瑞星卡卡安全论坛

我升级瑞星杀毒过程中扫描的.
D:\System Volume Information\_restore{C12758D0-1287-42FC-B587-8675CE191B0E}\RP1\A0000052.exe病毒名称Worm.Magistr.g
D:\System Volume Information\_restore{C12758D0-1287-42FC-B587-8675CE191B0E}\RP1\A0000053.exe病毒名称Worm.Magistr.g
D:\System Volume Information\_restore{C12758D0-1287-42FC-B587-8675CE191B0E}\RP1\A0000054.exe病毒名称Worm.Magistr.g
、、、、、、后面还有很多个.D:\Office\2052\PROJWIZ.EXE病毒名称Worm.Magistr.g
D:\Office\2052\WRKGADM.EXE病毒名称Worm.Magistr.g

等等,请猫眯大斑竹们再帮我看看啊,这是我刚刚扫描的日志.

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

附件: SREngLOG.log

用SRENG删除

注册表中
<{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><>  [N/A]
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><>  [N/A]
    <{9490415F-65F8-B5C5-D8BA-9405FB120549}><>  [N/A]
    <{5FD45A54-9875-698F-E56E-65102358FDF5}><C:\WINDOWS\system32\apsgejba.dll>  [N/A]
    <{50940F85-F015-14F1-A05F-F69858AC6D05}><>  [N/A]
    <{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><>  [N/A]
    <{13FD5987-65D2-C58D-D87E-987451F12531}><>  [N/A]
    <{91954FAC-1023-154F-895A-1458258AD819}><>  [N/A]
    <{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}><>  [N/A]
    <{37AC9076-C898-B098-D098-A18319080973}><>  [N/A]
    <{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll>  [N/A]
    <{32023698-6984-8541-9654-698745012523}><>  [N/A]
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  [N/A]
    <{4629FF4F-ACDB-5C90-A098-FACB3456A264}><>  [N/A]
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  [N/A]
    <{528DF602-9541-A985-210A-984A698C6F25}><>  [N/A]
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll>  [N/A]
    <{875E07B1-0614-43D9-A76E-D76A28AB3D7B}><C:\WINDOWS\system32\tfsdmz.dll>  [N/A]
    <{2B69874A-C58C-458D-69F0-698F874E41B2}><C:\WINDOWS\system32\lassaplo.dll>  [N/A]
    <{54FAE856-AD58-20CB-A025-CD4895FA6E45}><C:\WINDOWS\system32\pjjxedwd.dll>  [N/A]
    <{3C954872-1230-6541-9548-6541025884C3}><C:\WINDOWS\system32\lijzclit.dll>  [N/A]
    <{45694105-5108-9405-3695-954187462154}><>  [N/A]
    <{35671234-7890-ABCD-CDEF-567801237653}><>  [N/A]
    <{43512378-9874-5641-1025-985420368734}><C:\WINDOWS\system32\oswxdttb.dll>  [N/A]
    <{6A041F13-A111-12A3-B0CF-F99818AA68A6}><>  [N/A]
    <{5C648541-1025-9650-9057-6541258720C5}><C:\WINDOWS\system32\mndhedwd.dll>  [N/A]
  <JavaView><C:\WINDOWS\AppPatch\Jview.dll>  [N/A]
把<AppInit_DLLs><tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,ieprot.dll>  [N/A]
设置为<AppInit_DLLs><ieprot.dll>  [N/A]

删除浏览器加载
[]
  {2B69874A-C58C-458D-69F0-698F874E41B2} <C:\WINDOWS\system32\lassaplo.dll, N/A>
[]
  {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A>
[]
  {43512378-9874-5641-1025-985420368734} <C:\WINDOWS\system32\oswxdttb.dll, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[]
  {54FAE856-AD58-20CB-A025-CD4895FA6E45} <C:\WINDOWS\system32\pjjxedwd.dll, N/A>
[]
  {5C648541-1025-9650-9057-6541258720C5} <C:\WINDOWS\system32\mndhedwd.dll, N/A>
[]
  {5FD45A54-9875-698F-E56E-65102358FDF5} <C:\WINDOWS\system32\apsgejba.dll, N/A>




