瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 baidu google yahoo 打开后自动跳转到一电影网站。

1   1  /  1  页   跳转

baidu google yahoo 打开后自动跳转到一电影网站。

收藏
半岛铁盒
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-03-07
  • 来自:
发表于: 2006-06-12 14:55 | 只看楼主 短消息 资料
字号: 1楼

baidu google yahoo 打开后自动跳转到一电影网站。

今天在浏览一家 公司网站的时候发现跳出了病毒,弹出了帮助文档的窗口 最后被瑞星给杀掉, 由于那家网站作的很漂亮所以多看了几眼后又跳出病毒来,后又被杀掉。
我关掉浏览器后,输入baidu.com就出现了这样的状况。
http://u.piosan.com/sex/s4.htm?uid=undefined&|http://www.baidu.com/index.html

google.com 也是这样 后来我杀毒一边没有发现任何问题 然后去安全模式杀也没有任何问题。 就是不可以上搜索网站 yahoo都不可以上。。。。

哦 瑞星提示杀掉的两个毒是:
Exploit.HHCtrl.b  和 JS.DL.Agent.g

请高手指点下 我该怎么解决 。
我已经查了好多好多的资料就是没有找到,包括这个坛子里的那些常见事项。
谢谢。
最后编辑2006-06-13 09:21:23
分享到:
gototop
 
半岛铁盒
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-03-07
  • 来自:
发表于: 2006-06-12 15:03 | 只看楼主 短消息 资料
字号: 2楼

哦 下面是我用hijackthis扫描的结果。
---------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:49:58, on 2006-6-12
Platform: Windows 2003  (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
D:\usr\local\apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
D:\usr\local\apache2\bin\Apache.exe
D:\usr\local\mysql4\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\foobar2000\foobar2000.exe
e:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\Program Files\Tencent\QQ\TIMPlatform.exe
F:\MyIEGB\MyIE.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Administrator\桌面\248783200522382732\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 61.141.5.224 www.google.com
O1 - Hosts: 61.141.5.224 www.baidu.com
O1 - Hosts: 61.141.5.224 www.qq.com
O1 - Hosts: 61.141.5.224 www.163.com
O1 - Hosts: 61.141.5.224 www.5308.com
O1 - Hosts: 61.141.5.224 t1314.com
O1 - Hosts: 61.141.5.224 www.t1314.com
O1 - Hosts: 61.141.5.224 dv.5308.com
O1 - Hosts: 61.141.5.224 bbs.5308.com
O1 - Hosts: 61.141.5.224 auto.search.msn.com
O1 - Hosts: 61.141.5.224 www.3721.com
O1 - Hosts: 61.141.5.224 www.yahoo.com.cn
O1 - Hosts: 61.141.5.224 sms.61m.com
O1 - Hosts: 61.141.5.224 union.95ol.com.cn
O1 - Hosts: 61.141.5.224 image.lhsms.com
O1 - Hosts: 61.141.5.224 ads.58mms.com
O1 - Hosts: 61.141.5.224 www.insms.cn
O1 - Hosts: 61.141.5.224 www.sms11.cn
O1 - Hosts: 61.141.5.224 www.zysms.com
O1 - Hosts: 61.141.5.224 code.kvsms.cn
O1 - Hosts: 61.141.5.224 code.sms9500.com
O1 - Hosts: 61.141.5.224 www.ovsms.com
O1 - Hosts: 61.141.5.224 lm.sms55.com
O1 - Hosts: 61.141.5.224 unstat.baidu.com
O1 - Hosts: 61.141.5.224 1.1tong.com
O1 - Hosts: 61.141.5.224 2.1tong.com
O1 - Hosts: 61.141.5.224 3.1tong.com
O1 - Hosts: 61.141.5.224 4.1tong.com
O1 - Hosts: 61.141.5.224 uv.netfilm.cn
O1 - Hosts: 61.141.5.224 pub.lele.com
O1 - Hosts: 61.141.5.224 m.lele.com
O1 - Hosts: 61.141.5.224 c03.caishow.com
O1 - Hosts: 61.141.5.224 code.csms.cn
O1 - Hosts: 61.141.5.224 uv.netfilm.cn
O1 - Hosts: 61.141.5.224 v.jyunion.com
O1 - Hosts: 61.141.5.224 hao123.com
O1 - Hosts: 61.141.5.224 www.hao123.com
O1 - Hosts: 61.141.5.224 union.vipzz.cn
O1 - Hosts: 61.141.5.224 dy02.cn
O1 - Hosts: 61.141.5.224 www.dy02.cn
O1 - Hosts: 61.141.5.224 188y.com
O1 - Hosts: 61.141.5.224 www.188y.com
O1 - Hosts: 61.141.5.224 3hn.com
O1 - Hosts: 61.141.5.224 www.3hn.com
O1 - Hosts: 61.141.5.224 uu230.com
O1 - Hosts: 61.141.5.224 www.uu230.com
O1 - Hosts: 61.141.5.224 uu500.com
O1 - Hosts: 61.141.5.224 www.uu500.com
O1 - Hosts: 61.141.5.224 spcode.baidu.com
O1 - Hosts: 61.141.5.224 www.uuto.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\CoolWebsite\QuickLink.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642D2992-FA1D-4896-95B2-7FCBB4DA3F8F}: NameServer = 202.99.8.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache2 - Unknown owner - D:\usr\local\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - D:\usr\local\mysql4\bin\mysqld-nt.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--------------------------

Hosts

61.141.5.224    www.google.com
61.141.5.224    www.baidu.com
61.141.5.224    www.qq.com
61.141.5.224    www.163.com
61.141.5.224    www.5308.com
61.141.5.224    t1314.com
61.141.5.224    www.t1314.com
61.141.5.224    dv.5308.com
61.141.5.224    bbs.5308.com
61.141.5.224    auto.search.msn.com
61.141.5.224    www.3721.com
61.141.5.224    www.yahoo.com.cn
61.141.5.224    sms.61m.com
61.141.5.224    union.95ol.com.cn
61.141.5.224    image.lhsms.com
61.141.5.224    ads.58mms.com
61.141.5.224    www.insms.cn
61.141.5.224    www.sms11.cn
61.141.5.224    www.zysms.com
61.141.5.224    code.kvsms.cn
61.141.5.224    code.sms9500.com
61.141.5.224    www.ovsms.com
61.141.5.224    lm.sms55.com
61.141.5.224    unstat.baidu.com
61.141.5.224    1.1tong.com
61.141.5.224    2.1tong.com
61.141.5.224    3.1tong.com
61.141.5.224    4.1tong.com
61.141.5.224    uv.netfilm.cn
61.141.5.224    pub.lele.com
61.141.5.224    m.lele.com
61.141.5.224    c03.caishow.com
61.141.5.224    code.csms.cn
61.141.5.224    uv.netfilm.cn
61.141.5.224    v.jyunion.com
61.141.5.224    hao123.com
61.141.5.224    www.hao123.com
61.141.5.224    union.vipzz.cn
61.141.5.224    dy02.cn
61.141.5.224    www.dy02.cn
61.141.5.224    188y.com
61.141.5.224    www.188y.com
61.141.5.224    3hn.com
61.141.5.224    www.3hn.com
61.141.5.224    uu230.com
61.141.5.224    www.uu230.com
61.141.5.224    uu500.com
61.141.5.224    www.uu500.com
61.141.5.224    spcode.baidu.com
61.141.5.224    www.uuto.com

-----------PS:上面好多好多网站我都没有打开过 那为什么会在HOsts里面有这些呢?
gototop
 
半岛铁盒
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-03-07
  • 来自:
发表于: 2006-06-13 09:24 | 只看楼主 短消息 资料
字号: 3楼

有人能回答下么?
gototop
 
zq77
头像
雄霸杖朝狮
  • 帖子:16648
  • 注册: 2006-02-24
  • 来自:江苏
发表于: 2006-06-13 09:29 | 短消息 资料
字号: 4楼

修复所有01项
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\CoolWebsite\QuickLink.dll
修复后删除
卸载 C:\Program Files\CoolWebsite\
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT