电脑开机后类似执行cmd后的dos界面，加载kernels8.exe程序。一端时间后会出现关闭计算机倒计时对话框。同时系统盘根目录下出现大量的生成于7.18日12时左右的*.exe文件（78.exe、uniq.exe、jcur.exe、secure32.html等）在system32下有2236_27.dll和kernels8.exe文件.用hijckthis扫描后如下：
Logfile of HijackThis v1.99.1
Scan saved at 12:06:06, on 2006-7-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Rising\Rav\RavService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\RavTray.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\anokynt.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\kernels8.exe
C:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
C:\WINNT\system32\conime.exe
C:\Documents and Settings\ykp\桌面\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvListnr] ; C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [LoadQM] ; loadqm.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RavTray.exe"
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SysTray] C:\Program Files\anokynt.exe
O4 - HKLM\..\Run: [System] C:\WINNT\system32\kernels8.exe
O4 - HKLM\..\Run: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINNT\system32\kernels8.exe
O4 - HKLM\..\RunServices: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O4 - HKCU\..\Run: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O4 - Startup: Notes Minder.lnk = C:\Lotus\Notes\nminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O15 - Trusted Zone: http://*.localhost
O16 - DPF: {2D0C7226-747E-11D6-83F0-00E04C4A2F90} (Mediachip ADPlayer Control) - http://videoad.sohu.com/video/videoadserver4/MCADPlayer.cab
O16 - DPF: {2D4851FD-0BFE-11D4-9260-9AF666D52059} (GameX Class) - http://210.83.127.67/vrcity/system/activex/gamex.cab
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_39.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5E18A787-1E62-11D5-A7A1-100001011001} (CK_WebChat) - http://irc.nbip.net/chatkey/ck_nbip.cab
O16 - DPF: {6A9735F1-72AA-49E9-9981-A13C3FD8641B} (WuYou.WySystem) - http://localhost/webexam/Activex/WySystem.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C0C13879-6A17-429E-80F1-60B23FC1F720} (FcBoot Class) - http://www.cncbb.net/vrcity/system/activex/fcboot.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4B0F8B4-D95F-4C5B-B0AE-8B09438BB955}: NameServer = 192.168.10.2
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mmcdll - C:\WINNT\SYSTEM32\mmcdll.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINNT\system32\2236_27.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

修复
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKLM\..\Run: [SysTray] C:\Program Files\anokynt.exe
O4 - HKLM\..\Run: [System] C:\WINNT\system32\kernels8.exe
O4 - HKLM\..\Run: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINNT\system32\kernels8.exe
O4 - HKLM\..\RunServices: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O4 - HKCU\..\Run: [zsk]i_jlg`dn_h]gqiw300_tsninuksz_] c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
O20 - Winlogon Notify: mmcdll - C:\WINNT\SYSTEM32\mmcdll.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINNT\system32\2236_27.dll
删除
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
C:\Program Files\anokynt.exe
C:\WINNT\system32\kernels8.exe
c:\winnt\system32\_zskuninst_003wiqg]h_nd`glj_i].exe
C:\WINNT\system32\kernels8.exe
C:\WINNT\system32\2236_27.dll
C:\WINNT\SYSTEM32\mmcdll.dll