猫猫 - 2007-9-13 15:17:00
同事的电脑中了病毒。没有可以进程,可能是插入系统进程的木马。自动改时间为1966年。
安全模式也是这样。也不是优盘病毒,后面几个盘中无自动运行的。
我用SREngPS扫描如下。见附件。
请高手们帮忙看看。
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)附件:
3956742007913150659.rar
hzgsldm - 2007-9-13 15:31:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}><C:\Program Files\Internet Explorer\OnlO0r.dll> [Microsoft Corporation]
<{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\system32\wodoor1.dll> []
<{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}><C:\WINDOWS\system32\mydoor0.dll> []
<{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}><C:\WINDOWS\system32\wldoor0.dll> []
<{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztdoor1.dll> []
<{0DAEBA6A-86CA-4B96-AF96-0C8C2C358FBD}><C:\WINDOWS\system32\dhdoor0.dll> []
<{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}><C:\WINDOWS\system32\qjdoor0.dll> []
<{D8CC4845-441C-44F8-9053-28F2EF67655B}><C:\WINDOWS\system32\dadoor0.dll> []
<{08E909A4-B236-48DD-8BCC-90A604B93E68}><C:\WINDOWS\system32\tldoor0.dll> []
<{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}><C:\WINDOWS\system32\zxdoor0.dll> []
<{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}><C:\WINDOWS\system32\rxdoor0.dll> []
<{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor0.dll> []
<{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\system32\mhdoor1.dll> []
<{A3C95A74-638D-4C6B-A856-4B27664A7F47}><C:\WINDOWS\system32\wgdoor0.dll> []
几项可能为木马,建议楼主参考http://www.kafan.cn/bbs/viewthread.php?tid=129040
hzgsldm - 2007-9-13 15:39:00
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor0.dll] [N/A, ]
[C:\WINDOWS\system32\ztdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dhdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor0.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor0.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\wldoor0.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor0.dll] [N/A, ]
hzgsldm - 2007-9-13 15:40:00
你要确认其他盘符下面没有任何可疑的autorun程序,不然再怎么重装都是死循环。
还有,重装系统时拔掉网线,在装好杀毒软件前不要联网。
日不懂啊 - 2007-9-13 15:51:00
还有,LZ卡巴跟瑞星不能同时用
hzgsldm - 2007-9-13 16:08:00
瑞星好像是防火墙,加入咔吧姓任就好了
日不懂啊 - 2007-9-13 16:10:00
| 引用: |
【hzgsldm的贴子】瑞星好像是防火墙,加入咔吧姓任就好了
……………… |
哇哦~~还是你看得仔细哟
★蓝色尘埃★ - 2007-9-13 22:23:00
<{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}><C:\Program Files\Internet Explorer\OnlO0r.dll> [Microsoft Corporation]
<{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\system32\wodoor1.dll> []
<{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}><C:\WINDOWS\system32\mydoor0.dll> []
<{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}><C:\WINDOWS\system32\wldoor0.dll> []
<{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztdoor1.dll> []
<{0DAEBA6A-86CA-4B96-AF96-0C8C2C358FBD}><C:\WINDOWS\system32\dhdoor0.dll> []
<{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}><C:\WINDOWS\system32\qjdoor0.dll> []
<{D8CC4845-441C-44F8-9053-28F2EF67655B}><C:\WINDOWS\system32\dadoor0.dll> []
<{08E909A4-B236-48DD-8BCC-90A604B93E68}><C:\WINDOWS\system32\tldoor0.dll> []
<{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}><C:\WINDOWS\system32\zxdoor0.dll> []
<{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}><C:\WINDOWS\system32\rxdoor0.dll> []
<{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor0.dll> []
<{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\system32\mhdoor1.dll> []
<{A3C95A74-638D-4C6B-A856-4B27664A7F47}><C:\WINDOWS\system32\wgdoor0.dll> []
日不懂啊 - 2007-9-13 22:29:00
LZ参考阳光斑竹的帖子可以处理
http://forum.ikaka.com/topic.asp?board=28&artid=8351280
© 2000 - 2026 Rising Corp. Ltd.