关闭系统还原
清空临时文件夹

1.建议使用XDelBox删除以下文件(XDelBox1.7支持奥运版下载) 下载地址:www.dodudou.com)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

20071031_7fc75799977b595ebdd07RNDExQDwgIo.png (32.67 K)

2008-6-17 9:37:34

c:\windows\system32\mndhedwd.dll
c:\windows\apppatch\jview.dll
c:\windows\system32\oswxdttb.dll
c:\windows\system32\lijzclit.dll
c:\windows\system32\pjjxedwd.dll
c:\windows\system32\lassaplo.dll
c:\windows\system32\tfsdmz.dll
c:\windows\system32\fsrgeb.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\wyrsdj.dll
c:\windows\system32\pedadt.dll
c:\windows\system32\apsgejba.dll
c:\windows\system32\drivers\eth8023.sys

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[{5C648541-1025-9650-9057-6541258720C5}]    <C:\WINDOWS\system32\mndhedwd.dll>
[JavaView]    <C:\WINDOWS\AppPatch\Jview.dll>
[{43512378-9874-5641-1025-985420368734}]    <C:\WINDOWS\system32\oswxdttb.dll>
[{3C954872-1230-6541-9548-6541025884C3}]    <C:\WINDOWS\system32\lijzclit.dll>
[{54FAE856-AD58-20CB-A025-CD4895FA6E45}]    <C:\WINDOWS\system32\pjjxedwd.dll>
[{2B69874A-C58C-458D-69F0-698F874E41B2}]    <C:\WINDOWS\system32\lassaplo.dll>
[{875E07B1-0614-43D9-A76E-D76A28AB3D7B}]    <C:\WINDOWS\system32\tfsdmz.dll>
[{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}]    <C:\WINDOWS\system32\fsrgeb.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}]    <C:\WINDOWS\system32\ddserh.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}]    <C:\WINDOWS\system32\wyrsdj.dll>
[{5E907A48-400E-4EA8-9792-FFAE052D59E9}]    <C:\WINDOWS\system32\pedadt.dll>
[{5FD45A54-9875-698F-E56E-65102358FDF5}]    <C:\WINDOWS\system32\apsgejba.dll>
注意该项[AppInit_DLLs]修改：把<tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,ieprot.dll>修改为<>即清空

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
[eth8023 / eth8023]    <\SystemRoot\system32\drivers\eth8023.sys>

    系统修复－－　浏览器加载项之如下项删除：
[]    <C:\WINDOWS\system32\apsgejba.dll>
[]    <C:\WINDOWS\system32\mndhedwd.dll>
[]    <C:\WINDOWS\system32\pjjxedwd.dll>
[]    <C:\WINDOWS\system32\oswxdttb.dll>
[]    <C:\WINDOWS\system32\lijzclit.dll>
[]    <C:\WINDOWS\system32\lassaplo.dll>
[]    <C:\WINDOWS\system32\apsgejba.dll>
[]    <C:\WINDOWS\system32\mndhedwd.dll>
[]    <C:\WINDOWS\system32\pjjxedwd.dll>
[]    <C:\WINDOWS\system32\oswxdttb.dll>
[]    <C:\WINDOWS\system32\lijzclit.dll>
[]    <C:\WINDOWS\system32\lassaplo.dll>
    系统修复－－ HOSTS文件－－重置host文件

1:修复以上重启电脑之后用一:清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe

2：建议用windows清理助手清理一下系统。
windows清理助手下载页面：http://www.arswp.com/download.html

:default3: 斑竹:我按你说的做了然后用瑞星杀毒.还有5个这样的病毒
c:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27U7A5EV\update[1].gif病毒名称Trojan.Win32.Undef.hag.我在主题贴上再上传我刚扫描的日志.