这个病毒感染后怎么杀。

显示全部楼层 · 发表于 2011-3-21 18:12:46

回复 9楼暗羽天剑的帖子

你如果有可引导系统光盘的话，选择光盘引导启动，重新安装系统就可以了，或者看在安全模式下进行360杀毒，看系统能否恢复正产

显示全部楼层 · 发表于 2011-3-21 18:19:50

诺顿都杀掉了

显示全部楼层 · 发表于 2011-3-21 18:32:37

rising kill

显示全部楼层 · 发表于 2011-3-21 18:36:25

这种情况下只有找大蜘蛛。看过avc的测试，貌似escan的清毒效果也很好

显示全部楼层 · 发表于 2011-3-21 19:05:02

同一个病毒，大蜘蛛：
backup.exe packed by UPX
backup.exe probably infected with BACKDOOR.Trojan
backup.exe - archive BINARYRES
backup.exe/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\backup.exe_295343 packed by UPX
BackFiles\backup.exe_295343 probably infected with BACKDOOR.Trojan
BackFiles\backup.exe_295343 - archive BINARYRES
BackFiles\backup.exe_295343/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\backup.exe_295562 packed by UPX
BackFiles\backup.exe_295562 probably infected with BACKDOOR.Trojan
BackFiles\backup.exe_295562 - archive BINARYRES
BackFiles\backup.exe_295562/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\backup.exe_459671 packed by UPX
BackFiles\backup.exe_459671 probably infected with BACKDOOR.Trojan
BackFiles\backup.exe_459671 - archive BINARYRES
BackFiles\backup.exe_459671/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\explorer.exe_435171 packed by UPX
BackFiles\explorer.exe_435171 probably infected with BACKDOOR.Trojan
BackFiles\explorer.exe_435171 - archive BINARYRES
BackFiles\explorer.exe_435171/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\smss.exe_438562 packed by UPX
BackFiles\smss.exe_438562 probably infected with BACKDOOR.Trojan
BackFiles\smss.exe_438562 - archive BINARYRES
BackFiles\smss.exe_438562/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\smss.exe_454125 packed by UPX
BackFiles\smss.exe_454125 probably infected with BACKDOOR.Trojan
BackFiles\smss.exe_454125 - archive BINARYRES
BackFiles\smss.exe_454125/data001 infected with Trojan.PWS.Qqpass.origin

BackFiles\smss.exe_454140 packed by UPX
BackFiles\smss.exe_454140 probably infected with BACKDOOR.Trojan
BackFiles\smss.exe_454140 - archive BINARYRES
BackFiles\smss.exe_454140/data001 infected with Trojan.PWS.Qqpass.origin

因为这是大蜘蛛启发式分析技术和Origins.Tracing技术，也就是非特征风险程序运算法则做出的判断，所以暂时无法清除，只能是隔离或者删除

显示全部楼层 · 发表于 2011-3-21 19:07:36

建议楼主上报给大蜘蛛试试看吧！一个是后门木马，另外一个是盗号木马，要是大蜘蛛确定这两个病毒的话，或许可以清除病毒。
大蜘蛛病毒样本上报：
10M以下：https://vms.drweb.com/sendvirus/
10M以上：vms@drweb.com

文件加密virus或者infected

显示全部楼层 · 发表于 2011-3-21 20:37:43

回复 1楼暗羽天剑的帖子

试试mse，这两个样本mse报特征，应该能修复。

显示全部楼层 · 发表于 2011-3-21 20:44:52

在虚拟机里试吧~

显示全部楼层 · 发表于 2011-3-21 21:35:14

avast!6.0全部拦截。

显示全部楼层 · 发表于 2011-3-21 22:33:06

本帖最后由尤金卡巴斯基于 2011-3-21 22:33 编辑

2011/3/21 22:30:17 已删除病毒 Worm.Win32.AutoRun.ceca G:\Temp\temp\backup.rar//backup.exe//UPX
2011/3/21 22:30:17 已删除病毒 Worm.Win32.AutoRun.ceca G:\Temp\temp\BackFiles.rar//BackFiles\backup.exe_295343//UPX
2011/3/21 22:30:18 已删除病毒 Worm.Win32.AutoRun.ceca G:\Temp\temp\BackFiles.rar//BackFiles\explorer.exe_435171//UPX
2011/3/21 22:30:18 已删除病毒 Worm.Win32.AutoRun.ceca G:\Temp\temp\BackFiles.rar//BackFiles\smss.exe_438562//UPX

[病毒样本] 这个病毒感染后怎么杀。