瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » win32.downloader.af病毒,已扫描等待救助
张小妹218 - 2008-4-20 14:31:00
昨天可能下载东西时候感染的,导致.exe很多感染病毒,QQ等等工区无法开启.下面是用SRENG扫描后的分析报告,求救下面怎么做,我修复不来.

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-EmbeddedWB 14.59 http://bsalsa.com/ EmbeddedWB- 14.59  from: http://bsalsa.com/ )


附件: 10427082008420141932.txt
shjarthur - 2008-4-20 23:01:00
==================================
启动文件夹
[msword]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\msword.lnk --> C:\WINDOWS\system32\CCWLAE~1.EXE [N/A]><N>

==================================
服务
[COM+ Windows System / WinINI][Running/Auto Start]
  <C:\WINDOWS\system32\winini.exe><Microsoft Corporation>

==================================
浏览器加载项
[]
  {FB3412B6-6D67-4650-B3B4-C2A90191A80F} <C:\WINDOWS\system32\izjvlaoxtz.dll, N/A>


[PID: 1368 / SYSTEM][C:\WINDOWS\system32\winini.exe]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1392 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ccwld16_080418.dll]  [N/A, ]
[PID: 2504 / Administrator][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ccwld32_080418.dll]  [N/A, ]
[PID: 3720 / SYSTEM][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\izjvlaoxtz.dll]  [N/A, ]
[PID: 2284 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\izjvlaoxtz.dll]  [N/A, ]

==================================
Autorun.inf
[E:\]
[AutoRun]
open=system.pif
shellexecute=system.pif
shell\Auto\command=system.pif
[F:\]
[AutoRun]
open=system.pif
shellexecute=system.pif
shell\Auto\command=system.pif

==================================
隐藏进程
    [2752] C:\WINDOWS\system32\net.exe


处理方法:(注意:完成以下操作之前,不要打开E和F分区!)
下载XDELBOX,地址和使用方法:
http://forum.ikaka.com/topic.asp?board=28&artid=8381032
添加以下项目:
C:\WINDOWS\system32\CCWLAE~1.EXE
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\msword.lnk
C:\WINDOWS\system32\winini.exe
C:\WINDOWS\system32\izjvlaoxtz.dll
C:\WINDOWS\system32\ccwld16_080418.dll
C:\WINDOWS\system32\ccwld32_080418.dll
C:\WINDOWS\system32\net.exe
E:\autorun.inf
E:\system.pif
F:\autorun.inf
F:\system.pif
右键XDELBOX点“立即重启删除”
XDELBOX会自动重启删除以上问题文件
再次重启时按F8进入安全模式,用SREng删除以上问题服务、浏览器加载项
处理完后,用杀毒软件全盘查杀病毒
1
查看完整版本: win32.downloader.af病毒,已扫描等待救助
© 2000 - 2026 Rising Corp. Ltd.