不能彻底清除Trojan.DL.Small.ibr病毒 bbs.ikaka.com

ljlyujia - 2006-4-26 22:30:00

按Trojan.DL.Small.ibr病毒手动清除方法，在添加或删除程序--当前安装的程序列表中找不到WinDirected 2.0。并且，我的添加程序不能全部显示，中间有黑白两色的空间。其它的病毒文件手动删除，后用瑞星杀毒：

Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Small.ibr 删除成功
Trojan.DL.Agent.fxd 删除成功
Trojan.DL.Agent.fxd 删除成功
Trojan.DL.VB.amj    删除成功
Trojan.DL.VB.amj    删除成功
Dropper.Agent.bmg    删除成功
Trojan.DL.Agent.hbc 删除成功
Trojan.QHost.ey    删除成功
Dropper.Scamps.e    删除成功
Trojan.DL.Agent.fxd 删除成功
Dropper.Agent.blv    删除成功
Dropper.Delf.p    删除成功
Trojan.Shutdowner.ab 删除成功
Trojan.Shutdowner.ab 删除成功
Harm.FreeRav.u    删除成功

后重启后再杀，没有病毒了。可是今晚浏览网页时，又提示发现Trojan.DL.Small.ibr病毒。请斑竹及各位老师帮我，不胜感激。

轩辕小聪 - 2006-4-26 22:34:00

找不到WinDirected 2.0也属正常，不是每一个都有的。
把HijackThis日志发上来看看。

ljlyujia - 2006-4-26 23:06:00

请过目：

HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 23:20:46, on 2006-4-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
E:\杀毒软件\辅助杀毒小软件\HijackThis.exe

O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - d:\PROGRA~1\Sina\ddt\ddtinit.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: (no name) - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - d:\PROGRA~1\Sina\ddt\ddtkillw.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - d:\PROGRA~1\Sina\ddt\DDTONG~1.DLL
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.dat
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - d:\PROGRA~1\Sina\ddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O12 - Plugin for .smi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103978157453
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{577A218C-39ED-4FA4-86DF-3D5F8106FBDF}: NameServer = 202.102.128.68 202.102.134.68

轩辕小聪 - 2006-4-26 23:08:00

晕倒
将日志的文本内容全部复制粘贴上来。

不言放弃 - 2006-4-27 7:59:00

【回复“ljlyujia”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
(1楼附件)
下载HIJACKTHIS
导出全部日志

ljlyujia - 2006-4-28 23:35:00

请版主帮我啊。

虚心学习０３１１ - 2006-4-29 1:40:00

去下一个1.99.1的新版就可以了
你用的版本太低了

不言放弃 - 2006-4-29 8:20:00

引用:

【ljlyujia的贴子】按Trojan.DL.Small.ibr病毒手动清除方法，在添加或删除程序--当前安装的程序列表中找不到WinDirected 2.0。并且，我的添加程序不能全部显示，中间有黑白两色的空间。其它的病毒文件手动删除，后用瑞星杀毒：
...........................

能否找到WD2？

ljlyujia - 2006-4-29 22:24:00

引用:

【虚心学习０３１１的贴子】去下一个1.99.1的新版就可以了
你用的版本太低了
...........................

好，我去找。

ljlyujia - 2006-4-29 22:25:00

引用:

【不言放弃的贴子】
能否找到WD2？
...........................

找不到。为什么？

ljlyujia - 2006-4-29 22:30:00

我下了新版本，重新扫描了。请帮我看看，谢谢。

Logfile of HijackThis v1.99.1
Scan saved at 22:28:55, on 2006-4-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\SynCor.exe
C:\WINDOWS\explorer.exe
E:\杀毒软件\辅助杀毒小软件\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - d:\PROGRA~1\Sina\ddt\ddtinit.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - d:\PROGRA~1\Sina\ddt\ddtkillw.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: 珊瑚虫工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - d:\PROGRA~1\Sina\ddt\DDTONG~1.DLL
O3 - Toolbar: 珊瑚虫工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 宽带连接.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用新浪下载助手下载 - d:\PROGRA~1\Sina\ddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\sina\UC\UC.exe
O9 - Extra button: 珊瑚虫工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - Extra 'Tools' menuitem: 珊瑚虫工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - d:\PROGRA~1\Sina\ddt\DDTONG~1.DLL
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - d:\PROGRA~1\Sina\ddt\rssband.dll (HKCU)
O12 - Plugin for .smi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103978157453
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{577A218C-39ED-4FA4-86DF-3D5F8106FBDF}: NameServer = 202.102.128.68 202.102.134.68
O23 - Service: KVWSC - Unknown owner - (no file)
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

瑞星卡卡安全论坛