瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请问这个RootKit.Torn.n病毒怎么杀啊....19.01.12现在最新版本也么用

123   3  /  3  页   跳转

请问这个RootKit.Torn.n病毒怎么杀啊....19.01.12现在最新版本也么用

收藏
DORYXJ
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-18 17:38 | 短消息 资料
字号: 21楼

正在运行的进程
[PID: 568][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 996][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 34]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1372][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Systemt0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxs0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wls0.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\agtz.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs0.dll]  [N/A, N/A]
    [D:\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [D:\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1448][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [D:\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\system32\Ssgb3mon.dll]  [Samsung Electronics., 1, 0, 0, 0]
[PID: 1640][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1704][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 244][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 256][D:\Winamp\winampa.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 284][D:\Distillr\Acrotray.exe]  [Adobe Systems Inc., 6.0.1.2004121400]
    [D:\Distillr\Acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 292][C:\Program Files\Microsoft\svhost32.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ho.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 300][C:\WINDOWS\mhs2.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs0.dll]  [N/A, N/A]
[PID: 316][C:\WINDOWS\alga.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\agtz.dll]  [N/A, N/A]
[PID: 384][C:\WINDOWS\wls3.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wls0.dll]  [N/A, N/A]
[PID: 416][C:\WINDOWS\zts3.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts0.dll]  [N/A, N/A]
[PID: 440][C:\WINDOWS\rxs3.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxs0.dll]  [N/A, N/A]
[PID: 468][C:\WINDOWS\Systemt.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Systemt0.dll]  [N/A, N/A]
[PID: 476][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 492][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 592][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
[PID: 2452][E:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Systemt0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxs0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts0.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wls0.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\agtz.dll]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs0.dll]  [N/A, N/A]
gototop
 
DORYXJ
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-18 17:38 | 短消息 资料
字号: 22楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
DORYXJ
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-18 17:39 | 短消息 资料
字号: 23楼

我看不懂这些东西,有高手在吗?帮我看看,谢谢您啦.
gototop
 
DORYXJ
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-18 17:40 | 短消息 资料
字号: 24楼

病毒名称处理结果发现日期扫描方式路径文件
RootKit.Torn.n忽略2007-01-15 15:19文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempt8.sys
RootKit.Torn.n删除成功2007-01-15 15:19文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n忽略2007-01-15 16:01文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempw4m.sys
RootKit.Torn.n忽略2007-01-16 10:52文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp5qs3.sys
RootKit.Torn.n忽略2007-01-16 10:53文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n忽略2007-01-17 12:41文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempz9eersd.sys
RootKit.Torn.n忽略2007-01-17 13:18文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempf4.sys
RootKit.Torn.n删除成功2007-01-17 13:18文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n忽略2007-01-17 14:16文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp2c.sys
RootKit.Torn.n删除成功2007-01-17 14:16文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n删除成功2007-01-17 14:18文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temptbee.sys
RootKit.Torn.n忽略2007-01-17 14:18文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n删除成功2007-01-17 15:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp66t6swxx.sys
RootKit.Torn.n删除成功2007-01-17 15:08文件监控C:\WINDOWS\system32wincab.sys
RootKit.Torn.n忽略2007-01-18 12:46文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempvzfi47jk.sys
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:08文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:09文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn重新启动计算机后删除文件2007-01-18 13:09文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
Trojan.PSW.Agent.ivn忽略2007-01-18 13:09文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
RootKit.Torn.n忽略2007-01-18 15:33文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp4.sys
Trojan.PSW.Agent.ivn删除成功2007-01-18 15:33文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
RootKit.Torn.n忽略2007-01-18 15:55文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp620w4.sys
Trojan.PSW.Agent.ivn删除成功2007-01-18 15:55文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
RootKit.Torn.n忽略2007-01-18 16:39文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\Tempt5qcm.sys
RootKit.Torn.n删除成功2007-01-18 16:39文件监控C:\WINDOWS\system32wincab.sys
Trojan.PSW.Agent.ivn删除成功2007-01-18 16:39文件监控C:\DOCUME~1\ADMINI~1\LOCALS~1\TempLgSyzr.dll
gototop
 
DORYXJ
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-18 17:41 | 短消息 资料
字号: 25楼

每天开机杀毒就有,一会儿这样一会儿那样,看的头都大了^^^^^^^^
gototop
 
<<上一主题|下一主题>>
123   3  /  3  页   跳转
页面顶部
Powered by Discuz!NT