瑞星卡卡安全论坛
希希希希希希 - 2012-6-9 15:08:00
名称不一样但是名称长度一样。。不能访问不能删除。。。这是什么东西。。是不是瑞星产生的???是的话就不管啦:kaka5:
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
希希希希希希 - 2012-6-9 15:28:00
FILEMON.exe 监视结果。。就是ravmond.exe在读取。。。这是个什么东西。。。瑞星创造这个文件干什么用的。。。。。
这么多看得你们有没有类似的文件。。说说。。。
希希希希希希 - 2012-6-9 21:43:00
21:40:51 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\0000055DC212921E SUCCESS FileDispositionInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC212921E SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC212921E SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A FILE NOT FOUND Attributes: Any Options: Open
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A SUCCESS Attributes: N Options: OverwriteIf
21:40:51 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\0000055DC2E0018A SUCCESS Size: 0
21:40:51 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\0000055DC2E0018A END OF FILE Offset: 0 Length: 65536
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A SUCCESS Attributes: Any Options: Open
21:40:51 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\0000055DC2E0018A SUCCESS FileObjectIdInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\0000055DC2E0018A SUCCESS FileDispositionInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC2E0018A SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE FILE NOT FOUND Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE SUCCESS Attributes: N Options: OverwriteIf
21:41:06 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005678EBB66BE SUCCESS Size: 0
21:41:06 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005678EBB66BE END OF FILE Offset: 0 Length: 65536
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE SUCCESS Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005678EBB66BE SUCCESS FileObjectIdInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005678EBB66BE SUCCESS FileDispositionInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 FILE NOT FOUND Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 SUCCESS Attributes: N Options: OverwriteIf
21:41:06 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005678F8BC285 SUCCESS Size: 0
21:41:06 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005678F8BC285 END OF FILE Offset: 0 Length: 65536
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 SUCCESS Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005678F8BC285 SUCCESS FileObjectIdInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005678F8BC285 SUCCESS FileDispositionInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678F8BC285 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 FILE NOT FOUND Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 SUCCESS Attributes: N Options: OverwriteIf
21:41:21 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\00000571516D0103 SUCCESS Size: 0
21:41:21 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\00000571516D0103 END OF FILE Offset: 0 Length: 65536
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 SUCCESS Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\00000571516D0103 SUCCESS FileObjectIdInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\00000571516D0103 SUCCESS FileDispositionInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 FILE NOT FOUND Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 SUCCESS Attributes: N Options: OverwriteIf
21:41:21 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005715243C3A8 SUCCESS Size: 0
21:41:21 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005715243C3A8 END OF FILE Offset: 0 Length: 65536
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 SUCCESS Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005715243C3A8 SUCCESS FileObjectIdInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005715243C3A8 SUCCESS FileDispositionInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005715243C3A8 SUCCESS
瑞星的快来看啊。。。。你们做的东西你们不会不知道啊。。。
希希希希希希 - 2012-6-9 21:47:00
21:40:51 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\0000055DC212921E SUCCESS FileDispositionInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC212921E SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC212921E SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A FILE NOT FOUND Attributes: Any Options: Open
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A SUCCESS Attributes: N Options: OverwriteIf
21:40:51 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\0000055DC2E0018A SUCCESS Size: 0
21:40:51 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\0000055DC2E0018A END OF FILE Offset: 0 Length: 65536
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\0000055DC2E0018A SUCCESS Attributes: Any Options: Open
21:40:51 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\0000055DC2E0018A SUCCESS FileObjectIdInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\0000055DC2E0018A SUCCESS FileDispositionInformation
21:40:51 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\0000055DC2E0018A SUCCESS
21:40:51 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\0000055DC2E0018A SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE FILE NOT FOUND Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE SUCCESS Attributes: N Options: OverwriteIf
21:41:06 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005678EBB66BE SUCCESS Size: 0
21:41:06 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005678EBB66BE END OF FILE Offset: 0 Length: 65536
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678EBB66BE SUCCESS Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005678EBB66BE SUCCESS FileObjectIdInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005678EBB66BE SUCCESS FileDispositionInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678EBB66BE SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 FILE NOT FOUND Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 SUCCESS Attributes: N Options: OverwriteIf
21:41:06 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005678F8BC285 SUCCESS Size: 0
21:41:06 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005678F8BC285 END OF FILE Offset: 0 Length: 65536
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005678F8BC285 SUCCESS Attributes: Any Options: Open
21:41:06 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005678F8BC285 SUCCESS FileObjectIdInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005678F8BC285 SUCCESS FileDispositionInformation
21:41:06 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005678F8BC285 SUCCESS
21:41:06 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005678F8BC285 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 FILE NOT FOUND Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 SUCCESS Attributes: N Options: OverwriteIf
21:41:21 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\00000571516D0103 SUCCESS Size: 0
21:41:21 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\00000571516D0103 END OF FILE Offset: 0 Length: 65536
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\00000571516D0103 SUCCESS Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\00000571516D0103 SUCCESS FileObjectIdInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\00000571516D0103 SUCCESS FileDispositionInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\00000571516D0103 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 FILE NOT FOUND Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 SUCCESS Attributes: N Options: OverwriteIf
21:41:21 RavMonD.exe:1536 FASTIO_QUERY_STANDARD_INFO K:\TEMP\000005715243C3A8 SUCCESS Size: 0
21:41:21 RavMonD.exe:1536 IRP_MJ_READ K:\TEMP\000005715243C3A8 END OF FILE Offset: 0 Length: 65536
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CREATE K:\TEMP\000005715243C3A8 SUCCESS Attributes: Any Options: Open
21:41:21 RavMonD.exe:1536 IRP_MJ_QUERY_INFORMATION K:\TEMP\000005715243C3A8 SUCCESS FileObjectIdInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_SET_INFORMATION K:\TEMP\000005715243C3A8 SUCCESS FileDispositionInformation
21:41:21 RavMonD.exe:1536 IRP_MJ_CLEANUP K:\TEMP\000005715243C3A8 SUCCESS
21:41:21 RavMonD.exe:1536 IRP_MJ_CLOSE K:\TEMP\000005715243C3A8 SUCCESS
瑞星的快来看啊。。。。你们做的东西你们不会不知道啊。。。:kaka7:
用户系统信息:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5
瑞星工程师12 - 2012-6-11 9:02:00
请楼主详细说说,做了哪些操作出现这个提示的?
