【求助】杀不死的木马（请帮看我的回复） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】杀不死的木马（请帮看我的回复）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】杀不死的木马（请帮看我的回复）

心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:	发表于： 2005-07-01 02:54 \| 只看楼主短消息资料字号：小中大 1楼【求助】杀不死的木马（请帮看我的回复）每次开机，瑞星防火墙都会提示发现木马。木马已清除的提示，详细内容2005-07-01 01:29:58, Explorer.EXE>>c:\winnt\system32\m2syadll.dll ->Backdoor.MagicLink.n 但用正版瑞星杀毒软件也查不出来，请问怎么解决呢！~？？谢谢！！！ Logfile of HijackThis v1.99.1 Scan saved at 1:47:27, on 2005-7-1 Platform: Windows 2000 RC 1.1 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe d:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\svchost.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE D:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\WINNT\System32\svchost.exe D:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINNT\Explorer.EXE d:\program files\rising\rfw\RfwMain.exe C:\Program Files\QXCOMM\USB ADSL\CnxDslTb.exe C:\WINNT\System32\internat.exe D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE D:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\Documents and Settings\lk\My Documents\HijackThis.exe O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINNT\System32\sbhoplin.dll O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\QXCOMM\USB ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKLM\..\Run: [RfwMain] "d:\program files\rising\rfw\rfwmain.exe" -startup O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NETANTS\NAGet.htm O8 - Extra context menu item: Download &All by NetAnts - D:\PROGRA~1\NETANTS\NAGetAll.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - C:\DZH\Internet\dzh_internet.lnk O9 - Extra 'Tools' menuitem: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - C:\DZH\Internet\dzh_internet.lnk O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ.exe O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {169B0044-1CD6-4EFE-A5D8-AEC69797A953} (AvlPing Control) - http://benchmark.avl.com.cn/cab/avlPing.cab O16 - DPF: {20000810-0B24-40F6-9037-07D43E25536D} (ViewMail Decoder) - http://webmail.21cn.net/video/video_net/VMDecode_21CN.cab O16 - DPF: {20000810-1801-4D33-887D-1A8B3B057BE8} (ViewMail Encoder) - http://webmail.21cn.net/video/video_net/VMEncode_21CN.cab O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (V2 Control) - http://www.bluesky.cn/download/v2_60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/201eb457df2a7ec58d05/netzip/RdxIE601_cn.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab O16 - DPF: {6EC14D77-72E0-436D-8C04-3BEE5D75B2F1} (VideoOcx Control) - http://vchat.xihai.net/roomui/videoocx.ocx O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.51chatclub.com/vchat/BDC.cab O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_26.cab O16 - DPF: {C7420698-3CCE-4823-8795-1C098F2D3A4B} (WebFtp Class) - http://10000.gd.cn/AT/WebPerformance.dll O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {EC3CB2C5-2C25-11D4-9FCE-0050BACC2C9F} (Bookmark Control) - http://vipm4.avl.com.cn/cabs/Bookmark.cab O23 - Service: DHCP Service - Unknown owner - C:\WINNT\System32\service.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe 2005-07-02 01:41:01
心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:	分享到：

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2005-07-01 02:57 \| 短消息资料字号：小中大 2楼下载的插件太多建议楼主整理一下直接删除c:\winnt\system32\m2syadll.dll 另外这个后门瑞星安全模式下断网查杀能够搞定
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

thomas2004 叱咤花甲狮帖子:2422 注册: 2003-08-26 来自:	发表于： 2005-07-01 03:02 \| 短消息资料字号：小中大 3楼楼主.. 修复这个 O23 - Service: DHCP Service - Unknown owner - C:\WINNT\System32\service.exe 删除 C:\WINNT\System32\service.exe
thomas2004 叱咤花甲狮帖子:2422 注册: 2003-08-26 来自:

心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:	发表于： 2005-07-01 03:05 \| 只看楼主短消息资料字号：小中大 4楼安全模式下断网已查杀了。但开机还是提示发现木马。插件太多，请问如何整理？我是新手呀。谢谢！！！
心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:

thomas2004 叱咤花甲狮帖子:2422 注册: 2003-08-26 来自:	发表于： 2005-07-01 03:08 \| 短消息资料字号：小中大 5楼按了2楼的方法做吗??? 插件太多那个下回分解先搞定病毒
thomas2004 叱咤花甲狮帖子:2422 注册: 2003-08-26 来自:

零度的冰锋芒艾服狮帖子:1624 注册: 2004-06-13 来自:吉林	发表于： 2005-07-01 06:42 \| 短消息资料字号：小中大 6楼 c:\winnt\system32\m2syadll.dll ->Backdoor.MagicLink.n 添加到病毒隔离中，安全模式查杀
零度的冰锋芒艾服狮帖子:1624 注册: 2004-06-13 来自:吉林

