救命啊.没人性啊.帮我解决了我送给他瑞星组合下载版半年序列号.. bbs.ikaka.com

lerogm - 2007-12-28 14:33:00

要求
1:给我专杀工具,能够全杀这个病毒.我的这个估计是变种了的LSASS.EXE
2:给我能够修复被感染的EXE的工具.

LSASS.EXE,SMSS.EXE,dnsq.dll,alg.exe,netcfg.dll,netcfg.000

[CODE]

2007-12-28,14:11:48

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
[~]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\~.exe --> [N/A]><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<d:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[HD_CertService / HD_CertService][Stopped/Auto Start]
<C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe><N/A>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><奇虎网>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATSpy / ATSpy][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start]
<System32\Drivers\cidcusb.sys><CIDC.>
[HookCont / HookCont][Stopped/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><N/A>
[HookNtos / HookNtos][Stopped/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><N/A>
[HookReg / HookReg][Stopped/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><N/A>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[KAVBase / KAVBase][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[NetApi00 / NetApi00][Stopped/Manual Start]
<\??\C:\NetApi00.sys><506>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><N/A>
[UnlockerDriver4 Driver / UnlockerDriver4][Stopped/Manual Start]
<\??\C:\Program Files\Unlocker\UnlockerDriver4.sys><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; MAXTHON 2.0)

lerogm - 2007-12-28 14:34:00

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[FG2CatchUrl]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <d:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, FlashGet>
[Kingsoft Trojan Webshield]
{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL, Kingsoft Corporation>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[KUpdateObj2 Class]
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[FG2CatchUrl]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <d:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, FlashGet>
[Vod Class]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <d:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[Kingsoft Trojan Webshield]
{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL, Kingsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <d:\program files\alisoft\wangwang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360safe.com>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[AUDIO__MPEGURL Moniker Class]
{CD3AFA78-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&使用快车(FlashGet)下载]
<D:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<D:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm, N/A>
[使用iTudou下载节目]
<D:\Program Files\iTudou\iTudou_Link.HTM, N/A>
[使用Web迅雷下载]
<d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
<res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

lerogm - 2007-12-28 14:35:00

==================================
正在运行的进程
[PID: 368 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 480 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4109]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 544 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 696 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 768 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 956 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1028 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1060 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.63]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1152 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.29]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1364 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1472 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE] [Kingsoft Corporation, 2007,11,30,131]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2007,11,29,128]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEvent.DLL] [Kingsoft Corporation, 2007,11,29,128]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVIPC2.DLL] [Kingsoft Corporation, 2007,11,29,128]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVDevC.dll] [Kingsoft Corporation, 2007,11,15,72]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 312 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]