并补充以下信息:
1.操作系统类型
2.瑞星杀毒软件版本(将鼠标放在托盘处小绿伞的图标上,即可查看程序版本)
3.IE浏览器版本
4.瑞星日志
日志上传方法:右键托盘处监控图标>>查看日志>>备份日志,将生成的db文件压缩上传
感谢您对瑞星的支持!
networkedition - 2012-6-11 9:08:00
lz瑞星杀毒软件版本是多少?操作系统类型是什么?开机用FILEMON.exe 监视到的?
希希希希希希 - 2012-6-12 13:31:00
我有俩机器。全部xpsp3系统。。一个老电脑一个较新。。
我今天看老电脑(平时我不用)发现c:\winodws\temp下面也非常多的这个文件,我意识到不是我那个电脑问题时瑞星问题。。。
新电脑2011全功能
旧电脑2012杀毒+防火墙。。
我监视00000*.结果只有瑞星在访问读取。。其他文件都没有访问读取过。。不是单个问题因为不同版本不同系统都这样。。老机器没有清理过temp结果下面几百个这种文件:kaka10: :kaka10:
networkedition - 2012-6-12 13:39:00
那些临时文件不是ravmond.exe创建的,ravmond.exe只是扫描了一下临时文件。也就是监控扫描了一下temp文件夹下的文件。
希希希希希希 - 2012-6-12 20:15:00
原帖由 networkedition 于 2012-6-12 13:39:00 发表
那些临时文件不是ravmond.exe创建的,ravmond.exe只是扫描了一下临时文件。也就是监控扫描了一下temp文件夹下的文件。
你说后我马上去卸载瑞星。奇妙的是我卸载过程中那个文件就自动消失拉。。。。
卸载万让我重新启动启动后也没有那个文件并且我使用了一段时间。。。。我安装瑞星。。设置完成他又回来啦。。。这个实验更加让我坚定他就是瑞星创造的。。。不能访问不能移动不能删除。。。。。
有瑞星就有那文件没有瑞星就没有哪文件。。。。
networkedition - 2012-6-13 9:16:00
可以先将temp目录下的文件全部清空,清空之后,观察是否还会生成那些文件。注意测试前不要运行任何程序,如果还是生成,将生成的文件压缩发来。
希希希希希希 - 2012-6-13 13:52:00
RSFS� > � ?� � � � � � ? ? 前面就是这样。。。后面一对字符乱麻。。。 记事本打开内容如下。。他创建一个另一个就能删除和访问。他占用的时候无法删除无法访问。。。我就与们就想知道这是什么东西。。。我整理磁盘也不能动他。。很麻烦。temp根本无法删除。。因为那个文件被瑞星占用:kaka9:
networkedition - 2012-6-13 14:00:00
进安全模式试试,能不能将文件压缩上传。安全模式下清空temp,重启进入正常 系统后,是否还会生成?
希希希希希希 - 2012-6-13 17:48:00
我现在在新机器上。。。上面的文件是0字节
今天打开google浏览器的时候瑞星假死拉。。不常见。。搜索说上船*.dmp??
RIS Service 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 0 毫秒内运行: 重新启动服务。
我下面有一个
附件: RavMonD2012-06-13(17-24-02).rar (2012-6-13 17:48:48, 34.27 K)
该附件被下载次数 144
老机器总是会创建一个18k的文件。。有时候会增长。。。安全模式还没试过改天有时间看看。顺道把老机器的文件上传
networkedition - 2012-6-14 9:13:00
K:\TEMP\000005678F8BC285
K:\TEMP\000005678F8BC285
K:\TEMP\00000571516D0103
将这些文件压缩发来:kaka6:
networkedition - 2012-6-14 9:14:00
把11楼用记事本打开的文件压缩发来:kaka6:
希希希希希希 - 2012-6-14 21:21:00
安全模式真得可以查看删除。。呵呵。。但是看不到瑞星进程
我新的上面都是0字节。。没有内容。。这个是老机器上的。有18k。。
全盘杀毒没有毒。。。
你说的那些文件都没啦。。名城貌似都是变化的。。我杀毒的时候还挑出来好几个。哈哈不过看起来都是0k
附件: 00000030A4DAD318.rar (2012-6-14 21:21:27, 6.29 K)
该附件被下载次数 144
1
© 2000 - 2024 Rising Corp. Ltd.
