佳礼资讯网

 找回密码
 注册

ADVERTISEMENT

查看: 958|回复: 11

救命啊!!!这是什莫virus???

[复制链接]
发表于 14-2-2005 08:25 PM | 显示全部楼层 |阅读模式

各位,请救救我啊!!!!
这到底是什莫病毒???
要如何解决????
请各位救救小弟!!!!!!!!
回复

使用道具 举报


ADVERTISEMENT

发表于 14-2-2005 09:40 PM | 显示全部楼层
回复

使用道具 举报

发表于 14-2-2005 09:51 PM | 显示全部楼层
回复

使用道具 举报

发表于 19-2-2005 10:13 AM | 显示全部楼层
请问我怎样能够大搞呢?因为我已经中了病毒喔???连Yahoo mail也是看不到呀!!!请问怎样去医病毒先呢?

讯息如下:
Your Inbox has too much SPAM!
Update your spam protection Now!


我去开mail.yahoo.com.hk,一开就弹回来呀!!!还弹去不知道是什么网页咯!!!有以下几个不清楚的网页:

http://vv7.al.57e.net/slvr.php?p ... 8710&r=298638d2

http://vv6.s13.tempx.cc/yrgv.php ... amp;qq=spyware&

http://vv7.al.57e.net/bbse.php?p ... amp;qq=spyware&


还有的是连http://www.microsoft.com也是上不到呀!!!请多多指点我吧!!!多多谢先啦!!!
回复

使用道具 举报

发表于 19-2-2005 10:28 AM | 显示全部楼层
就再多一个问题出现咯!!!请帮帮忙拉我知道吧!!!多谢!!!



                               System Update

Your computer may be recording many or all of your Internet Activites. Personal privacy protection is possible with a Security Update. Download now and see what your computer has and is recording to your hard drive. Common activities such as :


*Websites visited, pictures, videos and movies played, websites cookies and cache, personal information, and much much more may be actively recording on your computer.

*Windows is a copyright of Microsoft Corporation. System Soap and Microsoft are not affiliated.

*Press the OKAY button to begin your Privacy Protection Update.

                          OK          Cancel

                        
                    Press anywhere on this window to continue_


我按了OK之后,弹去了这一个奇怪网址呀!!!
http://vv7.al.57e.net/rxwa.php?p ... amp;qq=spyware&

[ Last edited by chtklim13 on 19-2-2005 at 10:31 AM ]
回复

使用道具 举报

发表于 19-2-2005 06:25 PM | 显示全部楼层
请再问问,以下是什么来的呢?可不可以指教怎样大搞掉不要呢???多谢先咯!!!看看先吧!!!等回复喔???


开机出现这个鬼东东:

RUNDLL

Error loading C;\\PROGRA~1\3721\helper.dll
The specified module could not be found

                 OK



上网不久就HANG机喔??还有出现什么蓝色画面白色字体挡机喔?要拨开储备电池,再把电池安装回,才能够重新开机呀!!!

其中第一个出现过的问题如下:

A Problem has been detected and Windows has been shutdown to present damage to your computer.

KERNEL_STACK_INPACE_ERROR

If this is the first time you're seen this stop error screen, restart your computer. if this screen appers again, follow these step :

Check to make sure any new hardware or software is properly installed.

If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problem continue, disable or remove any newly installed hardware or software, Disable BIOS memory options such as caching or shadowing. if you need to use Safe Mode to remove or disable components, restart your computer. press F8 to select Advance Startup options, and then select Safe Mode.


Technical informational :

***STOP : 0x00000077 (0xC000000E,0xC000000E,0x00000000,0x007D7D4000)


Beginning dump of physical memory



其中第二个也是有出现过的问题如下:

Warning - Your computer may be infected with spyware

If your computer has been running slower than usual, it may be infected with Adware or Spyware To scan your computer for such infections, click yes below.

To learn more about the dangers of Spyware, click here.

                              Yes        No


按了就出现这个网页咯!!!
http://vv7.al.57e.net/iqqa.php?a ... pyware+removal&


请问如果我重新安装呢?可以吗?我中了很多病毒喔???也不知道大概是多少,至于电邮信箱应该是超过一百三是多以上的病毒吧!!!其它的查不到,其它的是有很多是病毒等等,我是用MICROSOFT PROFESSIONAL SP1的手提电脑系统,可以SYSTEM RESTORE吗?有问题出现吗?多谢先咯!!!

[ Last edited by chtklim13 on 19-2-2005 at 06:27 PM ]
回复

使用道具 举报

Follow Us
发表于 19-2-2005 07:44 PM | 显示全部楼层
我找到了一些病毒,请问需不需要吸毒呢?吸毒的意思是弄掉它咯!!!不想要咯!!!对吗???怎样吸毒呢???帮帮忙吧!!!