lerogm - 2007-12-28 14:36:00

[PID: 384 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 948 / Administrator][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.48]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 1404 / Administrator][C:\WINDOWS\system32\Ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1960 / SYSTEM][d:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 7, 12, 20]
[d:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2012 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 156 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE] [Kingsoft Corporation, 2007,11,29,128]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2007,11,29,128]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.DLL] [Kingsoft Corporation, 2007,11,29,128]
[PID: 176 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE] [Kingsoft Corporation, 2007,11,29,128]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2007,11,29,128]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2576 / Administrator][D:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 6, 9024]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[D:\Program Files\Maxthon2\MxExt.dll] [N/A, ]
[D:\Program Files\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 61]
[D:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 349]
[D:\Program Files\Maxthon2\MxProxy2.dll] [Maxthon, 1, 0, 0, 3577]
[D:\Program Files\Maxthon2\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxdb.dll] [Max, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxsafe.dll] [Maxthon, 1, 0, 0, 626]
[D:\Program Files\Maxthon2\MxSpellCheck.dll] [, 1, 0, 0, 9]
[D:\Program Files\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 220]
[D:\Program Files\Maxthon2\maxzlib.dll] [, 1.2.3]
[D:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 89]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[d:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll] [FlashGet, 2, 0, 2, 1011]
[PID: 2616 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3256 / Administrator][D:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 2, 56, 0, 0]
[C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 3560 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2416 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 216 / Administrator][D:\Program Files\FlashGet Network\Flashget\FlashGet.exe] [FLASHGET, 2, 4, 0, 1134]
[D:\Program Files\FlashGet Network\Flashget\storage.dll] [FLASHGET, 2, 0, 0, 1003]
[D:\Program Files\FlashGet Network\Flashget\dbghelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[D:\Program Files\FlashGet Network\Flashget\CrashRpt.dll] [FlashGet, 1.0.0.1002]
[D:\Program Files\FlashGet Network\Flashget\LiveUpdateUI.dll] [FLASHGET, 1, 1, 0, 1002]
[D:\Program Files\FlashGet Network\Flashget\modules\ComHelper\ComHelper.dll] [FLASHGET, 1, 0, 0, 1002]
[D:\Program Files\FlashGet Network\Flashget\modules\Downstat\Downstat.dll] [FLASHGET, 1, 0, 0, 1008]
[D:\Program Files\FlashGet Network\Flashget\modules\P4pclient\P4pclient.dll] [ , 1, 0, 0, 1005]
[D:\Program Files\FlashGet Network\Flashget\modules\SearchTop\SearchTop.dll] [FLASHGET, 1, 0, 0, 1002]
[D:\Program Files\FlashGet Network\Flashget\modules\Security\Security.dll] [ FlashGet, 1, 0, 0, 1005]
[D:\Program Files\FlashGet Network\Flashget\modules\SnapShot\SnapShot.dll] [ FlashGet, 1, 0, 0, 1022]
[D:\Program Files\FlashGet Network\Flashget\modules\SoBar\SoBar.dll] [FLASHGET, 1, 0, 0, 1003]
[D:\Program Files\FlashGet Network\Flashget\modules\garage\garage.dll] [FLASHGET, 1, 0, 0, 1002]
[D:\Program Files\FlashGet Network\Flashget\modules\tasknotifier\tasknotifier.dll] [FLASHGET, 1, 0, 0, 1002]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[D:\Program Files\FlashGet Network\Flashget\btcore.dll] [FLASHGET, 2.0.0.40]
[D:\Program Files\FlashGet Network\Flashget\p2spmgr.dll] [FLASHGET, 1, 7, 11, 23]
[D:\Program Files\FlashGet Network\Flashget\p2snetio.dll] [FLASHGET, 1, 0, 0, 7925]
[D:\Program Files\FlashGet Network\Flashget\p2sprot.dll] [FLASHGET, 1, 7, 11, 16]
[D:\Program Files\FlashGet Network\Flashget\p2pprot.dll] [FLASHGET, 1, 7, 11, 16]
[D:\Program Files\FlashGet Network\Flashget\p2pcore.dll] [FlashGet, 1.0.6.1070]
[D:\Program Files\FlashGet Network\Flashget\btwrap.dll] [FLASHGET, 1, 0, 1, 1007]
[D:\Program Files\FlashGet Network\Flashget\p2spwrap.dll] [FLASHGET, 1, 0, 1, 1008]
[D:\Program Files\FlashGet Network\Flashget\hashgen.dll] [FLASHGET, 1, 0, 0, 1]
[D:\Program Files\FlashGet Network\Flashget\testwrap.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 3740 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]

lerogm - 2007-12-28 14:36:00

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. ["C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3256, D:\PROGRAM FILES\锐捷网络\RUIJIE SUPPLICANT\8021X.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 216, D:\PROGRAM FILES\FLASHGET NETWORK\FLASHGET\FLASHGET.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

lerogm - 2007-12-28 14:36:00

SMSS.EXE,dnsq.dll,alg.exe,netcfg.dll,netcfg.000

Win32.Troj.Downloader.yl.102400

病毒行为:

这是一个具有ARP 欺骗的下载者病毒，在下载病毒到本地运行的同时还生成大量AUTO病毒文件。该病毒还具有具有映象劫持功能，可以对一些安全工

具和调试分析软件进行拦截，并不断改写注册表破坏安全安全模式，阻止用户修复系统。

1.病毒运行后，会释放以下文件：
%system32%\Com\SMSS.EXE
%system32%\dnsq.dll
%system32%\drivers\alg.exe
%system32%\com\netcfg.dll
%system32%\com\netcfg.000

在每个盘目录下生成自己的副本 pagefile.pif 及 AUTORUN.INF 文件.

2.该病毒会破坏安全模式和禁用了文件选项的显示隐藏文件的选项等恶意操作,使用户无法启动安全模式,
并且使隐藏文件无法被显示.由于该病毒是不断修改注册表,也使一些安全工具(金山清理专家等)
无法成功修复安全模式.

病毒自己不在注册表创建 RUN,却把RUN 项删的干干净净,使得一些的常用软件,安全工具等,不能开机自启动.

3.该病毒具有映象劫持功能,可以对一些安全工具和调试分析软件进行拦截.
会对以下一些安全工具和调试分析软件拦截:

OLLYDBG
IDA
MetaPad
SOFTICE
一些安全软件如 ICESWORD ,360.... 也会被关闭.

4.病毒会将自己拷贝到 %system32%\Com下,更名为 LSASS.EXE,并释放SMSS.EXE 和 ALG.EXE ,最后运行LSASS.EXE, SMSS.EXE 和 ALG.EXE. 由于病毒

的进程名和系统的 LSASS,SMSS 进程名相同,使任务管理器无法结束它.

5.该病毒会远程注入 dnsq.dll 到其它进程中,在其它进程中启动一个线程来不断监视病毒的进程是否被关闭.若检测到被关闭,就自动再启动病毒进程

. 如果被一些杀毒软件和安全工具阻止创建了,被注入的其它进程就会调用 SYSTEM32 目录下的 SHUTDOWN.EXE 来关闭计算机( ^_^ 病毒作者真是淘气

啊! ).

