lneagle - 2008-7-19 22:28:00
感染trojan.win32.undef.hfb和RootKit.Win32.Mnless.rz!(附SRENG报告)
杀毒软件已升级最新版本,仍然无法彻底杀除.
c:\windows下kqnlur86.dll和win32目录下kqnlur86.sys文件无法删除.
请问还需要删除什么文件?谢谢.
下面附上sreng扫描报告.
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon)附件:
SREngLOG.log
aaccbbdd - 2008-7-19 22:37:00
删除文件
用这里的工具
http://bbs.ikaka.com/showtopic-8442813.aspx操作方法见我签名
建议删除驱动
[kqnlur8 / kqnlur86][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kqnlur86.sys><N/A>
这个驱动对应的文件
楼主自己测下
http://www.virscan.org/[s24trans / s24trans][Stopped/Manual Start]
<system32\DRIVERS\s24trans.sys><N/A>
豪斯登堡新郎 - 2008-7-19 23:25:00
补充:
服务
[Windows Time / W32Time][Stopped/Disabled]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\system32\oobe\hdzdqtbvi.dll><N/A>
驱动程序
[pnpshark / pnpshark][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\pnpshark.sys><>
[s24trans / s24trans][Stopped/Manual Start]
<system32\DRIVERS\s24trans.sys><N/A>
[st3shark / st3shark][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\st3shark.sys><>
浏览器加载项
[]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <, >
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{4DAE9566-953C-4DF1-8E9C-55B7890A3AE8} <, >
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[]
{6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, >
[]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
{962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{EF1EA76E-5428-4e40-85A1-D4DD2893183A} <, >
[]
{F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[]
{FB3412B6-6D67-4650-B3B4-C2A90191A80F} <, >
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
© 2000 - 2026 Rising Corp. Ltd.