IE中了灰鸽子,瑞星杀了重起又出现,救我...help me bbs.ikaka.com

天使楚楚1 - 2006-11-3 6:06:00

IE中了灰鸽子 Backdoor.Gpigeon.jhv ,瑞星杀了重起又出现,救我...help me

去下载了瑞星的专杀工具也不行哦,重起后又出现了啊

55555555555555555555555555555555555555555

帮帮我好吗,不胜感激之致

为什么老巨毒 - 2006-11-3 6:46:00

鸽子这东西很麻烦。。

我自己给我自己中过。。

找人教我手动杀。。。弄3个小时才弄干净的

要是没人懂的话。。。真的很麻烦。。

（明知选择和明知的做法。从装系统）

天使楚楚1 - 2006-11-3 7:23:00

我中的是模块覆盖型Backdoor.Gpigeon.jhv灰鸽子,IE被感染了啊,救救我哦

影子110 - 2006-11-3 7:26:00

不用重装,用SREng扫个日志帖上来~

http://www.kztechs.com/

天使楚楚1 - 2006-11-3 7:51:00

恩恩,等等我哦,我马上就去扫来也.....一直急得我睡不着觉呢,呵呵

天使楚楚1 - 2006-11-3 8:09:00

2006-11-03,07:56:38

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SystemTray><SysTray.Exe> [(Verified)Microsoft Corporation]
<Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<ThunderMini><C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Helper Service / Windows Helper Service]
<C:\WINDOWS\winhlp32.ini><N/A>

==================================
驱动程序
[839927 / 839927]
<C:\WINDOWS\SYSTEM32\DRIVERS\839927.SYS><N/A>
[Aspi32 / Aspi32]
<C:\WINDOWS\SYSTEM32\DRIVERS\Aspi32.SYS><Adaptec>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla]
<\??\C:\WINDOWS\System32\drivers\CDANT.SYS><Macrovision>
[CdaC15BA / CdaC15BA]
<\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Yamaha DS1 Audio Driver (WDM) / ds1]
<system32\drivers\ds1wdm.sys><Yamaha Corp.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[%FLASHREADER.SvcDesc% / FLASHREADER]
<System32\Drivers\causb.sys><>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Toshiba FIR Port Type-DO / OBOE]
<System32\DRIVERS\tos4mo.sys><TOSHIBA Corporation>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Feitian ROCKEY4 Device Service / ROCKEYNT]
<System32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sparrow / Sparrow]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[Tridkb / Tridkb]
<System32\DRIVERS\tridkbm.sys><Trident Microsystems Inc.>

==================================
浏览器加载项
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet>
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} <C:\Program Files\NetXfer\NXIEHelper.dll, Xi>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[ThunderMini Browser Helper]
{8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <C:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[相关站点]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <C:\Program Files\NetXfer\NXToolBar.dll, Xi>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[&使用迷你迅雷下载]
<C:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用网络传送带下载]
<C:\Program Files\NetXfer\NXAddLink.html, N/A>
[使用网络传送带下载全部链接]
<C:\Program Files\NetXfer\NXAddList.html, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

天使楚楚1 - 2006-11-3 8:11:00

==================================
正在运行的进程
[PID: 336][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 384][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 408][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 452][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 464][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 636][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 676][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 836][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 14]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 2]
[PID: 888][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1008][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\Program Files\NetXfer\NXIEHelper.dll] [Xi, 2.03.304]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll] [Thunder Networking Technologies,LTD, 2, 0, 0, 1]
[C:\Program Files\WinZip\WZSHLSTB.DLL] [WinZip Computing LP, 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\UltraEdit-32\ue32ctmn.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1276][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1608][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE] [Super Rabbit Soft, 7.85]
[C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx] [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[PID: 1636][C:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe] [Thunder Networking Technologies,LTD, 2, 0, 0, 29]
[C:\Program Files\Thunder Network\ThunderMini\program\download_interface.dll] [N/A, N/A]
[C:\Program Files\Thunder Network\ThunderMini\program\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 6]
[C:\Program Files\Thunder Network\ThunderMini\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 6]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed06.dll] [　, 3, 0, 0, 55]
[PID: 1676][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE] [Microsoft Corporation, 3.8.0.5004]
[PID: 1684][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1884][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1904][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1932][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE] [C-Dilla Ltd, 3.25.010]
[PID: 1956][C:\WINDOWS\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1992][C:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2016][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 308][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[PID: 2240][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\Program Files\NetXfer\NXIEHelper.dll] [Xi, 2.03.304]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll] [Thunder Networking Technologies,LTD, 2, 0, 0, 1]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\System32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.0r196]
[PID: 2536][C:\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================

