砂砾 - 2005-11-25 10:23:00
病毒名称为trojanspy.win32.gwghost.35.dll
瑞星只能说发现病毒,但是却老杀不了!请教各位怎么办啊?
BlackStone - 2005-11-25 10:37:00
用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼
砂砾 - 2005-11-25 11:29:00
谢谢楼上的高手,日志如下:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ Thunderc:\program files\thunder network\thunder\thundershell.exe
C:\Documents and Settings\sky\「开始」菜单\程序\启动
+ 腾讯QQ.lnkQQTENCENTc:\tencent\qq\qq.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ DesktopSpriteSnowFox Studio.c:\program files\snowfox\desktopsprite2\desktopsprite.exe
HKLM\System\CurrentControlSet\Services
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ bho Class万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll
+ NTIECatcher ClassNet Transport IE Helper ModuleXid:\program files\xi\nettransport 2\ntiehelper.dll
+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\tencent\qq\qqiehelper.dll
+ 超级兔子上网精灵超级兔子上网精灵超级兔子d:\program files\super rabbit\magicset\haokanbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ update万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar\
+ 超级兔子上网精灵超级兔子上网精灵超级兔子d:\program files\super rabbit\magicset\haokanbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ kele8File not found: http://www.kele8.com/
+ 腾讯QQQQTENCENTc:\tencent\qq\qq.exe
+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5
BlackStone - 2005-11-25 11:32:00
日志没看出问题
杀毒软件提示染读文件的路径是什么
砂砾 - 2005-11-25 13:52:00
路径是:C:\System Volume Information\_restore{251A95D3-CFA8-4D9A-8FEA-27AFE1588D46}\RP338
批着羊皮的狼 - 2005-11-25 14:06:00
建议楼主用微点主动防御软件试试,这款软件针对未知病毒,未知木马,特别是清除疑难病毒处理效果非常不错,另外结合强大的软件系统分析、网络分析,对电脑一些异常的行为进行全面的监控。
http://www.micropoint.com.cn
BlackStone - 2005-11-25 14:10:00
关闭XP的系统还原再杀毒试试
© 2000 - 2026 Rising Corp. Ltd.