【回复“tk2003”的帖子】
建议用IceSword手工杀毒。操作流程如下:
1、用IceSword禁止进程创建。强制卸除插入到下面这个进程中的病毒模块C:\WINDOWS\system32\LYMANGR.DLL:
[PID: 960][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LYMANGR.DLL] [N/A, ]
2、下列进程已经被病毒模块插入,请用IceSword结束这些进程:
[PID: 2372][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180
[C:\WINDOWS\system32\mscct.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 2716][C:\Program Files\Apoint\Apoint.exe] [Alps Electric Co., Ltd., 5.5.7.136]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2836][C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] [Sony Corporation, 1, 6, 1, 13140]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2856][C:\Program Files\Sony\ISB Utility\ISBMgr.exe] [Sony Corporation, 1, 0, 0, 2180]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2888][C:\Program Files\Apoint\Apntex.exe] [Alps Electric Co., Ltd., 5.0.1.15]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2924][C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe] [Sony Corporation, 3.1.0.01200]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2976][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3020][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE] [SEIKO EPSON CORPORATION, 4.00]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3032][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE] [SEIKO EPSON CORPORATION, 4.00]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3040][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3168][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE] [SEIKO EPSON CORPORATION, 4.00]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3176][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE] [SEIKO EPSON CORPORATION, 4.00]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3260][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE] [SEIKO EPSON CORPORATION, 4.00]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3508][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\mscct.dll] [N/A, ]
[PID: 3540][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 3584][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 7.5.0299]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\mscct.dll] [N/A, ]
3、删除下列启动项、服务项:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<myRx3><C:\DOCUME~1\C\LOCALS~1\Temp\Rxa3\iexp1ore.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\C\LOCALS~1\Temp\RAVWM.EXE><N/A>
4、删除下列文件:
C:\DOCUME~1\C\LOCALS~1\Temp\Rxa3\iexp1ore.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\mscct.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
5、取消IceSword的“禁止进程创建”。搞掂。
