问题症状：
　　开机后大约２－３分钟，cmd.exe自动运行，并占满cpu,结束进程并无异样出现系统恢复正常，重启依然

原因：
    这个木马确实比较高明，在进程管理器也根本看不到，他不加载单独的进程，而是通过explorer.exe调入木马创建的IE控件new123.sys，每隔10分钟自动检查microsoft.bat和asas.exe文件是否存在，如不存在则重新释放文件，所以即使删除了这两个文件，也会再次出现。作者本意应该是在盗取有用信息后，试图通过microsoft.bat删除asas.exe，然后隔几分钟再生成asas.exe再盗取信息，然后又删除又生成……不想木马创建的asas.exe是系统隐藏文件，删除不掉，导致cpu100% （其实这应该是木马编者的一个bug，cmd删除不了它，于是进入死循环，一直删一直删不了。）

解决方法：
    到安全模式下删除C:\Program Files\Internet Explorer\PLUGINS中的new123命名的三个文件，到C:DOCUME~1XXXLOCALS~1Temp删除microsoft.bat，asas.exe文件，并且再搜索一下注册表关于new123的信息全部删除后重新启动，症状解决。

晕,

http://forum.ikaka.com/topic.asp?board=28&artid=8136554

应该C:\下还有一个autoexec.bat加载木马文件

不知道是不是同一个木马,请将样本按http://forum.ikaka.com/topic.asp?board=36&artid=8144360
发给我

已经干掉了，真TM郁闷都不知道在哪中的。找不到了。

晕呀,我也是CMD.EXE占了CPU100%一开机就会,按上面的方法无法解决,进程如下:
alg.exe    2244    C:\WINDOWS\System32\alg.exe    Application Layer Gateway Service 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
CCenter.exe    848    C:\Program Files\Rising\Rav\CCenter.exe    CCenter 18, 0, 0, 3.  Copyright Rising  2002
conime.exe    1540    C:\WINDOWS\system32\conime.exe    Console IME 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
csrss.exe    460    C:\WINDOWS\system32\csrss.exe    Client Server Runtime Process 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
Explorer.EXE    1392    C:\WINDOWS\Explorer.EXE    Windows Explorer 6.00.2900.2180.  (C) Microsoft Corporation. All rights reserved.
iexplore.exe    4036    C:\Program Files\Internet Explorer\iexplore.exe    Internet Explorer 6.00.2900.2180.  (C) Microsoft Corporation. All rights reserved.
lsass.exe    552    C:\WINDOWS\system32\lsass.exe    LSA Shell (Export Version) 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
MRTServ.exe    1648    C:\WINDOWS\system32\MRTServ.exe    Microsoft Windows Malicious Software Removal Tool 1.18.1507.0.  ? Microsoft Corporation. All rights reserved.
NOTEPAD.EXE    2720    C:\WINDOWS\system32\NOTEPAD.EXE    记事本 5.1.2600.2180.  (C) Microsoft Corporation. All rights reserved.
NOTEPAD.EXE    2744    C:\WINDOWS\system32\NOTEPAD.EXE    记事本 5.1.2600.2180.  (C) Microsoft Corporation. All rights reserved.
nvsvc32.exe    1928    C:\WINDOWS\system32\nvsvc32.exe    NVIDIA Driver Helper Service, Version 71.84 6.14.10.7184.  (C) NVIDIA Corporation. All rights reserved.
PrcView.exe    2548    D:\备分文件\明\进程监控软件\PrcView.exe    进程查看器实用程序 3.7.3.1.  由 Igor Nys 开发, 1995-2003
Ravmon.exe    140    C:\Program Files\Rising\Rav\Ravmon.exe    RavMon 18, 0, 1, 33.  Copyright(c) 1998-2006 Beijing  Rising  Technology  Corporation  Limited
Ravmond.exe    1100    C:\Program Files\Rising\Rav\Ravmond.exe    RavMond 18, 0, 1, 35.  Copyright(c) 1998-2006 Beijing  Rising  Technology  Corporation  Limited
RavStub.exe    1716    C:\Program Files\Rising\Rav\RavStub.exe    Rising RavStub 18, 0, 0, 16.  Copyright (c) 1998-2005 Rising Corp.
RavTask.exe    2032    C:\Program Files\Rising\Rav\RavTask.exe    RavTimer 18, 0, 0, 22.  Copyright (c) 1998-2006 Rising Corp.
RfwMain.exe    1908    c:\program files\rising\rfw\RfwMain.exe    Rising Personal FireWall Main Program 4, 0, 0, 0.  Copyright(c) 1998-2006 Beijing  Rising  Technology  Corporation  Limited
rfwsrv.exe    1212    c:\program files\rising\rfw\rfwsrv.exe    Rising Personal FireWall Service 4, 0, 0, 0.  Copyright(c) 1998-2006 Beijing  Rising  Technology  Corporation  Limited
services.exe    540    C:\WINDOWS\system32\services.exe    Services and Controller app 5.1.2600.2180.  (C) Microsoft Corporation. All rights reserved.
SMAgent.exe    1948    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe    SoundMAX service agent component 3, 2, 6, 0.  Copyright ? 2002
smss.exe    412    C:\WINDOWS\System32\smss.exe    Windows NT Session Manager 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
spoolsv.exe    1544    C:\WINDOWS\system32\spoolsv.exe    Spooler SubSystem App 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    720    C:\WINDOWS\system32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    772    C:\WINDOWS\system32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    900    C:\WINDOWS\System32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    976    C:\WINDOWS\system32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    1076    C:\WINDOWS\system32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
svchost.exe    1472    C:\WINDOWS\System32\svchost.exe    Generic Host Process for Win32 Services 5.1.2600.2180.  ? Microsoft Corporation. All rights reserved.
winlogon.exe    484    C:\WINDOWS\system32\winlogon.exe    Windows NT Logon Application 5.1.2600.2180.  (C) Microsoft Corporation. All rights reserved.
yassistse.exe    3988    C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe    AssistSetting 3, 0, 2, 1003.  Copyright (2005) Yahoo! China
ylive.exe    3568    C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe    YLive 3, 1, 4, 1020.  Copyright 2005 Yahoo! China

cmd.exe我结束掉了,不然卡呀谁帮帮我呀