查看: 958|回复: 11
|
救命啊!!!这是什莫virus???
[复制链接]
|
|
各位,请救救我啊!!!!
这到底是什莫病毒???
要如何解决????
请各位救救小弟!!!!!!!! |
|
|
|
|
|
|
|
发表于 14-2-2005 09:40 PM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 14-2-2005 09:51 PM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 19-2-2005 10:13 AM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 19-2-2005 10:28 AM
|
显示全部楼层
就再多一个问题出现咯!!!请帮帮忙拉我知道吧!!!多谢!!!
System Update
Your computer may be recording many or all of your Internet Activites. Personal privacy protection is possible with a Security Update. Download now and see what your computer has and is recording to your hard drive. Common activities such as :
*Websites visited, pictures, videos and movies played, websites cookies and cache, personal information, and much much more may be actively recording on your computer.
*Windows is a copyright of Microsoft Corporation. System Soap and Microsoft are not affiliated.
*Press the OKAY button to begin your Privacy Protection Update.
OK Cancel
Press anywhere on this window to continue_
我按了OK之后,弹去了这一个奇怪网址呀!!!
http://vv7.al.57e.net/rxwa.php?p ... amp;qq=spyware&
[ Last edited by chtklim13 on 19-2-2005 at 10:31 AM ] |
|
|
|
|
|
|
|
发表于 19-2-2005 06:25 PM
|
显示全部楼层
请再问问,以下是什么来的呢?可不可以指教怎样大搞掉不要呢???多谢先咯!!!看看先吧!!!等回复喔???
开机出现这个鬼东东:
RUNDLL
Error loading C;\\PROGRA~1\3721\helper.dll
The specified module could not be found
OK
上网不久就HANG机喔??还有出现什么蓝色画面白色字体挡机喔?要拨开储备电池,再把电池安装回,才能够重新开机呀!!!
其中第一个出现过的问题如下:
A Problem has been detected and Windows has been shutdown to present damage to your computer.
KERNEL_STACK_INPACE_ERROR
If this is the first time you're seen this stop error screen, restart your computer. if this screen appers again, follow these step :
Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problem continue, disable or remove any newly installed hardware or software, Disable BIOS memory options such as caching or shadowing. if you need to use Safe Mode to remove or disable components, restart your computer. press F8 to select Advance Startup options, and then select Safe Mode.
Technical informational :
***STOP : 0x00000077 (0xC000000E,0xC000000E,0x00000000,0x007D7D4000)
Beginning dump of physical memory
其中第二个也是有出现过的问题如下:
Warning - Your computer may be infected with spyware
If your computer has been running slower than usual, it may be infected with Adware or Spyware To scan your computer for such infections, click yes below.
To learn more about the dangers of Spyware, click here.
Yes No
按了就出现这个网页咯!!!
http://vv7.al.57e.net/iqqa.php?a ... pyware+removal&
请问如果我重新安装呢?可以吗?我中了很多病毒喔???也不知道大概是多少,至于电邮信箱应该是超过一百三是多以上的病毒吧!!!其它的查不到,其它的是有很多是病毒等等,我是用MICROSOFT PROFESSIONAL SP1的手提电脑系统,可以SYSTEM RESTORE吗?有问题出现吗?多谢先咯!!!
[ Last edited by chtklim13 on 19-2-2005 at 06:27 PM ] |
|
|
|
|
|
|
|
发表于 19-2-2005 07:44 PM
|
显示全部楼层
我找到了一些病毒,请问需不需要吸毒呢?吸毒的意思是弄掉它咯!!!不想要咯!!!对吗???怎样吸毒呢???帮帮忙吧!!!
ArchiveData(auto-quarantine- 2005-02-19 19-26-21.bckp)
Referencefile : SE1R28 16.02.2005
======================================================
ALEXA
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[7]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[50]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
BDSEARCH PLUGIN
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[8]=Regkey : bdhlprobj.bdhlprobj
obj[9]=RegValue : bdhlprobj.bdhlprobj ""
obj[10]=Regkey : bdhlprobj.bdhlprobj.1
obj[11]=RegValue : bdhlprobj.bdhlprobj.1 ""
obj[12]=Regkey : bdhook.bdsrchhook
obj[13]=RegValue : bdhook.bdsrchhook ""
obj[14]=Regkey : bdhook.bdsrchhook.1
obj[15]=RegValue : bdhook.bdsrchhook.1 ""
obj[16]=Regkey : bdhook.urlbdhook
obj[17]=RegValue : bdhook.urlbdhook ""
obj[18]=Regkey : bdhook.urlbdhook.1
obj[19]=RegValue : bdhook.urlbdhook.1 ""
obj[20]=Regkey : bdplugins.interceptor
obj[21]=RegValue : bdplugins.interceptor ""
obj[22]=Regkey : bdplugins.interceptor.1
obj[23]=RegValue : bdplugins.interceptor.1 ""
obj[24]=Regkey : clsid\{18af9e61-b5bc-48b0-884f-2c1d9e73c962}
obj[25]=RegValue : clsid\{18af9e61-b5bc-48b0-884f-2c1d9e73c962} ""
obj[26]=Regkey : clsid\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662}
obj[27]=RegValue : clsid\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662} ""
obj[28]=Regkey : clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}
obj[29]=RegValue : clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c} ""
obj[30]=Regkey : clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
obj[31]=RegValue : clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} ""
obj[32]=Regkey : typelib\{3034f39c-a0b3-4068-9c0c-fc566b0263a3}
obj[33]=Regkey : typelib\{afc3cdef-b447-4146-afa2-91c754468bc4}
obj[34]=Regkey : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch
obj[35]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "ID"
obj[36]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Type"
obj[37]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "RegPath"
obj[38]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "ValueName"
obj[39]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Text"
obj[40]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "PlugUIText"
obj[41]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "HKeyRoot"
obj[42]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "DefaultValue"
obj[43]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "CheckedValue"
obj[44]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "UncheckedValue"
obj[45]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Notice"
obj[46]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
obj[51]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\urlsearchhooks "{2C5AA40E-8814-4EB6-876E-7EFB8B3F9662}"
obj[52]=RegValue : software\microsoft\windows\currentversion\explorer\shellexecutehooks "{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}"
CNSMIN
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[47]=Regkey : software\microsoft\internet explorer\advancedoptions\!cns
SHOPNAV HIJACKER
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[48]=Regkey : interface\{f08555af-9cc3-11d2-aa8e-000000000000}
obj[49]=RegValue : interface\{f08555af-9cc3-11d2-aa8e-000000000000} ""
obj[75]=Regkey : interface\{ce7c3cef-4b15-11d1-abed-709549c10000}
obj[76]=Regkey : typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}
COOLWEBSEARCH
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[53]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\main "HOMEOldSP"
obj[54]=RegValue : software\microsoft\internet explorer\main "HOMEOldSP"
obj[77]=Regkey : protocols\filter\text/plain
obj[78]=RegValue : protocols\filter\text/plain "CLSID"
obj[79]=Regkey : protocols\filter\text/html
obj[80]=RegValue : protocols\filter\text/html "CLSID"
obj[81]=RegValue : software\microsoft\windows\currentversion\run "olehelp"
obj[82]=RegValue : software\microsoft\internet explorer\search "SearchAssistant"
obj[83]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[84]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[85]=RegValue : software\microsoft\internet explorer\main "Use Search Asst"
obj[86]=RegValue : software\classes\protocols\filter\text/html "CLSID"
obj[87]=RegData : software\microsoft\windows\currentversion\internet settings "ProxyEnable"
POSSIBLE BROWSER HIJACK ATTEMPT
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[55]=RegValue : software\microsoft\windows\currentversion\run "sp"
obj[58]=RegData : Software\Microsoft\Internet Explorer\Main "Start Page"
obj[59]=Regkey : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer
obj[60]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayName"
obj[61]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "UninstallString"
obj[62]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayIcon"
obj[63]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayVersion"
obj[64]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "NSIS:StartMenuDir"
obj[65]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "URLInfoAbout"
obj[66]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "Publisher"
obj[90]=File : C:\Documents and Settings\user\Favorites\Spyware Stormer - Scan.url
obj[91]=File : C:\Documents and Settings\user\Favorites\Adware, Spyware, Popups - They invade your privacy and harm your PC. Protect Yourself with NoAdware!.url
WINDOWS
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[56]=RegData : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\windows\currentversion\policies\system "DisableTaskMgr"
obj[57]=RegData : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\windows\currentversion\policies\system "DisableRegistryTools"
TRACKING COOKIE
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[67]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[68]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[69]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[70]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[71]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[72]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[73]=IECache Entry : C:\Documents and Settings\user\Cookies\lim xxxxx xxxx@doubleclick[1].txt
obj[74]=IECache Entry : C:\Documents and Settings\user\Cookies\lim xxxxx xxxx@atdmt[1].txt
FIZZLEBAR
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[88]=File : C:\DOCUME~1\user\LOCALS~1\Temp\temp.fr7B53\data\menu.txt
obj[89]=File : C:\DOCUME~1\user\LOCALS~1\Temp\temp.fr0437
ArchiveData(auto-quarantine- 2005-02-19 19-40-46.bckp)
Referencefile : SE1R28 16.02.2005
======================================================
POSSIBLE BROWSER HIJACK ATTEMPT
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[0]=RegValue : software\microsoft\windows\currentversion\run "sp"
FIZZLEBAR
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[1]=File : C:\System Volume Information\_restore{F24C96AC-0CCB-4417-B068-353A43B6FCD3}\RP88\A0039107.exe
obj[2]=File : C:\System Volume Information\_restore{F24C96AC-0CCB-4417-B068-353A43B6FCD3}\RP89\A0039980.exe
请问怎样搞它走呢?我不想要咯!!!有什么方法不想见它呢???
http://vv7.al.57e.net
[ Last edited by chtklim13 on 19-2-2005 at 07:50 PM ] |
|
|
|
|
|
|
|
发表于 20-2-2005 01:24 AM
|
显示全部楼层
第一先update你的Anti-virus,
第二请关掉system restore
第三restart机,然后再restart按F8 进入safe mode ,然后用你的anti-virus scan |
|
|
|
|
|
|
|
发表于 20-2-2005 11:44 PM
|
显示全部楼层
weiyewc 于 20-2-2005 01:24 说 :
第一先update你的Anti-virus,
第二请关掉system restore
第三restart机,然后再restart按F8 进入safe mode ,然后用你的anti-virus scan
有呀!!!还是有好鬼多多的问题出现喔???哈哈哈哈哈!!!多谢您先吧!!!我是知道的咯!!!有没有其它的好方法呢??? |
|
|
|
|
|
|
|
发表于 27-2-2005 03:33 AM
|
显示全部楼层
chtklim13 于 20-2-2005 11:44 PM 说 :
有呀!!!还是有好鬼多多的问题出现喔???哈哈哈哈哈!!!多谢您先吧!!!我是知道的咯!!!有没有其它的好方法呢???
你可以叫朋友弄antivirus的boot disk來boot機然後scan...不然用 norton antivirus的 boot cd 也是可以scan,但是我認為diskket 比較好,因為可以先update 到最新板本... |
|
|
|
|
|
|
|
发表于 1-3-2005 12:12 AM
|
显示全部楼层
gdesign85 于 14-2-2005 20:25 说 :
各位,请救救我啊!!!!
这到底是什莫病毒???
要如何解决????
请各位救救小弟!!!!!!!!
请问您已经杀掉这毒了吗,很容易杀罢了,不杀的话却很麻烦,如不能update NAV,不能download东西等等
要杀这毒要到start>run>regedit,可是,由于平常registry被这毒封了,所以要到safemode里才有机会杀它
safemode里start>run>regedit,之后到HKLM>software>microsoft>windows>current version>run,没记错的话会有3个registry key会在data那里写Isass.exe,delete掉就好了.
restart,delete掉那些icon,如果删后还会来的话,代表毒还在,不会来就没事
[ Last edited by 逍遙子_vincent on 1-3-2005 at 12:14 AM ] |
|
|
|
|
|
|
|
楼主 |
发表于 1-3-2005 12:26 AM
|
显示全部楼层
|
|
|
|
|
|
| |
本周最热论坛帖子
|