I open notepad and using Zi Guang PinYing,
the system show the windower"notepad.exe error."
When I open IE and using Zi Guang PinYing
the system show the windower"Explorer.exe error."
I can't input chinese
So I using rising to scan the system
rising finded the viruses and kiied it.
virus name is "Backdoor.Gpigeon.trz"
thos file's name is "iexploer.exe" or"explore.exe"(i don't remember its name)
restart.
but anything is not changed.
so help me pls.
I type english very hard!!!!
help me!!!
i watting for you online!!!!
====================================
O23 - Service: asp dns (asp dns) - Unknown owner - C:\WINDOWS\crasss.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
===============================
后来经过高人指点
按照一下步骤去做:
===============
修复 O23 - Service: asp dns (asp dns) - Unknown owner - C:\WINDOWS\crasss.exe
修复、重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)
开始→控制面板→性能和维护→管理工具→服务→查找Local Network Service→右击→属性→启动类型→禁止→应用→停止→确定。
在注册表里搜索删除crasss.exe、crasss.dll、crasss_hook.dll相关项。
然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除:(如果有的话)
在%windows%下删除crasss.exe、crasss.dll、crasss_hook.dll和类似的文件
=====================
结果如下:
just fix 023 line-只进行了修复工作,但是不知道是否修复好了
but
can't find "Local Network Service" in service in Safe Mode
and ---
在安全模式下没有“Local Network Service”
can't find "crasss.dll、crasss_hook.dll" in regedit--
在注册表中没找到crasss.dll、crasss_hook.dlljust find "crasss.exe"and I don't delet it, because i am afraid....---
只找到crasss.exe,没敢删除can't find "crasss.exe、crasss.dll、crasss_hook.dll" in %windows%.
so the virses still in my system.---
在WINDOWS下没找到“crasss.exe、crasss.dll、crasss_hook.dll”我后来经过多方的资料查询
还是把CRASSS.EXE以及 在服务列表中的asp dns 删除了
然后把注册表中相关的键值也删除了
重新启动后,也没什么事情
问题在这里
我还是不能输入中文,或者记事本还是出错
在IE中,输入中文,IE出错,
在记事本输入中,记事本出错
在QQ中也是一样
但是我打游戏什么的不受影响
后来,我还用ewido扫描了,结果,木马病毒确实没有了
但是还是有很多的BAIDU的病毒,杀不掉
不知道是不是BAIDU病毒的问题呢?
昨晚搞到晚上三点中
最后鼠标还出了问题,不太听使唤了
关机的时候,系统居然提示,有其他用户连接本机,如果关机,用户将失去数据。。。
我倒吸一口冷气
难得木马没杀净,我已经被入侵?
后再遇BLACKSTONE指点
Autoruns日志:
=======================
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ BigDogPathStill Image (STI) DriverVM.c:\windows\vm_sti.exe
+ CdnCtrLiveUpdate Modulec:\program files\cnnic\cdn\cdnup.exe
+ DAEMON Tools-2052Virtual DAEMON ManagerDAEMON'S HOMEd:\program files\d-tools\daemon.exe
+ Media GatewayFile not found: C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE
+ MSConfigFile not found: ;
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ StormCodec_Helperd:\program files\ringz studio\storm codec\stormset.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido shell guardd:\program files\ewido\security suite\shellhook.dll
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ AcroIEHlprObj ClassAcroIEHelper Moduled:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll
+ CNNIC_IDNCndnIEHelper Modulec:\program files\cnnic\cdn\cdniehlp.dll
+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll
+ LinkFilter Class51NET DiyBar北京金络神电子商务有限责任公司c:\windows\system32\diybar2\diybar2.dll
+ WMHlprObj ClassWMHlpr Modulec:\program files\cnnic\cdn\wmhlpr.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 访问卡卡社区File not found: http://www.ikaka.com
+ 访问瑞星网站File not found: http://www.rising.com.cn
+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司e:\program files\浩方对战平台\gameclient.exe
+ 腾讯QQQQTENCENTd:\program files\tencent\qq.exe
+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=1
HKLM\System\CurrentControlSet\Services
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ ewido security suite controlewido controlewido networksd:\program files\ewido\security suite\ewidoctrl.exe
+ ewido security suite guardguardewido networksd:\program files\ewido\security suite\ewidoguard.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ BtAudioFile not found: system32\DRIVERS\btaudio.sys
+ BTDriverFile not found: system32\DRIVERS\btport.sys
+ BTWDNDISFile not found: system32\DRIVERS\btwdndis.sys
+ cdnprotcdnprotCNNICc:\windows\system32\drivers\cdnprot.sys
+ cdntrancdntranCNNICc:\windows\system32\drivers\cdntran.sys
+ CinemsupSW CineMaster SupportSonic Solutionsc:\windows\system32\drivers\cinemsup.sys
+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys
+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys
+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys
+ es1371ENSONIQ AudioPCI 97 WDM Audio MiniportCreative Technology Ltd.c:\windows\system32\drivers\es1371mp.sys
+ ewido security suite driverd:\program files\ewido\security suite\guard.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ New0c:\windows\system32\new.sys
+ Nokia USB GenericNokia USB Phone Generic ClientNokiac:\windows\system32\drivers\nmwcdc.sys
+ Nokia USB ModemNokia USB Phone Modem ClientNokiac:\windows\system32\drivers\nmwcdcm.sys
+ Nokia USB Phone ParentNokia USB Phone Bus DriverNokiac:\windows\system32\drivers\nmwcd.sys
+ nv_agpNVIDIA nForce AGP FilterNVIDIA Corporationc:\windows\system32\drivers\nv_agp.sys
+ nvatabusNVIDIA? nForce(TM) IDE Performance DriverNVIDIA Corporationc:\windows\system32\drivers\nvatabus.sys
+ NVENETNVIDIA nForce MCP Networking Driver.NVIDIA Corporationc:\windows\system32\drivers\nvenet.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RTL8023Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnic51.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SaiH0464Saitek Hid DriverSaitekc:\windows\system32\drivers\saih0464.sys
+ SaiMiniSaitek Magic Mini DriverSaitekc:\windows\system32\drivers\saimini.sys
+ SaiNtBusSaitek Magic BusSaitekc:\windows\system32\drivers\saintbus.sys
+ SecdrvSafeDisc driverMacrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.c:\windows\system32\drivers\secdrv.sys
+ xinstallc:\windows\system32\drivers\xinstall.sys
+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll
===================
删除了一些BAIDU的东西之后
我再次启动,结果发现,IE经常报错并关闭,输入法还是不对
灰鸽子倒是杀了
但是问题依然
真是要命
请帮帮我
