瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 请求帮助:MMLUCJ.DLL,SEVERE.DLL如何解决
刘伟华 - 2007-3-25 16:04:00
感染病毒,360SAFE,熊猫专杀都无法启用。
注册表、组策略、MSCONFIG在安全模式下也不能开启。
不断出现对话框,提示X000……错误

诺顿和瑞星无法安装和启动。
用瑞星U盘病毒库0301,查出病毒,但是启动后依然出现问题,再杀害能发现并删除,但启动后又发现。

请帮助出出主意。

两个DLL,都不能手动停止,停止后出来更多的同名进程。
紫墨蓝尘 - 2007-3-25 16:11:00
SRENG日志上来  把SRENG.EXE重命名为123.BAT
然后再运行
紫墨蓝尘 - 2007-3-25 16:11:00
SRENG日志上来  把SRENG.EXE重命名为123.BAT
然后再运行  晕 发多了```管理员删帖  SORRY````
刘伟华 - 2007-3-25 21:42:00
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] [北京润汇科技有限公司, 0, 13, 21, 45]
  [C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] [Putian Runway, 2,0,47,87]
  [C:\Program Files\racer-henan-cnc\nss4.dll] [北京普天润汇科技有限公司, 1, 0, 0, 3]
  [C:\Program Files\racer-henan-cnc\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
  [C:\Program Files\racer-henan-cnc\pthreadVC.dll] [N/A, N/A]
  [C:\Program Files\racer-henan-cnc\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
[PID: 1196][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
[PID: 1856][C:\Program Files\racer-henan-cnc\RacerKp.exe] [北京润汇科技有限公司, 1, 0, 0, 1]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
[PID: 392][C:\WINDOWS\system32\severe.exe] [N/A, N/A]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
[PID: 1904][C:\WINDOWS\system32\sbfyrn.exe] [N/A, N/A]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
[PID: 464][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]
  [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 248][C:\Documents and Settings\Admin\桌面\杀杀杀.EXE] [Smallfrogs Studio, 2.3.13.690]
  [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.9 19Nov04]
  [C:\WINDOWS\system32\sbfyrn.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AUTORUN]
shell=verb
shell\verb\command=svchost.exe
shell\verb=打开(&O)
[D:\]
[AutoRun]
open=OSO.exe
shellexecute=OSO.exe
shell\Auto\command=OSO.exe
[E:\]
[AutoRun]
open=OSO.exe
shellexecute=OSO.exe
shell\Auto\command=OSO.exe

==================================
HOSTS 文件
127.0.0.1    localhost
127.0.0.1    mmsk.cn
127.0.0.1    safe.qq.com
127.0.0.1    360safe.com
127.0.0.1    www.mmsk.cn
127.0.0.1    www.360safe.com
127.0.0.1    zs.kingsoft.com
127.0.0.1    forum.ikaka.com
127.0.0.1    up.rising.com.cn
127.0.0.1    scan.kingsoft.com
127.0.0.1    kvup.jiangmin.com
127.0.0.1    reg.rising.com.cn
127.0.0.1    update.rising.com.cn
127.0.0.1    update7.jiangmin.com
127.0.0.1    download.rising.com.cn
127.0.0.1    dnl-us1.kaspersky-labs.com
127.0.0.1    dnl-us2.kaspersky-labs.com
127.0.0.1    dnl-us3.kaspersky-labs.com
127.0.0.1    dnl-us4.kaspersky-labs.com
127.0.0.1    dnl-us5.kaspersky-labs.com
127.0.0.1    dnl-us6.kaspersky-labs.com
127.0.0.1    dnl-us7.kaspersky-labs.com
127.0.0.1    dnl-us8.kaspersky-labs.com
127.0.0.1    dnl-us9.kaspersky-labs.com
127.0.0.1    dnl-us10.kaspersky-labs.com
127.0.0.1    dnl-eu1.kaspersky-labs.com
127.0.0.1    dnl-eu2.kaspersky-labs.com
127.0.0.1    dnl-eu3.kaspersky-labs.com
127.0.0.1    dnl-eu4.kaspersky-labs.com
127.0.0.1    dnl-eu5.kaspersky-labs.com
127.0.0.1    dnl-eu6.kaspersky-labs.com
127.0.0.1    dnl-eu7.kaspersky-labs.com
127.0.0.1    dnl-eu8.kaspersky-labs.com
127.0.0.1    dnl-eu9.kaspersky-labs.com
127.0.0.1    dnl-eu10.kaspersky-labs.com

==================================
API HOOK
N/A

==================================


[/CODE]

枫笑九洲 - 2007-3-25 21:50:00
修复host文件
刘伟华 - 2007-3-27 12:51:00
Logfile of HijackThis v1.99.1
Scan saved at 9:14:03, on 2004-1-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\mmlucj.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\severe.exe
C:\DOCUME~1\GAOHJG~1.000\LOCALS~1\Temp\Rar$EX16.665\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/cn/
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F08B316A-79B6-4562-84C5-7A3AB9A453CD}: NameServer = 202.102.134.68,202.102.224.68
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
newcenturymoon - 2007-3-27 12:52:00
sreng日志贴全
枫笑九洲 - 2007-3-27 12:59:00
楼主请把C:\WINDOWS\system32\mmlucj.exe打包,加密
发我邮箱,qgnck1999@163.com
谢谢
饭后点心 - 2007-3-27 13:23:00
又是OSO.EXE这个U盘弄的......最近中这个的人好像很多啊.这个映像劫持做的不错嘛.
请参考:http://forum.ikaka.com/topic.asp?board=28&artid=8257332
或者http://bbs.360safe.com/viewthread.php?tid=98279&highlight
还有http://hi.baidu.com/readon99/blog/item/829ee924598c01014c088da1.html
1
查看完整版本: 请求帮助:MMLUCJ.DLL,SEVERE.DLL如何解决
© 2000 - 2026 Rising Corp. Ltd.