autorun.inf猫大侠救命啊【求助】 bbs.ikaka.com

chenqj21 - 2007-12-25 16:13:00

所有盘根目录下都又一个隐藏文件夹autorun.inf在安全模式下也不能删除，以点就提示拒绝访问【求助】autorun.inf猫大侠救命啊

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; InfoPath.1)

附件: 88844720071225160207.bmp

却上云霄 - 2007-12-25 16:15:00

啊，我以前中过那个，是通过MP3传染上的，最后就重装系统了。。。。

chenqj21 - 2007-12-25 16:16:00

才扫描的文件

附件: 88844720071225160507.txt

chenqj21 - 2007-12-25 16:18:00

我是先中了ie黑白名单病毒就这样了，也是u盘惹的祸啊

天月来了 - 2007-12-25 16:34:00

日志没什么
只IFEO劫持项那里，是你自己弄吗：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
<IFEO[ntldr.exe]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
<IFEO[pagefile.pif]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
<IFEO[sos.exe]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
<IFEO[sxs.exe]><AUTOGUARDER GUARDED.> [N/A]

至于那文件夹，可能是你用了什么工具免疫U盘病毒了。

免疫文件夹，实在想删除的话，就看看我的签名。

chenqj21 - 2007-12-25 16:36:00

天哥谢了哈，我慢慢在弄哈非常感谢

四方果 - 2007-12-25 16:37:00

小心啊，路过，路过～！

日不懂啊 - 2007-12-25 17:30:00

是U盘病毒免疫工具做的DD

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
<IFEO[ntldr.exe]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
<IFEO[pagefile.pif]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
<IFEO[sos.exe]><AUTOGUARDER GUARDED.> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
<IFEO[sxs.exe]><AUTOGUARDER GUARDED.> [N/A]

劫持这几个不知道有多少意义

瑞星卡卡安全论坛