瑞星卡卡安全论坛

同时查到有IPV6.DLL.V
NVCPL64.DLL.V
WINXP.BMP.V
THUMBS.LNK
YKBDFON.EXE

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-EmbeddedWB 14.59 http://bsalsa.com/ EmbeddedWB- 14.59  from: http://bsalsa.com/ )

附件: SREngLOG.TXT

[AutoRun]
open=ykbdfon.exe
shell\open=打开(&O)
shell\open\Command=ykbdfon.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ykbdfon.exe

thumbs.lnk
是图片的东东，不是病毒

IPV6.DLL.V
NVCPL64.DLL.V
WINXP.BMP.V
那这些呢，怎么处理

用xdelbox删除以下文件
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。
C:\WINDOWS\system32\IPv6.dll
C:\WINDOWS\system32\WatchClient.exe
C:\Autorun.inf
Ｄ:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
sreng 启动项目－》注册表，删除
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
    <IFEO[ntldr.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
    <IFEO[sxs.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\test.exe]
    <IFEO[test.exe]><AUTOGUARDER GUARDED.>  [N/A]
sreng,启动项目－＞服务，ｗｉｎ32服务应用程序
删除
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
  <"C:\WINDOWS\system32\WatchClient.exe" -service><>
好像图片那个是Ｔｈｕｎｂｓ．ｄｂ:kaka6:

谢谢指教，

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
    <IFEO[ntldr.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
    <IFEO[sxs.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\test.exe]
    <IFEO[test.exe]><AUTOGUARDER GUARDED.>  [N/A]

上面这些IFEO项应该是防病毒的,不建议删除:default5:

嘻嘻:kaka14:

回复: thumbs.lnk杀不死，重启又出现，有日志高手帮忙看看
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
    <IFEO[ntldr.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
    <IFEO[sxs.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\test.exe]
    <IFEO[test.exe]><AUTOGUARDER GUARDED.>  [N/A]

上面这些IFEO项应该是防病毒的,不建议删除


那些是免疫病毒软件免疫了产生的，，:default6: