1   1  /  1  页   跳转

恶意程序删不掉

收藏
卡哇伊
头像
健康舞勺狮
  • 帖子:205
  • 注册: 2005-01-09
  • 来自:
发表于: 2008-05-03 13:04 | 只看楼主 短消息 资料
字号: 1楼

恶意程序删不掉

用卡卡助手查出8个恶意程序,清除不了,还经常中这类病毒Suspicious.Trojan.Win32.DelSelf.a,杀了过一两天又会出现
 


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; InfoPath.2)

附件附件:

文件名:SREngLOG-01.log
下载次数:73
文件类型:application/octet-stream
文件大小:
上传时间:2008-5-3 13:04:02
描述:log
分享到:
gototop
 
╰☆不留名シ
头像
健康舞勺狮
  • 帖子:285
  • 注册: 2007-04-30
  • 来自:
发表于: 2008-05-03 14:22 | 短消息 资料
字号: 2楼

回复:恶意程序删不掉

==================================
下载XDelBox1.7)删除以下文件
http://www.dodudou.com/down/index.php

C:\DOCUME~1\YE\LOCALS~1\Temp\tmp7.tmp
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\system32\drivers\ReloadAnti.sys
C:\WINDOWS\system32\ghynjr.dll
C:\WINDOWS\system32\dgxsrr.dll
C:\WINDOWS\system32\dfhtrhy.dll
C:\WINDOWS\system32\ghjkdr.dll
C:\WINDOWS\system32\sefawe.dll
C:\WINDOWS\system32\frntrn.dll
C:\WINDOWS\system32\qrhhb.dll
C:\WINDOWS\system32\drghszd.dll
C:\WINDOWS\system32\fngn.dll
C:\WINDOWS\system32\gjjte.dll
C:\WINDOWS\system32\xgnfn.dll
C:\WINDOWS\system32\xfgnhcgfm.dll
C:\WINDOWS\system32\serger.dll
C:\WINDOWS\system32\bnxnb.dll
C:\WINDOWS\system32\fxgnfx.dll
C:\WINDOWS\system32\jzijj.dll
C:\WINDOWS\system32\xfgnfx.dll
C:\WINDOWS\system32\serghjm.dll
C:\WINDOWS\system32\thsddh.dll
C:\WINDOWS\system32\xbcvxb.dll
C:\WINDOWS\system32\zfdzb.dll
C:\WINDOWS\system32\xdndn.dll
C:\WINDOWS\system32\xdfntt.dll
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\dnteh.dll
C:\WINDOWS\system32\xfng.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\chmfcmh.dll
C:\WINDOWS\system32\jwlah.dll
C:\WINDOWS\system32\gmnait.dll
C:\WINDOWS\system32\hfjg.dll
C:\WINDOWS\system32\thurh.dll
C:\WINDOWS\system32\mgmgmm.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\dgxsrr.dll
C:\WINDOWS\system32\jyjlt.dll
C:\WINDOWS\system32\ijatnaw.dll
C:\WINDOWS\system32\sehhter.dll
C:\WINDOWS\system32\fhjfg.dll
C:\WINDOWS\system32\zdbdb.dll
C:\WINDOWS\system32\ydgn.dll
C:\WINDOWS\system32\dbfb.dll
C:\WINDOWS\system32\fjnbv.dll
C:\WINDOWS\system32\ghjdtry.dll
C:\WINDOWS\system32\setrhes.dll
C:\WINDOWS\system32\cdxbfxdb.dll
C:\WINDOWS\system32\xfgnxfn.dll
C:\WINDOWS\system32\gjkhj.dll
C:\WINDOWS\system32\xdhdg.dll
C:\WINDOWS\system32\rhs.dll
C:\WINDOWS\system32\mrjhtjd.dll
C:\WINDOWS\system32\zdbfbd.dll
C:\WINDOWS\system32\fjyjy.dll
C:\WINDOWS\system32\fxnfnh.dll
C:\WINDOWS\system32\bjrvm.dll
C:\WINDOWS\system32\ektvm.dll
C:\WINDOWS\system32\rdthr.dll
C:\WINDOWS\system32\rgfjj.dll
C:\WINDOWS\system32\dscef.dll
C:\WINDOWS\system32\crugd.dll
C:\WINDOWS\system32\lariytrz.dll
C:\WINDOWS\system32\hjaiq.dll
C:\WINDOWS\system32\kduy.dll
C:\WINDOWS\system32\hkfgh.dll
C:\WINDOWS\system32\awef.dll
C:\WINDOWS\system32\dfhsh.dll
C:\WINDOWS\system32\ethsh.dll
C:\WINDOWS\system32\stehs.dll
C:\WINDOWS\system32\sthth.dll
C:\WINDOWS\system32\wfhyt.dll
C:\WINDOWS\system32\rgghjj.dll
C:\WINDOWS\system32\fdght.dll
C:\WINDOWS\system32\zjydcx.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\hfrdzx.dll
C:\WINDOWS\system32\tdffdl.dll
C:\WINDOWS\system32\oohxbbyt.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\yzztdmsn.dll
C:\WINDOWS\system32\zxmsawin.dll
C:\WINDOWS\system32\dgxsrr.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\jyjlt.dll
C:\WINDOWS\system32\rdthr.dll
C:\WINDOWS\system32\fdght.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\ttSADSAD1044.dll
C:\WINDOWS\system32\ttABCABC1035.dll
C:\WINDOWS\system32\oohxbbyt.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\zxmsawin.dll
C:\WINDOWS\SVCHOST.EXE

