本人是个菜鸟  用正版的瑞星 18.20.12
瑞星查出来一个叫Rootkit.Vanti.gen的病毒，可就是杀不掉，每次开机就出现杀毒提示 
全面硬盘杀毒也没用 安全模式下根本找不到病毒，下载了瑞星的灰鸽子专杀提示说是“模块覆盖型”的灰鸽子病毒 只能把进程终止掉。 希望大侠们教我个简单的方法把它清除掉 我是个菜鸟 千万不要太深奥啊 不胜感激啊

我晕，这恐怕不是灰鸽子吧。很遗憾，这个东西要搞掉好像还不复杂不行。
http://forum.ikaka.com/topic.asp?board=28&artid=6979213，先在此帖第1楼下载HijackThis扫个日志发上来，看看是否有灰鸽子。如果搞不定的话，有可能要System Repair Engineer和icesword齐上阵方能奏效。

安全模式下杀毒

谢谢楼上大哥无私相助

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:29:14, 日期 2006-3-28
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Worldfax\ADSL超频奇兵 V4.3\ADSLx2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gaohao.LEGEND-B47A48B3\桌面\2535952005811174944\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Windows木马防火墙] C:\Program Files\ftctry\Trojanwall.exe
O4 - Startup: ADSL超频奇兵 V4.3.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\KuGoo3\KuGoo3DownX.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O13 - 前缀 WWW 的修改:
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{530EF413-D881-4EEC-A71D-DF5A158EED25}: NameServer = 218.2.135.1 61.147.37.1
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - NT 服务: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: svosh - Unknown owner - C:\WINDOWS\svosh.exe

O23 - NT 服务: svosh - Unknown owner - C:\WINDOWS\svosh.exe
是什么啊？

我要看得懂就好了哦。慢慢等吧， 等待救星出现

修复：
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - NT 服务: svosh - Unknown owner - C:\WINDOWS\svosh.exe
其中第二项应该是灰鸽子，参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905

用Autoruns再扫一个日志上来，注意隐藏系统进程。

谢谢老大

Autoruns 日志

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ Windows木马防火墙File not found: C:\Program Files\ftctry\Trojanwall.exe

C:\Documents and Settings\gaohao.LEGEND-B47A48B3\「开始」菜单\程序\启动

+ ADSL超频奇兵 V4.3.lnkADSL 加速软件奇兵软件 Worldfax.netc:\program files\worldfax\adsl超频奇兵 v4.3\adslx2.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ TuneUp 碎纸机TuneUp Shredder Shell ExtensionTuneUp Software GmbHc:\program files\tuneup utilities 2006\sdshelex.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ 好看123上网精灵超级兔子上网精灵超级兔子c:\program files\super rabbit\magicset\haokanbar.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ ThunderIEHelper ClassXunLei BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v14.dll

+ 超级兔子上网精灵超级兔子上网精灵超级兔子c:\program files\super rabbit\magicset\haokanbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ bitcometbar0.3.dllBitComet Toolbar for IEd:\bitcomet\bitcometbar\bitcometbar0.3.dll

+ 超级兔子上网精灵超级兔子上网精灵超级兔子c:\program files\super rabbit\magicset\haokanbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司c:\program files\浩方对战平台\gameclient.exe

+ 网址大全File not found: http://www.coc.cc

HKLM\System\CurrentControlSet\Services

+ PDSchedPDSched ModuleRaxco Software, Inc.c:\program files\raxco\perfectdisk\pdsched.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ svosh媒体播放c:\windows\svosh.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationc:\windows\system32\drivers\ac97intc.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ CKG005File not found: C:\WINDOWS\TEMP\5m9hv.sysce5ub74.sys

+ COK568File not found: C:\WINDOWS\TEMP\b.sys

+ EagleNTFile not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ NPPTNT2nProtect NPSC Kernel Mode Driver for NTINCA Internet Co., Ltd.c:\windows\system32\npptnt2.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SecFileFile not found: C:\Program Files\SecFile\secfile.sys

+ ser2plUSB-to-Serial Cable DriverProlific Technology Inc.c:\windows\system32\drivers\ser2pl.sys

+ USBW685Universal Serial Bus Camera DriverWinbond Electronics Crop.c:\windows\system32\drivers\2kw685.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ PDBoot.exePerfectDisk Boot Time DefragmentationRaxco Software, Inc.c:\windows\system32\pdboot.exe

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\system32\屏保.scrFlurry screen saver for WindowsMatt Ginztonc:\windows\system32\屏保.scr

我在删除了注册表HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services目录下svosh重启后系统恢复正常没有了报毒现象。然后删除了C:\WINDOWS\svosh.exe文件 一切正常了
谢谢各位高人的指教 我也学到了不少东西 可以睡个好觉喽