求助，如何删除trojan.adclient及变种(试了一些方法，还不行） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助，如何删除trojan.adclient及变种(试了一些方法，还不行）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 4 页

跳转页

求助，如何删除trojan.adclient及变种(试了一些方法，还不行）

独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山	发表于： 2005-09-03 09:51 \| 短消息资料字号：小中大 11楼哇，扫个HJ的LOG上来瞧瞧。
独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:06 \| 只看楼主短消息资料字号：小中大 12楼用端星听诊器扫了一下，出了份报告，在附件。最后的程序就是病毒进程，如果停止以后，会随机生成新的不定名的。exe程序出来下面的就是截获病毒进程里的内容 Process PID CPU Description Company Name System Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a 5 Deferred Procedure Calls System 4 2 smss.exe 532 Windows NT Session Manager Microsoft Corporation csrss.exe 592 Client Server Runtime Process Microsoft Corporation winlogon.exe 768 Windows NT Logon Application Microsoft Corporation services.exe 812 Services and Controller app Microsoft Corporation svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1224 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1644 Generic Host Process for Win32 Services Microsoft Corporation rfwsrv.exe 1712 Rising Personal FireWall Service Beijing Rising Technology Corporation Limited RfwMain.exe 1240 Rising Personal FireWall Main Program Beijing Rising Technology Corporation Limited snmp.exe 1764 SNMP Service Microsoft Corporation svchost.exe 1796 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 824 LSA Shell (Export Version) Microsoft Corporation Explorer.EXE 1184 2 Windows Explorer Microsoft Corporation mocqgnj.exe 1472 89 wdnmgr.exe 1884 Services and Controller app Microsoft Corporation Hcontrol.exe 2024 HControl ASUSTeK COMPUTER INC. ATKOSD.exe 236 ATKOSD ASUSTeK COMPUTER INC. AGRSMMSG.EXE 2040 SoftModem Messaging Applet Agere Systems KHOOKER.EXE 212 SiS Compatible Super VGA Keyboard Daemon Silicon Integrated Systems Corporation CTFMON.EXE 356 CTF Loader Microsoft Corporation dslmon.exe 588 ADIMON MFC Application Rav.exe 1284 Rising Antivirus Main exe Beijing Rising Technology Co., Ltd. TTraveler.exe 888 2 Tencent Traveler 腾讯公司 Explorer.EXE 880 Windows Explorer Microsoft Corporation 872 Autostart program viewer Sysinternals - www.sysinternals.com 1836 2 Sysinternals Process Explorer Sysinternals Process: mocqgnj.exe Pid: 1472 Name Description Company Name Version advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.1106 clbcatq.dll Microsoft Corporation 2001.12.4414.0042 comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2800.1106 comctl32.dll Common Controls Library Microsoft Corporation 5.82.2800.1106 comres.dll Microsoft Corporation 2001.12.4414.0042 crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.1106 ctype.nls fastprox.dll WMI Microsoft Corporation 5.01.2600.1106 gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.1346 imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.1106 index.dat index.dat index.dat kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.1106 locale.nls lpk.dll Language Pack Microsoft Corporation 5.01.2600.0000 mocqgnj.exe 1.01.0000.0008 msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.1362 MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.1106 msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.1106 msxml3.dll MSXML 3.0 SP 3 Microsoft Corporation 8.30.9926.0000 msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001 netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.1343 ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.1106 ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.1106 oleaut32.dll Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems Microsoft Corporation 3.50.5016.0000 R000000000007.clb rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.1106 rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.1106 rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.1106 rsaenh.dll Microsoft Base Cryptographic Provider Microsoft Corporation 5.01.2600.1029 rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.0000 secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.1106 shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2800.1106 SHLWAPI.DLL Shell Light-weight Utility Library Microsoft Corporation 6.00.2800.1584 sortkey.nls sorttbls.nls tapi32.dll Microsoft(R) Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.1106 unicode.nls user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.1106 userenv.dll Userenv Microsoft Corporation 5.01.2600.1106 usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.409.2600.1106 uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2800.1106 version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.0000 wbemcomn.dll WMI Microsoft Corporation 5.01.2600.1106 wbemprox.dll WMI Microsoft Corporation 5.01.2600.1106 wbemsvc.dll WMI Microsoft Corporation 5.01.2600.0000 WININET.DLL Internet Extensions for Win32 Microsoft Corporation 6.00.2800.1468 winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.1106 winspool.drv Windows Spooler Driver Microsoft Corporation 5.01.2600.1106 ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.0000 ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.0000
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山	发表于： 2005-09-03 10:12 \| 短消息资料字号：小中大 13楼晕啦，这个看不懂，我说的是论谈上大家都用的HJ日志，不是这个！！
独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:14 \| 只看楼主短消息资料字号：小中大 14楼明白了，我再去做。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:	发表于： 2005-09-03 10:15 \| 短消息资料字号：小中大 15楼 c;\Explorer.exe和c:\windows\system32\下随机生成无规律名称的.exe文件都打包上传
命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:24 \| 只看楼主短消息资料字号：小中大 16楼传上来了附件: 文件名:404063200593102431.rar 下载次数:0 文件类型:application/octet-stream 文件大小: 上传时间:2005-9-3 10:24:31 描述:
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:	发表于： 2005-09-03 10:25 \| 短消息资料字号：小中大 17楼请耐心等待,我会PM斑竹来拿样本
命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:26 \| 只看楼主短消息资料字号：小中大 18楼 ogfile of HijackThis v1.99.1 Scan saved at 10:23:14, on 2005-9-3 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\RfwMain.exe C:\WINDOWS\System32\wdnmgr.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\khooker.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\D-Link\D-Link DSL-200 USB ADSL Modem\dslmon.exe C:\WINDOWS\System32\dxzcur.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\hijackthis1991\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\TENCENT\QQ\QQIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [gkddwc] C:\WINDOWS\System32\dxzcur.exe r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: 使用搜狗直通车下载 - F:\P4P\dl.htm O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\TENCENT\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\TENCENT\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\TENCENT\QQ\SendMMS.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\TENCENT\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\TENCENT\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\TENCENT\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\TENCENT\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29c496e3084013b47b16/netzip/RdxIE601_cn.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AE4081-9C6F-4744-9551-7325A3D02509}: NameServer = 202.106.46.151 202.106.0.20 O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe 请问是这个吗？
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 10:29 \| 只看楼主短消息资料字号：小中大 19楼【回复“命运里の金色”的帖子】万分感谢。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:	发表于： 2005-09-03 13:31 \| 只看楼主短消息资料字号：小中大 20楼 UP UP 请各位大侠帮忙看看呀。
老冈初生襁褓狮帖子:61 注册: 2004-12-17 来自:

<<上一主题|下一主题>>

2 / 4 页

跳转页

页面顶部

Powered by Discuz!NT