6.病毒会模拟资源管理器的右键菜单,使用户不易察觉病毒被自动运行,当用户利用资源管理器打开分区时,无论是直接运行或右键打开都会运行病毒.

7.该病毒会启动一个 IE 进程来连接站点 http://w.c**o.com/r.htm 和 http://*s.k**02.com/**.asp,并下载恶意脚本执行.

8.该病毒会生成多个组件,并注册为 IE 插件. 它的行为特征属恶意软件,会利用 REGSVR32.EXE 为 netcfg.dll 注册多个的CLASSSID, 杀毒软件通常

不能清除干净,会有大量残留. 建议使用金山清理专家清除.

9. %system32%\drivers\alg.exe 是个ARP 病毒,利用 WinPcap 来收发网络包,对整个局域网内的所有 IP 进行 ARP 攻击.并在截获的是数据包内插入

恶意代码, 该代码会从 http://1**.*1.2*5.1*0/setup.exe 下载病毒的最新版本到本地运行.使被攻击的局域网内其它用户中毒.

lerogm - 2007-12-28 14:41:00

我是瑞星的忠实FANS啊.用钱买来序列号的啊.那病毒问都没问过我就把我的瑞星杀毒都给他关了...剩一下个瑞星防火墙独身作战了.现在有没有专杀啊...还有我很多EXE文件被感染,有没有什么修复软件啊...真是春风吹又生啊...而且有时候还会一下子就蓝屏...受苦中...

...

lerogm - 2007-12-28 14:43:00

还有想问一下瑞星的数据恢复中心http://sos.rising.com.cn/zxyhzc.htm 怎么没有SATA硬盘恢复啊?只有IDE的...

lerogm - 2007-12-28 16:27:00

上去啊.

lerogm - 2007-12-28 17:54:00

再顶一下

柳叶飞舞 - 2007-12-28 20:43:00

瑞星2008不是有自我保护吗？看来自我保护也不行啊

你的右手 - 2007-12-28 21:34:00

LSASS.EXE病毒是个难缠的病毒，楼主可以咨询一下瑞星在线专家门诊，瑞星在线专家门诊很方便：http://help.rising.com.cn/help/RSZX.html

光之创世神 - 2007-12-28 22:16:00

DDD

lerogm - 2007-12-29 17:51:00

引用:

【柳叶飞舞的贴子】瑞星2008不是有自我保护吗？看来自我保护也不行啊
………………

对于这个强汉的病毒.没用啊.我估计我中的这个与12月7日一个版本LSASS的强很多了,起码多了不能进入安全模式,和会自动关机,有时候甚至蓝屏!!.起初我发现用QQKav能杀他们,重启后还是会运行.后来我发现在如果用QQKav清了主要病毒,然后在开始--启动里把病毒"~.exe"(这个启动项的QQKAV检查不到的).删除后快速新建一个0字节的"~.exe"并设成只读属性.重启后不会再运行病毒.这个是我的新发现.但文件系统由于受到破坏.不得不重装.重装后重新下载QQKAV并运行快速杀毒.然后把D,E,F等等除了系统盘以外的盘的EXE文件全部删除.因为都已经被感染了.再运行只会再中毒.!

天月来了 - 2007-12-29 17:55:00

楼主强人

学习了........

xqb761 - 2007-12-29 17:55:00

金山杀软好象能修复受感染的EXE文件~~~

lerogm - 2007-12-29 17:57:00

引用:

【你的右手的贴子】LSASS.EXE病毒是个难缠的病毒，楼主可以咨询一下瑞星在线专家门诊，瑞星在线专家门诊很方便：http://help.rising.com.cn/help/RSZX.html

………………

唉,有什么用呢.我记得我中毒之前是打开一个文件.在打开之前,我是好奇这个图标变了颜色的文件,所以就更新瑞星2008杀毒然后对其文件进行扫描.瑞星扫描该文件没查到有毒.于是我就放心打开.谁知道就中毒.瑞星又一次使我失望了.为什么说又一次,是因为上一次我中了威金,也是一模一样的情景,扫不出病毒,于是打开,还是中毒.我对瑞星真是失去了信心了...能杀这毒的,是早晚的事.但最怕的是被感染的文件再也不能修复!!!

lerogm - 2007-12-29 18:00:00

引用:

【xqb761的贴子】金山杀软好象能修复受感染的EXE文件~~~
………………

真的吗？我试一下.不我受感染的EXE文件都删除得差不多了.只剩下一些很不愿意删的文件.因为那些程序是我自己做的.我是个编程爱好者.但只会高级语言.不会汇编...

lerogm - 2008-1-3 13:38:00

顶一下

lerogm - 2008-1-7 22:38:00

再顶~

gb飘 - 2008-1-8 10:22:00

可怜人,帮顶一下吧.

瑞星卡卡安全论坛