瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 求助!瑞星杀了几十遍都杀不干净的毒!有SRE日志
黄金搭档12 - 2008-1-11 13:37:00
每天更新瑞星病毒库,每天都全盘杀毒,但仍然每天都能杀出5-10个毒,(我顶多上上新浪和淘宝网,不算什么违禁网站吧?)上网时,总是莫名其妙的乱跳网页(交友网,电影网,购物网之类)出来,IE的主页也经常被改.最近两天IE更是经常自动关闭.求助高手,该怎么办?瑞星杀毒软件拿这些病毒根本没有办法!

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Alexa Toolbar)


附件: 7837502008111132532.txt
lqqk7 - 2008-1-11 13:57:00
用XDelBox删除以下文件
c:\windows\system32\winlib .dll
debugfile.exe
egomoo.exe
c:\windows\system32\webprint.exe
c:\windows\system32\termsrvgmm.dll
c:\windows\system32\termsrvgmm.dll
c:\windows\system32\pihnre.dll
c:\windows\system32\aa.exe
c:\windows\lsuss.exe
c:\documents and settings\all users\favorites\netservice.exe
c:\program files\common files\microsoft shared\msinfo\server.exe
c:\windows\system32\cpfzxu.dll
c:\windows\system32\drivers\079mzxg.sys
c:\windows\system32\drivers\3pwp.sys
c:\windows\system32\drivers\cpfzxu.sys
c:\windows\system32\drivers\amuylf.sys
c:\windows\system32\drivers\rgkzkn.sys
c:\windows\system32\drivers\xproc.sys
c:\windows\system32\drivers\xblock3.sys
c:\windows\system32\drivers\mxdispdr.sys
c:\windows\system32\alxtb1.dll
c:\windows\downlo~1\submit~1.dll
c:\windows\downlo~1\inputc~1.dll
c:\program files\common files\cpush\cpush.dll
c:\windows\downloaded program files\certinstall.dll
c:\windows\system32\aliedit\aliedit.dll
c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll

用SREng删除启动项:
<IFEO[1.exe]>    <debugfile.exe>
<IFEO[10.exe]>    <debugfile.exe>
<IFEO[11.exe]>    <debugfile.exe>
<IFEO[12.exe]>    <debugfile.exe>
<IFEO[13.exe]>    <debugfile.exe>
<IFEO[14.exe]>    <debugfile.exe>
<IFEO[15.exe]>    <debugfile.exe>
<IFEO[16.exe]>    <debugfile.exe>
<IFEO[17.exe]>    <debugfile.exe>
<IFEO[18.exe]>    <debugfile.exe>
<IFEO[19.exe]>    <debugfile.exe>
<IFEO[2.exe]>    <debugfile.exe>
<IFEO[20.exe]>    <debugfile.exe>
<IFEO[21.exe]>    <debugfile.exe>
<IFEO[22.exe]>    <debugfile.exe>
<IFEO[3.exe]>    <debugfile.exe>
<IFEO[4.exe]>    <debugfile.exe>
<IFEO[5.exe]>    <debugfile.exe>
<IFEO[6.exe]>    <debugfile.exe>
<IFEO[7.exe]>    <debugfile.exe>
<IFEO[8.exe]>    <debugfile.exe>
<IFEO[9.exe]>    <debugfile.exe>
<IFEO[aa.exe]>    <debugfile.exe>
<IFEO[cmdbcs.exe]>    <debugfile.exe>
<IFEO[comrepl32.exe]>    <debugfile.exe>
<IFEO[dbghlp32.exe]>    <debugfile.exe>
<IFEO[FuckJacks.exe]>    <egomoo.exe>
<IFEO[hh.exe]>    <debugfile.exe>
<IFEO[igm.exe]>    <debugfile.exe>
<IFEO[igw.exe]>    <debugfile.exe>
<IFEO[Logo1_.exe]>    <debugfile.exe>
<IFEO[logo_1.exe]>    <debugfile.exe>
<IFEO[NVDispDrv.exe]>    <debugfile.exe>
<IFEO[OSO.exe]>    <egomoo.exe>
<IFEO[racvsvc.exe]>    <debugfile.exe>
<IFEO[rundl132.exe]>    <debugfile.exe>
<IFEO[rundl133.exe]>    <debugfile.exe>
<IFEO[sach0st.exe]>    <debugfile.exe>
<IFEO[sedrsvedt.exe]>    <debugfile.exe>
<IFEO[spoclsv.exe]>    <debugfile.exe>
<IFEO[SVCH0ST.exe]>    <debugfile.exe>
<IFEO[svcos.exe]>    <debugfile.exe>
<IFEO[svohost.exe]>    <debugfile.exe>
<IFEO[swghost.exe]>    <debugfile.exe>
<IFEO[sxs.exe]>    <debugfile.exe>
<IFEO[upxdnd.exe]>    <debugfile.exe>

删除服务:
[WebPrint / WebPrint]    <c:\windows\system32\webprint.exe>
[Terminal Services / TermService]    <C:\WINDOWS\System32\svchost -k DComLaunch-->C:\WINDOWS\System32\termsrvgmm.dll>
[pihnre / pihnre]    <C:\WINDOWS\system32\svchost.exe -k pihnre-->%SystemRoot%\System32\pihnre.dll>
[Provisioning Transaction Service / pangupan]    <C:\WINDOWS\system32\aa.exe>
[Network Connections Manage  / Network Connections Manage ]    <C:\WINDOWS\lsuss.exe>
[操作系统内部进程 / netservice]    <C:\Documents and Settings\All Users\Favorites\netservice.exe>
[Event System / Event System]    <C:\Program Files\Common Files\Microsoft Shared\MSInfo\Server.exe>
[cpfzxu / cpfzxu]    <C:\WINDOWS\system32\svchost.exe -k cpfzxu-->%SystemRoot%\System32\cpfzxu.dll>

删除驱动:
[079mzx / 079mzxg]    <\SystemRoot\System32\DRIVERS\079mzxg.sys>
[3pwp / 3pwp]    <\??\C:\WINDOWS\system32\drivers\3pwp.sys>
[ypfzxuiu / ypfzxuiu]    <\??\C:\WINDOWS\system32\drivers\cpfzxu.sys>
[ymuylfiu / ymuylfiu]    <\??\C:\WINDOWS\system32\drivers\amuylf.sys>
[ygkzknyx / ygkzknyx]    <\??\C:\WINDOWS\system32\drivers\rgkzkn.sys>
[xProc / xProc]    <\??\C:\WINDOWS\system32\Drivers\xProc.sys>
[xBlock3 / xBlock3]    <\??\C:\WINDOWS\system32\Drivers\xBlock3.sys>
[mxdispdr / mxdispdr]    <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys>

删除加载项:
[AlxTB BHO Class]    <C:\WINDOWS\system32\AlxTB1.dll>
[AxSubmitControl Class]    <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL>
[AxInputControl Class]    <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL>
[CAdLogic Object]    <C:\Program Files\Common Files\CPUSH\cpush.dll>
[InfosecCertInstall Class]    <C:\WINDOWS\Downloaded Program Files\certInStall.dll>
[EditCtrl Class]    <C:\WINDOWS\system32\aliedit\AliEdit.dll>
[Info cache]    <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>
黄金搭档12 - 2008-1-11 14:21:00
谢谢!用SRE删除的都已经删掉,可是上面说"用XDelBox删除以下文件"我在这些路径中都找不到所说的文件呢?
lqqk7 - 2008-1-11 14:44:00
这两个文件日志中看不出路径,不过在c:\windows\system32\的可能性很大,你可以全盘搜索一下。
debugfile.exe
egomoo.exe

其他文件删除方法参考流星版主的帖子:
http://forum.ikaka.com/topic.asp?board=40&artid=8391084
黄金搭档12 - 2008-1-12 22:45:00
可是全盘搜索也找不到啊
黄金搭档12 - 2008-1-12 23:11:00
那些文件里,顶多只找到1/2的文件并删除了,其他的大部分文件都找不到,全盘搜索都搜不到,现在仍然在乱弹网页出来,我又扫了日志,请帮看一下,有没有别的问题?

附件: 7837502008112225939.txt
CAPTjoe - 2008-1-12 23:18:00
建议:
删除驱动
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
删除浏览器加载项
[Adobe Common Objects]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\nsdA_4E051B03.dll, Microsoft Corporation>
[Adobe Common Objects]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\nsdA_4E051B03.dll, Microsoft Corporation>
1
查看完整版本: 求助!瑞星杀了几十遍都杀不干净的毒!有SRE日志
© 2000 - 2026 Rising Corp. Ltd.