天使楚楚1 - 2006-11-3 8:12:00

Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 008.cn
127.0.0.1 ultimate-best-hgh.0my.net
127.0.0.1 www.139500.com
127.0.0.1 www.1yin.net
127.0.0.1 ****cn
127.0.0.1 www.37021.com
127.0.0.1 www.47555.net
127.0.0.1 www.511ring.com
127.0.0.1 me.5e163.com
127.0.0.1 www.777888.com
127.0.0.1 www.77ttt.com
127.0.0.1 www.9p.cn
127.0.0.1 abcdesign.ru
127.0.0.1 gutemine.wu-wien.ac.at
127.0.0.1 math.kobe-u.ac.jp
127.0.0.1 www.aifind.info
127.0.0.1 www.allyes.com
127.0.0.1 www.aogo.net
127.0.0.1 baltnet.ru
127.0.0.1 quotes.barchart.com
127.0.0.1 free.bestialityhost.com
127.0.0.1 cctv1.net
127.0.0.1 cctv8.net
127.0.0.1 www.cctv8.net
127.0.0.1 ciachoo.pl
127.0.0.1 www.play.cn.gs
127.0.0.1 www.cnqb.net
127.0.0.1 www.xiliao.com.cn
127.0.0.1 alexey.pioneers.com.ru
127.0.0.1 www.coolcdrom.com
127.0.0.1 www.coolseach.com
127.0.0.1 puldk490gj.da.ru
127.0.0.1 dicto.ru
127.0.0.1 www.dj3344.com
127.0.0.1 www.donttrip.org
127.0.0.1 www.ehomeday.com
127.0.0.1 elemental.ru
127.0.0.1 errorguard.com
127.0.0.1 friendlygreeting.com
127.0.0.1 zhp.gdynia.pl
127.0.0.1 www.gg888.net
127.0.0.1 gin.ru
127.0.0.1 www.girlchinese.com
127.0.0.1 glass-master.ru
127.0.0.1 photo.gornet.ru
127.0.0.1 relay.great.ru
127.0.0.1 hack-gegen-rechts.com
127.0.0.1 hgrstrailer.com
127.0.0.1 www.homepage.com
127.0.0.1 hotbar.com
127.0.0.1 intellect.lvc
127.0.0.1 interfoodtd.ru
127.0.0.1 jewishgen.org
127.0.0.1 www.jixian.net
127.0.0.1 k2kapital.com
127.0.0.1 security.kolla.de
127.0.0.1 www.kuliao.com
127.0.0.1 laugh-mail.net
127.0.0.1 marketscore.com
127.0.0.1 www.mir0.com
127.0.0.1 momentum.ru
127.0.0.1 www.mtv51.com
127.0.0.1 www.mydj2005.com
127.0.0.1 nefkom.net
127.0.0.1 no-abi2003.de
127.0.0.1 tdi-router.opola.pl
127.0.0.1 packages.debian.or.jp
127.0.0.1 perfectgirls.net
127.0.0.1 peterstar.ru
127.0.0.1 pgipearls.com
127.0.0.1 phg.pl
127.0.0.1 vip.pnet.pl
127.0.0.1 sec.polbox.pl
127.0.0.1 polobeer.de
127.0.0.1 porno-mania.net
127.0.0.1 home.profootball.ru
127.0.0.1 qianbai.com
127.0.0.1 ad.qingyule.com
127.0.0.1 www.qq168.net
127.0.0.1 www.qq3344.com
127.0.0.1 www.qq92.com
127.0.0.1 www.qqwz.com
127.0.0.1 www.qu123.com
127.0.0.1 republika.pl
127.0.0.1 www.richfind.com
127.0.0.1 rollenspielzirkel.de
127.0.0.1 safer-networking.org
127.0.0.1 sdsauto.ru
127.0.0.1 www.searchpage.cc
127.0.0.1 www.seekeasysoft.net
127.0.0.1 shadkhan.ru
127.0.0.1 slavarik.ru
127.0.0.1 sovea.de
127.0.0.1 spybot.info
127.0.0.1 www.start-page.info
127.0.0.1 lars-s.privat.t-online.de
127.0.0.1 u.t2cn.com
127.0.0.1 it.trendmicro-europe.com
127.0.0.1 trendmicro.it
127.0.0.1 truefriends.net
127.0.0.1 www.tthao.com
127.0.0.1 www.ttrx.net
127.0.0.1 tuhart.net
127.0.0.1 www.unionsky.cn
127.0.0.1 www.unionsky.com
127.0.0.1 www.unionsky.net
127.0.0.1 vconsole.net
127.0.0.1 virtumonde.com
127.0.0.1 gamma.vyborg.ru
127.0.0.1 financial.washingtonpost.com
127.0.0.1 webpark.pl
127.0.0.1 wishken.com
127.0.0.1 www.yeapple.com
127.0.0.1 www.yibinren.com
127.0.0.1 www.youmiss.com
127.0.0.1 www.yysky.net
127.0.0.1 zelnet.ru
127.0.0.1 www.zhengdian.com
127.0.0.1 abc.265.com
127.0.0.1 555.265.com
127.0.0.1 www.pconline.com.cn
127.0.0.1 www.sina.com.cn
127.0.0.1 www.the3.com.cn
127.0.0.1 www.js-game.cn
127.0.0.1 www.lyricist.cn
127.0.0.1 www.net-xfer.com
127.0.0.1 www.onlinedown.net
127.0.0.1 biz4.sandai.net
127.0.0.1 hub4t.sandai.net
127.0.0.1 hub4u.sandai.net
127.0.0.1 www.skycn.com
127.0.0.1 update.superrsoft.com
127.0.0.1 www.superrsoft.com
127.0.0.1 www.sxsky.cn
127.0.0.1 www.sxsky.net
127.0.0.1 www1.sxsky.net
127.0.0.1 inmedia4t.sandai.net