ArchiveData(auto-quarantine- 2005-02-19 19-26-21.bckp)
Referencefile : SE1R28 16.02.2005
======================================================

ALEXA
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[7]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[50]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

BDSEARCH PLUGIN
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[8]=Regkey : bdhlprobj.bdhlprobj
obj[9]=RegValue : bdhlprobj.bdhlprobj ""
obj[10]=Regkey : bdhlprobj.bdhlprobj.1
obj[11]=RegValue : bdhlprobj.bdhlprobj.1 ""
obj[12]=Regkey : bdhook.bdsrchhook
obj[13]=RegValue : bdhook.bdsrchhook ""
obj[14]=Regkey : bdhook.bdsrchhook.1
obj[15]=RegValue : bdhook.bdsrchhook.1 ""
obj[16]=Regkey : bdhook.urlbdhook
obj[17]=RegValue : bdhook.urlbdhook ""
obj[18]=Regkey : bdhook.urlbdhook.1
obj[19]=RegValue : bdhook.urlbdhook.1 ""
obj[20]=Regkey : bdplugins.interceptor
obj[21]=RegValue : bdplugins.interceptor ""
obj[22]=Regkey : bdplugins.interceptor.1
obj[23]=RegValue : bdplugins.interceptor.1 ""
obj[24]=Regkey : clsid\{18af9e61-b5bc-48b0-884f-2c1d9e73c962}
obj[25]=RegValue : clsid\{18af9e61-b5bc-48b0-884f-2c1d9e73c962} ""
obj[26]=Regkey : clsid\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662}
obj[27]=RegValue : clsid\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662} ""
obj[28]=Regkey : clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}
obj[29]=RegValue : clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c} ""
obj[30]=Regkey : clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
obj[31]=RegValue : clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} ""
obj[32]=Regkey : typelib\{3034f39c-a0b3-4068-9c0c-fc566b0263a3}
obj[33]=Regkey : typelib\{afc3cdef-b447-4146-afa2-91c754468bc4}
obj[34]=Regkey : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch
obj[35]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "ID"
obj[36]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Type"
obj[37]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "RegPath"
obj[38]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "ValueName"
obj[39]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Text"
obj[40]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "PlugUIText"
obj[41]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "HKeyRoot"
obj[42]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "DefaultValue"
obj[43]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "CheckedValue"
obj[44]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "UncheckedValue"
obj[45]=RegValue : software\microsoft\internet explorer\advancedoptions\accessibility\bdsearch "Notice"
obj[46]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
obj[51]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\urlsearchhooks "{2C5AA40E-8814-4EB6-876E-7EFB8B3F9662}"
obj[52]=RegValue : software\microsoft\windows\currentversion\explorer\shellexecutehooks "{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}"

CNSMIN
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[47]=Regkey : software\microsoft\internet explorer\advancedoptions\!cns

SHOPNAV HIJACKER
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[48]=Regkey : interface\{f08555af-9cc3-11d2-aa8e-000000000000}
obj[49]=RegValue : interface\{f08555af-9cc3-11d2-aa8e-000000000000} ""
obj[75]=Regkey : interface\{ce7c3cef-4b15-11d1-abed-709549c10000}
obj[76]=Regkey : typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}

COOLWEBSEARCH
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[53]=RegValue : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\internet explorer\main "HOMEOldSP"
obj[54]=RegValue : software\microsoft\internet explorer\main "HOMEOldSP"
obj[77]=Regkey : protocols\filter\text/plain
obj[78]=RegValue : protocols\filter\text/plain "CLSID"
obj[79]=Regkey : protocols\filter\text/html
obj[80]=RegValue : protocols\filter\text/html "CLSID"
obj[81]=RegValue : software\microsoft\windows\currentversion\run "olehelp"
obj[82]=RegValue : software\microsoft\internet explorer\search "SearchAssistant"
obj[83]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[84]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[85]=RegValue : software\microsoft\internet explorer\main "Use Search Asst"
obj[86]=RegValue : software\classes\protocols\filter\text/html "CLSID"
obj[87]=RegData : software\microsoft\windows\currentversion\internet settings "ProxyEnable"

POSSIBLE BROWSER HIJACK ATTEMPT
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[55]=RegValue : software\microsoft\windows\currentversion\run "sp"
obj[58]=RegData : Software\Microsoft\Internet Explorer\Main "Start Page"
obj[59]=Regkey : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer
obj[60]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayName"
obj[61]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "UninstallString"
obj[62]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayIcon"
obj[63]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "DisplayVersion"
obj[64]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "NSIS:StartMenuDir"
obj[65]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "URLInfoAbout"
obj[66]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Stormer "Publisher"
obj[90]=File : C:\Documents and Settings\user\Favorites\Spyware Stormer - Scan.url
obj[91]=File : C:\Documents and Settings\user\Favorites\Adware, Spyware, Popups - They invade your privacy and harm your PC. Protect Yourself with NoAdware!.url

