瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中ARP 病毒了 大家帮我看看 有什么解决办法

1   1  /  1  页   跳转

[求助] 中ARP 病毒了 大家帮我看看 有什么解决办法

中ARP 病毒了 大家帮我看看 有什么解决办法

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:06, on 2011-8-15
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Net\RavService.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Rising\Net\RavMonD.exe
C:\WINDOWS\system32\WatchClient.exe
C:\WINDOWS\system32\vrvrf_c.exe
C:\WINDOWS\system32\VrvEdp_m.exe
C:\WINDOWS\system32\vrvsafec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising\SOS\risingserver.exe
C:\Program Files\Beike\Antiarp\beikearpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\eSafeService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\下载固定卡口超速图片程序\UpPicServer.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\eSafe\eSafe_monitor.exe
C:\Program Files\Beike\Antiarp\beikearpmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\EdpTrayIcon.exe
C:\Program Files\Rising\Net\RSTRAY.EXE
C:\Program Files\Rising\Net\RavTray.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eSafeMon] C:\Program Files\eSafe\eSafe_monitor.exe
O4 - HKLM\..\Run: [eSafeInit] regsvr32 escs.dll /s
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [Beike Antiarp] "C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Beike Antiarp] "C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: 快捷方式 到 UpdateServer.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://go.microsoft.com
O15 - ESC Trusted Zone: http://msdn.microsoft.com
O15 - ESC Trusted Zone: http://oca.microsoft.com
O15 - ESC Trusted Zone: http://support.microsoft.com
O15 - ESC Trusted Zone: http://technet.microsoft.com
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://www.microsoft.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://go.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://msdn.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://oca.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://support.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://technet.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://www.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://10.80.1.223
O15 - ESC Trusted IP range: http://10.80.1.1
O16 - DPF: {CAFCF48D-8E34-4490-8154-026191D73924} (NetVideoActiveX V2.3) - http://10.80.54.188/codebase/NetVideoActiveX_V23.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://10.80.43.6/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DA6127E-C3AA-4A21-82E3-AB5103160F00}: NameServer = 10.80.1.20
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Rising Upgrade Service (AngelOfDeath) - Beijing Rising Information Technology Co., Ltd. - C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising\SOS\risingserver.exe
O23 - Service: beikearpsvc - 贝壳网际(北京)安全技术有限公司 - C:\Program Files\Beike\Antiarp\beikearpsvc.exe
O23 - Service: eSafe notification service (eSafeService) - DMWZ - C:\WINDOWS\system32\eSafeService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: RavService - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Net\RavService.exe
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\RSD\RsMgrSvc.exe
O23 - Service: NET Service (RsNETMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Net\RavMonD.exe
O23 - Service: UpPicServer (ServerUpPic) - Unknown owner - D:\下载固定卡口超速图片程序\UpPicServer.exe
O23 - Service: VRVWatchServer - Unknown owner - C:\WINDOWS\system32\WatchClient.exe
--
End of file - 6295 bytes

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2)
分享到:
gototop
 

回复 1F 彐E 的帖子

arp攻击找发包源,找到发包源后断网进行杀毒。
gototop
 

回复:中ARP 病毒了 大家帮我看看 有什么解决办法

开启瑞星防火墙的“ARP欺骗防御”,防止恶意主机攻击。然后试图在局域网中找到发包源,断网查杀病毒。
gototop
 

回复:中ARP 病毒了 大家帮我看看 有什么解决办法

断网查杀病毒吧
使用瑞星防火墙,将网络防护打开,查看后续情况。
gototop
 

回复:中ARP 病毒了 大家帮我看看 有什么解决办法

开启瑞星防火墙的“ARP欺骗防御”,防止恶意主机攻击。然后试图在局域网中找到发包源,断网查杀病毒

同意这楼,内网机器ARP攻击很好找的。
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT