瑞星卡卡安全论坛

病毒名为RootKit.Win32.Mie.a

各位哥哥姐姐帮帮我啊。杀不掉啊，这个毒，急死了


[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)

流程：
先用工具清理下系统 然后扫描完整SRE日志报告

清理系统临时文件和IE临时文件夹     
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip

下载Sreng，解压缩运行

1.先把不相关的软件关闭（比如QQ 浏览器 播放软件之类...）
2.智能扫描(记得勾上数字签名选项）=》扫描=》保存报告
3.把日志SREngLOG.log中的报告完整复制粘贴上来，[全选(Ctrl+a) >>复制(Ctrl+c) >>粘贴(Ctrl+v)] 上来或者粘贴到记事本中以附件形式上传上来

SRE下载地址
http://www.kztechs.com/sreng/sreng928.zip
友情提示:如果下载后不能运行请删除已下载的,然后重新下载.下载后首先不要运行先将下载的SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行

1.开机时多按几次F8键进安全模式查杀

2.按照病毒路径,手动删除

3.去这个病毒专杀网查杀,这里很多优秀的杀毒软件,一定干掉那个病毒:

[CODE]

2008-04-06,16:19:45

System Repair Engineer 2.6.2.928
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition  (Build 6000) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)]
    <NvSvc><RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [NVIDIA Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <RtHDVCpl><RtHDVCpl.exe>  [Realtek Semiconductor]
    <Skytel><Skytel.exe>  [Realtek Semiconductor Corp.]
    <ATKMEDIA><C:\Program Files\ASUS\ATK Media\DMEDIA.EXE>  [ASUSTeK Computer INC.]
    <SMSERIAL><C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe>  [Motorola Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [Synaptics, Inc.]
    <snpstd3><C:\Windows\vsnpstd3.exe>  []
    <WangWang><"C:\Program Files\Alisoft\WangWang\WangWang.EXE">  [阿里巴巴软件(上海)有限公司]
    <FixCamera><C:\Windows\FixCamera.exe>  []
    <tsnp325><C:\Windows\tsnp325.exe>  []
    <snp325><C:\Windows\vsnp325.exe>  []
    <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <RavTask><"F:\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KASTask><"F:\金山清理专家\Kingsoft Antispy\KASTask.EXE">  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\Windows\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[ADSM Service / ADSMService][Running/Auto Start]
  <C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe><>
[ADSM Service / ADSMService][Running/Auto Start]
  <C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe><>
[ASLDR Service / ASLDRService][Running/Auto Start]
  <C:\Program Files\ATK Hotkey\ASLDRSrv.exe><>
[ATKGFNEX Service / ATKGFNEXSrv][Running/Auto Start]
  <C:\Program Files\ATKGFNEX\GFNEXSrv.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[DCOM Service Process Manager / DCOMManager16][Others/Auto Start]
  <2 - 系统找不到指定的文件。
><(File is missing)>
[ASLDR Service / ASLDRService][Running/Auto Start]
  <C:\Program Files\ATK Hotkey\ASLDRSrv.exe><>
[ATKGFNEX Service / ATKGFNEXSrv][Running/Auto Start]
  <C:\Program Files\ATKGFNEX\GFNEXSrv.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[DCOM Service Process Manager / DCOMManager16][Others/Auto Start]
  <2 - 系统找不到指定的文件。
><(File is missing)>
[RaySat_3dsmax8 Server / mi-raysat_3dsmax8][Running/Auto Start]
  <"C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Vista Scanner / RsVScanner][Running/Auto Start]
  <F:\瑞星\Rising\Rav\scannerd.exe><Beijing Rising Technology Co., Ltd.>
[spmgr / spmgr][Running/Auto Start]
  <C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe><>
[RaySat_3dsmax8 Server / mi-raysat_3dsmax8][Running/Auto Start]
  <"C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"><N/A>
[Windows Defender / WinDefend][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k secsvcs-->%ProgramFiles%\Windows Defender\mpsvc.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co.

楼主可以试试安全模式查杀！最好是提供病毒文件名和路径！

引用:

【tangtang123456的贴子】病毒名为RootKit.Win32.Mie.a 各位哥哥姐姐帮帮我啊。杀不掉啊，这个毒，急死了 [用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506) ………………

日志不完全 请重新扫描然后已.txt附件格式上传上来