打开SRE--启动项目--注册表--删除
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zjydcx.dll>  [N/A]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []
    <{2ea73613-b34c-4d57-af8b-08cdeab6bbd2}><ttSADSAD1044.dll>  []
    <{c1e3826c-26c0-4220-923b-9748a7fe3a72}><ttABCABC1035.dll>  []
    <{3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3}><C:\WINDOWS\system32\oohxbbyt.dll>  []
    <{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll>  []
    <{4A041F13-A111-12A3-B0CF-F99818AA68A4}><C:\WINDOWS\system32\zxmsawin.dll>  [N/A]
    <{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><C:\WINDOWS\system32\zgxfdx.dll>  [N/A]
    <{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><C:\WINDOWS\system32\hfrdzx.dll>  [N/A]
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [N/A]

编辑    <AppInit_DLLs><ghynjr.dll,dgxsrr.dll,dfhtrhy.dll,ghjkdr.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,dgxsrr.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghjdtry.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,fdght.dll,>  [N/A]
为  <AppInit_DLLs><>
==================================
SRE--启动项目--服务--驱动程序--删除
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\YE\LOCALS~1\Temp\tmp7.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[XNGAnti / XNGAnti][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys><N/A>

==================================
SRE--系统修复--浏览器加载项--删除
[]
  {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
  {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
  {4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
[]
  {4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
  {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
  {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
  {4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
[]
  {4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>




下载windows清理助手清理下
http://www.arswp.com/download.html

升级杀软,全盘杀毒,还有问题,再扫个日志上来
gototop
 
无敌vip
头像
快乐黄口狮
  • 帖子:169
  • 注册: 2007-12-15
  • 来自:
发表于: 2008-05-03 14:44 | 短消息 资料
字号: 3楼

回复: 恶意程序删不掉

1.建议使用XDelBox删除以下文件:(XDelBox1.7下载) http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。
    C:\WINDOWS\SVCHOST.EXE
    C:\WINDOWS\system32\zjydcx.dll
    C:\WINDOWS\system32\jfrwdh.dll
    C:\WINDOWS\system32\ttSADSAD1044.dll   
    C:\WINDOWS\system32\ttABCABC1035.dll     
    C:\WINDOWS\system32\oohxbbyt.dll
    C:\WINDOWS\system32\zptlbsys.dll
    C:\WINDOWS\system32\zxmsawin.dll
    C:\WINDOWS\system32\zgxfdx.dll
    C:\WINDOWS\system32\hfrdzx.dll
    C:\WINDOWS\system32\tdffdl.dll
    C:\WINDOWS\system32\dgxsrr.dll
    C:\WINDOWS\system32\oqrthc.dll
    C:\WINDOWS\system32\jyjlt.dll
    C:\WINDOWS\system32\rdthr.dll
    C:\WINDOWS\system32\fdght.dll
    C:\WINDOWS\system32\dgxsrr.dll
    C:\WINDOWS\system32\oqrthc.dll
    C:\WINDOWS\system32\jyjlt.dll
    C:\WINDOWS\system32\rdthr.dll
    C:\WINDOWS\system32\fdght.dll
    C:\WINDOWS\system32\dgxsrr.dll
    C:\WINDOWS\system32\oqrthc.dll
    C:\WINDOWS\system32\jyjlt.dll
    C:\WINDOWS\system32\rdthr.dll
    C:\WINDOWS\system32\fdght.dll
    C:\WINDOWS\system32\oohxbbyt.dll
    C:\WINDOWS\system32\jfrwdh.dll
    C:\WINDOWS\system32\zxmsawin.dll
    C:\WINDOWS\system32\zptlbsys.dll
    C:\DOCUME~1\YE\LOCALS~1\Temp\tmp7.tmp
    C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
    C:\WINDOWS\System32\DRIVERS\pptchpd5.sys
    C:\WINDOWS\System32\Drivers\SecPort.sys
    C:\WINDOWS\system32\drivers\ReloadAnti.sys
2.删除重启后使用SREng修复下面各项:
SREng详细操作方法: http://hi.baidu.com/peaset/blog/item/3114a7fb17dd19224e4aeadf.html
    启动项目 -- 注册表之如下项删除:
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zjydcx.dll>  [N/A]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []
    <{2ea73613-b34c-4d57-af8b-08cdeab6bbd2}><ttSADSAD1044.dll>  []
    <{c1e3826c-26c0-4220-923b-9748a7fe3a72}><ttABCABC1035.dll>  []
    <{3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3}><C:\WINDOWS\system32\oohxbbyt.dll>  []
    <{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll>  []
    <{4A041F13-A111-12A3-B0CF-F99818AA68A4}><C:\WINDOWS\system32\zxmsawin.dll>  [N/A]
    <{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><C:\WINDOWS\system32\zgxfdx.dll>  [N/A]
    <{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><C:\WINDOWS\system32\hfrdzx.dll>  [N/A]
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [N/A]
注意该项[AppInit_DLLs]修改:把
<AppInit_DLLs><ghynjr.dll,dgxsrr.dll,dfhtrhy.dll,ghjkdr.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,dgxsrr.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghjdtry.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,fdght.dll,>  [N/A]修改为<>即清空
即为:[AppInit_DLLs]<>
启动项目 -- 服务-- 驱动程序之如下项禁用:
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\YE\LOCALS~1\Temp\tmp7.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[XNGAnti / XNGAnti][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys><N/A>

系统修复-- 浏览器加载项之如下项删除
[]
  {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
  {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
  {4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
[]
  {4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
  {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
  {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
  {4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
引用:
清理系统临时文件和IE临时文件夹     
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://client.download.duba.net/KASSetup_10_1.EXE
下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT