genome - 2006-1-8 20:17:00
我先发现一个:Gray_Pigeon_Server在C:/windows/server.exe下,进安全模式,删除整个键值,开机还是有:
2005-12-06 22:40:14, IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.GPigeon.smd
又做扫描:
O23 - NT 服务: DriveHealth - Helexis Software Development - D:\Program Files\Helexis\Drive Health\dhcore.exe
O23 - NT 服务: Exqlorer - Unknown owner - C:\WINDOWS\Grass.exe
O23 - NT 服务: HDD Temperature (HDDTService) - PalickSoft - D:\Program Files\Palick Soft\HDD Temperature Pro\HDDTsvc.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
请问哪个是啊?
谢谢啦
shawtian - 2006-1-8 20:19:00
O23 - NT 服务: Exqlorer - Unknown owner - C:\WINDOWS\Grass.exe可疑
O23 - NT 服务: HDD Temperature (HDDTService) - PalickSoft - D:\Program Files\Palick Soft\HDD Temperature Pro\HDDTsvc.exe
是什么?
genome - 2006-1-8 20:24:00
谢谢,我也觉得那个可疑,下面一个没有问题,是装的一个硬盘检测软件,我去试试
魔法学徒 - 2006-1-8 22:35:00
O23 - NT 服务: Exqlorer - Unknown owner - C:\WINDOWS\Grass.exe
灰鸽子
终止服务
删除C:\WINDOWS\Grass.exe
C:\WINDOWS\Grass.dll
C:\WINDOWS\Grass_hook.dll
C:\WINDOWS\Grasskey.dll
© 2000 - 2026 Rising Corp. Ltd.