命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:	发表于： 2005-07-01 08:39 \| 短消息资料字号：小中大 7楼 WINDOWS下的木马程序。请以瑞星杀毒软件最新版在安全模式下扫描全盘并杀毒即可解决。注意将系统打上补丁，上线时开启反病毒实时监控。如无法杀除又要求解压缩之类的提示，请记录下其文件名、位置后，http://community.rising.com.cn/UploadImages/200403/Img20043182253148.gif、http://community.rising.com.cn/UploadImages/200403/Img2004318226017.gif，在安全模式下强制删除
命运里の金色社区嘉宾帖子:11442 注册: 2005-01-01 来自:

心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:	发表于： 2005-07-01 23:45 \| 只看楼主短消息资料字号：小中大 8楼俺想说的一句：谢谢。真的，谢谢你们了！！！我已修复这个 O23 - Service: DHCP Service - Unknown owner - C:\WINNT\System32\service.exe（修复时提示要重新启动），但开机重新启动后要删除这个 C:\WINNT\System32\service.exe已找不到，是不是这个文件已改名（SERVICES.EXE services.msc）。我不懂不敢乱删。不过已没有木马已清除的提示，请帮我看这个日记还有没有问题。谢谢！！！ Logfile of HijackThis v1.99.1 Scan saved at 23:13:16, on 2005-7-1 Platform: Windows 2000 RC 1.1 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe d:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\svchost.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE d:\program files\rising\rfw\RfwMain.exe C:\Program Files\QXCOMM\USB ADSL\CnxDslTb.exe C:\WINNT\System32\internat.exe D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE D:\Program Files\SkyNet\FireWall\PFW.exe C:\Program Files\Maxthon\Maxthon.exe C:\WINNT\System32\conime.exe D:\PROGRAM FILES\RISING\RAV\Ravmond.exe D:\PROGRAM FILES\RISING\RAV\RavStub.exe d:\program files\rising\rav\RAVMON.EXE D:\My Music\My Webs\新建文件夹 (2)\记事薄+统计器\分析记录.exe D:\Program Files\Tencent\QQ.exe D:\Program Files\Tencent\TIMPlatform.exe C:\Documents and Settings\lk\My Documents\HijackThis.exe O2 - BHO: SFP Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINNT\System32\sbhoplin.dll O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\QXCOMM\USB ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [RfwMain] "d:\program files\rising\rfw\rfwmain.exe" -startup O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NETANTS\NAGet.htm O8 - Extra context menu item: Download &All by NetAnts - D:\PROGRA~1\NETANTS\NAGetAll.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\SendMMS.htm O9 - Extra button: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - C:\DZH\Internet\dzh_internet.lnk O9 - Extra 'Tools' menuitem: 大智慧 - {3746183e-dbf6-49c2-b214-a17e1d4dca0a} - C:\DZH\Internet\dzh_internet.lnk O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NETANTS\NetAnts.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ.exe O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {169B0044-1CD6-4EFE-A5D8-AEC69797A953} (AvlPing Control) - http://benchmark.avl.com.cn/cab/avlPing.cab O16 - DPF: {20000810-0B24-40F6-9037-07D43E25536D} (ViewMail Decoder) - http://webmail.21cn.net/video/video_net/VMDecode_21CN.cab O16 - DPF: {20000810-1801-4D33-887D-1A8B3B057BE8} (ViewMail Encoder) - http://webmail.21cn.net/video/video_net/VMEncode_21CN.cab O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (V2 Control) - http://www.bluesky.cn/download/v2_60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/201eb457df2a7ec58d05/netzip/RdxIE601_cn.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab O16 - DPF: {6EC14D77-72E0-436D-8C04-3BEE5D75B2F1} (VideoOcx Control) - http://vchat.xihai.net/roomui/videoocx.ocx O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.51chatclub.com/vchat/BDC.cab O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_26.cab O16 - DPF: {C7420698-3CCE-4823-8795-1C098F2D3A4B} (WebFtp Class) - http://10000.gd.cn/AT/WebPerformance.dll O16 - DPF: {CF85459D-DFA7-4028-A065-3C6D1356DCC8} (CertInstall Control) - http://gd.chinavnet.com/CertInstall.cab O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab O16 - DPF: {EC3CB2C5-2C25-11D4-9FCE-0050BACC2C9F} (Bookmark Control) - http://vipm4.avl.com.cn/cabs/Bookmark.cab O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:

心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:	发表于： 2005-07-02 01:41 \| 只看楼主短消息资料字号：小中大 9楼俺想说的一句：谢谢。真的，谢谢你们了！！！
心桥初生襁褓狮帖子:15 注册: 2004-08-04 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT