瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » url.exe
男的发发 - 2006-12-26 15:27:00
用瑞星可以杀毒,但每次重启后又出现该病毒!!!!
求救!!!!!!!!!!!
afkp4e7 - 2006-12-26 15:29:00
扫日志贴上来
男的发发 - 2006-12-26 15:32:00
扫日志工具在哪下?
afkp4e7 - 2006-12-26 15:34:00
http://www.kztechs.com/sreng/sreng2.zip
男的发发 - 2006-12-26 15:47:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <pyjj><D:\Program Files\jj4\jjsvr4.exe>  [加加开发组]
    <SpyEmergency><"C:\Documents and Settings\Administrator\桌面\Spy Emergency 2006\SpyEmergency.exe">  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"d:\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Scryptnat]
    <WinlogonNotify: Scryptnat><Scryptnat.dll>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\RAINYSS.SCR>  [N/A]

==================================
男的发发 - 2006-12-26 16:01:00
就是这个

附件: 45340620061226155219.BMP
男的发发 - 2006-12-26 16:04:00
每次重启,就又出现这病毒
而且在system32文件夹中找不到url.exe(显示所有文件包括隐藏文件)
男的发发 - 2006-12-27 13:56:00
竟然没人知道!!!
1
查看完整版本: url.exe
© 2000 - 2026 Rising Corp. Ltd.