本人在玩网络游戏《奇迹世界》的时候,在启动游戏客户端时,会弹出一个网页,此网页携带病毒。
多次查杀后还是存在,特请高手指教。此弹出网页无法清除(是本人无法清除,主要是不会)。
-------------------------------------------------------------------------------
携带病毒的网页地址:http://just.game2b.cn/adl.htm 别点哦,有病毒的
-------------------------------------------------------------------------------
以下是病毒的一些情况
路径名称C:\DOCUME~1\CK\LOCALS~1\Temp\278451597408.tmp
进程名称"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
-------------------------------------------------------------------------------
以下是瑞星扫描的报告
Trojan.DL.JS.Agent.lfs 跳过脚本 2007-06-17 17:06 网页/脚本监控
C:\DOCUME~1\CK\LOCALS~1\Temp 278451597408.tmp
-------------------------------------------------------------------------------
Hack.SuspiciousAni 重新启动计算机后删除文件 2007-06-17 17:06 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\GV9GGJO8 ah[1].c
-------------------------------------------------------------------------------
Hack.SuspiciousAni 删除成功 2007-06-17 18:14 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\YP9YVMD0 ah[1].c
-------------------------------------------------------------------------------
Trojan.DL.JS.Agent.lfs 清除成功 2007-06-17 18:14 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\YP9YVMD0 vip2[1].htm
-------------------------------------------------------------------------------
Hack.SuspiciousAni 重新启动计算机后删除文件 2007-06-17 18:14 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\GV9GGJO8 ah[1].c
-------------------------------------------------------------------------------
Trojan.DL.JS.Agent.lfs 跳过脚本 2007-06-17 18:14 网页/脚本监控
C:\DOCUME~1\CK\LOCALS~1\Temp 316844250920.tmp
-------------------------------------------------------------------------------
Hack.SuspiciousAni 删除成功 2007-06-17 18:14 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\GV9GGJO8 ah[1].c
-------------------------------------------------------------------------------
Hack.SuspiciousAni 重新启动计算机后删除文件 2007-06-17 18:14 文件监控
C:\Documents and Settings\CK\Local Settings\Temporary Internet Files\Content.IE5\OOGI7DHQ ah[1].c
-------------------------------------------------------------------------------
这里是lmhosts的情况
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names. Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
# #PRE
# #DOM:<domain>
# #INCLUDE <filename>
# #BEGIN_ALTERNATE
# #END_ALTERNATE
# \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
# 102.54.94.102 "appname \0x14" #special app server
# 102.54.94.123 popular #PRE #source server
# 102.54.94.117 localsrv #PRE #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