==================================

水树雨下 - 2006-11-3 8:18:00

运行System Repair Engineer 启动项目，服务，win32服务应用程序，勾选隐藏微软服务后删除
[Windows Helper Service / Windows Helper Service]
<C:\WINDOWS\winhlp32.ini><N/A>
删除C:\WINDOWS\winhlp32.ini
清理HOSTS

天使楚楚1 - 2006-11-3 8:22:00

我用瑞星灰鸽子专杀工具杀后,问我是否提取病毒文件上报,接着就出现对话框:"模块覆盖型灰鸽子"自动提取失败!由于该类型病毒可能使用进程隐藏手段进行隐蔽,请立即与瑞星公司客户服务中心联系!"

我每杀死一次,重起动后病毒灰鸽子就又出来了哦,怎么都杀不死呢

水树雨下 - 2006-11-3 8:24:00

得手动删除主程序才行

天使楚楚1 - 2006-11-3 8:39:00

[Windows Helper Service / Windows Helper Service]已删除,但没找到C:\WINDOWS\winhlp32.ini哦,只找到\windows\Prefetch\WINHLP32.INI-14E6818C.pf

WINHLP32.INI-14E6818C.pf 我也把它给删掉了,请问水树GG,最后怎么清理HOSTS呢?用啥工具?

