用瑞星查杀病毒发现gpigeon.uql，文件名是IEXPLOERE.EXE，并提示成功删除。但重启之后又出来了，尝试手动杀毒，用hijackthis查找服务，但是没有类似灰鸽子的服务，在注册表…………/services项中也没有类似的东西。安全模式下杀毒无效……瑞星版本18.10.42，最新的吧～
应该怎么清除掉啊？

中了灰鸽子

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载HIJACKTHIS导出日志

去johnnyxp.ys168.com下载灰鸽子专杀工具

Logfile of HijackThis v1.99.1
Scan saved at 22:28:20, on 2006-1-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
F:\WinXP\Rav\Rising\Rav\CCenter.exe
H:\WINDOWS\System32\svchost.exe
F:\WinXP\Rav\Rising\Rav\Ravmond.exe
H:\WINDOWS\system32\spoolsv.exe
f:\winxp\powerleap\MTRRAPP.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WinXP\Rav\Rising\Rav\RavStub.exe
H:\WINDOWS\SOUNDMAN.EXE
F:\WinXP\Rav\Rising\Rav\RavTask.exe
F:\WinXP\Rav\Rising\Rav\Ravmon.exe
F:\WinXP\ZoneAlarm\zlclient.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\taskmgr.exe
F:\WinXP\Maxthon\Maxthon.exe
H:\DOCUME~1\FOREST~1.WWW\LOCALS~1\Temp\Rar$EX00.890\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - H:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - H:\WINDOWS\system32\IEHelper.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - H:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - H:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\WinXP\FlashGet\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\WinXP\FlashGet\FlashGet\fgiebar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - H:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMSCMig] H:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RavTask] "F:\WinXP\Rav\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Zone Labs Client] F:\WinXP\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: !搜一搜 - res://H:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O8 - Extra context menu item: 使用网际快车下载 - F:\WinXP\FlashGet\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\WinXP\FlashGet\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://F:\WinXP\office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\WinXP\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\WinXP\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\WinXP\QQ\SendMMS.htm
O9 - Extra button: 合浦时代 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.163.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\WinXP\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\WinXP\FlashGet\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\WinXP\FlashGet\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hz0752.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D917683-05E7-44E6-97D0-8BD6715C41D6}: NameServer = 202.103.224.68 202.103.225.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D917683-05E7-44E6-97D0-8BD6715C41D6}: NameServer = 202.103.224.68 202.103.225.68
O20 - Winlogon Notify: System Safety Monitor - H:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MTRRAPP - Powerleap Products - f:\winxp\powerleap\MTRRAPP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\WinXP\Rav\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\WinXP\Rav\Rising\Rav\Ravmond.exe
O23 - Service: scvhost - Unknown owner - H:\WINDOWS\scvhost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

引用:

【羔仔的贴子】去johnnyxp.ys168.com下载灰鸽子专杀工具 ...........................

两个都查不到

XP 删除C:\windows\internet explore.exe 270k是个隐含文件，可以在瑞星防火墙看见它的启动项。用其他软件也可以检测启动项.

修复
O23 - Service: scvhost - Unknown owner - H:\WINDOWS\scvhost.exe

在硬盘中搜索scvhost.exe
scvhost.dll
scvhostkey.dll
scvhost_hook.dll
找到后全部删除

修复
O23 - Service: scvhost - Unknown owner - H:\WINDOWS\scvhost.exe之后就好了，瑞星没有发现病毒。估计ok了，多谢各位！