WINDOWS
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[56]=RegData : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\windows\currentversion\policies\system "DisableTaskMgr"
obj[57]=RegData : S-1-5-21-2926724112-3476426011-990981949-1004\software\microsoft\windows\currentversion\policies\system "DisableRegistryTools"

TRACKING COOKIE
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[67]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[68]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[69]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[70]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[71]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[72]=IECache Entry : Cookie:lim xxxxx [email protected]/
obj[73]=IECache Entry : C:\Documents and Settings\user\Cookies\lim xxxxx xxxx@doubleclick[1].txt
obj[74]=IECache Entry : C:\Documents and Settings\user\Cookies\lim xxxxx xxxx@atdmt[1].txt

FIZZLEBAR
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[88]=File : C:\DOCUME~1\user\LOCALS~1\Temp\temp.fr7B53\data\menu.txt
obj[89]=File : C:\DOCUME~1\user\LOCALS~1\Temp\temp.fr0437




ArchiveData(auto-quarantine- 2005-02-19 19-40-46.bckp)
Referencefile : SE1R28 16.02.2005
======================================================

POSSIBLE BROWSER HIJACK ATTEMPT
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[0]=RegValue : software\microsoft\windows\currentversion\run "sp"

FIZZLEBAR
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
obj[1]=File : C:\System Volume Information\_restore{F24C96AC-0CCB-4417-B068-353A43B6FCD3}\RP88\A0039107.exe
obj[2]=File : C:\System Volume Information\_restore{F24C96AC-0CCB-4417-B068-353A43B6FCD3}\RP89\A0039980.exe






请问怎样搞它走呢?我不想要咯!!!有什么方法不想见它呢???

http://vv7.al.57e.net

[ Last edited by chtklim13 on 19-2-2005 at 07:50 PM ]
回复

使用道具 举报

weiyewc 该用户已被删除
发表于 20-2-2005 01:24 AM | 显示全部楼层
第一先update你的Anti-virus,
第二请关掉system restore
第三restart机,然后再restart按F8 进入safe mode ,然后用你的anti-virus scan
回复

使用道具 举报


ADVERTISEMENT

发表于 20-2-2005 11:44 PM | 显示全部楼层
weiyewc 于 20-2-2005 01:24  说 :
第一先update你的Anti-virus,
第二请关掉system restore
第三restart机,然后再restart按F8 进入safe mode ,然后用你的anti-virus scan



有呀!!!还是有好鬼多多的问题出现喔???哈哈哈哈哈!!!多谢您先吧!!!我是知道的咯!!!有没有其它的好方法呢???
回复

使用道具 举报

发表于 27-2-2005 03:33 AM | 显示全部楼层
chtklim13 于 20-2-2005 11:44 PM  说 :



有呀!!!还是有好鬼多多的问题出现喔???哈哈哈哈哈!!!多谢您先吧!!!我是知道的咯!!!有没有其它的好方法呢???

你可以叫朋友弄antivirus的boot disk來boot機然後scan...不然用 norton antivirus的 boot cd 也是可以scan,但是我認為diskket 比較好,因為可以先update 到最新板本...
回复

使用道具 举报

逍遙子_vincent 该用户已被删除
发表于 1-3-2005 12:12 AM | 显示全部楼层
gdesign85 于 14-2-2005 20:25  说 :

各位,请救救我啊!!!!
这到底是什莫病毒???
要如何解决????
请各位救救小弟!!!!!!!!

请问您已经杀掉这毒了吗,很容易杀罢了,不杀的话却很麻烦,如不能update NAV,不能download东西等等

要杀这毒要到start>run>regedit,可是,由于平常registry被这毒封了,所以要到safemode里才有机会杀它
safemode里start>run>regedit,之后到HKLM>software>microsoft>windows>current version>run,没记错的话会有3个registry key会在data那里写Isass.exe,delete掉就好了.
restart,delete掉那些icon,如果删后还会来的话,代表毒还在,不会来就没事

[ Last edited by 逍遙子_vincent on 1-3-2005 at 12:14 AM ]
回复

使用道具 举报

 楼主| 发表于 1-3-2005 12:26 AM | 显示全部楼层
我杀了它们了!!!谢谢
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

 

ADVERTISEMENT



ADVERTISEMENT



ADVERTISEMENT

ADVERTISEMENT


版权所有 © 1996-2023 Cari Internet Sdn Bhd (483575-W)|IPSERVERONE 提供云主机|广告刊登|关于我们|私隐权|免控|投诉|联络|脸书|佳礼资讯网

GMT+8, 30-10-2024 11:55 AM , Processed in 0.098969 second(s), 23 queries , Gzip On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表