水树雨下 - 2006-11-3 8:42:00

System Repair Engineer 的系统修复里

红夜鬼1 - 2006-11-3 8:46:00

在C:\WINDOWS\system32\drivers\etc下,用记事本打开HOSTS文件,将里面的内容清空,
留下这一项：127.0.0.1 localhost，保存

影子110 - 2006-11-3 8:56:00

请显示所有文件
打开我的电脑》工具》文件夹选项》查看》显示所有文件，不隐藏受保护的操作系统文件》确定

然后,在C:\WINDOWS下查找和这个文件名相似的文件,删!(它们的创建日期相同,这也是识别的方法~)

lancom - 2006-11-3 9:13:00

来学习

天使楚楚1 - 2006-11-3 9:20:00

谢谢水树GG,影子110,红夜鬼.........

搞定了哦,专家就是与众不同啊,不胜感激

敬礼!

顺带问个小问题,为啥我的瑞星小绿伞托盘图标经常变为漆黑的一团(一个小黑正方形)?有时又正常哦,很奇怪,怎么回事

水树雨下 - 2006-11-3 9:24:00

正常，重启就没了

天使楚楚1 - 2006-11-4 18:56:00

顶一下吧

天使楚楚1 - 2006-11-4 20:06:00

像灰鸽子 Backdoor.Gpigeon.jhv 这样那么极度恶心感染硬盘分区信息的病毒以前我也遇到过的(病毒名称一下记不住),一感染后你再怎么换驱动程序,哪怕删掉WINDOWS目录重装也驱动不了SCSI卡的哈

信不信由你了,凡事只有亲身体验过才是王道,毕竟实践才是检验真理的唯一途径!!!!!!

天使楚楚1 - 2006-11-4 20:47:00

大家引以为鉴,中了我这个后缀的灰鸽子你就等死吧...HO....HO...(当然如果没SCSI卡就没事)

病毒库也是不断升级的,发生的环境不同造成的破坏影响自然不同,只有亲身体验过才是王道,还是那句话:毕竟实践才是检验真理的唯一途径!!!!!!

建能 - 2006-11-4 20:49:00

引用:

【天使楚楚1的贴子】大家引以为鉴,中了我这个后缀的灰鸽子你就等死吧...HO....HO...(当然如果没SCSI卡就没事)

病毒库也是不断升级的,发生的环境不同造成的破坏影响自然不同,只有亲身体验过才是王道,还是那句话:毕竟实践才是检验真理的唯一途径!!!!!!
………………

也别把这个病毒向得那么厉害！知道解决方法了，杀毒很简单的！！

天使楚楚1 - 2006-11-4 20:54:00

引用:

【建能的贴子】
也别把这个病毒向得那么厉害！知道解决方法了，杀毒很简单的！！
………………

呵呵,老大,杀毒是简单啊

我的PC卡插槽的SCSI卡是几千大圆买来的哦,还连着个富士通的640MB的MO

我的SCSI卡和MO是我的宝贝啊

天使楚楚1 - 2006-11-4 21:01:00

引用:

【建能的贴子】
也别把这个病毒向得那么厉害！知道解决方法了，杀毒很简单的！！
………………

呵呵,老大,杀毒是简单啊,但造成的影响太大了(硬盘分区信息居然被感染)

我的PC卡插槽的SCSI卡(也是存进口货)是几千大圆买来的哦,还连着个存进口的富士通的640MB的MO

我的SCSI卡和MO是我的宝贝啊

天使楚楚1 - 2006-11-4 21:11:00

网上都那么恶心了,可想现实中更是

社会太复杂哈,本公主向来从来不接近任何漠生人,看不顺眼就当白痴看待(当你不存在)

现实中向来只去最高雅的场合哈......HO....HO....

我是家里的超级大宝贝,卡卡卡卡

天使楚楚1 - 2006-11-4 21:41:00

我告诉大家一个小秘密:呵呵,其实也不算什么秘密

现在中国是权大于法,官越大就越贪,而且是官商勾结,黑箱操作,谁挨抓出来算谁倒霉(反正你没证据)

瑞星卡卡安全论坛