|
请问!如何删除这个病毒,
每次删除了。再扫描还是会再出现。。。。
[ 本帖最后由 spectator 于 29-10-2006 07:07 PM 编辑 ] |
|
|
|
|
|
|
|
发表于 28-10-2006 10:51 PM
|
显示全部楼层
去这里:
- http://www.short-media.com/forum/showthread.php?t=44734
复制代码 |
|
|
|
|
|
|
|
楼主 |
发表于 29-10-2006 12:30 AM
|
显示全部楼层
Complete scanning result of "smss.exe", received in VirusTotal at 10.28.2006, 18:18:06 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.28.2006 no virus found
Authentium 4.93.8 10.28.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.28.2006 no virus found
CAT-QuickHeal 8.00 10.28.2006 no virus found
ClamAV devel-20060426 10.28.2006 no virus found
DrWeb 4.33 10.28.2006 no virus found
eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 no virus found
Ewido 4.0 10.28.2006 no virus found
Fortinet 2.82.0.0 10.28.2006 no virus found
F-Prot 3.16f 10.28.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.28.2006 no virus found
Kaspersky 4.0.2.24 10.28.2006 no virus found
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.28.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.27.2006 no virus found
VirusBuster 4.3.15:9 10.28.2006 no virus found
///////////////////////////////////////////////////////////////////////////////////////////////////
File: smss.exe
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 bd7fb0957c716f1a60333aee04de2178
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
我的电脑里头找不到这个 C:\WINDOWS\system32\nvsvcd.exe
C:\WINDOWS\system\smss.exe 这个 SCAN 了又没问题。 |
|
|
|
|
|
|
|
发表于 29-10-2006 11:49 AM
|
显示全部楼层
对不起啊....借你的贴来问下...
我用SYMANTEC SCAN过了...
他写我的C :\RECYCLER
这个FOLDER里面有VIRUS
可是我开C:\ 看...
根本没有RECYCLER这个FOLDER...
也试过查看HIDDEN FILE了...
HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:54:19 AM, on 10/29/2006
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\CursorXP\CursorXP.exe
D:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
D:\WINDOWS\System32\conime.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - D:\WINDOWS\vgraph.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GTaskbar] D:\Documents and Settings\kj\My Documents\My Documents\Redraw.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [RealPlayer] "D:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [VoipStunt] "D:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/ssc ... /vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/ssc ... ommon/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/ ... s/flash/swflash.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - D:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
[ 本帖最后由 kjying 于 29-10-2006 11:55 AM 编辑 ] |
|
|
|
|
|
|
|
楼主 |
发表于 29-10-2006 07:14 PM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 29-10-2006 09:54 PM
|
显示全部楼层
請問...
這個 SmitfraudFix 是scanner?? |
|
|
|
|
|
|
|
发表于 29-10-2006 10:23 PM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 29-10-2006 10:39 PM
|
显示全部楼层
原帖由 kjying 于 29-10-2006 11:49 AM 发表
对不起啊....借你的贴来问下...
我用SYMANTEC SCAN过了...
他写我的C :\RECYCLER
这个FOLDER里面有VIRUS
可是我开C:\ 看...
根本没有RECYCLER这个FOLDER...
也试过查看HIDDEN FILE了...
HIJACKTHIS L ...
可以给那VIRUS
的名字吗? |
|
|
|
|
|
|
|
楼主 |
发表于 30-10-2006 12:25 PM
|
显示全部楼层
|
|
|
|
|
|
|
发表于 30-10-2006 08:48 PM
|
显示全部楼层
原帖由 小杨过 于 29-10-2006 10:39 PM 发表
可以给那VIRUS
的名字吗?
avenue A, Inc.
我用SPYBOT SCAN出这个来... |
|
|
|
|
|
|
|
发表于 30-10-2006 10:52 PM
|
显示全部楼层
原帖由 kjying 于 30-10-2006 08:48 PM 发表
avenue A, Inc.
我用SPYBOT SCAN出这个来...
这问题不大,不必理它,avenue A, Inc.是- http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060813
复制代码 |
|
|
|
|
|
|
|
发表于 30-10-2006 11:13 PM
|
显示全部楼层
原帖由 kjying 于 29-10-2006 11:49 AM 发表
对不起啊....借你的贴来问下...
我用SYMANTEC SCAN过了...
他写我的C :\RECYCLER
这个FOLDER里面有VIRUS
可是我开C:\ 看...
根本没有RECYCLER这个FOLDER...
也试过查看HIDDEN FILE了...
HIJACKTHIS L ...
有人跟你一样,去这里:
- http://chinese.cari.com.my/myforum/viewthread.php?tid=684034&pid=20282905&page=1&extra=page%3D1#pid20282905
复制代码 |
|
|
|
|
|
|
|
发表于 30-10-2006 11:17 PM
|
显示全部楼层
我记得avenue A好像是个cookies来的是吗?? |
|
|
|
|
|
|
|
发表于 30-10-2006 11:18 PM
|
显示全部楼层
|
|
|
|
|
|
| |
本周最热论坛帖子
|