我中了Backdoor.Gpigeon.uql病毒，谁能告诉我怎么杀掉？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛我中了Backdoor.Gpigeon.uql病毒，谁能告诉我怎么杀掉？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 5 页

跳转页

我中了Backdoor.Gpigeon.uql病毒，谁能告诉我怎么杀掉？

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-10-11 10:56 \| 短消息资料字号：小中大 11楼安全模式删除C:\WINDOWS\xqwlyjc.exe
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:	发表于： 2007-10-11 11:03 \| 短消息资料字号：小中大 12楼注意：删除病毒可能会具有一定的危险性所以强烈建议操作前要把重要资料转移至非系统分区！打开sreng 用SRENG扫描工具删除以下驱动程序 [ovnoel1 / ovnoel11][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\ovnoel11.sys><N/A> 用SRENG扫描工具删除以下浏览器加载项 [打开记事本] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <%windir%\system32\Notepad.exe, N/A> 重启计算机进入安全模式下删除 {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <%windir%\system32\Notepad.exe, N/A> <\SystemRoot\System32\DRIVERS\ovnoel11.sys><N/A> C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE 不是病毒
千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-10-11 11:08 \| 短消息资料字号：小中大 13楼按照10楼的做即可
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:	发表于： 2007-10-11 11:13 \| 短消息资料字号：小中大 14楼学习了，这个隐藏进程是什么意思？
千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-10-11 11:14 \| 短消息资料字号：小中大 15楼这个是IE的进程鸽子用于连接网络的
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

xiaoriri 初生襁褓狮帖子:5 注册: 2007-10-11 来自:	发表于： 2007-10-11 11:23 \| 短消息资料字号：小中大 16楼非广告：试试奇虎360等专杀软件吧，可能会有用。。。本人为瑞星支持者，但不排除兼容并蓄。
xiaoriri 初生襁褓狮帖子:5 注册: 2007-10-11 来自:

梦魇王子初生襁褓狮帖子:46 注册: 2007-10-10 来自:	发表于： 2007-10-13 15:58 \| 只看楼主短消息资料字号：小中大 17楼谢谢各位了！病毒清除了。
梦魇王子初生襁褓狮帖子:46 注册: 2007-10-10 来自:

369lkj 禁止发言帖子:107 注册: 2007-09-24 来自:	发表于： 2007-10-17 23:10 \| 短消息资料字号：小中大 18楼该用户帖子内容已被屏蔽
369lkj 禁止发言帖子:107 注册: 2007-09-24 来自:

天国猎月初生襁褓狮帖子:5 注册: 2007-12-17 来自:	发表于： 2007-12-17 13:10 \| 短消息资料字号：小中大 19楼 [CODE] 2007-12-17,09:52:01 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [] <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe> [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED] <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe> [(Verified)Google Inc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <ArpHelper><C:\Program Files\Edu Supplicant\ArpHelper.exe> [] <RavTask><"D:\瑞星杀毒07版\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <Storm2Set><C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv> [(Verified)Beijing Baofeng Inc.] <Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"> [(Verified)Google Inc] <360Safetray><D:\软件安装区\360safe\safemon\360Tray.exe /start> [奇虎网] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <RavStub><"D:\瑞星杀毒07版\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] ================================== 启动文件夹 [腾讯QQ] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\软件安~1\qq\QQ.exe [TENCENT]><H> [PPS] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\PPS.lnk --> C:\PROGRA~1\PPStream\PPStream.exe [PPStream Inc.]><H> [QQ游戏启动加速程序] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\DOCUME~1\ADMINI~1\MYDOCU~1\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
天国猎月初生襁褓狮帖子:5 注册: 2007-12-17 来自:

天国猎月初生襁褓狮帖子:5 注册: 2007-12-17 来自:	发表于： 2007-12-17 13:11 \| 短消息资料字号：小中大 20楼服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"D:\瑞星杀毒07版\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"D:\瑞星杀毒07版\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [winine / winine][Stopped/Auto Start] <C:\WINDOWS\system32\winine.exe><N/A> [Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start] <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [BaseTDI / BaseTDI][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\HookSys.sys><Rising> [Supplicant Helper / IAmt][Running/Manual Start] <system32\DRIVERS\iamt.sys><amtium> [JME Smart Keyboard / kbfiltr][Running/Manual Start] <system32\DRIVERS\kbfiltr.sys><JME Co., Ltd.> [kbkfrho / kbkfrho][Stopped/Boot Start] <\SystemRoot\\SystemRoot\System32\drivers\kbkfrho.sys><N/A> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.> [NetGroup Packet Filter Driver / NPF][Running/Manual Start] <system32\drivers\npf.sys><CACE Technologies> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\D:\瑞星杀毒07版\Rising\Rav\RSPPSYS.sys><Rising> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SiS315 / SiS315][Running/Manual Start] <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation> [SiSkp / SiSkp][Running/System Start] <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation> [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start] <system32\DRIVERS\WudfPf.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
天国猎月初生襁褓狮帖子:5 注册: 2007-12-17 来自:

<<上一主题|下一主题>>

2 / 5 页

跳转页

页面顶部

Powered by Discuz!NT