动程序
  74. [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  75.   <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
  76. [AEGIS Protocol (IEEE 802.1x) v3.5.3.0 / AegisP][Running/Auto Start]
  77.   <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
  78. [Microsoft 用于 High Definition Audio 服务的 UAA 功能驱动程序 / HdAudAddService][Stopped/Manual Start]
  79.   <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
  80. [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  81.   <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
  82. [ialm / ialm][Running/Manual Start]
  83.   <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
  84. [kl1 / kl1][Running/Boot Start]
  85.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  86. [klif / klif][Running/System Start]
  87.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  88. [Motorola Messenger Modem Audio Device / M3AD][Running/Manual Start]
  89.   <system32\drivers\m3aux.sys><Motorola Inc>
  90. [ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  91.   <system32\DRIVERS\ATKACPI.sys><>
  92. [用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
  93.   <system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
  94. [npkcrypt / npkcrypt][Running/Auto Start]
  95.   <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  96. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  97.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  98. [rimmptsk / rimmptsk][Running/Manual Start]
  99.   <system32\DRIVERS\rimmptsk.sys><REDC>
  100. [rimsptsk / rimsptsk][Running/Manual Start]
  101.   <system32\DRIVERS\rimsptsk.sys><REDC>
  102. [Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  103.   <system32\DRIVERS\rixdptsk.sys><REDC>
  104. [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  105.   <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
  106. [WLAN Transport / s24trans][Running/Auto Start]
  107.   <system32\DRIVERS\s24trans.sys><Intel Corporation>
  108. [Secdrv / Secdrv][Stopped/Manual Start]
  109.   <system32\DRIVERS\secdrv.sys><N/A>
  110. [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  111.   <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
  112. [TSP / TSP][Stopped/Manual Start]
  113.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  114. ==================================
  115. 浏览器加载项
  116. [Adobe PDF Reader Link Helper]
  117.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  118. [艾美特CRM管理系统(正式环境)]
  119.   {0471FE67-7F62-453A-BE13-2A47498B6AEE} <http://crm.airmate-china.cc:80/, N/A>
  120. [Web反病毒保护]
  121.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
  122. [启动Web迅雷]
  123.   {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
  124. [SinoCCTools Control]
  125.   {5BF185B5-AED9-4F7F-818F-5C48A674D016} <C:\WINDOWS\DOWNLO~1\SINOCC~1.DLL, Guangzhou Collaborative Commerce Tech Co,. Ltd.>
  126. [AmtCrm_inf Control]
  127.   {38F53BD4-21A1-4BC8-B54E-489E13AFE5CF} <C:\WINDOWS\system32\AmtCrm.dll, >
  128. [SinoCCTools Control]
  129.   {5BF185B5-AED9-4F7F-818F-5C48A674D016} <C:\WINDOWS\DOWNLO~1\SINOCC~1.DLL, Guangzhou Collaborative Commerce Tech Co,. Ltd.>
  130. [Windows Media Player]
  131.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  132. [SearchAssistantOC]
  133.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  134. [RDS.DataSpace]
  135.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  136. [Shockwave Flash Object]
  137.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  138. [使用Web迅雷下载]
  139.   <D:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
  140. [使用Web迅雷下载全部链接]
  141.   <D:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
  142. [导出到 Microsoft Excel(&x)]
  143.   <res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
  144. ==================================
复制代码
烟水寒云
 楼主| 发表于 2007-5-21 12:22:34 | 显示全部楼层
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1       localhost
==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xAA567B25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xAA567D67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xAA567F0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xAA567C49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xAA567E8F)
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 12:55 , Processed in 0.134740 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表